Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Submission Form_ NEED ASSISTANCE! ASAP

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #25883
    olive21
    Member

    Hello

    I created this site http://www.leadertours.ca and the client wanted me to create a submission form and paste into the existing contact form. I used the tutorial from css-tricks # 62, and changed and removed a fews things.

    1. I had the existing contact.html which I re-saved as a php and added a code <?php include(‘contactform.php’); ?>
    to included the php form that i changed from the downloaded files from css-tricks # 62.

    2. I posted to see if it works it doesn’t so i placed it online http://www.leadertours.ca/contact.php.

    3rd Problem is that I have i dont know where to put the js stuff into re-saved contact.html to php. What do I do with that.
    So the stylized, and the validation is included. I have no clue how to go about it.

    Please help, this client needs by this weekend I already emailed Chris but I though to take two measures to fix this issue.
    And I tried to figure it out on my own.

    Please find the

    Code: contactform.php attached which is the one i re-named (from the downloaded files from css tricks)

    Code:
    >
    There was a hacking attempt on your form. n
    Date of Attack: {$date}
    IP-Adress: {$ip} n
    Host of Attacker: {$host}
    Point of Attack: {$where}
    << End of Message >>
    LOG;
    // Awkward but LOG must be flush left

    // open log file
    if($handle = fopen(‘hacklog.log’, ‘a’)) {

    fputs($handle, $logging); // write the Data to file
    fclose($handle); // close the file

    } else { // if first method is not working, for example because of wrong file permissions, email the data

    $to = ‘[email protected]’;
    $subject = ‘HACK ATTEMPT’;
    $header = ‘From: [email protected]’;
    if (mail($to, $subject, $logging, $header)) {
    echo “Sent notice to admin.”;
    }

    }
    }

    function verifyFormToken($form) {

    // check if a session is started and a token is transmitted, if not return an error
    if(!isset($_SESSION[$form.’_token’])) {
    return false;
    }

    // check if the form is sent with token in it
    if(!isset($_POST[‘token’])) {
    return false;
    }

    // compare the tokens against each other if they are still the same
    if ($_SESSION[$form.’_token’] !== $_POST[‘token’]) {
    return false;
    }

    return true;
    }

    function generateFormToken($form) {

    // generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods…
    $token = md5(uniqid(microtime(), true));

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION[$form.’_token’] = $token;

    return $token;
    }

    // VERIFY LEGITIMACY OF TOKEN
    if (verifyFormToken(‘form1’)) {

    // CHECK TO SEE IF THIS IS A MAIL POST
    if (isset($_POST[‘URL-main’])) {

    // Building a whitelist array with keys which will send through the form, no others would be accepted later on
    $whitelist = array(‘token’,’req-name’,’req-email’,’typeOfChange’,’urgency’,’URL-main’,’addURLS’, ‘curText’, ‘newText’, ‘save-stuff’, ‘mult’);

    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key=>$item) {

    // Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    if (!in_array($key, $whitelist)) {

    writeLog(‘Unknown form fields’);
    die(“Hack-Attempt detected. Please use only the fields in the form”);

    }
    }

    // Lets check the URL whether it’s a real URL or not. if not, stop the script

    if(!filter_var($_POST[‘URL-main’],FILTER_VALIDATE_URL)) {
    writeLog(‘URL Validation’);
    die(‘Hack-Attempt detected. Please insert a valid URL’);
    }

    // SAVE INFO AS COOKIE, if user wants name and email saved

    $saveCheck = $_POST[‘save-stuff’];
    if ($saveCheck == ‘on’) {
    setcookie(“WRCF-Name”, $_POST[‘req-name’], time()+60*60*24*365);
    setcookie(“WRCF-Email”, $_POST[‘req-email’], time()+60*60*24*365);
    }

    // PREPARE THE BODY OF THE MESSAGE

    $message = ‘‘;

    $message .= ‘

    ‘;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $addURLS = $_POST[‘addURLS’];
    if (($addURLS) != ”) {
    $message .= “

    “;
    }
    $curText = htmlentities($_POST[‘curText’]);
    if (($curText) != ”) {
    $message .= “

    “;
    }
    $message .= “

    “;
    $message .= “

    Your Full Name: ” . strip_tags($_POST[‘req-name’]) . “
    Group Name: ” . strip_tags($_POST[‘req-groupname’]) . “
    Adress: ” . strip_tags($_POST[‘req-adress’]) . “
    Adress: ” . strip_tags($_POST[‘req-adress’]) . “
    City: ” . strip_tags($_POST[‘req-city’]) . “
    Country: ” . strip_tags($_POST[‘req-country’]) . “
    Home Phone: ” . strip_tags($_POST[‘req-homephone’]) . “
    Business Phone: ” . strip_tags($_POST[‘req-businessphone’]) . “
    Your email: ” . strip_tags($_POST[‘req-email’]) . “
    Trip Information: ” . strip_tags($_POST[‘req-trip’]) . “
    Proposed Group Size: ” . strip_tags($_POST[‘req-size’]) . “
    Type of Change: ” . strip_tags($_POST[‘typeOfChange’]) . “
    Preferred Departure City: ” . strip_tags($_POST[‘req-pref’]) . “
    Proposed Travel Dates: ” . strip_tags($_POST[‘req-date’]) . “
    Destination: ” . strip_tags($_POST[‘req-dest’]) . “
    Departure Date: ” . strip_tags($_POST[‘req-dep’]) . “
    Are you attending?: ” . strip_tags($_POST[‘attending’]) . “
    Do you need?: ” . strip_tags($_POST[‘need’]) . “
    URL To Change (main): ” . $_POST[‘URL-main’] . “
    URL To Change (additional): ” . strip_tags($addURLS) . “
    CURRENT Content: ” . $curText . “
    NEW Content: ” . htmlentities($_POST[‘newText’]) . “

    “;
    $message .= ““;

    // MAKE SURE THE “FROM” EMAIL ADDRESS DOESN’T HAVE ANY NASTY STUFF IN IT

    $pattern = “/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i”;
    if (preg_match($pattern, trim(strip_tags($_POST[‘req-email’])))) {
    $cleanedFrom = trim(strip_tags($_POST[‘req-email’]));
    } else {
    return “The email address you entered was invalid. Please try again!”;
    }

    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS

    $to = ‘rac[email protected]’;

    $subject = ‘Group Travel Quote Form’;

    $headers = “From: ‘[email protected]’ ;
    $headers .= “Reply-To: “. strip_tags($_POST[‘req-email’]) . “rn”;
    $headers .= “MIME-Version: 1.0rn”;
    $headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;

    if (mail($to, $subject, $message, $headers)) {
    echo ‘Your message has been sent.’;
    } else {
    echo ‘There was a problem sending the email.’;
    }

    // DON’T BOTHER CONTINUING TO THE HTML…
    die();

    }
    } else {

    if (!isset($_SESSION[$form.’_token’])) {

    } else {
    echo “Hack-Attempt detected. Got ya!.”;
    writeLog(‘Formtoken’);
    }

    }

    ?>


    Website Change Request Form




    Group Travel Quote Form


    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />





    ” />


    ” />

    ” />

    ” />

    ” />






    Contact.php (which is the one that used to be html which I re-saved)

    Code:


    Contact Leader Tours

    Leader Tours by Downunder Travel

    We are the LEADERS in GROUP TRAVEL!

    Tour Packages, Airfare, Accommodation, Tours, Sightseeing, whatever you need, we have the travel options available to suit your needs and budget. We are able to organize and personalize your Group Travel!

    Local destination knowledge and itinerary planning can really make a difference between an ordinary holiday and a fantastic holiday!

    [color=#FF0000][b]
    [/b][/color]

    Our experienced and knowledgeable Group Travel Specialist Agents are able to assist you and enhance your holiday experience to the absolute maximum!

    Call today and discuss your Group Travel Plans.

    1-888-485-6589

    EMAIL US – where you would like to travel on a GROUP Tour, we will see
    what can be arranged.

    Leader Tours Logo

    CONTACT US

    Leader Tours by Downunder Travel
    Lower Level, 121 14 th Street
    Calgary, Alberta
    Canada, T2N 1Z6

    Phone: 1-888-485-6589
    Email: [email protected]

    Scotland

    Rio de Janeiro

    JS stuff I left the same.

    Please help me and tell me what is wrong!

    THANKS IN ADVANCE!!

    RACHEL

    #62719
    AlCapone
    Participant

    Firstly, go to you contact us php file which is online, view the page source… Its missing loads compared to the code that you pasted here.
    Secondly what is this,

    Code:
    [color=#FF0000][b]
    [/b][/color]

    Should it not just be

    Code:

    Also, i might be wrong but i am sure that these bits of code,

    Code:

    should be inside the <head> tags, not outside.

    #62779
    olive21
    Member

    hello, thanks so much

    so i tried to put the site back up , but the same things is happening with it again, it stops showing code past this code

    <?php include(‘contactform.php’); ?> i just move lower. So something lies with the php contact form. What about my validation and js query code? What am I doing wrong? Is there another submission I can create that will work simple and effectively?

    Here is the site again. http://www.leadertours.ca/contact.php and the problem is that my contactform.php which included in the contact.php is not showing up? What do I do? Please help.

    Code:

    Contact Us | LEADER TOURS


    Contact Leader Tours

    Leader Tours by Downunder Travel

    We are the LEADERS in GROUP TRAVEL!

    Tour Packages, Airfare, Accommodation, Tours, Sightseeing, whatever you need, we have the travel options available to suit your needs and budget. We are able to organize and personalize your Group Travel!

    Local destination knowledge and itinerary planning can really make a difference between an ordinary holiday and a fantastic holiday!

    Our experienced and knowledgeable Group Travel Specialist Agents are able to assist you and enhance your holiday experience to the absolute maximum!

    Call today and discuss your Group Travel Plans.

    1-888-485-6589

    EMAIL US – where you would like to travel on a GROUP Tour, we will see
    what can be arranged.

    Leader Tours Logo

    CONTACT US

    Leader Tours by Downunder Travel
    Lower Level, 121 14 th Street
    Calgary, Alberta
    Canada, T2N 1Z6

    Phone: 1-888-485-6589
    Email: [email protected]

    Scotland

    Rio de Janeiro

    [b]the php ( include contact form should be here) but its not and the page code cuts off, because I have end page wrap, end body and it cuts off???)[/b]

    #62795
    Rob MacKay
    Participant

    Looks like you didnt close your " :D

    $headers = "From: [email protected]‘ ;

    should be

    $headers = "From: [email protected]‘ ";

    see if that helps :)

Viewing 4 posts - 1 through 4 (of 4 total)
  • The forum ‘Back End’ is closed to new topics and replies.