Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- PLUGIN NAME: Easy Contact
- PLUGIN URI: http://www.plaintxt.org/experiments/easy-contact/
- DESCRIPTION: Easy Contact is a simple, semantic contact form that utilizes the <a href="http://www.plaintxt.org/themes/sandbox/">Sandbox</a> design patterns. Insert using <code>[easy-contact]</code>. A plaintxt.org experiment for WordPress.
- AUTHOR: Scott Allan Wallick
- AUTHOR URI: http://scottwallick.com/
- VERSION: 0.1.2 β
- */
- /*
- EASY CONTACT
- by SCOTT ALLAN WALLICK, http://scottwallick.com/
- from PLAINTXT.ORG, http://www.plaintxt.org/
- EASY CONTACT is free software: you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation, either version 3 of
- the License, or (at your option) any later version.
- EASY CONTACT is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for details.
- You should have received a copy of the GNU General Public License
- along with EASY CONTACT. If not, see www.gnu.org/licenses/.
- */
- // We begin by stating our initial form inputs, cleaning values if the form data is coming back at us
- $ec_form_fields = array(
- 'name' => '<input id="ec_name" name="ec_name" class="text required" type="text" value="' . strip_tags(stripslashes($_POST['ec_name'])) . '" size="30" maxlength="50" />',
- 'email' => '<input id="ec_email" name="ec_email" class="text required" type="text" value="' . strip_tags(stripslashes($_POST['ec_email'])) . '" size="30" maxlength="50" />',
- 'url' => '<input id="ec_url" name="ec_url" class="text optional" type="text" value="' . strip_tags(stripslashes($_POST['ec_url'])) . '" size="30" maxlength="50" />',
- 'subject' => '<input id="ec_subject" name="ec_subject" class="text required" type="text" value="' . strip_tags(stripslashes($_POST['ec_subject'])) . '" size="30" maxlength="50" />',
- 'message' => '<textarea id="ec_message" name="ec_message" class="text required" cols="40" rows="8">' . strip_tags(stripslashes($_POST['ec_message'])) . '</textarea>',
- 'math_a' => '<input id="ec_math_a" name="ec_math_a" class="text required" type="text" value="" size="30" maxlength="50" />',
- 'challenge_a' => '<input id="ec_challenge_a" name="ec_challenge_a" class="text required" type="text" value="" size="30" maxlength="50" />',
- 'option_cc' => '<input id="ec_option_cc" name="ec_option_cc" class="check optional" type="checkbox" value="true" />',
- 'error' => ''
- );
- // Tracks and validates our challenge question
- function ec_is_challenge($input) {
- $is_challenge = false;
- // Let's make the user response case insensitive
- $answer = strtolower(stripslashes(get_option('ec_challenge_a')));
- $input = strtolower($input);
- if ( $input == $answer ) {
- // Do we have a winner?
- $is_challenge = true;
- }
- return $is_challenge;
- }
- // We should respond appropriately to malicious code in our form
- function ec_is_malicious($input) {
- $is_malicious = false;
- // Content we will consider malicious to check for
- $bad_inputs = array( "\r", "\n", "mime-version", "content-type", "bcc:", "cc:", "to:", "<", ">", "<", "&rt;", "a href", "/a", "http:", "/URL", "URL=" );
- // And if we have some nasty input . . .
- foreach ( $bad_inputs as $bad_input ) {
- if ( strpos(strtolower($input), strtolower($bad_input) ) !== false ) {
- $is_malicious = true;
- // Boom!
- break;
- }
- }
- // Houston, we have a problem.
- return $is_malicious;
- }
- // Get the user IP for tracking
- function ec_get_ip() {
- if ( isset($_SERVER) ) {
- if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'])) {
- $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
- } elseif ( isset( $_SERVER['HTTP_CLIENT_IP'])) {
- $ip_address = $_SERVER['HTTP_CLIENT_IP'];
- } else {
- $ip_address = $_SERVER['REMOTE_ADDR'];
- }
- } else {
- if ( getenv('HTTP_X_FORWARDED_FOR') ) {
- $ip_address = getenv('HTTP_X_FORWARDED_FOR');
- } elseif ( getenv('HTTP_CLIENT_IP') ) {
- $ip_address = getenv('HTTP_CLIENT_IP');
- } else {
- $ip_address = getenv('REMOTE_ADDR');
- }
- }
- // Return the IP address
- return $ip_address;
- }
- // If refered from a search query, we'd like to know
- function ec_get_query($query) {
- if ( strpos( $query, "google." ) ) {
- $pattern = '/^.*\/search\?.*q=(.*)$/';
- } elseif ( strpos( $query, "msn." ) || strpos( $query, "live" ) ) {
- $pattern = '/^.*q=(.*)$/';
- } elseif ( strpos( $query, "yahoo." ) ) {
- $pattern = '/^.*[\?&]p=(.*)$/';
- } elseif ( strpos( $query, "ask." ) ) {
- $pattern = '/^.*[\?&]q=(.*)$/';
- } else {
- return false;
- }
- preg_match( $pattern, $query, $matches );
- $querystr = substr( $matches[1], 0, strpos( $matches[1], '&' ) );
- return urldecode($querystr);
- }
- // Tracks the session for (potential) form submission
- function ec_session_referer($unused) {
- if ( !isset( $_SESSION ) ) {
- session_start();
- }
- if ( !isset( $_SESSION['orig_referer'])) {
- $_SESSION['orig_referer'] = $_SERVER['HTTP_REFERER'];
- }
- }
- // Process input from the form
- function ec_check_input() {
- // Let's break the form if something dodgy is happening
- if ( !( isset( $_POST['ec_stage'])) ) {
- // Break if form data wasn't submitted from our page
- return false;
- } elseif ( !( isset( $_POST['ec_orig_referer'])) ) {
- // Break if form data wasn't submitted from our page
- return false;
- }
- // Keep our form data clean
- $_POST['ec_name'] = stripslashes(trim($_POST['ec_name']));
- $_POST['ec_email'] = stripslashes(trim($_POST['ec_email']));
- $_POST['ec_url'] = stripslashes(trim($_POST['ec_url']));
- $_POST['ec_subject'] = stripslashes(trim($_POST['ec_subject']));
- $_POST['ec_message'] = stripslashes(trim($_POST['ec_message']));
- // Carry over the form data
- global $ec_form_fields;
- // Clear any prior errors
- $proceed = true;
- // Do not proceed reasons
- // 1: empty field
- // 2: invalid email
- // 3: incorrect answer
- // 4: malicious code
- // Check the name input for problems.
- if ( empty($_POST['ec_name'] )) {
- $proceed = false;
- $reason = 1;
- $ec_form_fields['name'] = '<input id="ec_name" name="ec_name" class="text required error" type="text" value="' . $_POST['ec_name'] . '" size="30" maxlength="20" />';
- }
- // Check the e-mail input for problems.
- if ( !is_email($_POST['ec_email'])) {
- $proceed = false;
- $reason = 2;
- $ec_form_fields['email'] = '<input id="ec_email" name="ec_email" class="text required error" type="text" value="' . $_POST['ec_email'] . '" size="30" maxlength="50" />';
- }
- // Check the subject input for problems.
- if ( empty($_POST['ec_subject'])) {
- $proceed = false;
- $reason = 1;
- $ec_form_fields['subject'] = '<input id="ec_subject" name="ec_subject" class="text required error" type="text" value="' . $_POST['ec_subject'] . '" size="30" maxlength="50" />';
- }
- // Check the message input for problems.
- if ( empty( $_POST['ec_message'])) {
- $proceed = false;
- $reason = 1;
- $ec_form_fields['message'] = '<textarea id="ec_message" name="ec_message" class="text required error" cols="40" rows="8">' . $_POST['ec_message'] . '</textarea>';
- }
- // Do we have a spam-reduction option enabled?
- $option_verf = get_option('ec_option_verf');
- // We're using a challenge question, so check its answer
- if ( $option_verf == 2 || $option_verf == 4 ) {
- if ( !ec_is_challenge($_POST['ec_challenge_a']) ) {
- $proceed = false;
- $reason = 3;
- }
- }
- // We're using a math-based question, so check its answer
- if ( $option_verf == 3 || $option_verf == 4 ) {
- if ( $_SESSION['check_math'] != $_POST['ec_math_a'] ) {
- $proceed = false;
- $reason = 3;
- }
- }
- // Check the input for any malicious code
- if ( ec_is_malicious( $_POST['ec_name'] ) || ec_is_malicious( $_POST['ec_email'] ) || ec_is_malicious( $_POST['ec_subject'])) {
- $proceed = false;
- $reason = 4;
- }
- // Now we see if we have a problem
- if ( $proceed == true ) {
- // No problem? Move along.
- return true;
- } else {
- // A problem? Give an appropriate response message.
- if ( $reason == 1 ) {
- $ec_form_fields['error'] = get_option('ec_msg_empty');
- } elseif ( $reason == 2 ) {
- $ec_form_fields['error'] = get_option('ec_msg_invalid');
- } elseif ( $reason == 3 ) {
- $ec_form_fields['error'] = get_option('ec_msg_incorrect');
- } elseif ( $reason == 4 ) {
- $ec_form_fields['error'] = get_option('ec_msg_malicious');
- }
- // If we have an error, but no corresponding message, something has gone wrong. Let's break the process
- return false;
- }
- }
- // Finds [easy-contact] shortcode and produces the form in the content
- function ec_shortcode($attr) {
- global $ec_form_fields;
- // If we're processing $POST data without a problem, let's send an email
- if ( ec_check_input() ) {
- // Let's get some variables we're going to use multiple times
- $cc_option = get_option('ec_option_cc');
- $recipient = attribute_escape(get_option('ec_recipient_name')) . ' <' . attribute_escape(get_option('ec_recipient_email')) . '>';
- $user = strip_tags(trim($_POST['ec_name'])) . ' <' . strip_tags(trim($_POST['ec_email'])) . '>';
- $orig_referer = strip_tags(trim($_POST['ec_orig_referer']));
- $keywords = ec_get_query($orig_referer);
- // Start our email with its headers
- $headers = "MIME-Version: 1.0\r\n";
- // Our form has to match the encoding the user is typing it in, i.e., your blog charset
- $headers .= 'Content-Type: text/plain; charset="' . get_option('blog_charset') . "\"\r\n";
- // Our generic mailer-daemon is just going to be WordPress@EXAMPLE.COM, where EXAMPLE.COM is your domain in lowercase
- $sitename = strtolower($_SERVER['SERVER_NAME']);
- // If we have the www., let's drop it safely
- if ( substr( $sitename, 0, 4 ) == 'www.' ) {
- $sitename = substr( $sitename, 4 );
- }
- // Our from email address
- $from_email = apply_filters( "wp_mail_from", "wordpress@$sitename" );
- // Our from email name
- $from_name = apply_filters( 'wp_mail_from_name', 'WordPress' );
- // And we begin the headers
- $headers .= "From: $from_name <$from_email>\r\n";
- $headers .= "Reply-To: $user\r\n";
- // Since we allow CC'ing, we can smartly only send one email
- if ( $cc_option && $_POST['ec_option_cc'] ) {
- // If CC'ing, we'll BCC: you and TO: the user.
- $to = $user;
- $headers .= "Bcc: $recipient\r\n";
- } else {
- // If no, just TO: you.
- $to = $recipient;
- }
- // We should include X data for the mailer version
- $headers .= 'X-Mailer: PHP/' . phpversion() . "\r\n";
- // Build our subject line fo the email
- $subject = attribute_escape(get_option('ec_subject')) . ' ' . $_POST['ec_subject'];
- // And our actual message with extra stuff
- $message = strip_tags(trim($_POST['ec_message'])) . "\n\n---\n";
- $message .= __( 'Website: ', 'easy_contact' ) . strip_tags(trim($_POST['ec_url'])) . "\n\n---\n";
- $message .= __( 'IP address: ', 'easy_contact' ) . 'http://ws.arin.net/whois/?queryinput=' . ec_get_ip() . "\n";
- // Don't show keywords in the email unless we have some
- if ($keywords) {
- $message .= __( 'Keywords: ', 'easy_contact' ) . $keywords . "\n";
- }
- $message .= __( 'Form referrer: ', 'easy_contact' ) . strip_tags(trim($_POST['ec_referer'])) . "\n";
- $message .= __( 'Orig. referrer: ', 'easy_contact' ) . $orig_referer . "\n";
- $message .= __( 'User agent: ', 'easy_contact' ) . trim($_SERVER['HTTP_USER_AGENT']) . "\n";
- // Let's build our email and send it
- mail( $to, $subject, $message, $headers );
- // And then build the response message output for the user
- $output = "\n" . '<div class="formcontainer">' . "\n\t" . stripslashes(get_option('ec_msg_success')) . "\n</div>";
- // Returns the success message to the user
- return $output;
- // Otherwise, let's build us a form
- } else {
- // We begin our form.
