- This topic is empty.
-
AuthorPosts
-
August 25, 2009 at 9:36 pm #25883olive21Member
Hello
I created this site http://www.leadertours.ca and the client wanted me to create a submission form and paste into the existing contact form. I used the tutorial from css-tricks # 62, and changed and removed a fews things.
1. I had the existing contact.html which I re-saved as a php and added a code <?php include(‘contactform.php’); ?>
to included the php form that i changed from the downloaded files from css-tricks # 62.2. I posted to see if it works it doesn’t so i placed it online http://www.leadertours.ca/contact.php.
3rd Problem is that I have i dont know where to put the js stuff into re-saved contact.html to php. What do I do with that.
So the stylized, and the validation is included. I have no clue how to go about it.Please help, this client needs by this weekend I already emailed Chris but I though to take two measures to fix this issue.
And I tried to figure it out on my own.Please find the
Code: contactform.php attached which is the one i re-named (from the downloaded files from css tricks)
Code:>
There was a hacking attempt on your form. n
Date of Attack: {$date}
IP-Adress: {$ip} n
Host of Attacker: {$host}
Point of Attack: {$where}
<< End of Message >>
LOG;
// Awkward but LOG must be flush left// open log file
if($handle = fopen(‘hacklog.log’, ‘a’)) {fputs($handle, $logging); // write the Data to file
fclose($handle); // close the file} else { // if first method is not working, for example because of wrong file permissions, email the data
$to = ‘[email protected]’;
$subject = ‘HACK ATTEMPT’;
$header = ‘From: [email protected]’;
if (mail($to, $subject, $logging, $header)) {
echo “Sent notice to admin.”;
}}
}function verifyFormToken($form) {
// check if a session is started and a token is transmitted, if not return an error
if(!isset($_SESSION[$form.’_token’])) {
return false;
}// check if the form is sent with token in it
if(!isset($_POST[‘token’])) {
return false;
}// compare the tokens against each other if they are still the same
if ($_SESSION[$form.’_token’] !== $_POST[‘token’]) {
return false;
}return true;
}function generateFormToken($form) {
// generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods…
$token = md5(uniqid(microtime(), true));// Write the generated token to the session variable to check it against the hidden field when the form is sent
$_SESSION[$form.’_token’] = $token;return $token;
}// VERIFY LEGITIMACY OF TOKEN
if (verifyFormToken(‘form1’)) {// CHECK TO SEE IF THIS IS A MAIL POST
if (isset($_POST[‘URL-main’])) {// Building a whitelist array with keys which will send through the form, no others would be accepted later on
$whitelist = array(‘token’,’req-name’,’req-email’,’typeOfChange’,’urgency’,’URL-main’,’addURLS’, ‘curText’, ‘newText’, ‘save-stuff’, ‘mult’);// Building an array with the $_POST-superglobal
foreach ($_POST as $key=>$item) {// Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
if (!in_array($key, $whitelist)) {writeLog(‘Unknown form fields’);
die(“Hack-Attempt detected. Please use only the fields in the form”);}
}// Lets check the URL whether it’s a real URL or not. if not, stop the script
if(!filter_var($_POST[‘URL-main’],FILTER_VALIDATE_URL)) {
writeLog(‘URL Validation’);
die(‘Hack-Attempt detected. Please insert a valid URL’);
}// SAVE INFO AS COOKIE, if user wants name and email saved
$saveCheck = $_POST[‘save-stuff’];
if ($saveCheck == ‘on’) {
setcookie(“WRCF-Name”, $_POST[‘req-name’], time()+60*60*24*365);
setcookie(“WRCF-Email”, $_POST[‘req-email’], time()+60*60*24*365);
}// PREPARE THE BODY OF THE MESSAGE
$message = ‘
‘;$message .= ‘
‘;
$message .= “
Your Full Name: ” . strip_tags($_POST[‘req-name’]) . “ “;
$message .= “
Group Name: ” . strip_tags($_POST[‘req-groupname’]) . “ “;
$message .= “
Adress: ” . strip_tags($_POST[‘req-adress’]) . “ “;
$message .= “
Adress: ” . strip_tags($_POST[‘req-adress’]) . “ “;
$message .= “
City: ” . strip_tags($_POST[‘req-city’]) . “ “;
$message .= “
Country: ” . strip_tags($_POST[‘req-country’]) . “ “;
$message .= “
Home Phone: ” . strip_tags($_POST[‘req-homephone’]) . “ “;
$message .= “
Business Phone: ” . strip_tags($_POST[‘req-businessphone’]) . “ “;
$message .= “
Your email: ” . strip_tags($_POST[‘req-email’]) . “ “;
$message .= “
Trip Information: ” . strip_tags($_POST[‘req-trip’]) . “ “;
$message .= “
Proposed Group Size: ” . strip_tags($_POST[‘req-size’]) . “ “;
$message .= “
Type of Change: ” . strip_tags($_POST[‘typeOfChange’]) . “ “;
$message .= “
Preferred Departure City: ” . strip_tags($_POST[‘req-pref’]) . “ “;
$message .= “
Proposed Travel Dates: ” . strip_tags($_POST[‘req-date’]) . “ “;
$message .= “
Destination: ” . strip_tags($_POST[‘req-dest’]) . “ “;
$message .= “
Departure Date: ” . strip_tags($_POST[‘req-dep’]) . “ “;
$message .= “
Are you attending?: ” . strip_tags($_POST[‘attending’]) . “ “;
$message .= “
Do you need?: ” . strip_tags($_POST[‘need’]) . “ “;
$message .= “
URL To Change (main): ” . $_POST[‘URL-main’] . “ “;
$addURLS = $_POST[‘addURLS’];
if (($addURLS) != ”) {
$message .= “URL To Change (additional): ” . strip_tags($addURLS) . “ “;
}
$curText = htmlentities($_POST[‘curText’]);
if (($curText) != ”) {
$message .= “CURRENT Content: ” . $curText . “ “;
}
$message .= “NEW Content: ” . htmlentities($_POST[‘newText’]) . “ “;
$message .= ““;
$message .= ““;// MAKE SURE THE “FROM” EMAIL ADDRESS DOESN’T HAVE ANY NASTY STUFF IN IT
$pattern = “/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i”;
if (preg_match($pattern, trim(strip_tags($_POST[‘req-email’])))) {
$cleanedFrom = trim(strip_tags($_POST[‘req-email’]));
} else {
return “The email address you entered was invalid. Please try again!”;
}// CHANGE THE BELOW VARIABLES TO YOUR NEEDS
$to = ‘[email protected]’;
$subject = ‘Group Travel Quote Form’;
$headers = “From: ‘[email protected]’ ;
$headers .= “Reply-To: “. strip_tags($_POST[‘req-email’]) . “rn”;
$headers .= “MIME-Version: 1.0rn”;
$headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;if (mail($to, $subject, $message, $headers)) {
echo ‘Your message has been sent.’;
} else {
echo ‘There was a problem sending the email.’;
}// DON’T BOTHER CONTINUING TO THE HTML…
die();}
} else {if (!isset($_SESSION[$form.’_token’])) {
} else {
echo “Hack-Attempt detected. Got ya!.”;
writeLog(‘Formtoken’);
}}
?>
Website Change Request Form
Group Travel Quote Form
Contact.php (which is the one that used to be html which I re-saved)
Code:
Contact Leader Tours
Leader Tours by Downunder Travel We are the LEADERS in GROUP TRAVEL!
Tour Packages, Airfare, Accommodation, Tours, Sightseeing, whatever you need, we have the travel options available to suit your needs and budget. We are able to organize and personalize your Group Travel!
Local destination knowledge and itinerary planning can really make a difference between an ordinary holiday and a fantastic holiday!
[color=#FF0000][b]
[/b][/color]Our experienced and knowledgeable Group Travel Specialist Agents are able to assist you and enhance your holiday experience to the absolute maximum!
Call today and discuss your Group Travel Plans. 1-888-485-6589
EMAIL US – where you would like to travel on a GROUP Tour, we will see
what can be arranged.
CONTACT US
Leader Tours by Downunder Travel
Lower Level, 121 14 th Street
Calgary, Alberta
Canada, T2N 1Z6Phone: 1-888-485-6589
Email: [email protected]JS stuff I left the same.
Please help me and tell me what is wrong!
THANKS IN ADVANCE!!
RACHEL
August 26, 2009 at 6:41 am #62719AlCaponeParticipantFirstly, go to you contact us php file which is online, view the page source… Its missing loads compared to the code that you pasted here.
Secondly what is this,Code:[color=#FF0000][b]
[/b][/color]Should it not just be
Code:Also, i might be wrong but i am sure that these bits of code,
Code:
should be inside the <head> tags, not outside.
August 26, 2009 at 11:44 pm #62779olive21Memberhello, thanks so much
so i tried to put the site back up , but the same things is happening with it again, it stops showing code past this code
<?php include(‘contactform.php’); ?> i just move lower. So something lies with the php contact form. What about my validation and js query code? What am I doing wrong? Is there another submission I can create that will work simple and effectively?
Here is the site again. http://www.leadertours.ca/contact.php and the problem is that my contactform.php which included in the contact.php is not showing up? What do I do? Please help.
Code:
Contact Us | LEADER TOURS
Contact Leader Tours
Leader Tours by Downunder Travel We are the LEADERS in GROUP TRAVEL!
Tour Packages, Airfare, Accommodation, Tours, Sightseeing, whatever you need, we have the travel options available to suit your needs and budget. We are able to organize and personalize your Group Travel!
Local destination knowledge and itinerary planning can really make a difference between an ordinary holiday and a fantastic holiday!
Our experienced and knowledgeable Group Travel Specialist Agents are able to assist you and enhance your holiday experience to the absolute maximum!
Call today and discuss your Group Travel Plans. 1-888-485-6589
EMAIL US – where you would like to travel on a GROUP Tour, we will see
what can be arranged.
CONTACT US
Leader Tours by Downunder Travel
Lower Level, 121 14 th Street
Calgary, Alberta
Canada, T2N 1Z6Phone: 1-888-485-6589
Email: [email protected][b]the php ( include contact form should be here) but its not and the page code cuts off, because I have end page wrap, end body and it cuts off???)[/b]
August 27, 2009 at 4:22 am #62795Rob MacKayParticipantLooks like you didnt close your " :D
$headers = "From: ‘[email protected]‘ ;
should be
$headers = "From: ‘[email protected]‘ ";
see if that helps :)
-
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.