<?php
/*
Template Name: Contact
*/
?>
<?php
$errors = new WP_Error();
$message = '';
// Form Processing Script
if (isset($_POST['submit-form'])) {
$required = array('your_name', 'email', 'message');
// Identify exploits
$head_expl = "/(bcc:|cc:|document.cookie|document.write|onclick|onload)/i";
$inpt_expl = "/(content-type|to:|bcc:|cc:|document.cookie|document.write|onclick|onload)/i";
// Get post data
$posted = array();
$posted['your_name'] = $_POST['your_name'];
$posted['email'] = $_POST['email'];
$posted['message'] = $_POST['message'];
$posted['spam-trap'] = $_POST['honeypot'];
// Clean post data & validate fields
foreach ($posted as $key => $val) {
$val = strip_tags(stripslashes(trim($val)));
if (in_array($key, $required)) {
if (empty($val)) $errors->add('submit_error', __('Required field "','appthemes').$key.__('" missing.','appthemes'));
}
if ($key=='email') {
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $posted['email'])) {
$errors->add('submit_error', __('Invalid email address.', 'appthemes'));
}
}
// Check file extensions
$allowed = array(
'pdf',
'doc',
'docx',
'rtf',
'.txt',
'.rtf',
'.zip',
'.otf'
);
if (isset($_FILES['attachment']) && !empty($_FILES['attachment']['name'])) {
$extension = strtolower(pathinfo($_FILES['attachment']['name'], PATHINFO_EXTENSION));
if (!in_array($extension, $allowed)) $errors->add('submit_error', __('<strong>ERROR</strong>: Only pdf, doc, txt and rtf files are allowed.', 'jr'));
}
if ($errors && sizeof($errors)>0 && $errors->get_error_code()) {
// There are errors!
} else {
$attachments = array();
$attachment_urls = array();
// Continue, upload files
if ((isset($_FILES['attachment']) && !empty($_FILES['attachment']['name']))) {
// Find max filesize in bytes - we say 10mb becasue the file will be attached to an email, also checks system variables in case they are lower
$max_sizes = array('10485760');
if ((ini_get('post_max_size'))) $max_sizes[] = let_to_num(ini_get('post_max_size'));
if ((ini_get('upload_max_filesize'))) $max_sizes[] = let_to_num(ini_get('upload_max_filesize'));
if ((WP_MEMORY_LIMIT)) $max_sizes[] = let_to_num(WP_MEMORY_LIMIT);
$max_filesize = min( $max_sizes );
if (($_FILES["attachment"]["size"]) > $max_filesize) :
$errors->add('submit_error', __('<strong>ERROR</strong>: ', 'jr').'Attachments too large. Maximum file size for all attachments is '.($max_filesize/(1024*1024)).'MB');
else :
/** WordPress Administration File API */
include_once(ABSPATH . 'wp-admin/includes/file.php');
/** WordPress Media Administration API */
include_once(ABSPATH . 'wp-admin/includes/media.php');
add_filter('upload_dir', 'attachment_upload_dir');
$uploadpath = 'wp-content/uploads/';
if (isset($_FILES['attachment']) && !empty($_FILES['attachment']['name'])) {
//save file to disk
$upload = wp_upload_bits($_FILES["attachment"]["name"], null, file_get_contents($_FILES["attachment"]["tmp_name"]));
}
endif;
remove_filter('upload_dir', 'attachment_upload_dir');
} }
if (!empty($posted['spam-trap'])) {
$errors->add('submit_error', __('Possible spam: You filled the honeypot spam-trap field!', 'appthemes'));
}
if(preg_match($inpt_expl, $val)) {
$errors->add('submit_error', __('Injection Exploit Detected: It seems that you’re possibly trying to apply a header or input injection exploit in our form. If you are, please stop at once! If not, please go back and check to make sure you haven’t entered <strong>content-type</strong>, <strong>to:</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>document.write</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you’re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.', 'appthemes'));
}
}
// Show errors or continue
if ($errors && sizeof($errors)>0 && $errors->get_error_code()) {} else {
// Prepare email
$subject = "[".get_bloginfo('name')."] ".__('Contact from','appthemes')." ".$posted['your_name']."";
$sendto = get_option('admin_email');
$ltd = date("l, F jS, Y \\a\\t g:i a", time());
$ip = getenv("REMOTE_ADDR");
$hr = getenv("HTTP_REFERER");
$hst = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
$ua = $_SERVER['HTTP_USER_AGENT'];
$email_header = 'From: '.get_bloginfo('name') . "\r\n";
$email_header .= 'Reply-To: '.$posted['email'] . "\r\n";
if(preg_match($head_expl, $email_header)) {
$errors[] = 'Injection Exploit Detected: It seems that you’re possibly trying to apply a header or input injection exploit in our form. If you are, please stop at once! If not, please go back and check to make sure you haven’t entered <strong>content-type</strong>, <strong>to:</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>document.write</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you’re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.';
} else {
$content = "Hello,\n\nYou are being contacted via ".get_bloginfo('name')." by ".$posted['your_name'].". ".$posted['your_name']." has provided the following information so you may contact them:\n\n Email: ".$posted['email']."\n\nMessage:\n ".$posted['message']."\n\n--------------------------\nOther Data and Information:\n IP Address: $ip\n Time Stamp: $ltd\n Referrer: $hr\n Host: $hst\n User Agent: $ua\n\n";
$content = stripslashes(strip_tags(trim($content)));
// Send email
wp_mail( $sendto, $subject, $content, $uploads, $email_header);
// Show Thanks
$message = __('Thank you. Your message has been sent.','appthemes');
unset($posted);
}
}
}
function attachment_upload_dir( $pathdata ) {
$subdir = '/uploads'.$pathdata['subdir'];
$pathdata['path'] = str_replace($pathdata['subdir'], $subdir, $pathdata['path']);
$pathdata['url'] = str_replace($pathdata['subdir'], $subdir, $pathdata['url']);
$pathdata['subdir'] = str_replace($pathdata['subdir'], $subdir, $pathdata['subdir']);
return $pathdata;
}
?>
<?php get_header(); ?>
<div id="contact-intro">
<h2>Don't hesitate to get in touch with us</h2>
<p>we'd love to hear from you</p>
</div>
<div class="section full">
<div class="section_content">
<?php if (have_posts()) : ?>
<?php while (have_posts()) : the_post(); ?>
<div class="text">
<?php the_content(); ?>
<?php
jr_show_errors($errors);
if (isset($message) && !empty($message)) {
echo '<p class="success">'.$message.'</p>';
}
?>
</div>
<!-- Contact Form -->
<form method="post" action="<?php echo get_permalink($post->ID); ?>" class="main_form contact">
<p><label for="your_name"><?php _e('Your Name/Company Name', 'appthemes'); ?><span title="required">*</span><br></label> <input type="text" class="text" name="your_name" id="your_name" value="<?php if (isset($posted['your_name'])) echo $posted['your_name']; ?>" /></p>
<p><label for="email"><?php _e('Your email', 'appthemes'); ?> <span title="required">*</span></label><br> <input type="text" class="text" name="email" id="email" value="<?php if (isset($posted['email'])) echo $posted['email']; ?>" /></p>
<p><label for="message"><?php _e('Message', 'appthemes'); ?> <span title="required">*</span></label> <br><textarea name="message" id="message" cols="60" rows="8"><?php if (isset($posted['message'])) echo $posted['message']; ?></textarea></p>
<p><label for="file"><?php _e('File (.doc, .pdf, .txt, .rtf, .docx, .zip, or .otf)', 'appthemes'); ?></label> <input type="file" class="text" name="attachment" id="attachment" /></p>
<p ><span class="well"><input type="submit" name="submit-form" class="submit button" id="submit-form" value="<?php _e('Submit', 'appthemes'); ?>" /><input type="text" name="honeypot" value="" style="position: absolute; left: -999em;" title="" /></span></p>
</form>
<?php endwhile; ?>
<?php endif; ?>
<div class="clear"></div>
</div><!-- end section_content -->
</div><!-- end section -->
<div class="clear"></div>
</div><!-- end main content -->
<?php get_footer(); ?>
There are currently 1 users browsing this thread. (0 members and 1 guests)
Reply With Quote