Adding a small feature to a contact form for the web

Griff1324

I don’t do much programming but I am pretty sure that these would be an easy task for someone experienced in PHP. I am trying to incorporate a contact form into my website. I am using the SCForm, which can be downloaded at http://jimsun.linxnet.com/SCForm.html . I have got everything setup and configured and it works great. However, I would like to add a small feature to the form.

Currently, the form takes you to a “thank you” page when an email is sent out. However, I would like to create individual thank you pages for each of the contacts within the dropdown box. Example, if I select to email the Marketing Dept., I want the “thank you” page to state something like “Thank you for contacting our marketing department.” This way, I can add Google analytics code to each of the thank you pages to track how many emails are marketing dept., sales dept. etc get.

If someone would be kind enough to download the form and write the needed code to achieve this, I would be very grateful. If you would like to be compensated for your work, please PM me and we can work something out.

Thanks,

Chris

thorpe

Im afraid you miss understand the intended use of this forum.

Help with PHP coding

Griff1324

If I am not mistaken, I am asking for help with PHP coding. The scripts that I am using for my form are written in PHP. I do not code in PHP, therefore I am asking for help.

Thanks,

Chris

thorpe

Your asking for someone to do... there is a difference.

Why not post some code? This shouldn't be too difficult, and you might learn a little php.

Post the page the form is submitted too. If your not sure which page it is, it is in the forms action.

Griff1324

thorpe wrote:
Your asking for someone to do... there is a difference.

Why not post some code? This shouldn't be too difficult, and you might learn a little php.

Post the page the form is submitted too. If your not sure which page it is, it is in the forms action.

I didn't want to post code because there are multiple files that this form uses. Two files are .cfg files and four files are .php pages. This is why I linked directly to the page to obtain the files. However, I will try my best to provide the needed information.

This is one of the .cfg files that contains the list of contacts for the user to select from in the form:

#
# Contact list
#
# Format is: "key: menu text: email address(es)
# Email addresses are comma-space separated
#

RFQ: Request for Quote: lgalvin@abc.com
Place an Order: Place an Order: mciedaisch@abc.com
Order Status: Order Status: mciedaisch@abc.com
Product Information: Product Information: npalvin@abc.com
Product Repairs: Product Repairs: tfenner@abc.com
Product Returns: Product Returns: mciedaisch@abc.com
Literature Requests: Literature Requests: jcullers@abc.com
Website Problems, Questions, and Comments: Website Problems, Questions, and Comments: rsimmons@abc.com
Other: Other: lgalvin@abc.com

Griff1324

Here is the page that the form processes to:

<?php

require 'scfconfig.php';	// Get our config

/*
 * Shouldn't have to touch anything beyond here
 */
$scriptName = "SCForm";
$version = "1.2.3";

$errors = array();

// Function, shared by the show_errors() and show_fatal() functions,
// to emit the list of problems.  (Note: Does so as an HTML unnumbered
// list.  Assumes caller has already done the HTML "opening" stuff.)
function show_error_list($errors) {
    $nerrors = count($errors);

print("<ul>\n");
for($i = 0; $i < $nerrors; $i++)
print("<li>" . $errors[$i] . "</li>\n");
print("</ul>\n");
}

// Show list of non-fatal errors
function show_errors($errors) {
    print("<html>\n<head><title>Error</title></head>\n
	   <body>\n<p>There were problems with your submission. Please go
	   back to the previous page and correct the following errors:
	   </p>\n");
    show_error_list($errors);
    print("</body>\n</html>");
}


// Show fatal error
function show_fatal($errors) {
    print("<html>\n<head><title>Error</title></head>\n
	   <body>\n<p>There were problems with your submission.</p>\n");
    show_error_list($errors);
    print("This may be through no fault of your own and is probably not
	   immediately correctable.  Please come back and try again later.
	   </p>\n</body>\n</html>\n");
}

