FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


PHP Form Question





gqlegacy
I recently searched for a PHP form creator and came across what appeared to be a free PHP online form creator at www.freeformmaker.com. I absolutely no nothing about PHP coding, but I am a web developer (designer). Well, I proceeded to make the form online, downloaded the php file, uploaded it to one of my website. When filling out the custom created form online, it works fine. No problems.

My concerns are:

1. Is this a secure solution?

2. The ADMIN email in line 6 of the code is not mine and is automatically set in the code.

3. I don't know if the person at jb@bwp.net is keeping track of all form activity.

4. If I take the ADMIN email out, the form doesn't work anymore....

5. There are other mentions of the website www.freeformmaker.com in the code, and of linux support.


I think its kind of suspect to offer this brilliant solution for FREE with no strings attached. Is there an alternative I can do instead of placing his email in the code? or is there another method of getting code in this manner.

I know I am acking a lot, but I really need help with this stuff, can you can't trust everything these days.

My custom code is processed below. Note: There are mentions in the (templated) code of many elements that may, or may not be used in the custom form. I just need it to process regular contact forms, not for other reasons like processing credit cards as it refers to.


Code:
<?php
error_reporting(E_PARSE);
define("ADMIN_MAIL", "jb@bwp.net");
define("HOST_NAME", $_SERVER['HTTP_HOST']);
define("PHP_SELF", $_SERVER['PHP_SELF']);
define("ERR_MISSING", "Missing required field : ");
define("ERR_EMAIL", "Please enter a valid e-mail address : ");
define("ERR_CREDIT_CARD_NUMBER", "Please check the credit card number : ");
define("ERR_CREDIT_CARD_EXPIRED", "Please check the credit card expiry date : ");
define("ERR_SELECT_UPLOAD", "Please select file : ");// recipient
 define('FORM_RECIPIENT', 'gqlegacy@yahoo.com');
// --- Array of Form Elements ---
$form_mail[] = array( "name" => "Full_Name", "text" => "Full Name",  "type" => "text", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Address", "text" => "Address",  "type" => "text", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Address_2", "text" => "Address 2",  "type" => "text", "required" => "" ) ;
$form_mail[] = array( "name" => "City", "text" => "City",  "type" => "text", "required" => "Required" ) ;
$form_mail[] = array( "name" => "State", "text" => "State",  "type" => "text", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Zip", "text" => "Zip",  "type" => "text", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Phone", "text" => "Phone",  "type" => "text", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Email", "text" => "Email",  "type" => "email", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Estimated_Investment_Limit", "text" => "Estimated Investment Limit",  "type" => "select", "required" => "Required" ) ;
$form_mail[] = array( "name" => "I_am_interested_in", "text" => "I am interested in",  "type" => "select", "required" => "Required" ) ;
$form_mail[] = array( "name" => "Please_send_me_a_brochure_by_mail", "text" => "Please send me a brochure by mail",  "type" => "checkbox", "required" => "" ) ;
$form_mail[] = array( "name" => "Reference", "text" => "How did you hear about us?",  "type" => "select", "required" => "" ) ;
$form_mail[] = array( "name" => "Property_Images_(10MB_limit)", "text" => "Property Images (10MB limit)",  "type" => "attachment", "required" => "" ) ;
$form_mail[] = array( "name" => "Additional_Comments", "text" => "Additional Comments ",  "type" => "textarea", "required" => "" ) ;


// -- Create new vars for checkPass() & sendFormMail() --
$Please_send_me_a_brochure_by_mail = array();
$Please_send_me_a_brochure_by_mail[0]=$HTTP_POST_VARS[ "Checkbox01_Please_send_me_a_brochure_by_mail"];
$HTTP_POST_VARS[ "Please_send_me_a_brochure_by_mail" ] = join( "\n", $Please_send_me_a_brochure_by_mail);




// -- Detech Submit & SendMail --
$isHideForm = false;
if( $HTTP_POST_VARS["formmail_submit"] ){
   $sErr = checkPass();
   if( ! $sErr ){
      sendFormMail( $form_mail, "form") ;
      $isHideForm = true;

      $redirect = "";
      if( strlen(trim($redirect)) ):
         header( "Location:$redirect" );
         exit;
      endif;
   }
}


?>
<?
// ===============================================
function    sendFormMail( $form_mail, $sFileName = ""  )
{
    global    $HTTP_POST_VARS ;

    if (ereg('/freeformmaker.com/', HOST_NAME))
    {
        return;
    }
   $to = FORM_RECIPIENT;
   $from = "NO_REPLY@" . HOST_NAME;
   $subject = $HTTP_POST_VARS["esh_formmail_subject"];

   // first stage keep it simple:
   $sWhatToDo = $sFileName ? "mailandfile" : "" ; //$HTTP_POST_VARS["esh_formmail_mail_and_file"];

   //$sFileName = $HTTP_POST_VARS["esh_formmail_save_record_file"];
   $cc = $HTTP_POST_VARS["esh_formmail_cc"];
   $bcc = $HTTP_POST_VARS["esh_formmail_bcc"];
   $charset = $HTTP_POST_VARS["esh_formmail_charset"];

    for( $i = 0; $i < count( $form_mail ); $i ++ ){
        $value = trim( $HTTP_POST_VARS[ $form_mail[ $i ][ "name" ] ] );
        $content .= $form_mail[ $i ][ "text" ] . " \t : " . $value ."\n";
        $line .= remove_newline( $value ) . "\t" ;
      if( strtolower("Sender's email") == strtolower($form_mail[ $i ][ "type" ]) ) {
         //print "Type:[" . $form_mail[ $i ][ "type" ] . "] $value <br>\n";
         $from = $value ;
      }
    };
    $content .= "\n\nIP:" . getEnv( "REMOTE_ADDR" );

   switch( strtolower($sWhatToDo) ){
      case "mailandfile" :
           mailAttachments( $to , $subject , $content,  $from,  $charset, $cc , $bcc ) ;
           if( ! appendToFile( $sFileName, $line ) )
            mailReport( $content . "\n\nWrite Form Mail to File Fail." );
         break;

      case "fileonly" :
           if( ! appendToFile( $sFileName, $line ) )
            mailReport( $content . "\n\nWrite Form Mail to File Fail.", $from );
         break;

      default :
           mailAttachments( $to , $subject , $content,  $from,  $charset, $cc , $bcc ) ;
   }

   mailAutoResponse( $from ) ;
}


//------------------------------------------------------------------------------------------
function mailAutoResponse( $to ){
    global    $HTTP_POST_VARS ;
   $subject = $HTTP_POST_VARS["esh_formmail_return_subject"];
   $responseMsg = $HTTP_POST_VARS["esh_formmail_return_msg"];
   if( $to && $responseMsg )
      mail( $to, $subject, $responseMsg, "From: " . FORM_RECIPIENT);
}


//------------------------------------------------------------------------------------------
function mailReport( $content = "", $from = "" ){
   mail( ADMIN_MAIL, "Error@" . HOST_NAME . PHP_SELF, $content, "From:$from" );
}

//------------------------------------------------------------------------------------------
function   remove_newline( $str = "" ){
   $newliner = "<!--esh_newline-->" ; // replace \r\n with $newliner ;
   $newtaber = "<!--esh_newtaber-->" ; // replace \t with $newtaber ;
   $str = ereg_replace( "\t", $newtaber, $str );
   $str = ereg_replace( "\r\n", $newliner, $str );
   return ereg_replace( "\n", $newliner, $str );
}

//------------------------------------------------------------------------------------------
function   checkPass()
{
   global   $form_mail ;
   global   $HTTP_POST_VARS ;
    global    $HTTP_POST_FILES ;

   for( $i = 0; $i < count( $form_mail ); $i ++ ){
      $type = strtolower( $form_mail[ $i ][ "type" ]  );
      $value = trim( $HTTP_POST_VARS[ $form_mail[ $i ][ "name" ] ] );
      $required = $form_mail[ $i ][ "required" ] ;
      $text = stripslashes( $form_mail[ $i ][ "text" ] );

      // simple check the field has something keyed in.
      if( !strlen($value) && (  $required == "Required" ) && $type != "attachment" )
         return ERR_MISSING . $text  ;

