This repository was archived by the owner on Oct 27, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpage-contact.php
More file actions
300 lines (248 loc) · 8.64 KB
/
page-contact.php
File metadata and controls
300 lines (248 loc) · 8.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
<?php
/**
* Contact Page template
*
* This template displays a contact page. It will be used by a page with the
* "contact" slug. Alternatively, change the file name and add a "Template
* Name" comment to allow the template to be selected in the WordPress admin
* section.
*
* The form uses basic validation to check that input is valid and does not
* contain spam. There is also the option of filtering spam content before
* sending. The contact form could be extended with JavaScript or HTML5
* validation.
*
* If the EMAIL_LOG constant is defined, the form will also log submissions to
* a file. The log file should be placed outside the root directory.
*/
/**
* Settings and definitions
*
* General settings for the contact form. Note that EMAIL_TO could be set to a
* custom field value or the results of get_bloginfo('admin_email').
*/
define('EMAIL_TO', 'example@example.com');
define('EMAIL_CC', '');
define('EMAIL_BCC', '');
define('EMAIL_FROM', 'sender@example.com');
define('EMAIL_SUBJECT', 'Website Enquiry');
//define('EMAIL_LOG', $_SERVER['DOCUMENT_ROOT'] . '/../log/contact.csv');
$blocked_ips = array(
'31.184.238.52' // bot attack to rfwp.com from 12-14/11/2013
);
/**
* Contact form fields
*
* Array to hold the values of all the fields in the contact form. Note that
* WordPress does not allow POST data to be called "name", "day", "month", or
* "year".
*/
$fields = array(
'username',
'email',
'subject',
'message'
);
/**
* Array to hold errors
*/
$error = array();
/**
* Check whether form is completed and sent
*/
$done = false;
/**
* Function to print input class name on validation
*/
function z_input_valid($field_name) {
global $error;
if(!empty($_POST)) {
if(array_key_exists($field_name, $error)) {
return 'invalid';
} else {
return 'valid';
}
}
}
/**
* Function to print error message
*/
function z_error_message($field_name) {
global $error;
if(array_key_exists($field_name, $error)) {
return "<span class=\"error\">{$error[$field_name]}</span>";
}
}
/**
* Function to remove spam code
*
* This function removes email headers and HTML tags that indicate spam. It is
* an alternative to the spam check used on submission below. The check method
* prevents spam being sent; this function allows spam to be sent but without
* headers, scripts, or links.
*/
function z_remove_headers($string) {
$headers = array(
'/to\:/i',
'/from\:/i',
'/bcc\:/i',
'/cc\:/i',
'/Content\-Transfer\-Encoding\:/i',
'/Content\-Type\:/i',
'/Mime\-Version\:/i'
);
$string = preg_replace($headers, '', $string);
$string = strip_tags($string);
return $string;
}
/**
* Clean POST data and assign to named variables
*/
foreach($fields as $key => $value) {
$data = isset($_POST[$value]) ? $_POST[$value] : '';
//$data = z_remove_headers($data); // alternative to spam check below
$data = trim($data);
$data = stripslashes($data); // prevent escaped quotes and slashes
$$value = $data;
}
/**
* Validate submitted data and send if no errors
*
* This checks for spam and prevents spam content from being sent. This is an
* alternative to the z_remove_headers() function defined above.
*/
if(!empty($_POST)) {
/**
* Check required fields
*/
// Check name
if(empty($username)) {
$error['username'] = 'This is a required field';
}
// Check email
if(empty($email)) {
$error['email'] = 'This is a required field';
} elseif(
preg_match('/[\(\)\<\>\,\;\:\\\"\[\]]/', $email)
|| !preg_match('/^[^@]+@[^@.]+\.[^@]*\w\w$/', $email)
) {
$error['email'] = 'Please enter a valid email address';
} else {
// Verify domain is valid
list($addr,$domain) = explode('@', $email);
$domain .= '.';
if (!checkdnsrr($domain, 'MX') && !checkdnsrr($domain, 'A')) {
$error['email'] = 'Please enter a valid email address';
}
}
// Check message
if(empty($message)) {
$error['message'] = 'This is a required field';
}
/**
* Check for spam
*
* If common spam indicators are detected, this is recorded in the error
* array and the message is not sent. This is used as a more aggressive
* spam prevention method than the z_remove_headers() function defined
* above.