// Read a line from a config file, stripping comments and blank lines
function read_file_line($fp) {
    while(($inString = fgets($fp, 2048)) != false) {
	$inString = rtrim(preg_replace('/\s*#.*/', '', $inString));
	if(!empty($inString))
	    break;
    }

return $inString;
}

// Function to check the referer against the list of acceptable
// refererers.
//
// If the $referers array is empty, returns true/pass by default
//
function check_referer($referers, $logOnReferer) {

global $errors, $scriptName;

$found = true;	// Default to "pass"

// Check only if the array of allowed referers is non-empty...
if(count($referers)) {
$found = false;

if(!empty($_SERVER['HTTP_REFERER'])) {
    list($referer) =
	array_slice(explode("/", $_SERVER['HTTP_REFERER']), 2, 1);
    for($x = 0; $x < count($referers); ++$x) {
	if(eregi($referers[$x], $referer)) {
	    $found = true;
	    break;
	}
    }
}

if(!$found) {
    $errors[] = "This form was used from an unauthorized server! (" .
		$_SERVER['HTTP_REFERER'] . ")";
    if($logOnReferer) {
	error_log("[$scriptName] Illegal Referer. (" .
		   $_SERVER['HTTP_REFERER'] . ") ", 0);
    }
}
}

return $found;
}

// Function to check an IP address match
// Handles CIDR notation in the thing to check against
// Note: Address to check against is expected to be in regexp format
// (i.e.: "."s escaped with "\"s)
function check_ip($chkAgainst, $chkAddr) {

$addrMatch = false;	// Assume no match

// If the "check against" value contains a "/", it'll be an IP
// address (range) in CIDR notation.
if(ereg('/[0-9]', $chkAgainst)) {

# Break down dot.ted.qu.ad/bits of address to check against
list($addrBase, $hostBits) = explode('/', $chkAgainst);
list($w, $x, $y, $z) = explode('.', $addrBase);

# Convert to high and low address ints
$chkAgainst = ($w << 24) + ($x << 16) + ($y << 8) + $z;
$mask = $hostBits == 0? 0 : (~0 << (32 - $hostBits));
$lowLimit = $chkAgainst & $mask;
$highLimit = $chkAgainst | (~$mask & 0xffffffff);

# Convert addr to check to int
list($w, $x, $y, $z) = explode('.', $chkAddr);
$chkAddr = ($w << 24) + ($x << 16) + ($y << 8) + $z;

$addrMatch = (($chkAddr >= $lowLimit) && ($chkAddr <= $highLimit));

} else {
$addrMatch = ereg("^$chkAgainst", $chkAddr);
}

return $addrMatch;
}

// Function to check the given email address, the remote host (if
// available) and the remote IP against the ban list.
function check_banlist($logOnBan, $email) {

global $errors, $scriptName, $banListFile;

$notAllowed = false;	// Default to allowed

// "whoto" to email address hash
$banList = array();

// Get the banList
if($fp = @fopen($banListFile, "r")) {
while($inString = read_file_line($fp))
    $banList[] = $inString;
fclose($fp);
}

if(count($banList)) {
$emailFix = trim(strtolower($email));
$remoteHostFix = trim(strtolower($_SERVER['REMOTE_HOST']));

foreach($banList as $banned) {
    $banFix = trim(strtolower(ereg_replace('\.', '\\.', $banned)));
    if(strstr($banFix, "@")) {			// email address?
	if(ereg('^@', $banFix)) {		// Any user @host?
	    // Expand the match expression to catch hosts and
	    // sub-domains
	    $banFix = ereg_replace('^@', '[@\\.]', $banFix);
	    if(($notAllowed = ereg("$banFix$", $emailFix))) {
		$bannedOn = $emailFix;
		break;
	    }
	} elseif(ereg('@$', $banFix)) {	// User at any host?
	    if(($notAllowed = ereg("^$banFix", $emailFix))) {
		$bannedOn = $emailFix;
		break;
	    }
	} else {				// User@host
	     if(($notAllowed = (strtolower($banned) == $emailFix))) {
		$bannedOn = $emailFix;
		break;
	    }
	}
    } elseif(preg_match('/^\d{1,3}(\\\.\d{1,3}){0,3}(\/\d{1,2})?$/',
                        $banFix)) {
	// IP address
	if($notAllowed = check_ip($banFix, $_SERVER['REMOTE_ADDR'])) {
	    $bannedOn = $_SERVER['REMOTE_ADDR'];
	    break;
	}

