Context Navigation

Back to Ticket #432

Ticket #432: pappalardoform.php

File pappalardoform.php, 16.1 KB (added by kheatley, 7 years ago)

Line
1	<?php error_reporting(E_ALL ^ E_NOTICE);
2	/**
3	* physicsMITformMail script - sending mail via form
4	*
5	* Author: Kimeee Heatley
6	* Email: kheatley@mit.edu
7	* Web: http://web.mit.edu/physics/
8	* Details: Php code to send form data to us and submitter and also to .csv file.
9	*
10	* Please direct bug reports,suggestions or feedback to our webmaster.
11	* Kimeee Heatley at kheatley@mit.edu
12	*
13	* MITformMail is free for both commercial and non-commercial use.
14	* Re-distribution of this script without prior consent is strictly prohibited.
15	*
16	*/
17
18	/*****************************************************************************
19	* *
20	* C O N F I G U R A T I O N *
21	* *
22	*****************************************************************************/
23
24	// email for send submitted forms //////////////////////////////////////////
25	// if empty, use value from form ('send_to' field)
26	$send_to = 'Carol Breen <breen@mit.edu>';
27	//$send_to = 'Kimeee Heatley <kheatley@mit.edu>';
28
29	// set $send_cc address if you need copy of mail to other addresses
30	// for example: $send_cc = array('friend1@ccc.cc', 'friend2@ccc.cc');
31	//
32	$send_cc = array('kheatley@mit.edu');
33
34	// Subject. if empty, use value from form ('subject' field)
35	$subject = 'MIT Pappalardo Fellowship Competition 2019-2022 Nomination Submission ';
36
37	// Allowed Referres. Should be empty or list of domains
38	$referrers = array();
39
40	// Attachments
41	$attachment_enabled = 0;
42
43	////// Database - write CSV file with data of submitted forms //////////////
44	$database_enabled = 1;
45	$database_file = 'pappalardo2019-2022.csv';
46
47	// Fields to collect
48	// $database_fields = '*' - mean all fields, as in form
49	// $database_fields = array('from', 'subject') - only 'from', 'subject' fields
50
51	$database_fields = array('nomineeGender_req','nomineeFName_req', 'nomineeLName_req','nomineeInstitution_req', 'nomineeDept_req', 'nomineeField_req', 'nomineePhd_req', 'nomineeAddy_req', 'nomineePhone_req', 'nomineeEmail_req', 'nominatorTitle_req', 'nominatorFName_req', 'nominatorLName_req','nominatorInstitution_req', 'nominatorDept_req', 'nominatorAddy_req', 'nominatorPhone_req', 'nominatorEmail_req');
52
53	//$verify = "http://scripts.mit.edu/~physics/verify_nomination.php?var1='%nominatorName_req%'&var2='%nominatorEmail_req%'&var3='%nomineeName_req%'";
54
55	$verify = 'https://physics.scripts.mit.edu/verify_nomination.php?var1=%nominatorEmail_req%&var2=%nominatorFName_req%&var3=%nominatorLName_req%&var4=%nomineeFName_req%&var5=%nomineeLName_req%';
56
57	$nominatorFullName = '%nominatorFName_req%' . ' ' . '%nominatorLName_req%';
58	$nomineeFullName = '%nomineeFName_req%' . ' ' . '%nomineeLName_req%';
59
60	//$verify = 'http://scripts.mit.edu/~physics/verify_nomination.php?var1=%nominatorName_req%&var2=%nominatorEmail_req%&var3=%nomineeName_req%';
61
62	////// Redirect user after submitting form
63	$redirect_url = 'http://web.mit.edu/physics/research/pappalardo/confirmation_1of2.html';
64
65	/* Now we are ready to send the email so we call phps mail() function
66	with the appropriate variables from above included in the brackets */
67
68	////// Auto-Responder
69	////// You can substitute any of form fields in response by using
70	////// %field_name% in response text.
