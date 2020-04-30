Hi

I have a contact form which works fine (a form page, a processing file which sends the emails, and thank you page), I’d to use it as a base to create a simple email order form.

The new form works fine by itself, I mean if I use a simple page (as action) to display the data “submitted” it displays correct info like this:

<form id="order-form" method="POST" action="order.php">

I’d like to integrate it with the above mentioned processing file so that the order is emailed, a copy to myself, and a copy to the potential customer, a recap on the thank you page would be the icing.

Following are my code, in order: the working contact form, the contact processing, the new order form, and the simple display page.

The server has php 7.3 if please let me know if you see some outdated code also in the working form.

Of course all improvements, and tidy up of my code is more than welcome.

Contact form

<?php session_start(); $_SESSION['time'] = time(); $solution = array(); for($i=1;$i<=3;$i++): $solution[] = rand(1,9); endfor; $_SESSION['solution'] = array_sum($solution); //print_r($_SESSION['solution']); ?> <html> <body> <?php $number_of_attempts = 5; $attempts_name = 'five'; //****Reset for testing****\\ //$_SESSION['attempts']=1; if (isset($_SESSION['attempts'])){ $_SESSION['attempts']=$_SESSION['attempts']+1; }else{ $_SESSION['attempts']=1; } if ($_SESSION['attempts']>$number_of_attempts){ //send error echo '<div class="contact-warning"><b>You are only allowed ' . $attempts_name . ' attempts to correct the form within a browser session.</b><br /> We apologize for the inconvenient, to reuse the form please close your browser, clear cache, and come back to try again.</div>'; }else{ ?> <form method="POST" action="contact_processing.php#contact"> <div class="row"> <div class="col-md-6"> <div class="form-group fz-name"> <label for="name"><?php echo CONTACT_NAME ?></label> <input type="text" class="form-control" id="name" name="name" value="<?php if(isset($_SESSION['name'])){ echo $_SESSION['name'];}?>" maxlength="19" placeholder="Name" required="required" /> </div> <div class="form-group fz-lastname"> <label for="lastname"><?php echo CONTACT_LAST_NAME ?></label> <input type="text" class="form-control" id="lastname" name="lastname" value="<?php if(isset($_SESSION['lastname'])){ echo $_SESSION['lastname'];}?>" maxlength="27" placeholder="Last Name" required="required" /> </div> <div class="form-group fz-address"> <label for="address"><?php echo CONTACT_ADDRESS ?></label> <input type="text" class="form-control" id="address" name="address" maxlength="27" placeholder="address" /> </div> <div class="form-group fz-email"> <label for="email"><?php echo CONTACT_EMAIL ?></label> <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span> </span> <input type="email" class="form-control" id="email" name="email" value="<?php if(isset($_SESSION['email'])){ echo $_SESSION['email'];}?>" maxlength="54" placeholder="Email" required="required" /> </div> </div> <div class="form-group fz-phone"> <label for="phone"><?php echo CONTACT_PHONE ?></label> <input type="text" class="form-control" id="phone" name="phone" value="<?php if(isset($_SESSION['phone'])){ echo $_SESSION['phone'];}?>" maxlength="19" placeholder="Phone - land or mobile" /> </div> </div> <div class="col-md-6"> <div class="form-group fz-message"> <label for="message"><?php echo CONTACT_MESSAGE ?></label> <textarea id="message" name="message" class="form-control" rows="6" cols="25" required="required" placeholder="Message"><?php if(isset($_SESSION['message'])){ echo $_SESSION['message'];}?></textarea> </div> <div class="form-group fz-solutioncon"> <?php $numbers = implode("+",$solution);?> <label for="solutioncon"><?php echo CONTACT_TOTAL_SOLUTION ?> <?php echo $numbers;?></label> <input type="text" class="form-control" id="solutioncon" name="solutioncon" maxlength="2" placeholder="type solution" required="required" /> </div> </div> <div class="col-md-12 fz-submit"> <button type="submit" class="btn btn-primary pull-right" id="btnContactUs"><?php echo CONTACT_SEND ?></button> </div> <div class="col-md-12"> <?php echo CONTACT_PRIVACY ?> </div> </div> </form> <?php } ?>

Processing

<?php session_start(); //MAIL HEADER INFORMATION $EmailFrom = "website"; $EmailTo = "info@website"; $Subject = "message from website"; if(isset($_POST['name'])): // NOW TEST FOR FIELDS THAT ARE REQUIRED $required = array('name','lastname','email','message','solutioncon'); // ADD YOUR FIELDS AS NEEDED $all_okay = TRUE; $clean_post = array(); $error = ''; foreach($required as $key) { if (empty($_POST[$key])){ $error .= "<br/>$key is a required field

"; $all_okay = FALSE; }else{ $clean_post[$key] = $_POST[$key]; $_SESSION[$key] = $_POST[$key]; } } // session phone for the form $_SESSION['phone'] = $_POST['phone']; /* On first attempt it will take longer to fill out form, so set time longer in seconds. Say 9 seconds IF not the first attempt and they are going back to fix a problem, it needs short time where a person would probably not be able to do a turn around yet a bot could. Say 2 seconds */ //TOO QUICK first attempt if($_SESSION['attempts'] == 1 && (time() - $_SESSION['time']) < 9){ $error .= "<br /><strong>You are just too quick!</strong>

"; //TOO QUICK other attempts }elseif($_SESSION['attempts'] != 1 && (time() - $_SESSION['time']) < 2){ $error .= "<br /><strong>You are just too quick!</strong>

"; // TEST FOR MISSING INPUT }elseif(!$all_okay){ $error .= "<br /><strong>Please click to go back, and fill the required fields!</strong>

"; //Name }elseif(!preg_match("/^[a-zA-Z' -]{2,}/", trim($_POST['name']))){ $error .= "<br /><strong>Name does not pass validation</strong>

"; //Lastname }elseif(!preg_match("/^[a-zA-Z' -]{2,}/", trim($_POST['lastname']))){ $error .= "<br /><strong>Lastname does not pass validation</strong>

"; //Email }elseif(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ $error .= "<br /><strong>Please enter a valid email!</strong>

"; //Solution }elseif(!is_numeric($_POST['solutioncon']) || $_POST['solutioncon'] != $_SESSION['solution']){ $error .= "<br /><div class=\"contact-warning\"><strong>Please enter a correct total amount.</strong>

</div>"; //Phone }elseif(!empty($_POST['phone']) && !preg_match('/^[0-9 \-]+$/i', $_POST['phone'])){ $error .= "<br /><strong>Phone number can only have numbers, dashes and spaces.</strong>

"; //Message }elseif(empty($_POST['message']) || strlen($_POST['message']) < 2){ $error .= "<br /><strong>Please add a message.</strong>

."; //honeypot checking }elseif(!empty($_POST['address'])){ $error .= "Your message could not be sent. It has been flagged as spam."; //Continue if no error }elseif(empty($error)){ // PREPARE THE DATA $name = Trim(stripslashes($_POST['name'])); $lastname = Trim(stripslashes($_POST['lastname'])); $email = Trim(stripslashes($_POST['email'])); $phone = Trim(stripslashes($_POST['phone'])); $message = Trim(stripslashes($_POST['message'])); // PREPARE EMAIL BODY TEXT $body = ''; $Admin_body = ''; $body .= "Gentile " . $name . " " . $lastname . ",\r

This is copy of your message.

Risponderemo al più presto." . "\r

\r

"; // THIS IS TO HAVE PERSONALIZED MESSAGE $Admin_body .= "Dear Admin,\r

This email is to inform of a contact us message from " . $EmailFrom . ".\r

\r

"; // THIS IS TO HAVE PERSONALIZED MESSAGE foreach ($clean_post as $key => $value) { if($key != "solutioncon"): $body .= ucfirst($key) . ': ' . $value . "\r

";//aggiunto \r $Admin_body .= ucfirst($key) . ': ' . $value . "\r

";//aggiunto \r endif; } $submitter = $_POST["email"]; $site = "no-reply@website"; ///////// $Admin_headers = "From: \"$EmailFrom\" <$site>\r

"; $Admin_headers .= "Reply-To: \"$name\" <$submitter>\r

"; $Submitter_headers = "From: \"$EmailFrom\" <$site>\r

"; $Submitter_headers .= "Reply-To: \"$EmailTo\" <$EmailTo>\r

"; // send email $success = mail($EmailTo, $Subject, $Admin_body, $Admin_headers); mail($submitter, $Subject, $body, $Submitter_headers); // redirect to success page if (isset($success) && $success === true){ header( "Location: https://path/to/thankyou.php" ); exit; }else{ $error .= "<br />There has been a technical problem, please resend, thank you."; } } // Add the go back link if error if(!empty($error)){ $error .= "<div class=\"contact-warning\">If error, please <a href='javascript:history.back(1)'>go back and try again</a>.</div>"; } endif; ?>

New order form same as the contact form save that instead of textarea for message I put the following

<form id="order-form" method="POST" action="order.php"> ... other fields same of the contact form ... <div class="form-group"> <input type="checkbox" name="product[]" value="1" /> <label for="message">Panni €1,50/pz</label> <input type="number" class="form-control" name="quantity_panno" /> </div> <div class="form-group"> <input type="checkbox" name="product[]" value="2" /> <label for="message">baby €2,00/pz</label> <input type="number" class="form-control" name="quantity_baby" /> </div> <div class="form-group"> <input type="checkbox" name="product[]" value="3" /> <label for="message">Mascherine €2,50/pz</label> <input type="number" class="form-control" name="quantity_mascherina" /> </div> <div class="form-group"> <input type="checkbox" name="product[]" value="4" /> <label for="message">Dispenser €3,50/pz</label> <input type="number" class="form-control" name="quantity_dispenser" /> </div>