      // verify the special case
      if(
         ( strlen($value) || $type == "attachment" )
         &&  $required == "Required"
      ):
         switch( $type ){
               case    strtolower("Sender's Name") :
                       break;
               case    strtolower("Generic email"):
               case    strtolower("Sender's email"):
                        if( ! formIsEMail($value) )    return ERR_EMAIL . $text ;
                        break;
               case   "text" :
                        break;
               case    "textarea" :
                        break;
               case   "checkbox" :
               case    "radio" :
                        break;
               case    "select" :
                        break;
               case    "attachment" :
                        $upload_file = $HTTP_POST_FILES[ $form_mail[ $i ]["name"] ][ "tmp_name" ] ;
                        if( ! is_uploaded_file($upload_file)  )
                           return  ERR_SELECT_UPLOAD . $text;
                        break;
               case strtolower("Date(MM-DD-YYYY)"):
                        break;
               case strtolower("Date(MM-YYYY)"):
                        break;
               case strtolower("CreditCard(MM-YYYY)"):
                        if( $value < date("Y-m") ) return ERR_CREDIT_CARD_EXPIRED  . $text;
                        break;
               case strtolower("CreditCard#"):
                        if( !formIsCreditNumber( $value )  ) return ERR_CREDIT_CARD_NUMBER  . $text ;
                        break;
               case strtolower("Time(HH:MM:SS)"):
                        break;
               case strtolower("Time(HH:MM)"):
                        break;
               default :
                  //return $sErrRequired . $form_mail[ $i ][ "text" ];
            } // switch
      endif;
   } // for

   return "" ;
}



//------------------------------------------------------------------------------------------
function formSelected( $var, $val )
{
    echo ( $var == $val ) ? "selected" : "";
}


//------------------------------------------------------------------------------------------
function formChecked( $var, $val )
{
    echo ( $var == $val ) ? "checked" : "";
}


//------------------------------------------------------------------------------------------
function    formIsEMail( $email ){
        return ereg( "^(.+)@(.+)\\.(.+)$", $email );
}


//------------------------------------------------------------------------------------------
function    selectList( $name, $selectedValue, $start, $end, $prompt = "-Select-", $style = "" )
{
    $tab = "\t" ;
    print "<select name=\"$name\" $style>\n" ;
    print $tab . "<option value=''>$prompt</option>\n" ;
    $nLen = strlen( "$end" ) ;
    $prefix_zero = str_repeat( "0", $nLen );
    for( $i = $start; $i <= $end ; $i ++ ){
        $stri = substr( $prefix_zero . $i, strlen($prefix_zero . $i)-$nLen, $nLen );
        $selected = ( $stri == $selectedValue ) ? " selected " : "" ;
        print $tab . "<option value=\"$stri\" $selected >$stri</option>\n" ;
    }
    print "</select>\n\n" ;
}


//------------------------------------------------------------------------------------------
// something like CreditCard.pm in perl CPAN
function formIsCreditNumber( $number ) {

    $tmp = $number;
    $number = preg_replace( "/[^0-9]/", "", $tmp );

    if ( preg_match(  "/[^\d\s]/", $number ) )  return 0;
    if ( strlen($number) < 13  && 0+$number ) return 0;

    for ($i = 0; $i < strlen($number) - 1; $i++) {
        $weight = substr($number, -1 * ($i + 2), 1) * (2 - ($i % 2));
        $sum += (($weight < 10) ? $weight : ($weight - 9));
    }

    if ( substr($number, -1) == (10 - $sum % 10) % 10  )  return $number;
    return $number;
}


// -------------------------- Begin Mail Attachment Functions -----------------------------------------------------------------
function    mailAttachments( $to = "" , $subject = "" , $message = "" , $from = "support@lynx.net" , $charset = "iso-8859-1", $cc = "" , $bcc = "" ){
    global    $HTTP_POST_FILES ;

        if( ! strlen( trim( $to ) ) ) return "Missing \"To\" Field." ;

        $boundary = "====_My_PHP_Form_Generator_" . md5( uniqid( srand( time() ) ) ) . "====";

        // setup mail header infomation
        $headers = "From: $from\r\n";
        if ($cc) $headers .= "CC: $cc\r\n";
        if ($bcc) $headers .= "BCC: $bcc\r\n";
      $plainHeaders = $headers ; // for no attachments header
        $headers .= "MIME-Version: 1.0\nContent-type: multipart/mixed;\n\tboundary=\"$boundary\"\n";

        $txtMsg = "\nThis is a multi-part message in MIME format.\n" .
                        "\n--$boundary\n" .
                        "Content-Type: text/plain;\n\tcharset=\"$charset\"\n\n"  . $message . "\n";

        //create mulitipart attachments boundary
        $sError = "" ;
        $nFound = 0;
        foreach( $HTTP_POST_FILES as $aFile ){
                    $sFileName = $aFile[ "tmp_name" ] ;
                    $sFileRealName = $aFile[ "name" ] ;
                    if( is_file( $sFileName ) ):

                        if( $fp = fopen( $sFileName, "rb" ) ) :
                            $sContent = fread( $fp, filesize( $sFileName ) );
                            $sFName = basename( $sFileRealName ) ;
                            $sMIME = getMIMEType( $sFName ) ;

                            $bPlainText = ( $sMIME == "text/plain" ) ;
                            if( $bPlainText ) :
                                $encoding = "" ;
                            else:
                                $encoding = "Content-Transfer-Encoding: base64\n";
                                $sContent = chunk_split( base64_encode( $sContent ) );
                            endif;

                            $sEncodeBody .=     "\n--$boundary\n" .
                                                        "Content-Type: $sMIME;\n" .
                                                        "\tname=\"$sFName\"\n" .
                                                        $encoding .
                                                        "Content-Disposition: attachment;\n" .
                                                        "\tfilename=\"$sFName\"\n\n" .
                                                        $sContent . "\n" ;
                            $nFound ++;
                        else:
                            $sError .= "<br>File $sFileName can not open.\n" ;
                        endif; // if( $fp = fopen( $sFileName, "rb" ) ) :

                    else:
                        $sError .= "<br>File $sFileName doesn't exist.\n" ;
                    endif; //if( file_exists( $sFileName ) ):
        }; // end foreach

         $sEncodeBody .= "\n\n--$boundary--" ;
         $sSource = $txtMsg . $sEncodeBody ;


       $nFound ? mail( $to, $subject, $sSource, $headers  )
                      : mail( $to, $subject, $message, $plainHeaders );

        return $sError ;
}

/* ---------------------------------------------------------------------------------------------------
    Parameters: $sFileName
    Return :
        1. "" :  no extendsion name, or sFileName is empty
        2. string: MIME Type name of array aMimeType's definition.
   ---------------------------------------------------------------------------------------------------*/
function    getMIMEType( $sFileName = "" ) {

        $sFileName = strtolower( trim( $sFileName ) );
        if( ! strlen( $sFileName  ) ) return "";

        $aMimeType = array(
                                        "txt" => "text/plain" ,
                                        "pdf" => "application/pdf" ,
                                        "zip" => "application/x-compressed" ,

                                        "html" => "text/html" ,
                                        "htm" => "text/html" ,

                                        "avi" => "video/avi" ,
                                        "mpg" => "video/mpeg " ,
                                        "wav" => "audio/wav" ,

                                        "jpg" => "image/jpeg " ,
                                        "gif" => "image/gif" ,
                                        "tif" => "image/tiff " ,
                                        "png" => "image/x-png" ,
                                        "bmp" => "image/bmp"
                                    );
        $aFile = split( "\.", basename( $sFileName ) ) ;
        $nDiminson = count( $aFile ) ;
         $sExt = $aFile[ $nDiminson - 1 ] ; // get last part: like ".tar.zip", return "zip"

        return ( $nDiminson > 1 ) ? $aMimeType[ $sExt ] : "";
}
// End Mail Attachment Functions


//------------------------------------------------------------------------------------------
function    appendToFile( $sFileName = "", $line = "" ){
    if( !$sFileName || !$line ) return 0;
    $hFile = fopen( "$sFileName", "a+w" );
    $nBytes = 0;
    if( $hFile ){
        $nBytes = fputs( $hFile , trim($line)."\r\n" );
        fclose( $hFile );
    };
    return $nBytes ;
}
?>



Please email responses to nick.crawford@yahoo.com, I haven't figured out how to register to this forum yet, and just wanted to hurry to get some help. Thanks a bunch!


Nickolas[/list]
Bondings
Nickolas, the registration was giving an error due to the php 5 upgrade, my apologies about that. I fixed it now so you should be able to register on http://www.frihost.com/account/register.php .

About the script. The email seems to be only used for errors. If there is an error, it sends the details to that email address. If you don't want that, simply change it to your own email.
Related topics
Please help with php-quick question
php nuke question
Uplaoding images using php form :::: Help needed
Php form.
Anyone care to help me with a simple PHP Form ?
PHP Form Sending problem
200F$ for a php form.
I need a complex php/flash form... 250FRIH$
anyone know of a good php form processer script
My php Form tutorial
Html Forms help please?
cannot add data to mysql from PHP form
800$ frih for grab, php form small correction - urgent
Form handling in php is a pain in the neck
Reply to topic    Frihost Forum Index -> Support and Web Hosting -> Guests

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.