*/
$filter = 'bcc:|cc:|%0ato:|\nto:|url:|url=|multipart|content-type|<a|' .
'<a|<script|<script|http:|https:|ftp:|www.|document.cookie|' .
'document.write';
if (
preg_match("/$filter/i", implode('', $_POST)) ||
in_array($_SERVER['REMOTE_ADDR'], $blocked_ips)
) {
$error['spam'] = 'spam';
}
/**
* If no errors, send message
*
* If no errors are detected, the message is assembled using the form
* input and the settings defined at the start of the file. If the email
* is to be sent in HTML format, define the email headers here.
*
* If EMAIL_LOG has been defined and a native CSV function exists, the
* output is also written to a log file.
*/
if(count($error) == 0) {
// Sender IP
$sender = $_SERVER['REMOTE_ADDR'];
// Assemble message body
$email_body = "Name: $username\n\n" .
"Email: $email\n\n" .
"Subject: $subject\n\n" .
"Message:\n\n$message\n\n" .
"Sender IP: $sender";
// Assemble message headers
$email_headers = "From: $username <$email>"; // alternatively EMAIL_FROM
$email_headers .= EMAIL_CC != '' ? "\nCc:" . EMAIL_CC : '';
$email_headers .= EMAIL_BCC != '' ? "\nBcc:" . EMAIL_BCC : '';
// Send HTML email
// $email_headers .= "\nMIME-Version: 1.0";
// $email_headers .= "\nContent-Type: text/html; charset=UTF-8";
// Send message
$email_result = mail(EMAIL_TO, EMAIL_SUBJECT, $email_body, $email_headers);
// Write to log file
if(defined('EMAIL_LOG') && function_exists('fputcsv')) {
$dir = dirname(EMAIL_LOG);
if ( ! file_exists($dir) ) {
mkdir($dir);
}
$log = fopen(EMAIL_LOG, 'a');
$row = array(date('Y-m-d H:i'), $username, $email, $subject, $message, $sender);
fputcsv($log, $row);
}
// Completed
$done = true;
}
}
?>
<?php get_header(); ?>
<div class="main">
<?php if(have_posts()): ?>
<?php while(have_posts()): the_post(); // Start loop ?>
<h1><?php the_title(); ?></h1>
<?php the_content('Read more'); // Print content ?>
<?php endwhile; ?>
<?php endif; ?>
<?php if($done): ?>
<p>Your message has been sent. Thank you.</p>
<?php else: ?>
<?php if(array_key_exists('spam', $error)): ?>
<p class="error">
Your message appears to be spam, or you are submitting the form from an IP address known to be a source of spam. Please remove any links before
trying again.
</p>
<?php elseif(count($error)): ?>
<p class="error">Some fields contain errors. Please correct them and try again.</p>
<?php endif; ?>
<form action="<?php the_permalink(); ?>" method="post">
<p>
<label for="username" class="label-text">Name</label>
<input type="text" name="username" id="username" value="<?php echo htmlspecialchars($username); ?>" class="input-text required <?php echo z_input_valid('username'); ?>" />
<?php echo z_error_message('username'); ?>
</p>
<p>
<label for="email" class="label-text">Email</label>
<input type="text" name="email" id="email" value="<?php echo htmlspecialchars($email); ?>" class="input-text required email <?php echo z_input_valid('email'); ?>" />
<?php echo z_error_message('email'); ?>
</p>
<p>
<label for="subject" class="label-text">Subject</label>
<input type="text" name="subject" id="subject" value="<?php echo htmlspecialchars($subject); ?>" class="input-text" />
</p>
<p>
<label for="message" class="label-text">Message</label>
<textarea name="message" id="message" class="input-text required <?php echo z_input_valid('message'); ?>"><?php echo htmlspecialchars($message); ?></textarea>
<?php echo z_error_message('message'); ?>
</p>
<p>
<input type="submit" value="Send Message" />
</p>
</form>
<?php endif; ?>
</div>
<?php get_sidebar(); ?>
<?php get_footer(); ?>