<?php /* Template Name: Contact */ ?> <?php $errors = new WP_Error(); $message = ''; // Form Processing Script if (isset($_POST['submit-form'])) { $required = array('your_name', 'email', 'message'); // Identify exploits $head_expl = "/(bcc:|cc:|document.cookie|document.write|onclick|onload)/i"; $inpt_expl = "/(content-type|to:|bcc:|cc:|document.cookie|document.write|onclick|onload)/i"; // Get post data $posted = array(); $posted['your_name'] = $_POST['your_name']; $posted['email'] = $_POST['email']; $posted['message'] = $_POST['message']; $posted['spam-trap'] = $_POST['honeypot']; // Clean post data & validate fields foreach ($posted as $key => $val) { $val = strip_tags(stripslashes(trim($val))); if (in_array($key, $required)) { if (empty($val)) $errors->add('submit_error', __('Required field "','appthemes').$key.__('" missing.','appthemes')); } if ($key=='email') { if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $posted['email'])) { $errors->add('submit_error', __('Invalid email address.', 'appthemes')); } } // Check file extensions $allowed = array( 'pdf', 'doc', 'docx', 'rtf', '.txt', '.rtf', '.zip', '.otf' ); if (isset($_FILES['attachment']) && !empty($_FILES['attachment']['name'])) { $extension = strtolower(pathinfo($_FILES['attachment']['name'], PATHINFO_EXTENSION)); if (!in_array($extension, $allowed)) $errors->add('submit_error', __('<strong>ERROR</strong>: Only pdf, doc, txt and rtf files are allowed.', 'jr')); } if ($errors && sizeof($errors)>0 && $errors->get_error_code()) { // There are errors! } else { $attachments = array(); $attachment_urls = array(); // Continue, upload files if ((isset($_FILES['attachment']) && !empty($_FILES['attachment']['name']))) { // Find max filesize in bytes - we say 10mb becasue the file will be attached to an email, also checks system variables in case they are lower $max_sizes = array('10485760'); if ((ini_get('post_max_size'))) $max_sizes[] = let_to_num(ini_get('post_max_size')); if ((ini_get('upload_max_filesize'))) $max_sizes[] = let_to_num(ini_get('upload_max_filesize')); if ((WP_MEMORY_LIMIT)) $max_sizes[] = let_to_num(WP_MEMORY_LIMIT); $max_filesize = min( $max_sizes ); if (($_FILES["attachment"]["size"]) > $max_filesize) : $errors->add('submit_error', __('<strong>ERROR</strong>: ', 'jr').'Attachments too large. Maximum file size for all attachments is '.($max_filesize/(1024*1024)).'MB'); else : /** WordPress Administration File API */ include_once(ABSPATH . 'wp-admin/includes/file.php'); /** WordPress Media Administration API */ include_once(ABSPATH . 'wp-admin/includes/media.php'); add_filter('upload_dir', 'attachment_upload_dir'); $uploadpath = 'wp-content/uploads/'; if (isset($_FILES['attachment']) && !empty($_FILES['attachment']['name'])) { //save file to disk $upload = wp_upload_bits($_FILES["attachment"]["name"], null, file_get_contents($_FILES["attachment"]["tmp_name"])); } endif; remove_filter('upload_dir', 'attachment_upload_dir'); } } if (!empty($posted['spam-trap'])) { $errors->add('submit_error', __('Possible spam: You filled the honeypot spam-trap field!', 'appthemes')); } if(preg_match($inpt_expl, $val)) { $errors->add('submit_error', __('Injection Exploit Detected: It seems that you’re possibly trying to apply a header or input injection exploit in our form. If you are, please stop at once! If not, please go back and check to make sure you haven’t entered <strong>content-type</strong>, <strong>to:</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>document.write</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you’re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.', 'appthemes')); } } // Show errors or continue if ($errors && sizeof($errors)>0 && $errors->get_error_code()) {} else { // Prepare email $subject = "[".get_bloginfo('name')."] ".__('Contact from','appthemes')." ".$posted['your_name'].""; $sendto = get_option('admin_email'); $ltd = date("l, F jS, Y \\a\\t g:i a", time()); $ip = getenv("REMOTE_ADDR"); $hr = getenv("HTTP_REFERER"); $hst = gethostbyaddr( $_SERVER['REMOTE_ADDR'] ); $ua = $_SERVER['HTTP_USER_AGENT']; $email_header = 'From: '.get_bloginfo('name') . "\r\n"; $email_header .= 'Reply-To: '.$posted['email'] . "\r\n"; if(preg_match($head_expl, $email_header)) { $errors[] = 'Injection Exploit Detected: It seems that you’re possibly trying to apply a header or input injection exploit in our form. If you are, please stop at once! If not, please go back and check to make sure you haven’t entered <strong>content-type</strong>, <strong>to:</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>document.write</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you’re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.'; } else { $content = "Hello,\n\nYou are being contacted via ".get_bloginfo('name')." by ".$posted['your_name'].". ".$posted['your_name']." has provided the following information so you may contact them:\n\n Email: ".$posted['email']."\n\nMessage:\n ".$posted['message']."\n\n--------------------------\nOther Data and Information:\n IP Address: $ip\n Time Stamp: $ltd\n Referrer: $hr\n Host: $hst\n User Agent: $ua\n\n"; $content = stripslashes(strip_tags(trim($content))); // Send email wp_mail( $sendto, $subject, $content, $uploads, $email_header); // Show Thanks $message = __('Thank you. Your message has been sent.','appthemes'); unset($posted); } } } function attachment_upload_dir( $pathdata ) { $subdir = '/uploads'.$pathdata['subdir']; $pathdata['path'] = str_replace($pathdata['subdir'], $subdir, $pathdata['path']); $pathdata['url'] = str_replace($pathdata['subdir'], $subdir, $pathdata['url']); $pathdata['subdir'] = str_replace($pathdata['subdir'], $subdir, $pathdata['subdir']); return $pathdata; } ?> <?php get_header(); ?> <div id="contact-intro"> <h2>Don't hesitate to get in touch with us</h2> <p>we'd love to hear from you</p> </div> <div class="section full"> <div class="section_content"> <?php if (have_posts()) : ?> <?php while (have_posts()) : the_post(); ?> <div class="text"> <?php the_content(); ?> <?php jr_show_errors($errors); if (isset($message) && !empty($message)) { echo '<p class="success">'.$message.'</p>'; } ?> </div> <!-- Contact Form --> <form method="post" action="<?php echo get_permalink($post->ID); ?>" class="main_form contact"> <p><label for="your_name"><?php _e('Your Name/Company Name', 'appthemes'); ?><span title="required">*</span><br></label> <input type="text" class="text" name="your_name" id="your_name" value="<?php if (isset($posted['your_name'])) echo $posted['your_name']; ?>" /></p> <p><label for="email"><?php _e('Your email', 'appthemes'); ?> <span title="required">*</span></label><br> <input type="text" class="text" name="email" id="email" value="<?php if (isset($posted['email'])) echo $posted['email']; ?>" /></p> <p><label for="message"><?php _e('Message', 'appthemes'); ?> <span title="required">*</span></label> <br><textarea name="message" id="message" cols="60" rows="8"><?php if (isset($posted['message'])) echo $posted['message']; ?></textarea></p> <p><label for="file"><?php _e('File (.doc, .pdf, .txt, .rtf, .docx, .zip, or .otf)', 'appthemes'); ?></label> <input type="file" class="text" name="attachment" id="attachment" /></p> <p ><span class="well"><input type="submit" name="submit-form" class="submit button" id="submit-form" value="<?php _e('Submit', 'appthemes'); ?>" /><input type="text" name="honeypot" value="" style="position: absolute; left: -999em;" title="" /></span></p> </form> <?php endwhile; ?> <?php endif; ?> <div class="clear"></div> </div><!-- end section_content --> </div><!-- end section --> <div class="clear"></div> </div><!-- end main content --> <?php get_footer(); ?>
There are currently 1 users browsing this thread. (0 members and 1 guests)