Hello,
I recently searched for a PHP form creator and came across what appeared to be a free PHP online form creator at http://www.freeformmaker.com. I absolutely no nothing about PHP coding, but I am a web developer (designer). Well, I proceeded to make the form online, downloaded the php file, uploaded it to one of my websites. When filling out the custom created form online, it worked fine. No problems. The information was sent to my email correctly.
My concerns are:
-
Is this a secure solution?
-
The ADMIN email in line 3 of the code is not mine and is automatically set in the code.
-
I don’t know if the person at http://www.freeformmaker.com in the code, and of linux support.
I think its kind of suspect to offer this brilliant solution for FREE with no strings attached, and there is no documentation on the website as to the usage of the generator.
Is there an alternative I can do instead of placing his email in the code? or is there another method of getting code in this manner, being that I am a designer and have no knowledge of pho - yet!
I know I am asking a lot, but I really need help with this stuff, you can’t trust everything these days.
My custom code is processed below. Note: There are mentions in the (templated) code of many elements that may, or may not be used in the custom form. I just need it to process regular contact forms, not for other reasons like processing credit cards, etc, as it refers to.
[php]<?php
error_reporting(E_PARSE);
define(“ADMIN_MAIL”, "[email protected]");
define(“HOST_NAME”, $_SERVER[‘HTTP_HOST’]);
define(“PHP_SELF”, $SERVER[‘PHP_SELF’]);
define(“ERR_MISSING”, "Missing required field : ");
define(“ERR_EMAIL”, "Please enter a valid e-mail address : ");
define(“ERR_CREDIT_CARD_NUMBER”, "Please check the credit card number : ");
define(“ERR_CREDIT_CARD_EXPIRED”, "Please check the credit card expiry date : ");
define(“ERR_SELECT_UPLOAD”, "Please select file : ");// recipient
define(‘FORM_RECIPIENT’, ‘[email protected]’);
// — Array of Form Elements —
$form_mail[] = array( “name” => “Full_Name”, “text” => “Full Name”, “type” => “text”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Address”, “text” => “Address”, “type” => “text”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Address_2”, “text” => “Address 2”, “type” => “text”, “required” => “” ) ;
$form_mail[] = array( “name” => “City”, “text” => “City”, “type” => “text”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “State”, “text” => “State”, “type” => “text”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Zip”, “text” => “Zip”, “type” => “text”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Phone”, “text” => “Phone”, “type” => “text”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Email”, “text” => “Email”, “type” => “email”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Estimated_Investment_Limit”, “text” => “Estimated Investment Limit”, “type” => “select”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “I_am_interested_in”, “text” => “I am interested in”, “type” => “select”, “required” => “Required” ) ;
$form_mail[] = array( “name” => “Please_send_me_a_brochure_by_mail”, “text” => “Please send me a brochure by mail”, “type” => “checkbox”, “required” => “” ) ;
$form_mail[] = array( “name” => “Reference”, “text” => “How did you hear about us?”, “type” => “select”, “required” => “” ) ;
$form_mail[] = array( “name” => "Property_Images(10MB_limit)", “text” => “Property Images (10MB limit)”, “type” => “attachment”, “required” => “” ) ;
$form_mail[] = array( “name” => “Additional_Comments”, “text” => "Additional Comments ", “type” => “textarea”, “required” => “” ) ;
// – Create new vars for checkPass() & sendFormMail() –
$Please_send_me_a_brochure_by_mail = array();
$Please_send_me_a_brochure_by_mail[0]=$HTTP_POST_VARS[ “Checkbox01_Please_send_me_a_brochure_by_mail”];
$HTTP_POST_VARS[ “Please_send_me_a_brochure_by_mail” ] = join( “n”, $Please_send_me_a_brochure_by_mail);
// – Detech Submit & SendMail –
$isHideForm = false;
if( $HTTP_POST_VARS[“formmail_submit”] ){
$sErr = checkPass();
if( ! $sErr ){
sendFormMail( $form_mail, “form”) ;
$isHideForm = true;
$redirect = "";
if( strlen(trim($redirect)) ):
header( "Location:$redirect" );
exit;
endif;
}
}
?>
<? // =============================================== function sendFormMail( $form_mail, $sFileName = "" ) { global $HTTP_POST_VARS ; if (ereg('/freeformmaker.com/', HOST_NAME)) { return; } $to = FORM_RECIPIENT; $from = "NO_REPLY@" . HOST_NAME; $subject = $HTTP_POST_VARS["esh_formmail_subject"]; // first stage keep it simple: $sWhatToDo = $sFileName ? "mailandfile" : "" ; //$HTTP_POST_VARS["esh_formmail_mail_and_file"]; //$sFileName = $HTTP_POST_VARS["esh_formmail_save_record_file"]; $cc = $HTTP_POST_VARS["esh_formmail_cc"]; $bcc = $HTTP_POST_VARS["esh_formmail_bcc"]; $charset = $HTTP_POST_VARS["esh_formmail_charset"]; for( $i = 0; $i < count( $form_mail ); $i ++ ){ $value = trim( $HTTP_POST_VARS[ $form_mail[ $i ][ "name" ] ] ); $content .= $form_mail[ $i ][ "text" ] . " t : " . $value ."n"; $line .= remove_newline( $value ) . "t" ; if( strtolower("Sender's email") == strtolower($form_mail[ $i ][ "type" ]) ) { //print "Type:[" . $form_mail[ $i ][ "type" ] . "] $valuen"; $from = $value ; } }; $content .= "nnIP:" . getEnv( "REMOTE_ADDR" ); switch( strtolower($sWhatToDo) ){ case "mailandfile" : mailAttachments( $to , $subject , $content, $from, $charset, $cc , $bcc ) ; if( ! appendToFile( $sFileName, $line ) ) mailReport( $content . "nnWrite Form Mail to File Fail." ); break; case "fileonly" : if( ! appendToFile( $sFileName, $line ) ) mailReport( $content . "nnWrite Form Mail to File Fail.", $from ); break; default : mailAttachments( $to , $subject , $content, $from, $charset, $cc , $bcc ) ; } mailAutoResponse( $from ) ; } //------------------------------------------------------------------------------------------ function mailAutoResponse( $to ){ global $HTTP_POST_VARS ; $subject = $HTTP_POST_VARS["esh_formmail_return_subject"]; $responseMsg = $HTTP_POST_VARS["esh_formmail_return_msg"]; if( $to && $responseMsg ) mail( $to, $subject, $responseMsg, "From: " . FORM_RECIPIENT); } //------------------------------------------------------------------------------------------ function mailReport( $content = "", $from = "" ){ mail( ADMIN_MAIL, "Error@" . HOST_NAME . PHP_SELF, $content, "From:$from" ); } //------------------------------------------------------------------------------------------ function remove_newline( $str = "" ){ $newliner = "" ; // replace rn with $newliner ; $newtaber = "" ; // replace t with $newtaber ; $str = ereg_replace( "t", $newtaber, $str ); $str = ereg_replace( "rn", $newliner, $str ); return ereg_replace( "n", $newliner, $str ); } //------------------------------------------------------------------------------------------ function checkPass() { global $form_mail ; global $HTTP_POST_VARS ; global $HTTP_POST_FILES ; for( $i = 0; $i < count( $form_mail ); $i ++ ){ $type = strtolower( $form_mail[ $i ][ "type" ] ); $value = trim( $HTTP_POST_VARS[ $form_mail[ $i ][ "name" ] ] ); $required = $form_mail[ $i ][ "required" ] ; $text = stripslashes( $form_mail[ $i ][ "text" ] ); // simple check the field has something keyed in. if( !strlen($value) && ( $required == "Required" ) && $type != "attachment" ) return ERR_MISSING . $text ; // verify the special case if( ( strlen($value) || $type == "attachment" ) && $required == "Required" ): switch( $type ){ case strtolower("Sender's Name") : break; case strtolower("Generic email"): case strtolower("Sender's email"): if( ! formIsEMail($value) ) return ERR_EMAIL . $text ; break; case "text" : break; case "textarea" : break; case "checkbox" : case "radio" : break; case "select" : break; case "attachment" : $upload_file = $HTTP_POST_FILES[ $form_mail[ $i ]["name"] ][ "tmp_name" ] ; if( ! is_uploaded_file($upload_file) ) return ERR_SELECT_UPLOAD . $text; break; case strtolower("Date(MM-DD-YYYY)"): break; case strtolower("Date(MM-YYYY)"): break; case strtolower("CreditCard(MM-YYYY)"): if( $value < date("Y-m") ) return ERR_CREDIT_CARD_EXPIRED . $text; break; case strtolower("CreditCard#"): if( !formIsCreditNumber( $value ) ) return ERR_CREDIT_CARD_NUMBER . $text ; break; case strtolower("Time(HH:MM:SS)"): break; case strtolower("Time(HH:MM)"): break; default : //return $sErrRequired . $form_mail[ $i ][ "text" ]; } // switch endif; } // for return "" ; } //------------------------------------------------------------------------------------------ function formSelected( $var, $val ) { echo ( $var == $val ) ? "selected" : ""; } //------------------------------------------------------------------------------------------ function formChecked( $var, $val ) { echo ( $var == $val ) ? "checked" : ""; } //------------------------------------------------------------------------------------------ function formIsEMail( $email ){ return ereg( "^(.+)@(.+)\.(.+)$", $email ); } //------------------------------------------------------------------------------------------ function selectList( $name, $selectedValue, $start, $end, $prompt = "-Select-", $style = "" ) { $tab = "t" ; print "n" ; print $tab . "$promptn" ; $nLen = strlen( "$end" ) ; $prefix_zero = str_repeat( "0", $nLen ); for( $i = $start; $i <= $end ; $i ++ ){ $stri = substr( $prefix_zero . $i, strlen($prefix_zero . $i)-$nLen, $nLen ); $selected = ( $stri == $selectedValue ) ? " selected " : "" ; print $tab . "$strin" ; } print "nn" ; } //------------------------------------------------------------------------------------------ // something like CreditCard.pm in perl CPAN function formIsCreditNumber( $number ) { $tmp = $number; $number = preg_replace( "/[^0-9]/", "", $tmp ); if ( preg_match( "/[^ds]/", $number ) ) return 0; if ( strlen($number) < 13 && 0+$number ) return 0; for ($i = 0; $i < strlen($number) - 1; $i++) { $weight = substr($number, -1 * ($i + 2), 1) * (2 - ($i % 2)); $sum += (($weight < 10) ? $weight : ($weight - 9)); } if ( substr($number, -1) == (10 - $sum % 10) % 10 ) return $number; return $number; } // -------------------------- Begin Mail Attachment Functions ----------------------------------------------------------------- function mailAttachments( $to = "" , $subject = "" , $message = "" , $from = "[email protected]" , $charset = "iso-8859-1", $cc = "" , $bcc = "" ){ global $HTTP_POST_FILES ; if( ! strlen( trim( $to ) ) ) return "Missing "To" Field." ; $boundary = "====_My_PHP_Form_Generator_" . md5( uniqid( srand( time() ) ) ) . "===="; // setup mail header infomation $headers = "From: $fromrn"; if ($cc) $headers .= "CC: $ccrn"; if ($bcc) $headers .= "BCC: $bccrn"; $plainHeaders = $headers ; // for no attachments header $headers .= "MIME-Version: 1.0nContent-type: multipart/mixed;ntboundary="$boundary"n"; $txtMsg = "nThis is a multi-part message in MIME format.n" . "n--$boundaryn" . "Content-Type: text/plain;ntcharset="$charset"nn" . $message . "n"; //create mulitipart attachments boundary $sError = "" ; $nFound = 0; foreach( $HTTP_POST_FILES as $aFile ){ $sFileName = $aFile[ "tmp_name" ] ; $sFileRealName = $aFile[ "name" ] ; if( is_file( $sFileName ) ): if( $fp = fopen( $sFileName, "rb" ) ) : $sContent = fread( $fp, filesize( $sFileName ) ); $sFName = basename( $sFileRealName ) ; $sMIME = getMIMEType( $sFName ) ; $bPlainText = ( $sMIME == "text/plain" ) ; if( $bPlainText ) : $encoding = "" ; else: $encoding = "Content-Transfer-Encoding: base64n"; $sContent = chunk_split( base64_encode( $sContent ) ); endif; $sEncodeBody .= "n--$boundaryn" . "Content-Type: $sMIME;n" . "tname="$sFName"n" . $encoding . "Content-Disposition: attachment;n" . "tfilename="$sFName"nn" . $sContent . "n" ; $nFound ++; else: $sError .= "
File $sFileName can not open.n" ; endif; // if( $fp = fopen( $sFileName, "rb" ) ) : else: $sError .= "
File $sFileName doesn't exist.n" ; endif; //if( file_exists( $sFileName ) ): }; // end foreach $sEncodeBody .= "nn--$boundary--" ; $sSource = $txtMsg . $sEncodeBody ; $nFound ? mail( $to, $subject, $sSource, $headers ) : mail( $to, $subject, $message, $plainHeaders ); return $sError ; } /* --------------------------------------------------------------------------------------------------- Parameters: $sFileName Return : 1. "" : no extendsion name, or sFileName is empty 2. string: MIME Type name of array aMimeType's definition. ---------------------------------------------------------------------------------------------------*/ function getMIMEType( $sFileName = "" ) { $sFileName = strtolower( trim( $sFileName ) ); if( ! strlen( $sFileName ) ) return ""; $aMimeType = array( "txt" => "text/plain" , "pdf" => "application/pdf" , "zip" => "application/x-compressed" , "html" => "text/html" , "htm" => "text/html" , "avi" => "video/avi" , "mpg" => "video/mpeg " , "wav" => "audio/wav" , "jpg" => "image/jpeg " , "gif" => "image/gif" , "tif" => "image/tiff " , "png" => "image/x-png" , "bmp" => "image/bmp" ); $aFile = split( ".", basename( $sFileName ) ) ; $nDiminson = count( $aFile ) ; $sExt = $aFile[ $nDiminson - 1 ] ; // get last part: like ".tar.zip", return "zip" return ( $nDiminson > 1 ) ? $aMimeType[ $sExt ] : ""; } // End Mail Attachment Functions //------------------------------------------------------------------------------------------ function appendToFile( $sFileName = "", $line = "" ){ if( !$sFileName || !$line ) return 0; $hFile = fopen( "$sFileName", "a+w" ); $nBytes = 0; if( $hFile ){ $nBytes = fputs( $hFile , trim($line)."rn" ); fclose( $hFile ); }; return $nBytes ; } ?> [/php]
Any help would be greatly appreciated. Thanks a bunch!