Results 1 to 1 of 1

Thread: JobRoller: Trying to extend Contact form. Need Help!

  1. #1
    Thread Starter
    Newbie istorm's Avatar
    Join Date
    Aug 2011
    Location
    Belgium
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    JobRoller: Trying to extend Contact form. Need Help!

    Hello,

    I work on the jobRoller theme and I'm trying to add a file upload field on the email contact form. But it does not save the file in the folder /uploads and then the file attachment does not work for email.

    Here's a screenshot of my debug wp and my file:

    https://skitch.com/jeremy123spade/8q...t-found-istorm

    And the code I'm using to upload/send the file. (A bit messy, but I'm no expert)

    Code:
    <?php
    /*
    Template Name: Contact
    */
    ?>
    <?php 
    
    	$errors = new WP_Error();
    	$message = '';
    	
    	// Form Processing Script	
    	if (isset($_POST['submit-form'])) {		
    		
    		$required = array('your_name', 'email', 'message');
    		
    		// Identify exploits
    		$head_expl = "/(bcc:|cc:|document.cookie|document.write|onclick|onload)/i";
    		$inpt_expl = "/(content-type|to:|bcc:|cc:|document.cookie|document.write|onclick|onload)/i";
    		
    		// Get post data 
    		$posted = array();
    		
    		$posted['your_name'] = $_POST['your_name'];
    		$posted['email'] = $_POST['email'];
    		$posted['message'] = $_POST['message'];
    		$posted['spam-trap'] = $_POST['honeypot'];
    		
    		// Clean post data & validate fields
    		foreach ($posted as $key => $val) {
    			$val = strip_tags(stripslashes(trim($val)));
    			
    			if (in_array($key, $required)) {
    				if (empty($val)) $errors->add('submit_error', __('Required field "','appthemes').$key.__('" missing.','appthemes'));
    			}
    			
    			if ($key=='email') {
    				if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $posted['email'])) {
    					$errors->add('submit_error', __('Invalid email address.', 'appthemes'));
    				}
    			}
    			
    			// Check file extensions
    			$allowed = array(
    				'pdf',
    				'doc',
    				'docx',
    				'rtf',
    				'.txt',
    				'.rtf',
    				'.zip',
    				'.otf'
    			);
    			
    			if (isset($_FILES['attachment']) && !empty($_FILES['attachment']['name'])) {
    				$extension = strtolower(pathinfo($_FILES['attachment']['name'], PATHINFO_EXTENSION));
    				if (!in_array($extension, $allowed)) $errors->add('submit_error', __('<strong>ERROR</strong>: Only pdf, doc, txt and rtf files are allowed.', 'jr'));
    			}
    			
    			if ($errors && sizeof($errors)>0 && $errors->get_error_code()) {
    			// There are errors!
    			
    			} else {
    			
    			$attachments = array();
    			$attachment_urls = array();
    			// Continue, upload files
    			if ((isset($_FILES['attachment']) && !empty($_FILES['attachment']['name']))) {
    				
    				// Find max filesize in bytes - we say 10mb becasue the file will be attached to an email, also checks system variables in case they are lower
    				$max_sizes = array('10485760');
    				if ((ini_get('post_max_size'))) $max_sizes[] = let_to_num(ini_get('post_max_size'));
    				if ((ini_get('upload_max_filesize'))) $max_sizes[] = let_to_num(ini_get('upload_max_filesize'));
    				if ((WP_MEMORY_LIMIT)) $max_sizes[] = let_to_num(WP_MEMORY_LIMIT);
    				
    				$max_filesize = min( $max_sizes );
    				
    				if (($_FILES["attachment"]["size"]) > $max_filesize) :
    					$errors->add('submit_error', __('<strong>ERROR</strong>: ', 'jr').'Attachments too large. Maximum file size for all attachments is '.($max_filesize/(1024*1024)).'MB');
    				else :
    				
    					/** WordPress Administration File API */
    					include_once(ABSPATH . 'wp-admin/includes/file.php');					
    					/** WordPress Media Administration API */
    					include_once(ABSPATH . 'wp-admin/includes/media.php');
    		
    					add_filter('upload_dir', 'attachment_upload_dir');
    										
    					$uploadpath = 'wp-content/uploads/';
    	
    					if (isset($_FILES['attachment']) && !empty($_FILES['attachment']['name'])) {
    						
    						//save file to disk
    						$upload = wp_upload_bits($_FILES["attachment"]["name"], null, file_get_contents($_FILES["attachment"]["tmp_name"]));
    						
    					}
    			
    			endif;
    			remove_filter('upload_dir', 'attachment_upload_dir');
    			
    			}		}
    			
    			
    			if (!empty($posted['spam-trap'])) {
    				$errors->add('submit_error', __('Possible spam: You filled the honeypot spam-trap field!', 'appthemes'));	
    			}
    			
    			if(preg_match($inpt_expl, $val)) {
    	 			$errors->add('submit_error', __('Injection Exploit Detected: It seems that you’re possibly trying to apply a header or input injection exploit in our form. If you are, please stop at once! If not, please go back and check to make sure you haven’t entered <strong>content-type</strong>, <strong>to:</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>document.write</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you’re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.', 'appthemes'));	
    	 		}	
    		}
    						
    		// Show errors or continue
    		if ($errors && sizeof($errors)>0 && $errors->get_error_code()) {} else {
    			
    			// Prepare email
    			$subject = "[".get_bloginfo('name')."] ".__('Contact from','appthemes')." ".$posted['your_name']."";
    			
    			$sendto = get_option('admin_email'); 
    				
        		$ltd = date("l, F jS, Y \\a\\t g:i a", time());
    			$ip = getenv("REMOTE_ADDR");
    			$hr = getenv("HTTP_REFERER");
    			$hst = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
    			$ua = $_SERVER['HTTP_USER_AGENT'];
    			
    			$email_header = 'From: '.get_bloginfo('name') . "\r\n";
    			$email_header .= 'Reply-To: '.$posted['email'] . "\r\n";
    			
    			if(preg_match($head_expl, $email_header)) {
    			
    				$errors[] = 'Injection Exploit Detected: It seems that you’re possibly trying to apply a header or input injection exploit in our form. If you are, please stop at once! If not, please go back and check to make sure you haven’t entered <strong>content-type</strong>, <strong>to:</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>document.write</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you’re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.';
    				
    			} else {
    
    				$content = "Hello,\n\nYou are being contacted via ".get_bloginfo('name')." by ".$posted['your_name'].". ".$posted['your_name']." has provided the following information so you may contact them:\n\n   Email: ".$posted['email']."\n\nMessage:\n   ".$posted['message']."\n\n--------------------------\nOther Data and Information:\n   IP Address: $ip\n   Time Stamp: $ltd\n   Referrer: $hr\n   Host: $hst\n   User Agent: $ua\n\n";
    	
    				$content = stripslashes(strip_tags(trim($content)));	
    								
    				// Send email
    				wp_mail( $sendto, $subject, $content, $uploads, $email_header); 
    				
    				
    				// Show Thanks					
    				$message = __('Thank you. Your message has been sent.','appthemes');
    				
    				unset($posted);
    			
    			}
    		}
    	}
    	
    function attachment_upload_dir( $pathdata ) {
    $subdir = '/uploads'.$pathdata['subdir'];
    	$pathdata['path'] = str_replace($pathdata['subdir'], $subdir, $pathdata['path']);
    	$pathdata['url'] = str_replace($pathdata['subdir'], $subdir, $pathdata['url']);
    $pathdata['subdir'] = str_replace($pathdata['subdir'], $subdir, $pathdata['subdir']);
    return $pathdata;
    }
    ?>
    <?php get_header(); ?>
    
    	<div id="contact-intro">
    		<h2>Don't hesitate to get in touch with us</h2>
    		<p>we'd love to hear from you</p> 
    	</div>
    
    	<div class="section full">
    
    		<div class="section_content">
    				<?php if (have_posts()) : ?>
    				<?php while (have_posts()) : the_post(); ?>
    				<div class="text">	
    				<?php the_content(); ?>
    				<?php
    				jr_show_errors($errors);
    					if (isset($message) && !empty($message)) {
    						echo '<p class="success">'.$message.'</p>';
    					}
    				?>
    				
    				
    				</div>
    					<!-- Contact Form -->
    					<form method="post" action="<?php echo get_permalink($post->ID); ?>" class="main_form contact">
    						
    						<p><label for="your_name"><?php _e('Your Name/Company Name', 'appthemes'); ?><span title="required">*</span><br></label> <input type="text" class="text" name="your_name" id="your_name" value="<?php if (isset($posted['your_name'])) echo $posted['your_name']; ?>" /></p>
    						<p><label for="email"><?php _e('Your email', 'appthemes'); ?> <span title="required">*</span></label><br> <input type="text" class="text" name="email" id="email" value="<?php if (isset($posted['email'])) echo $posted['email'];	 ?>" /></p>
    
    						<p><label for="message"><?php _e('Message', 'appthemes'); ?> <span title="required">*</span></label> <br><textarea name="message" id="message" cols="60" rows="8"><?php if (isset($posted['message'])) echo $posted['message'];	 ?></textarea></p>
    						
    						<p><label for="file"><?php _e('File (.doc, .pdf, .txt, .rtf, .docx, .zip, or .otf)', 'appthemes'); ?></label> <input type="file" class="text" name="attachment" id="attachment" /></p>
    						
    						<p ><span class="well"><input type="submit" name="submit-form" class="submit button" id="submit-form" value="<?php _e('Submit', 'appthemes'); ?>" /><input type="text" name="honeypot" value="" style="position: absolute; left: -999em;" title="" /></span></p>
    					</form>
    
    			<?php endwhile; ?>
    
    			<?php endif; ?>
    
    			<div class="clear"></div>
    
    		</div><!-- end section_content -->
    
    	</div><!-- end section -->
    
    	<div class="clear"></div>
    
    </div><!-- end main content -->
    
    
    <?php get_footer(); ?>
    Can anyone offer advice on this?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Contact form not working - jobroller
    By varoon10 in forum Report JobRoller Bugs
    Replies: 4
    Last Post: June 17th, 2011, 08:36 AM
  2. Replies: 5
    Last Post: May 3rd, 2011, 09:46 AM
  3. Classipress with Jobroller contact form
    By dazzaboo2000 in forum ClassiPress General Discussion
    Replies: 3
    Last Post: March 24th, 2011, 09:06 AM
  4. Contact form not working on Jobroller
    By beckett00 in forum Report JobRoller Bugs
    Replies: 1
    Last Post: March 17th, 2011, 07:25 PM