	// If the client is working through a proxy...
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	    if($notAllowed =
		    check_ip($banFix, $_SERVER['HTTP_X_FORWARDED_FOR']))
	    {
		$bannedOn = $_SERVER['HTTP_X_FORWARDED_FOR'];
		break;
	    }
	}

    } else {				// Must be a host/domain name
	if(($notAllowed = ereg("$banFix$", $remoteHostFix))) {
	    $bannedOn = $remoteHostFix;
	    break;
	}
    }
}
}

if($notAllowed) {
$errors[] = "Attempt from a banned email address, host or domain! ($bannedOn)";
if($logOnBan) {
    error_log("[$scriptName] Banned on \"$bannedOn\"", 0);
}
}

return $notAllowed;
}

// Generate informational headers
function generate_additional_headers() {

global $scriptName, $version, $reportRemoteHost, $reportRemoteAddr,
   $reportRemoteUser, $reportRemoteIdent, $reportOrigReferer;

// Who we are and our version
$addlHeaders = "X-Mailer: $scriptName v${version}\n";

// Remote host/address/user reporting?
if($reportRemoteHost && !empty($_SERVER['REMOTE_HOST']))
$addlHeaders .= "X-Remote-Host: " . $_SERVER['REMOTE_HOST'] . "\n";
if($reportRemoteAddr) {
if(!empty($_SERVER['REMOTE_ADDR']))
    $addlHeaders .= "X-Remote-Addr: " . $_SERVER['REMOTE_ADDR'] . "\n";

// If the client is working through a proxy...
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    $addlHeaders .= "X-Http-X-Forwarded-For: " .
		     $_SERVER['HTTP_X_FORWARDED_FOR'] . "\n";
}
if($reportRemoteUser && !empty($_SERVER['REMOTE_USER']))
$addlHeaders .= "X-Remote-User: " . $_SERVER['REMOTE_USER'] . "\n";
if($reportRemoteIdent && !empty($_SERVER['REMOTE_IDENT']))
$addlHeaders .= "X-Remote-Ident: " . $_SERVER['REMOTE_IDENT'] . "\n";
if($reportOrigReferer && !empty($_POST['orig_referer']))
$addlHeaders .= "X-SCForm-Referer: " . $_POST['orig_referer'] . "\n";

return $addlHeaders;
}

// Mail advisory to $errorsTo list
function mail_advisory($errors) {

global $errorsTo, $addSubjSig;

if(!empty($errorsTo)) {
if($addSubjSig)
    $finalSubject = "[$dfltSubj] ";
$finalSubject .= "Problem with form processing";

$content = "The following problem(s) occurred with contact form processing:\n\n";
$nerrors = count($errors);

for($i = 0; $i < $nerrors; $i++)
    $content .= "    . " . $errors[$i] . "\n";

$addlHeaders = generate_additional_headers();

// MS-Win mail servers want crlf and *don't* want a trailing pair
// Note: This code in two places!  (The alternatives would've been
// just as ugly, IMO.)
if(PHP_OS == "WIN32" || PHP_OS == "WINNT") {
    // It seems we only need do this with the "additional headers,"
    // but we're set up here to easily add other mail() variables.
    foreach (array('addlHeaders') as $foo) {
	$$foo = preg_replace("/\n$/", "", $$foo);
	$$foo = preg_replace("/\n/", "\r\n", $$foo);
    }
}

mail($errorsTo, $finalSubject, $content, $addlHeaders);
}
}

Griff1324

Here is the rest of the form processing page:

// Okay, here we go...

// Check the referer
if(!check_referer($allowedReferers, $logOnReferer)) {
    show_fatal($errors);
    if($adviseOnReferer == true)
	mail_advisory($errors);
    exit;
}

// "whoto" to email address hash
$whotos = array();

// Get the list of recipient keys and values
if(($fp = fopen($recipientFile, "r")) == false) {
     die("Can't open data file '$recipientFile'.\n");
}
while($inString = read_file_line($fp)) {
    list($key, $description, $value) = explode(':', $inString);
    $whotos[trim($key)] = trim($value);
}
fclose($fp);

// Convert "whoto" to recipient.
foreach($whotos as $key => $value) {
    if($_POST['whoto'] == $key) {
	$recipient = $value;
	break;
    }
}

// No valid recipient?  That's an error.
if(empty($recipient))
    $errors[] = "\"" . $_POST['whoto'] . "\" is an invalid destination.";

// Gave an email address?  It's an error if not--unless we allow no
// email address.
if(empty($_POST['email'])) {
    // For compatibility with pre-1.2.3 version config files, if
    // $requireEmail is not set, we default to "true".
    if(!isset($requireEmail) || $requireEmail) {
	$errors[] = "You didn't enter your email address.";
    }
// Valid-looking email address?
} elseif(!preg_match('/^[^\s@]+@[a-z0-9\.-]+?\.[a-z]{2,4}$/i', $_POST['email'])) {
    $errors[] = "\"" . $_POST['email'] .
		"\" doesn't look like a valid email address";
}

// Check for banned email addresses and remote hosts
if($banned = check_banlist($logOnBan, $_POST['email'])) {
    if($adviseOnBan)
	mail_advisory($errors);
    if($warnBanned) {
	show_fatal($errors);
	exit;
    } else {
	unset($errors);		// Make it look as if all's well
    }
}

// Check for name?
if($requireName && empty($_POST['name']))
     $errors[] = "You didn't enter your name.";

// Check for subject?
if($requireSubj && empty($_POST['subject']))
     $errors[] = "You didn't enter a subject.";

// Comments?  What's the point, if not?
if(empty($_POST['comments']))
     $errors[] = "You didn't enter any comments.";

// if there were errors, print out an error page and bail out
if(count($errors)) {
    show_errors($errors);
    exit;
}

if(!empty($_POST['name']))
    $content = "Somebody claiming to be " . $_POST['name'] . " wrote:\n\n";
$content .= preg_replace('/\r/', '', stripslashes($_POST['comments']));

$addlHeaders = empty($_POST['email'])? "" : "From: " . $_POST['email'] . "\n" .
                                            "Reply-To: " . $_POST['email'] . "\n";

$addlHeaders .= generate_additional_headers();

// Additional recipients?
if(!empty($mailAlso))
    $addlHeaders .= "Cc: ${mailAlso}\n";

// Subject line
if(empty($_POST['subject']))
    $finalSubject = $dfltSubj;
else {
    if($addSubjSig)
	$finalSubject = "[$dfltSubj] ";
    $finalSubject .= addcslashes(stripslashes($_POST['subject']), "\x00..\x1f");
}

// MS-Win mail servers want crlf and *don't* want a trailing pair
// Note: This code in two places!  (The alternatives would've been
// just as ugly, IMO.)
if(PHP_OS == "WIN32" || PHP_OS == "WINNT") {
    // It seems we only need do this with the "additional headers,"
    // but we're set up here to easily add other mail() variables.
    foreach (array('addlHeaders') as $foo) {
	$$foo = preg_replace("/\n$/", "", $$foo);
	$$foo = preg_replace("/\n/", "\r\n", $$foo);
    }
}

// Mail it
if(!$banned) {
    if(!mail($recipient, $finalSubject, $content, $addlHeaders)) {
	$errors[] = "Unable to process form at this time";
	show_fatal($errors);
	exit;
    }
}

// Redirect them to a response page
$responseURL = "Location: http://" . $_SERVER['HTTP_HOST'] .
	       dirname($_SERVER['PHP_SELF']) . "/scfresp.php";
if(!empty($_POST['orig_referer']))
    $responseURL .= "?OrigRef=" . urlencode($_POST['orig_referer']);
header($responseURL);
?>

I appreciate any and all help!

Thanks,

Chris

Griff1324

Just to clarify, what I would like to do is send the user to a response page specific to who the recipent of the email is for. I need this to be determined by the key in the contact.cfg file.

For example, if the user send a "Request for Quote", I want them to be sent to a thank you page that states, "Thank you for requesting a quote..."

Thanks again!

Chris

etully

Here's what I would do:

Change the config file so that the format is like this:
RFQ: Request for Quote: lgalvin@abc.com : rfq_thank_you.html
In the form processor, change this line:
list($key, $description, $value) = explode(':', $inString);
to this:
list($key, $description, $value, $thankyou) = explode(':', $inString);
At the end of the form processor page, change this line:
$responseURL = "Location: http://" . $SERVER['HTTP_HOST'] .
dirname($SERVER['PHP_SELF']) . "/scfresp.php";
to this:
$responseURL = "Location: http://" . $SERVER['HTTP_HOST'] .
dirname($SERVER['PHP_SELF']) . "/" . trim($thankyou);

And then make sure that you have all the thank you html files in place.

Oh, and since you are a new PHP programmer, DO NOT FORGET to make backups of any files you change BEFORE YOU CHANGE THEM.

Good luck.

Griff1324

I'll give that a try and let you know how I make out.

Thanks!

Chris

Griff1324

OK, I have made those changes but as soon as I hit the submit button, I am immediatly taken to the home (index.html) page. However, I notice that there is two // at the end of the domain name in the browser.

Thanks,

Chris

etully

That sounds like $thankyou isn't getting its value which could be caused for a number of different reasons.

Some troubleshooting techniques you can use are this:

after the explode command, write print "VALUE OF TY is $thankyou"; (This way, you can see if it's getting the value in the first place.
These are the lines that read in the data from the config file:

// Get the list of recipient keys and values
if(($fp = fopen($recipientFile, "r")) == false) {
die("Can't open data file '$recipientFile'.\n");
}
while($inString = read_file_line($fp)) {
list($key, $description, $value) = explode(':', $inString);
$whotos[trim($key)] = trim($value);
}
fclose($fp);

You might want to save that text to another PHP file and experiment with just that code to see if you can get it to successfully find the fourth piece of data (the thank you filename after the 3rd colon).

Print statements are good for seeing what variables have what values and you can get an idea of whether or not it's successfully reading the config file this way. Once you are reading the file successfully, then you should be 99% of the way there - you just have to print the $thankyou varaible in the Location header at the end of the script. (Are you sure that you're using the same variable name at the end that you assigned the value to after the explode command?)

etully

Are you sure that you used a colon to separate the 3rd and the 4th columns in the config file?

Griff1324

Ah, I figured out the problem. I was only adding a single thank you page for the contact I was testing. I removed all of the extra contacts in the config page with the exception of the one that had a thank you page and everything worked great.

I can't thank you enough! I greatly appreciate you taking the time to help me out with this. Thanks again!

Later,

Chris

Griff1324

I have encounted a problem. I noticed that when the form is submitted, it takes you to the last thank you page listed in the contact configuration file. For example, if I send a request for quote (which is coded in the config file to display thank_you_rfq.html) when I submit the form the thank_you_general.html is displayed. This is the last thank you page listed in the config file.

Any thoughts?

Thanks,

Chris

etully

Ok. This is going to require a few more mods:

Where you see this in the form processor:
$whotos = array();
add this:
$thankyoupages = array();
Where you see this:
$whotos[trim($key)] = trim($value);
add this:
$thankyoupages[trim($key)] = trim($thankyou);
Where you see this line this line:
$recipient = $value;
add this:
$thankyou = $thankyoupages[$key]

That will probably do it.

Griff1324

Awesome...it works great!

Thank you for all of your help!

Later,

Chris