관리-도구

편집 파일: process_promo2017.php

<?php
include_once('includes/root.php');
session_start();

include_once("constants.php");

require_once("classes/class-formval.php");

require_once("classes/class-sanitizer.php");

// Report simple running errors

error_reporting  (E_ERROR | E_WARNING | E_PARSE);

$_SESSION['error'] = null;

//Create an array of the form information

while (list($key,$val)=each($HTTP_POST_VARS)){

if(isset($_SESSION['free_wedding'][$key])){

$_SESSION['free_wedding'][$key] = NULL;

}

$_SESSION['free_wedding'][$key] = $val;

}

// Process The Form Cleaner

$sanitizer_obj = & new sanitizer;

$_SESSION['free_wedding'] = $sanitizer_obj->cleandata( $_SESSION['free_wedding']); //cleandata( $process_info, $hacker, $spamer, $badword, $phone )

// Check the form validation

$validator =& new formval;

if ($_SESSION['free_wedding']['form_token'] != $_SESSION['free_wedding']['form_token_s']) { // Session Token test

$_SESSION['error']['session_token'] = true;

$hack = true;

}

if (!$validator->validate('token_date','yes',$_SESSION['free_wedding']['form_token'])) {

$_SESSION['error']['session_date'] = true;

$hack = true;

}

if (!$validator->validate('text','yes',$_SESSION['free_wedding']['firstname'])) {

$_SESSION['error']['firstname'] = true;

}

if (!$validator->validate('text','yes',$_SESSION['free_wedding']['lastname'])) {

$_SESSION['error']['lastname'] = true;

}

if (!$validator->validate('email','yes',$_SESSION['free_wedding']['emailaddress'])) {

$_SESSION['error']['emailaddress'] = true;

}

if(is_array($_SESSION['error'])){

header("location: "."promo2017.php" );
	exit;

}

/* Construct phone number*/
$phone1 = $_POST[areacode];
$phone2 = $_POST[three];
$phone3 = $_POST[four];
$phone = "(".$phone1.") ".$phone2. "-".$phone3;

/* start database connection*/

$host="localhost"; // Host name 
$username="finest09_admin"; // Mysql username 
$password="LCqR7ydNeQ1U"; // Mysql password 
$db_name="finest09_brides"; // Database name 
$tbl_name="users_2017"; // Table name

// Connect to server and select database.
 mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
 mysql_select_db("$db_name")or die("cannot select DB");
 
 
$registereddatetime = date("Y-m-d H:i:s") ;

// Insert data into mysql 
 $sql="INSERT INTO users_2017(firstname,lastname,phone,emailaddress,weddingdate,photographer,location,reception,hear,chkspecialoffers)
 VALUES('$_POST[firstname]','$_POST[lastname]','$phone','$_POST[emailaddress]','$_POST[weddingdate]','$_POST[photographer]','$_POST[location]','$_POST[reception]','$_POST[hear]','$_POST[chkspecialoffers]')";
 
 $result=mysql_query($sql);

// 
 if($result){
 }
 else {
	 echo mysql_error();
 echo "Database ERROR";
 }
 
$sender_email = $_POST[emailaddress];

if($_POST && isset($_FILES['file']))
{
	$recepient_email    = "submit@finestweddingsites.com"; //recepient
	//$recepient_email    = "guy@azimpact.com"; //recepient
	$bcc 				= "lisa@mungias.com";
    $from_email         = "submit@finestweddingsites.com"; //from email using site domain.
    $subject            = "Engagement Photo Contest Submittals"; //email subject line
    
      $attachments = $_FILES['file'];
	
	//send email message
 $sender_message ="\r\n First Name: $_POST[firstname]\r\n Last Name: $_POST[lastname]\r\nEmail Address: $_POST[emailaddress]\r\n Photographer: $_POST[photographer]\r\n Name of Venue Photos: $_POST[venue]\r\n Wedding Date: $_POST[weddingdate]\r\n Reception Location: $_POST[reception]\r\n Hear About: $_POST[hear]\r\nSpecial Offers: $_POST[chkspecialoffers]";
	
	$file_count = count($attachments['name']); //count total files attached
	$boundary = md5("www.finestweddingsites.com"); 
		
			
	if($file_count > 0){ //if attachment exists
		//header
        $headers = "MIME-Version: 1.0\r\n"; 
        $headers .= "From:".$from_email."\r\n";
        $headers .= "Bcc:".$bcc."\r\n";
		$headers .= "Reply-To: ".$sender_email."" . "\r\n";
        $headers .= "Content-Type: multipart/mixed; boundary = $boundary\r\n\r\n"; 
        
        //message text
        $body = "--$boundary\r\n";
        $body .= "Content-Type: text/plain; charset=ISO-8859-1\r\n";
        $body .= "Content-Transfer-Encoding: base64\r\n\r\n"; 
        $body .= chunk_split(base64_encode($sender_message));

//attachments
		for ($x = 0; $x < $file_count; $x++){		
			if(!empty($attachments['name'][$x])){
				
				if($attachments['error'][$x]>0) //exit script and output error if we encounter any
				{
					$mymsg = array( 
					1=>"The uploaded file exceeds the upload_max_filesize directive in php.ini", 
					2=>"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form", 
					3=>"The uploaded file was only partially uploaded", 
					4=>"No file was uploaded", 
					6=>"Missing a temporary folder" ); 
					die($mymsg[$attachments['error'][$x]]); 
				}
				
				//get file info
				$file_name = $attachments['name'][$x];
				$file_size = $attachments['size'][$x];
				$file_type = $attachments['type'][$x];
				
				//read file 
				$handle = fopen($attachments['tmp_name'][$x], "r");
				$content = fread($handle, $file_size);
				fclose($handle);
				$encoded_content = chunk_split(base64_encode($content)); //split into smaller chunks (RFC 2045)
				
				$body .= "--$boundary\r\n";
				$body .="Content-Type: $file_type; name=\"$file_name\"\r\n";
				$body .="Content-Disposition: attachment; filename=\"$file_name\"\r\n";
				$body .="Content-Transfer-Encoding: base64\r\n";
				$body .="X-Attachment-Id: ".rand(1000,99999)."\r\n\r\n"; 
				$body .= $encoded_content; 
	
			}
		}

}else{ //send plain email otherwise
       $headers = "From:".$from_email."\r\n".
        "Reply-To: ".$sender_email. "\n" .
        "X-Mailer: PHP/" . phpversion();
		
		
        $body ="\r\n First Name: $_POST[firstname]\r\n Last Name: $_POST[lastname]\r\n State: $_POST[state]\r\n Zip: $_POST[zipcode]\r\n Email Address: $_POST[emailaddress]\r\n Photagrapher: $_POST[photographer]\r\n Name of Venue Photos: $_POST[venue]\r\n Wedding Date: $_POST[weddingdate]\r\n Reception Location: $_POST[reception]\r\n Heard About: $_POST[hear]\r\n Special Offers: $_POST[chkspecialoffers]";}
		
	 $sentMail = @mail($recepient_email,$subject, $body, $headers);
/*	if($sentMail) //output success or failure messages
	{       
		die('Thank you for your email');
	}else{
		die('Could not send mail! Please check your PHP mail configuration.');  
	}*/
}
	     
		 
/*End Database Connection */

$page_title = COMPANY_NAME." : Free Arizona Wedding | Arizona Wedding Vendors | AZ Wedding Sites | Home";

if (file_exists($DOCUMENT_ROOT."/includes/header_vendors.php")) {

include_once($DOCUMENT_ROOT."/includes/header_vendors.php");

}

else {

header("location: /error.php");

}

</div>

<h1 class="title">Thank You</h1>
                <p>Thank you for entering our contest!</p>
<?php echo $first ; ?>
                <p>Be sure to browse the rest of our website to find your <a href="reception/index.php">wedding and reception venue</a>, <a href="vendors/photographers.php">photography</a>, <a href="vendors/floral.php">floral</a>, <a href="vendors/cakes.php">cake</a> and <a href="vendors/index.php">more</a>!</p>

</div>

$_SESSION['error'] = NULL;

$_SESSION['free_wedding'] = NULL;

if (file_exists($DOCUMENT_ROOT."/includes/footer.php")) {

include_once($DOCUMENT_ROOT."/includes/footer.php");

}

else {

header("location: /error.php");

}