Forum

Thread tagged as: Question, Problem, Configuration

Php code question

Hello

I am using a php contact form in my site and the processing code sits at the top of the page before the <doctype html> as below.

I would like to allow my client to edit a couple of items in the php code through perch.

The code does not work used with place in the code-block.html and can I use php template functions n php code? Is this possible at all?

My code is here and I want the client to be able to edit the email addresses.

<?php include('../perch/runtime.php'); ?>
<?php
session_start();
$primary_recipient = "courtneyweb@mail.com"; 
$cc_recipients = ""; 
$bcc_recipients = ""; 
$thanksPage = '/thank-you.php';
$yourWebsite = "QUICK SPACE";  
$maxPoints = 4; 
$requiredFields = "name,company,phone,email,comments";
$prevent_repeats = true; 

// DO NOT EDIT BELOW HERE
$error_msg = array();
$result = null;

$requiredFields = explode( ",", $requiredFields );

function clean($data) {
    $data = trim( stripslashes( strip_tags( $data ) ) );
    return $data;
}
function is_bot() {
    $bots = array( "Indy", "Blaiz", "Java", "libwww-perl", "Python", "OutfoxBot", "User-Agent", "PycURL", "AlphaServer", "T8Abot", "Syntryx", "WinHttp", "WebBandit", "nicebot", "Teoma", "alexa", "froogle", "inktomi", "looksmart", "URL_Spider_SQL", "Firefly", "NationalDirectory", "Ask Jeeves", "TECNOSEEK", "InfoSeek", "WebFindBot", "girafabot", "crawler", "www.galaxy.com", "Googlebot", "Scooter", "Slurp", "appie", "FAST", "WebBug", "Spade", "ZyBorg", "rabaz" );

    foreach ($bots as $bot)
        if (stripos($_SERVER['HTTP_USER_AGENT'], $bot) !== false)
            return true;

    if (empty($_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ")
        return true;

    return false;
}

function is_valid_email( $email_address ) {
    if ( function_exists( 'filter_var' ) ) {
        # we have php5 :)
        if ( filter_var( $email_address, FILTER_VALIDATE_EMAIL ) !== false )
            return true;

        return false;
    } else {
        # php4 makes babies cry :(
        if ( preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower( $email_address ) ) )
            return true;

        return false;
    }
}
function is_valid_url( $web_address ) {
    if ( function_exists( 'filter_var' ) ) {
        # we have php5 :)
        if ( filter_var( $web_address, FILTER_VALIDATE_URL ) !== false )
            return true;

        return false;
    } else {
        # php4 makes babies cry :(
        if ( preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $web_address ) )
            return true;

        return false;
    }
}

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    if (is_bot() !== false)
        $error_msg[] = "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'];

    $points = (int)0;

    if ( isset($_SESSION['last_submit']) ) {
        if ( time()-$_SESSION['last_submit'] > 60 && time()-$_SESSION['last_submit'] < 360 )
            $points += 2;

        if ( true == $prevent_repeats && time()-$_SESSION['last_submit'] < 60 ) {
            $error_msg[] = "You have only just filled in the form; please do not send multiple form submissions.";
        }
    } else {
        $_SESSION['last_submit'] = time();
    }



    foreach ($badwords as $word)
        if (
            strpos(strtolower($_POST['comments']), $word) !== false || 
            strpos(strtolower($_POST['name']), $word) !== false
            || 
            strpos(strtolower($_POST['company']), $word) !== false
            || 
            strpos(strtolower($_POST['phone']), $word) !== false
        )
            $points += 2;

    if ( strpos($_POST['comments'], "https://") !== false || strpos($_POST['comments'], "www.") !== false )
        $points += 2;
    if ( isset($_POST['nojs']) )
        $points += 1;
    if ( preg_match("/(<.*>)/i", $_POST['comments']) )
        $points += 2;
    if ( strlen($_POST['name']) < 3 )
        $points += 1;
    if ( strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500) )
        $points += 2;
    if ( preg_match("/[bcdfghjklmnpqrstvwxyz]{7,}/i", $_POST['comments']) )
        $points += 1;
    // end score assignments

    foreach($requiredFields as $field) {
        trim($_POST[$field]);

        if (!isset($_POST[$field]) || empty($_POST[$field]) && array_pop($error_msg) != "Please fill in all the required fields and submit again.\r\n")
            $error_msg[] = "Please fill in ALL fields and submit again.";
    }

    if ( !empty($_POST['name']) && !preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name'])) )
        $error_msg[] = "The name field must not contain special characters.\r\n";
    if ( !empty($_POST['email']) && !is_valid_email( $_POST['email'] ) )
        $error_msg[] = "That is not a valid e-mail address.\r\n";


    if ($error_msg == NULL && $points <= $maxPoints) {
        $subject = "Get A Free Consultation ";

        $message = "You received this Free Consultation: \n\n";
        foreach ($_POST as $key => $val) {
            if (is_array($val)) {
                foreach ($val as $subval) {
                    $message .= ucwords($key) . ": " . clean($subval) . "\r\n";
                }
            } else {
                $message .= ucwords($key) . ": " . clean($val) . "\r\n";
            }
        }
        $message .= "\r\n";
        $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
        $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
        $message .= 'Points: '.$points;

        if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
            $headers   = "From: {$_POST['email']}\r\n";
        } else {
            $headers   = "From: {$_POST['email']}\r\n"; 
        }
        $headers  .= "Reply-To: {$_POST['email']}\r\n";

        if ( '' != $cc_recipients ) {
            $headers .= "CC: ". $cc_recipients;
        }       
        if ( '' != $bcc_recipients ) {
            $headers .= "BCC: ". $bcc_recipients;
        }

        $headers .= "Content-Transfer-Encoding: 8bit\r\n";
        $headers .= "Content-type: text/plain; charset=UTF-8\r\n";


        if ( mail($primary_recipient, $subject, $message, $headers) ) {
            if (!empty($thanksPage)) {
                header("Location: $thanksPage");
                exit;
            } else {
                $result = 'Your mail was successfully sent.';
                $disable = true;
            }
        } else {
            $error_msg[] = 'Your mail could not be sent this time. ['.$points.']';
        }
    } else {
        if (empty($error_msg))
            $error_msg[] = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']';
    }
}
function get_data($var) {
    if (isset($_POST[$var]))
        echo htmlspecialchars($_POST[$var]);
}
?>
<!DOCTYPE html>
Denise Courtney

Denise Courtney 0 points

  • 4 years ago
Duncan Revell

Duncan Revell 78 points
Registered Developer

4 years ago

This (obviously) isn't my forum, but that list of "badwords" probably doesn't need to be in your post. Family forum and all that...

You can set the email address by

$primary_recipient = perch_content('Email Region', true);

Use a really simple template with that region that just records an email address in a text field.
Denise Courtney

Denise Courtney 0 points

4 years ago

Thanks, I'll give that a go and apologies for those bad words, didn't even notice they were in the code! All edited out now.