- $form = '<div class="formcontainer">';
- // If we have an error, display it
- if ( $ec_form_fields['error'] != null ) {
- // Display an error message first. (We're applying our own easy_contact_text filter to prettify the message.)
- $form .= "\n\t" . apply_filters( 'easy_contact_text', stripslashes($ec_form_fields['error']) );
- } else {
- // Otherwise, display the intro message. (Also, filter this too.)
- $form .= "\n\t" . apply_filters( 'easy_contact_text', stripslashes(get_option('ec_msg_intro')) );
- }
- // Gather variables for multiple uses
- $required = stripslashes(get_option('ec_text_required'));
- $option_verf = get_option('ec_option_verf');
- // And continuing with our form
- $form .= '
- <form class="contact-form" action="' . get_permalink() . '" method="post">
- <fieldset>
- <legend>' . attribute_escape(get_option('ec_field_info')) . '</legend>
- <div class="form-label"><label for="ec_name">' . stripslashes(wp_filter_post_kses(get_option('ec_label_name'))) . ' ' . $required . '</label></div>
- <div class="form-input">' . $ec_form_fields['name'] . '</div>
- <div class="form-label"><label for="ec_email">' . stripslashes(wp_filter_post_kses(get_option('ec_label_email'))) . ' ' . $required . '</label></div>
- <div class="form-input">' . $ec_form_fields['email'] . '</div>
- <div class="form-label"><label for="ec_url">' . stripslashes(wp_filter_post_kses(get_option('ec_label_website'))) . '</label></div>
- <div class="form-input">' . $ec_form_fields['url'] . '</div>
- </fieldset>
- <fieldset>
- <legend>' . attribute_escape(get_option('ec_field_message')) . '</legend>
- <div class="form-label"><label for="ec_subject">' . stripslashes(wp_filter_post_kses(get_option('ec_label_subject'))) . ' ' . $required . '</label></div>
- <div class="form-input">' . $ec_form_fields['subject'] . '</div>
- <div class="form-label"><label for="ec_message">' . stripslashes(wp_filter_post_kses(get_option('ec_label_message'))) . ' ' . $required . '</label></div>
- <div class="form-textarea">' . $ec_form_fields['message'] . '</div>
- </fieldset>
- <fieldset>
- <legend>' . attribute_escape(get_option('ec_field_confirm')) . '</legend>';
- // If employing a spam-reduction question, insert it
- if ( $option_verf > 1 ) {
- if ( $option_verf == 2 || $option_verf == 4 ) {
- $form .= '
- <div class="form-label"><label for="ec_challenge_a">' . apply_filters( 'easy_contact_text', stripslashes(wp_filter_post_kses(get_option('ec_challenge_q'))) ) . ' ' . $required . '</label></div>
- <div class="form-input">' . $ec_form_fields['challenge_a'] . '</div>';
- }
- if ( $option_verf == 3 || $option_verf == 4 ) {
- // Big number is between 1 and 1,000.
- $big = rand( 1, 1000 );
- // Small number is between 1 and 10.
- $small = rand( 1, 10 );
- // We need to remember this session to validate the answer
- $_SESSION['check_math'] = $big+$small;
- $form .= '
- <div class="form-label"><label for="ec_math_a">' . __( "What is the sum of $big and $small?", "easy_contact" ) . ' ' . $required . '</label></div>
- <div class="form-input">' . $ec_form_fields['math_a'] . '</div>';
- }
- }
- // If the user can CC themselves, give them a box to tick
- if ( get_option('ec_option_cc') == true ) {
- $form .= '
- <div class="form-option">' . $ec_form_fields['option_cc'] . ' <label for="ec_option_cc">' . apply_filters( 'easy_contact_text', stripslashes(wp_filter_post_kses(get_option('ec_label_cc'))) ) . '</label></div>';
- }
- // Let's finish up with this form.
- $form .= '
- <div class="form-submit">
- <input type="submit" name="submit" class="button" value="' . attribute_escape(get_option('ec_text_submit')) . '" />
- <input type="hidden" name="ec_stage" value="process" />
- <input type="hidden" name="ec_referer" value="' . wp_specialchars( $_SERVER['HTTP_REFERER'], 1 ) . '" />
- <input type="hidden" name="ec_orig_referer" value="' . wp_specialchars( $_SESSION['orig_referer'], 1 ) . '" />
- </div>
- </fieldset>
- </form>
- </div>';
- // The output is the form.
