smc2008
07-03-2008, 06:49 PM
I'm having intermittent problems with our web form. It seems to work for most, but some people have contacted us saying they can't submit it. It's very basic and I might have made some really stupid mistakes. Any help would be so greatly appreciated. Thanks!
***I replaced a few somewhat private things with "blank". Probably no need to, but better safe than sorry.
---------------------------
<?php
//
$valid_ref1="http://blank.com/contact.html";
$valid_ref2="http://www.blank.com/contact.html";
$valid_ref3="http://www.blank2.com/contact.html";
$valid_ref4="http://blank2.com/contact.html";
$valid_ref5="http://blank3.com/contact.html";
$valid_ref6="http://www.blank3.com/contact.html";
$replyemail="info@blank.com";
// ------------------------------------------------------------
//clean input in case of header injection attempts!
function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
$patterns[4] = '/\r/';
$patterns[5] = '/\n/';
$patterns[6] = '/%0a/';
$patterns[7] = '/%0d/';
}
//NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0.
return preg_replace($patterns, "", ucwords($value));
}
$name = clean_input_4email($_POST["name"]);
$email = clean_input_4email($_POST["email"]);
$phonenumber = clean_input_4email($_POST["phonenumber"]);
$address = clean_input_4email($_POST["address"]);
$city = clean_input_4email($_POST["city"]);
$state = clean_input_4email($_POST["state"]);
$zipcode = clean_input_4email($_POST["zipcode"]);
$utility = clean_input_4email($_POST["utility"]);
$source = clean_input_4email($_POST["source"]);
$themessage = clean_input_4email($_POST["themessage"], false);
foreach($_POST['hearabout'] as $value)
{
$hearabout_list .="$value ";
}
$error_msg='ERROR - Your information has not sent. Please verify your information and try again or contact us at info@blank.com.';
$success_sent_msg='<p align="center"><strong> </strong></p>
<p align="center"><strong>Your information has been successfully sent to us and an blank will contact as soon as possible.</p>
<p align="center">A confirmation has been sent to your e-mail.</p>
<p align="center">Thank you for contacting blank.</p>
<p align="center">Back To <a href="http://www.blank.com">Homepage</a>.</p>
';
$replymessage = "Greetings $name,
Thank you for your interest in blank with blank.
An blank will contact as soon as possible for a free, no-obligation
blank consultation.
You may reply to this email or contact us by calling 303-000-0000 with any
additional questions or concerns.
Thanks again for your interest,
blank
CEO & President
blank
A Division of blank";
// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"><!--\n ";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}
$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
elseif($ref_page==$valid_ref3) $valid_referrer=1;
elseif($ref_page==$valid_ref4) $valid_referrer=1;
elseif($ref_page==$valid_ref5) $valid_referrer=1;
elseif($ref_page==$valid_ref6) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"><!--\n alert(\"$error_msg\");\n";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}
$aesmessage = "Name: $name \nEmail Address: $email \n\nPhone Number: $phonenumber \nSite Address: $address \nCity: $city \nState: $state \nZip Code: $zipcode \n
Utility Company: $utility \n\nHow they heard about us: $hearabout_list \nSource: $source \n\nAdditional Information: $themessage";
mail("$replyemail",
"$name",
"$aesmessage",
"From: $email\nReply-To: $email");
mail("$email",
"Thank You For Choosing blank",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;
?>
--------------------------------------------
***I replaced a few somewhat private things with "blank". Probably no need to, but better safe than sorry.
---------------------------
<?php
//
$valid_ref1="http://blank.com/contact.html";
$valid_ref2="http://www.blank.com/contact.html";
$valid_ref3="http://www.blank2.com/contact.html";
$valid_ref4="http://blank2.com/contact.html";
$valid_ref5="http://blank3.com/contact.html";
$valid_ref6="http://www.blank3.com/contact.html";
$replyemail="info@blank.com";
// ------------------------------------------------------------
//clean input in case of header injection attempts!
function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
$patterns[4] = '/\r/';
$patterns[5] = '/\n/';
$patterns[6] = '/%0a/';
$patterns[7] = '/%0d/';
}
//NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0.
return preg_replace($patterns, "", ucwords($value));
}
$name = clean_input_4email($_POST["name"]);
$email = clean_input_4email($_POST["email"]);
$phonenumber = clean_input_4email($_POST["phonenumber"]);
$address = clean_input_4email($_POST["address"]);
$city = clean_input_4email($_POST["city"]);
$state = clean_input_4email($_POST["state"]);
$zipcode = clean_input_4email($_POST["zipcode"]);
$utility = clean_input_4email($_POST["utility"]);
$source = clean_input_4email($_POST["source"]);
$themessage = clean_input_4email($_POST["themessage"], false);
foreach($_POST['hearabout'] as $value)
{
$hearabout_list .="$value ";
}
$error_msg='ERROR - Your information has not sent. Please verify your information and try again or contact us at info@blank.com.';
$success_sent_msg='<p align="center"><strong> </strong></p>
<p align="center"><strong>Your information has been successfully sent to us and an blank will contact as soon as possible.</p>
<p align="center">A confirmation has been sent to your e-mail.</p>
<p align="center">Thank you for contacting blank.</p>
<p align="center">Back To <a href="http://www.blank.com">Homepage</a>.</p>
';
$replymessage = "Greetings $name,
Thank you for your interest in blank with blank.
An blank will contact as soon as possible for a free, no-obligation
blank consultation.
You may reply to this email or contact us by calling 303-000-0000 with any
additional questions or concerns.
Thanks again for your interest,
blank
CEO & President
blank
A Division of blank";
// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"><!--\n ";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}
$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
elseif($ref_page==$valid_ref3) $valid_referrer=1;
elseif($ref_page==$valid_ref4) $valid_referrer=1;
elseif($ref_page==$valid_ref5) $valid_referrer=1;
elseif($ref_page==$valid_ref6) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"><!--\n alert(\"$error_msg\");\n";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}
$aesmessage = "Name: $name \nEmail Address: $email \n\nPhone Number: $phonenumber \nSite Address: $address \nCity: $city \nState: $state \nZip Code: $zipcode \n
Utility Company: $utility \n\nHow they heard about us: $hearabout_list \nSource: $source \n\nAdditional Information: $themessage";
mail("$replyemail",
"$name",
"$aesmessage",
"From: $email\nReply-To: $email");
mail("$email",
"Thank You For Choosing blank",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;
?>
--------------------------------------------