71	//////
72	$date_time = date('Y-m-d H:i:s');
73	$autoresponder_enabled = 1;
74	$autoresponder_from = $send_to;
75	$autoresponder_subject = $subject;
76	$autoresponder_message = <<<MSG
77	Dear %nominatorFName_req% %nominatorLName_req%,\n
78	Thank you for your nomination for the 2019-2022 MIT Pappalardo Fellowships competition. \n
79	Please review your submitted information below. If the information is correct, please click the link at the bottom of this email to verify.\n
80	Sincerely,\n
81	Carol Breen
82	Communications and Pappalardo Fellowships Program Administrator
83	MIT Department of Physics\n
84	----------Nominee Information------------\n
85	Nominee Gender: %nomineeGender_req%\n
86	Nominee First Name: %nomineeFName_req%\n
87	Nominee Last Name: %nomineeLName_req%\n
88	Nominee Institution: %nomineeInstitution_req%\n
89	Nominee Department: %nomineeDept_req%\n
90	Nominee Field of Study: %nomineeField_req%\n
91	Nominee Date of PhD: %nomineePhd_req%\n
92	Nominee Address: %nomineeAddy_req%\n
93	Nominee Phone: %nomineePhone_req%\n
94	Nominee Email: %nomineeEmail_req%\n
95	----------Nominator Information----------\n
96	Nominator Title: %nominatorTitle_req%\n
97	Nominator First Name: %nominatorFName_req%\n
98	Nominator Last Name: %nominatorLName_req%\n
99	Nominator Institution: %nominatorInstitution_req%\n
100	Nominator Department: %nominatorDept_req%\n
101	Nominator Address: %nominatorAddy_req%\n
102	Nominator Phone: %nominatorPhone_req%\n
103	Nominator Email: %nominatorEmail_req%\n
104	Please click this link to verify your nomination. This will complete the nomination process. $verify\n
105	MSG;
106	/***************************************************************************/
107
108	function do_formmail(){
109	global $autoresponder_enabled, $database_enabled;
110	$form = get_form_data();
111	$errors = check_form($form);
112	if ($errors) {
113	display_errors($errors);
114	return;
115	}
116	send_mail($form);
117	if ($autoresponder_enabled)
118	auto_respond($form);
119	if ($database_enabled)
120	save_form($form);
121	redirect();
122	}
123
124	function redirect(){
125	global $redirect_url;
126	header("Location: $redirect_url");
127	exit();
128	}
129
130
131
132	function save_form($vars){
133	global $database_file, $database_fields;
134	$f = fopen($database_file, 'a');
135	if (!$f){
136	die("Cannot open db file for save");
137	}
138	foreach ($vars as $k=>$v) {
139	$vars[$k] = str_replace(array("\|", ",", "\r","\n"), array(',', ' ',' ',' '), $v);
140	}
141	if (is_array($database_fields)) {
142	$vars_orig = $vars;
143	$vars = array();
144	foreach ($database_fields as $k)
145	$vars[$k] = $vars_orig[$k];
146	}
147	$str = join(',', $vars);
148	fwrite($f, $str."\n");
149	fclose($f);
150	}
151
152	function auto_respond($vars){
153	global $autoresponder_from, $autoresponder_message, $autoresponder_subject;
154	global $nomineeFName, $nomineeLName, $nominatorFName, $nominatorLName, $nominatorEmail, $nominatorFullName, $nomineeFullName, $date_time;
155	/// replace all vars in message
156	$msg = $autoresponder_message;
157	preg_match_all('/%(.+?)%/', $msg, $out);
158	$s_vars = $out[1]; //field list to substitute
159	foreach ($s_vars as $k)
160	$msg = str_replace("%$k%", $vars[$k], $msg);
161	/// replace all vars in subject
162	$subj = $autoresponder_subject;
163	preg_match_all('/%(.+?)%/', $subj, $out);
164	$s_vars = $out[1]; //field list to substitute
165	foreach ($s_vars as $k)
166	$subj = str_replace("%$k%", $vars[$k], $subj);
167	//
168	$_send_to = "$vars[nominatorFullName] <".$vars[nominatorEmail_req].">";
169	$_send_from = $autoresponder_from;
170	mail($_send_to, $subj, $msg, 'From: '.$_send_from);
171	}
172
173	function _build_fields($vars){
174	$skip_fields = array(
175	'subject');
176	// order by numeric begin, if it exists
177	$is_ordered = 0;
178	foreach ($vars as $k=>$v)
179	if (in_array($k, $skip_fields)) unset($vars[$k]);
180
181	$new_vars = array();
182	foreach ($vars as $k=>$v){
183	// remove _num, _reqnum, _req from end of field names
184	$k = preg_replace('/_(req\|num\|reqnum)$/', '', $k);
185	// check if the fields is ordered
186	if (preg_match('/^\d+[ \:_-]/', $k)) $is_ordered++;
187	$new_vars[$k] = $v;
188	}
189	$vars = $new_vars;
190
191	$max_length = 10; // max length of key field
192	foreach ($vars as $k=>$v) {
193	$klen = strlen($k);
194	if (($klen > $max_length) && ($klen < 40))
195	$max_length = $klen;
196	}
197
198	if ($is_ordered){
199	ksort($vars);
200	$new_vars = array();
201	foreach ($vars as $k=>$v){
202	//remove number from begin of fields
203	$k = preg_replace('/^\d+[ \:_-]/', '', $k);
204	$new_vars[$k] = $v;
205	}
206	$vars = $new_vars;
207	}
208
209	// make output text
210	$out = "";
211	foreach ($vars as $k=>$v){
212	$k = str_replace('_', ' ', $k);
213	$k = ucfirst($k);
214	$len_diff = $max_length - strlen($k);
215	if ($len_diff > 0)
216	$fill = str_repeat('.', $len_diff);
217	else
218	$fill = '';
219	$out .= $k."$fill...: $v\n\n";
220	}
221	return $out;
222	}
223
224
225	function send_mail($vars){
226	global $send_to, $send_cc;
227	global $subject;
228	global $attachment_enabled;
229
230	// $files = array(); //files (field names) to attach in mail
231	// if (count($_FILES) && $attachment_enabled){
232	// $files = array_keys($_FILES);
233	// }
234
235	// build mail
236	$date_time = date('Y-m-d H:i:s');
237	$mime_delimiter = "----=_NextPart_000_0001_".md5(time());
238	$fields = _build_fields($vars);
239	$mail =
240	"This is a multi-part message in MIME format.
241
242	--$mime_delimiter
243	Content-type: text/plain
244	Content-Transfer-Encoding: 8bit
245	Content-Disposition: inline
246
247	MIT Pappalardo Nomination Form submitted:
248	$fields
249	--------------------
250	REMOTE IP : $_SERVER[REMOTE_ADDR]
251	DATE/TIME : $date_time
252	";
253
254	if (count($files)){
255	foreach ($files as $file){
256	$file_name = $_FILES[$file]['name'];
257	$file_type = $_FILES[$file]['type'];
258	$file_tmp_name = $_FILES[$file]['tmp_name'];
259	$file_cnt = "";
260	$f=@fopen($file_tmp_name, "rb");
261	if (!$f)
262	continue;
263	while($f && !feof($f))
264	$file_cnt .= fread($f, 4096);
265	fclose($f);
266	if (!strlen($file_type)) $file_type="applicaton/octet-stream";
267	if ($file_type == 'application/x-msdownload')
268	$file_type = "applicaton/octet-stream";
269
270	$mail .= "\n--$mime_delimiter\n";
271	$mail .= "Content-Type: $file_type;\n name=\"$file_name\"\n";
272	$mail .= "Content-Transfer-Encoding: base64\n";
273	$mail .= "Content-Disposition: attachment;\n filename=\"$file_name\"\n\n";
274	$mail .= chunk_split(base64_encode($file_cnt));
275	}
276	}
277	$mail .= "\n--$mime_delimiter--";
278
279
280	//send to
281	$_send_to = $send_to ? $send_to : "$vars[name_to] <".$vars[email_to].">";
282	$_send_from = "$vars[nominatorFullName] <".$vars[nominatorEmail_req].">";
283	// $_subject = $subject ? $subject : $vars['subject'];
284	$_subject = "Pappalardo Nomination form $nomineeFName_req $nomineeLName_req :: $date_time";
285
286	mail($_send_to, $_subject, $mail,
287	"MIME-Version: 1.0\nFrom: $_send_from\nContent-Type: multipart/mixed;\n boundary=\"$mime_delimiter\"\n");
288
289	foreach ($send_cc as $v){
290	mail($v, $_subject, $mail,
291	"MIME-Version: 1.0\nFrom: $_send_from\nContent-Type: multipart/mixed;\n boundary=\"$mime_delimiter\"\n");
292	}
293	}
294
295	function get_form_data(){
296	$vars = ($_SERVER['REQUEST_METHOD'] == 'GET') ? $_GET : $_POST;
297	//strip spaces from all fields
298	foreach ($vars as $k=>$v) $vars[$k] = trim($v);
299	if (get_magic_quotes_gpc())
300	foreach ($vars as $k=>$v) $vars[$k] = stripslashes($v);
301
302	if (isset($vars['nominatorFName_req']))
303	$vars['nominatorFName_req'] = preg_replace("/[^\w\d\t\., _-]/", "", $vars['nominatorFName_req']);
304	if (isset($vars['nominatorLName_req']))
305	$vars['nominatorLName_req'] = preg_replace("/[^\w\d\t\., _-]/", "", $vars['nominatorLName_req']);
306	if (isset($vars['nomineeFName_req']))
307	$vars['nomineeFName_req'] = preg_replace("/[^\w\d\t\., _-]/", "", $vars['nomineeFName_req']);
308	if (isset($vars['nomineeLName_req']))
309	$vars['nomineeLName_req'] = preg_replace("/[^\w\d\t\., _-]/", "", $vars['nomineeLName_req']);
310	if (isset($vars['nominatorEmail_req']))
311	$vars['nominatorEmail_req'] = preg_replace("/[^@\w\.\d_-]/", "", $vars['nominatorEmail_req']);
312	if (isset($vars['subject']))
313	$vars['subject'] = preg_replace("/[^\w\d\t \".,;:#\$%^&\*()+=`~\\|_-]/", "", $vars['subject']);
314	return $vars;
315	}
316
317	function check_form($vars){
318	global $referrers;
319	global $send_to;
320	global $subject;
321
322	$errors = array();
323
324	// check from email set
325	if (!strlen($vars['nominatorEmail_req'])){
326	$errors[] = "Required field <b>Nominator Email address</b> empty";
327	} else if (!check_email($vars['nominatorEmail_req'])){
328	$errors[] = "Required field <b>Nominator Email address</b> incorrect";
329	}
330	if (!strlen($send_to) && !strlen($vars['email_to'])){
331	$errors[] = "<b>To Email</b> address empty (possible configuration error)";
332	} else if (!strlen($send_to) && !check_email($vars['email_to'])){
333	//if to email specified in form, check it and display error
334	$errors[] = "<b>To Email address</b> incorrect";
335	}
336	if (!strlen($vars['subject']) && !strlen($subject)){
337	$errors[] = "<b>Subject</b> empty (possible configuration error)";
338	}
339	foreach ($vars as $k=>$v){
340	// check for required fields (end with _req)
341	if (preg_match('/^(.+?)_req$/i', $k, $m) && !strlen($v)){
342	$field_name = ucfirst($m[1]);
343	$errors[] = "Required field <b>$field_name</b> empty";
344	}
345	// check for number fields (end with _num)
346	if (preg_match('/^(.+?)_num$/i', $k, $m) && strlen($v) && !is_numeric($v)){
347	$field_name = ucfirst($m[1]);
348	$errors[] = "Field <b>$field_name</b> must contain only digits or be empty";
349	}
350	// check for number & required fields (end with _reqnum)
351	if (preg_match('/^(.+?)_reqnum$/i', $k, $m) && !is_numeric($v)){
352	$field_name = ucfirst($m[1]);
353	$errors[] = "Field <b>$field_name</b> must contain digits and only digits";
354	}
355	}
356
357	//check referrer
358	if (is_array($referrers) && count($referrers)){
359	$ref = parse_url($_SERVER['HTTP_REFERER']);
360	$host = $ref['host'];
361	$host_found = 0;
362	foreach ($referrers as $r){
363	if (strstr($host, $r))
364	$host_found++;
365	}
366	if (!$host_found){
367	$errors[] = "Unknown Referrer: <b>$host</b>";
368	}
369	}
370	return $errors;
371	}
372
373	function display_errors($errors){
374	$errors = '<li>' . join('<li>', $errors);
375	print <<<EOF
376	<html>
377	<head><title>ERROR -- MIT PAPPALARDO FELLOWSHIP NOMINATION -- ERROR</title>
378	<link href="http://web.mit.edu/physics/css/form.css" rel="stylesheet" type="text/css">
379	</head>
380	<div align="center"><br>
381
382	<form name="error">
383
384	<a href="http://web.mit.edu/">
385	<img src="http://web.mit.edu/graphicidentity/interface/mit-blackred-header1.gif"
386	alt="MIT" width="357" height="46" border="0" style="border:0px white;background-color:#fff;">
387	</a>
388
389	<p class="header_large">2019-2022 Pappalardo Fellowship Competition Nomination Form</p>
390
391	<p class="header_red">AN ERROR OCCURED</p>
392	<span class="errors" style="text-align:left;">$errors</span><br />
393	</div>
394	</form>
395	<p align=center> </p>
396	<div class="footer">
397	<span class="left"> © Copyright 2018
398	<a href="http://web.mit.edu/physics/" target="_blank">MIT Department of Physics</a></span>
399	<span class="right">
400	Webmaster: <a href="mailto:kheatley@mit.edu" target="_blank">kheatley@mit.edu</a>
401	</span>
402
403	<br />
404	</div>
405
406	</html>
407	EOF;
408	}
409
410
411	/**
412	* Check email using regexes
413	* @param string email
414	* @return bool true if email valid, false if not
415	*/
416	function check_email($email) {
417	#characters allowed on name: 0-9a-Z-._ on host: 0-9a-Z-. on between: @
418	if (!preg_match('/^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/', $email))
419	return false;
420
421	#must start or end with alpha or num
422	if ( preg_match('/^[^0-9a-zA-Z]\|[^0-9a-zA-Z]$/', $email))
423	return false;
424
425	#name must end with alpha or num
426	if (!preg_match('/([0-9a-zA-Z_]{1})\@./',$email) )
427	return false;
428
429	#host must start with alpha or num
430	if (!preg_match('/.\@([0-9a-zA-Z_]{1})/',$email) )
431	return false;
432
433	#pair .- or -. or -- or .. not allowed
434	if ( preg_match('/.\.\-.\|.\-\..\|.\.\..\|.\-\-./',$email) )
435	return false;
436
437	#pair ._ or -_ or _. or _- or __ not allowed
438	if ( preg_match('/.\.\_.\|.\-\_.\|.\_\..\|.\_\-.\|.\_\_./',$email) )
439	return false;
440
441	#host must end with '.' plus 2-5 alpha for TopLevelDomain
442	if (!preg_match('/\.([a-zA-Z]{2,5})$/',$email) )
443	return false;
444
445	return true;
446	}
447
448	do_formmail();
449	?>

Download in other formats:

Original Format