- $output = $form;
- // So output it.
- return $output;
- }
- }
- // Add default options upon activation
- function ec_activation() {
- // A default setting, load the admin email
- $new_opt = get_bloginfo('admin_email');
- add_option( "ec_recipient_email", "$new_opt", "", "yes" );
- // A default setting, use the blog name for the subject line
- $new_opt = get_bloginfo('Max Cleaning Service');
- add_option( "ec_subject", "[$new_opt]", "", "yes" );
- add_option( 'ec_challenge_a', __( 'Paris', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_challenge_q', __( 'What is the capital of France?', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_field_confirm', __( 'Bevestiging', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_field_info', __( 'Uw gegevens', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_field_message', __( 'Uw bericht', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_label_cc', __( 'Kopie naar uzelf sturen?', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_label_email', __( 'Email', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_label_message', __( 'Bericht', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_label_name', __( 'Naam', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_label_subject', __( 'Onderwerp', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_msg_empty', __( '<p class="error">Vul alsjeblieft alle velden correct in.</p>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_msg_incorrect', __( '<p class="important">Your answer is incorrect. <em>Cookies must be enabled to validate your response.</em></p>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_msg_intro', __( '<p class="information">Verplichte velden zijn gemarkeerd.<span class="required">*</span>.</p>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_msg_invalid', __( '<p class="error">Please provide a valid email address.</p>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_msg_malicious', __( '<p class="important">Potentially malicious content was detected. You may not use <abbr title="HyperText Markup Language">HTML</abbr> or other code, including <code><</code> and <code>></code>.</p>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_msg_success', __( '<p class="success">Bedankt, uw email is verzonden.</p>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_option_cc', true, '', 'yes' );
- add_option( 'ec_option_verf', 1, '', 'yes' );
- add_option( 'ec_recipient_name', __( 'Administrator', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_text_required', __( '<span class="required">*</span>', 'easy_contact' ), '', 'yes' );
- add_option( 'ec_text_submit', __( 'Verzend', 'easy_contact' ), '', 'yes' );
- }
- // Delete options upon deactivation
- function ec_deactivation() {
- delete_option('ec_challenge_a');
- delete_option('ec_challenge_q');
- delete_option('ec_field_confirm');
- delete_option('ec_field_info');
- delete_option('ec_field_message');
- delete_option('ec_label_cc');
- delete_option('ec_label_email');
- delete_option('ec_label_message');
- delete_option('ec_label_name');
- delete_option('ec_label_subject');
- delete_option('ec_label_website');
- delete_option('ec_msg_empty');
- delete_option('ec_msg_incorrect');
- delete_option('ec_msg_intro');
- delete_option('ec_msg_invalid');
- delete_option('ec_msg_malicious');
- delete_option('ec_msg_success');
- delete_option('ec_option_cc');
- delete_option('ec_option_stylesheet');
- delete_option('ec_option_stylesheet_page');
- delete_option('ec_option_verf');
- delete_option('ec_recipient_email');
- delete_option('ec_recipient_name');
- delete_option('ec_subject');
- delete_option('ec_text_required');
- delete_option('ec_text_submit');
- delete_option('ec_version');
- }
- // Adds our options submenu
- function ec_initialize() {
- // But only if that function actually exists
- if ( function_exists('add_options_page') ) {
- // We'll use a longer title for the TITLE element and a shorter one for the options page link
- add_options_page( __( 'Easy Contact', 'easy_contact' ), __( 'Contact', 'easy_contact' ), 'manage_options', 'easy-contact/econtact-menu.php', '' );
- }
- }
- // Initialize the session referer to track users
- add_action( 'init', 'ec_session_referer' );
- // Register the shortcode to the function ec_shortcode()
- add_shortcode( 'easy-contact', 'ec_shortcode' );
- // Register hooks for activation/deactivation. (I'm tidy.)
- register_activation_hook( __FILE__, 'ec_activation' );
- register_deactivation_hook( __FILE__, 'ec_deactivation' );
- // Allow localization, if applicable
- load_plugin_textdomain( 'easy_contact', false, 'easy-contact' );
- // Register the options menu
- add_action( 'admin_menu', 'ec_initialize' );
- // Let's filter certain text in the form to help make it pretty
- add_filter( 'easy_contact_text', 'wptexturize' );
- add_filter( 'easy_contact_text', 'convert_chars' );
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement