Viewing file: backend.php (8.77 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php include('../admin/app/core.php');
// IP Addresses to assist in getting remote IP address $proxy_int_ip = "10.10.0.254"; $proxy_ext_ip = "66.76.188.188"; $server_ip = "10.10.0.4";
$target_email = "website@trisud.com"; // website group $noreply = "noreply@trisud.com"; // no reply address $company = "Tri Special Utility District"; // business name
// debug logging $logForm = "message"; $base_log_path = "/var/www/app/logs/"; // <== Note path must be correct! //logThis($logForm, "backend.php", "Got here", false);
// actual program like stuff! $remoteip = get_client_ip();
// GET variables for ajax request handlers $send = $_REQUEST["send"]; $footer = $_REQUEST['footer']; $nav = $_REQUEST['nav']; $modal = $_REQUEST['modal']; $status = $_REQUEST['status'];
if($status) { $st = status_read(); echo $st['light']; }
//FORMS
// ajax to send a contact msg from MAIN contact form if($send == "contact") { $name = $_REQUEST["name"]; $phone = $_REQUEST["phone"]; $email = $_REQUEST["email"]; $msg = $_REQUEST["message"]; //echo varDumpToString ($_REQUEST); //die(); //contact msg only if(empty($name) || empty($phone) || empty($email) || empty($msg)) { echo "Unable to send email, form is not completed!<br>"; exit(); } else { if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Please provide a valid email address!<br>"; exit(); } if(strlen($phone) < 10) { echo "Please provide a valid phone number (10 numbers)!<br>"; exit(); } $to = $target_email; // Olympic website group //$to = 'stephenb@net-techs.com'; // testing $subjectline = 'Message from website contact form'; $body = "From: ".$name."<br> E-Mail: ".$email."<br> Phone: ".$phone."<br> Message: ".$msg."<br> Sent by IP Address: ".$remoteip; $headers = array( 'From: "'.$company.' Website Main Contact Form" <'.$noreply.'>' , 'Reply-To: "'.$name.'" <'.$email.'>' , 'X-Mailer: PHP/' . phpversion() , 'MIME-Version: 1.0' , 'Content-type: text/html; charset=iso-8859-1' , ); $headers = implode( "\r\n" , $headers ); $send_test1 = mail($to, $subjectline, $body, $headers); logThis($logForm, "contact-backend.php", "\r\n".str_replace("<br>", "\r\n", $body)."\r\n", false); } if($send_test1) { $check = "Your contact message was successfully sent!"; } else { $check = "Something went horribly wrong! Please try again..."; } echo $check; }
// ajax to send a contact msg from QUOTE contact form if($send == "quote") { //logThis($logForm, "backend.php", $_REQUEST, true); $name = $_REQUEST["name"]; $phone = $_REQUEST["phone"]; $email = $_REQUEST["email"]; $jobaddress = $_REQUEST["jobaddress"]; $incity = $_REQUEST["incity"]; $msg = $_REQUEST["message"];
//contact msg only if(empty($name) || empty($email) || empty($phone) || empty($jobaddress)) { echo "Unable to send email, form is not completed!<br>"; exit(); } else { if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Please provide a valid email address!<br>"; exit(); } if(strlen($phone) < 10) { echo "Please provide a valid phone number!<br>"; exit(); } $to = $target_email; // Olympic website group //$to = 'stephenb@net-techs.com'; // testing $subjectline = 'Message from website contact form'; $body = "From: ".$name."<br> E-Mail: ".$email."<br> Phone: ".$phone."<br> Jobsite Address: ".$jobaddress."<br> City Limits: ".$incity."<br> Job Details: ".$msg."<br> Sent by IP Address: ".$remoteip; $headers = array( 'From: "'.$company.' Website Main Contact Form" <'.$noreply.'>' , 'Reply-To: "'.$name.'" <'.$email.'>' , 'X-Mailer: PHP/' . phpversion() , 'MIME-Version: 1.0' , 'Content-type: text/html; charset=iso-8859-1' , ); $headers = implode( "\r\n" , $headers ); $send_test1 = mail($to, $subjectline, $body, $headers); logThis($logForm, "quote-backend.php", "\r\n".str_replace("<br>", "\r\n", $body)."\r\n", false); } if($send_test1) { $check = "Your message was successfully sent!"; } else { $check = "Something went horribly wrong! Please try again..."; } echo $check; }
// ajax to send a contact msg from MINI form if($send == "mini") { $name = $_REQUEST["name"]; $email = $_REQUEST["email"]; $msg = $_REQUEST["message"];
//contact msg only if(empty($name) || empty($email) || empty($msg)) { echo "Form is not completed!<br>"; exit(); } else { if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Invalid email address!<br>"; exit(); } $to = $target_email; // Olympic website group //$to = 'stephenb@net-techs.com'; // testing $subjectline = 'Message from website mini contact form'; $body = "From: ".$name."<br> E-Mail: ".$email."<br> Message: ".$msg."<br> Sent by IP Address: ".$remoteip; $headers = array( 'From: "'.$company.' Website Mini Contact Form" <'.$noreply.'>' , 'Reply-To: "'.$name.'" <'.$email.'>' , 'X-Mailer: PHP/' . phpversion() , 'MIME-Version: 1.0' , 'Content-type: text/html; charset=iso-8859-1' , ); $headers = implode( "\r\n" , $headers ); $send_test1 = mail($to, $subjectline, $body, $headers); logThis($logForm, "mini-backend.php", "\r\n".str_replace("<br>", "\r\n", $body)."\r\n", false); } if($send_test1) { $check = "Sent email successfully!"; } else { $check = "Please try again..."; } echo $check; }
// echo footer if($footer) { $footer = file_get_contents("footer.ssi"); echo $footer; }
// echo navigation if($nav) { $nav = file_get_contents("nav.ssi"); echo $nav; }
// echo modal for privacy policy if($modal) { $privacy = file_get_contents("../privacy/privacy.ssi"); echo $privacy; }
//FUNCTIONS
// tries to get valid client IP function get_client_ip() { global $proxy_int_ip; global $proxy_ext_ip; global $server_ip; // Nothing to do without any reliable information if (!isset ($_SERVER['REMOTE_ADDR'])) { return NULL; }
// Header that is used by the trusted proxy to refer to // the original IP $proxy_header = "HTTP_X_FORWARDED_FOR";
// List of all the proxies that are known to handle 'proxy_header' // in known, safe manner $trusted_proxies = array($proxy_int_ip, $proxy_ext_ip, $server_ip);
if (in_array ($_SERVER['REMOTE_ADDR'], $trusted_proxies)) { // Get the IP address of the client behind trusted proxy if (array_key_exists ($proxy_header, $_SERVER)) { // Header can contain multiple IP-s of proxies that are passed through. // Only the IP added by the last proxy (last IP in the list) can be trusted. $proxy_list = explode (",", $_SERVER[$proxy_header]); $client_ip = trim (end ($proxy_list));
// Validate just in case if (filter_var ($client_ip, FILTER_VALIDATE_IP)) { return $client_ip; } else { // Validation failed - beat the guy who configured the proxy or // the guy who created the trusted proxy list? // TODO: some error handling to notify about the need of punishment } } }
// In all other cases, REMOTE_ADDR is the ONLY IP we can trust. return $_SERVER['REMOTE_ADDR']; }
//writes to appropriate log file function logThis($form, $var, $value, $varArray = false) { global $base_log_path; $logFile = $base_log_path.$form."_log_".date("Y-m-d").".log"; if($varArray) { $output = "(".date("H:i:s").") ".$var.": ".varDumpToString($value); } else { $output = "(".date("H:i:s").") ".$var.": ".$value; } file_put_contents($logFile, $output."\n", FILE_APPEND); }
// var_dump for logs function varDumpToString ($var){ ob_start(); var_dump($var); $result = ob_get_clean(); return $result; }
date_default_timezone_set('America/Chicago'); session_start();
//////////////////////////////////////////// // GENERAL FUNCTIONS ////////////////////////////////////////////
// db_connect function initiates a connection to the mysql database using the Global variables defined above
?>
|