SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict buildakicker's Avatar
    Join Date
    Jun 2005
    Location
    NorCal
    Posts
    378
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question PHP Form Posting Date and IP question [code]

    I have this at the top of my PHP page:

    Code:
    <?php
    function checkOK($field)
    {
    if (eregi("\r",$field) || eregi("\n",$field)){
    die("Invalid Input!");
    }
    }
    if(isset($_REQUEST['name'])) {
    	$to = "email@email.com";
    	$subject = "praXis Webform Message";
    	$name = $_POST['name'];
        checkOK($name);
    	$email = $_POST['email'];
    	checkOK($email);
    	$message = stripslashes($_POST['message']);
    	checkOK(stripslashes($message));
    	$skierlevel = $_POST['skierlevel'];
    	$ccself = $_POST['ccself'];
    	$subscribe = $_POST['subscribe'];
    	$date = $_POST['date'];
    	$domain = $_POST['ipAddress'];
    	
    	$body = "From: $name\nEmail: $email\nDate: $date\nIP Address: $domain\nSkier Level: $skierlevel\nMessage:\n$message";
    	if(!isset($ccself)){
    		mail($to, $subject, $body);
    	}
    	else{
    		mail($to, $subject, $body);
    		mail($email, $subject, $body); 
    	}
    	if(isset($subscribe)){
    		//open a file put the email in it, close the file
    		if(is_writable('emails.txt')){
    			$fp = fopen('emails.txt','a');
    			$content = "$name,$email,$domain,$date\n";
    			fwrite($fp,$content);
    			fclose($fp);
    		}
    	}
    
    header("Location: " . $_SERVER['PHP_SELF']);
    exit();
    }
    ?>
    I call this from this form:

    Code:
    <form action="/ski/index.php" method="post" id="mailform">
    				<input name="ipAddress" type="hidden" value="<?php GetHostByName($REMOTE_ADDR); ?>" />
    				<input name="date" type="hidden" value="<?php date('l dS \of F Y h:i:s A'); ?>" />
                        <label>
                        <label for="name">Name:</label>
                        <br />
                        <input class="text" type="text" size="20" name="name" id="name" />
                        <label for="email">Email:</label>
                        <br />
                        <input class="text" type="text" size="20" name="email" id="email" />
                        <label for="message"></label>
                        <label for="message">Message:</label>
                        <br />
                        <textarea cols="22" rows="2" name="message" id="message"></textarea>
                        Skier Level: <br />
                        <select name="skierlevel" id="skierlevel">
                            <option value="Green">Green</option>
                            <option value="Blue">Blue</option>
                            <option value="Black" selected="selected">Black</option>
                            <option value="Huck Meat">Huck Meat</option>
                        </select>
                        <br />
                        <label for="ccself">
                        <input type="checkbox" name="ccself" id="ccself" value="send" />
                        CC?  </label>
    					<label for="subscribe">
                        <input type="checkbox" name="subscribe" id="subscribe" value="send" />
    					Subscribe?</label><br />
                        <input class="submit" type="submit" name="submit" id="submit" value="Send" />
                        </label>
    				
    
                    </form>
    Is there a reason why I am not seeing the date and IP address in my email.txt file or the reply to email address???

    Thanks!
    SKILEASES.COM - FREE rental listings!
    WILDFIREBLOG.COM - Wildland Fire microblog!

  2. #2
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <input name="ipAddress" type="hidden" value="<?php echo GetHostByName($_SERVER['REMOTE_ADDR']); ?>" />
    <input name="date" type="hidden" value="<?php echo date('l dS \of F Y h:i:s A'); ?>" />

    Try that!
    Dont forget to output your php with echo/print!

  3. #3
    SitePoint Addict buildakicker's Avatar
    Join Date
    Jun 2005
    Location
    NorCal
    Posts
    378
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, that was dumb. Yes, output the php! that'd help.

    Thanks Cooleo.
    SKILEASES.COM - FREE rental listings!
    WILDFIREBLOG.COM - Wildland Fire microblog!

  4. #4
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When you log an ip address, you shouldnt pass it through a form since anyone with notepad can edit the html for the IP hidden input.

    Instead, use $domain = $_SERVER['REMOTE_ADDR'];

  5. #5
    SitePoint Addict buildakicker's Avatar
    Join Date
    Jun 2005
    Location
    NorCal
    Posts
    378
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the security help! Should I hide my form with PHP? Have it display only if.... {}?
    SKILEASES.COM - FREE rental listings!
    WILDFIREBLOG.COM - Wildland Fire microblog!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •