Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <h2>Booking Info</h2>
- <label>Number of Guests *</label>
- <input name="guests" type="number" min="1" max="8" required>
- <label>Arrival Date *</label>
- <input name="arriveDate" id="arriveDate" type="date" required>
- <label>Departure Date *</label>
- <input name="departDate" id="departDate" type="date" required>
- <a href="" target="_blank">Check Availability</a>
- <h2>Personal Info</h2>
- <label>First Name *</label>
- <input name="fname" type="text" maxlength="20" required>
- <label>Last Name *</label>
- <input name="lname" type="text" maxlength="20" required>
- <label>Address</label>
- <input name="address" type="text">
- <h2>Contact Info</h2>
- <label>Phone Number *</label>
- <input name="number" type="tel" required>
- <label>Mobile Number</label>
- <input name="mnumber" type="tel">
- <label>Email Address *</label>
- <input name="email" type="email" required>
- <h2>Additional Info</h2>
- <textarea name="info" maxlength="300"></textarea><br>
- <div class="g-recaptcha" data-sitekey="6LdrxD4UAAAAACAaVAR6U9BjOEDC9-j4QaOzBsFh"></div>
- <input type="submit" name="submit" value="Submit">
- <input type="reset" name="reset" value="Reset">
- <?php
- session_start();
- ob_start();
- $host = "HOST NAME"; // Host name
- $user = "USERNAME"; // Mysql username
- $password = "PASSWORD"; // Mysql password
- $db_name = "DATABASE"; // Database name
- $tbl_name = "booking"; // Table name
- // Connect to server and select databse.
- $conn = mysqli_connect($host, $user, $password)or die("cannot connect");
- mysqli_select_db($conn, $db_name)or die("cannot select DB");
- /*
- This bit sets the URLs of the supporting pages.
- If you change the names of any of the pages, you will need to change the values here.
- */
- $feedback_page = "request";
- $error_page = "error-message";
- $thankyou_page = "thank-you";
- function post_captcha($user_response) {
- $fields_string = '';
- $fields = array(
- 'secret' => 'SECRET KEY',
- 'response' => $user_response
- );
- foreach($fields as $key=>$value)
- $fields_string .= $key . '=' . $value . '&';
- $fields_string = rtrim($fields_string, '&');
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
- curl_setopt($ch, CURLOPT_POST, count($fields));
- curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
- $result = curl_exec($ch);
- curl_close($ch);
- return json_decode($result, true);
- }
- // Call the function post_captcha
- $res = post_captcha($_POST['g-recaptcha-response']);
- if (!$res['success']) {
- // What happens when the CAPTCHA wasn't checked
- header( "Location: $error_page" );
- } else {
- error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_STRICT);
- set_include_path("." . PATH_SEPARATOR . ($UserDir = dirname($_SERVER['DOCUMENT_ROOT'])) . "/pear/php" . PATH_SEPARATOR . get_include_path());
- require_once "Mail.php";
- /* SMTP Host Settings */
- $host = "ssl://mailout.one.com";
- $username = "USERNAME";
- $password = "PASSWORD";
- $port = "PORT";
- /*
- This first bit sets the email address that you want the form to be submitted to.
- You will need to change this value to a valid email address that you can access.
- */
- $email_from = "admin@ryan-simms.com";
- $to = "MY EMAIL";
- /*
- This next bit loads the form field data into variables.
- If you add a form field, you will need to add it here.
- */
- $email_subject = "Snowdon View Booking";
- $guests = $_REQUEST['guests'];
- $arrival = date('d/m/Y', strtotime( $_REQUEST['arriveDate'] ));
- $departure = date('d/m/Y', strtotime( $_REQUEST['departDate'] ));
- $first_name = $_REQUEST['fname'];
- $last_name = $_REQUEST['lname'];
- $address = $_REQUEST['address'];
- $phone = $_REQUEST['number'];
- $mobile = $_REQUEST['mnumber'];
- $email_address = $_REQUEST['email'];
- $comments = $_REQUEST['info'];
- $email_body =
- "New Guest Booking For ".$first_name." ".$last_name. "rnrn" .
- "Guests: ".$guests. "rn" .
- "Arrival Date: ".$arrival. "rn" .
- "Departure Date: ".$departure. "rnrn" .
- "Address: ".$address. "rn" .
- "Phone Number: ".$phone. "rn" .
- "Mobile Number: ".$mobile. "rn" .
- "Email Address: ".$email_addresss. "rn" .
- "Additional Information: " . $comments;
- /*
- The following function checks for email injection.
- Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
- */
- function isInjected($str) {
- $injections = array('(n+)',
- '(r+)',
- '(t+)',
- '(%0A+)',
- '(%0D+)',
- '(%08+)',
- '(%09+)'
- );
- $inject = join('|', $injections);
- $inject = "/$inject/i";
- if(preg_match($inject,$str)) {
- return true;
- }
- else {
- return false;
- }
- }
- /* Stop certain usernames */
- $badWords = array("BAD WORDS REMOVED");
- $containsBadWord = false;
- foreach ( $badWords as $badWord ) {
- if ( stripos($first_name, $badWord) !== false || stripos($last_name, $badWord) !== false || stripos($email_address, $badWord) !== false || stripos($comments, $badWord) !== false || stripos($address, $badWord) !== false) {
- $containsBadWord = true;
- break; //We do this just to save a few loops where unneccesary
- }
- }
- // If the user tries to access this script directly, redirect them to the feedback form,
- if (!isset($email_address)) {
- $_SESSION['message'] = 'An error has occured, please try again!';
- header( "Location: $feedback_page" );
- }
- // If the form fields are empty, redirect to the error page.
- else if (empty($first_name) || empty($email_address)) {
- $_SESSION['message'] = 'Please fill out the entire form!';
- header( "Location: $error_page" );
- }
- /*
- If email injection is detected, redirect to the error page. */
- else if ( isInjected($email_address) || isInjected($first_name) || isInjected($last_name) || isInjected($comments) || isInjected($address)) {
- $_SESSION['message'] = 'An error has occured, please try again!';
- header( "Location: $error_page" );
- }
- /*If user enters a bad word in form*/
- else if ($containsBadWord) {
- $_SESSION['message'] = 'Inappropriate word detected!';
- header( "Location: $error_page" );
- }
- // If we passed all previous tests, send the email then redirect to the thank you page.
- else {
- $sql = "INSERT INTO $tbl_name(forename, surname, arrive_date, depart_date)VALUES('$first_name', '$last_name', '$arrival', '$departure')";
- $result = mysqli_query($conn, $sql);
- $headers = array ('From' => $email_from, 'To' => $to, 'Subject' => $email_subject);
- $smtp = Mail::factory('smtp', array ('host' => $host, 'port' => $port, 'auth' => true, 'username' => $username, 'password' => $password));
- $mail = $smtp->send($to, $headers, $email_body);
- header( "Location: $thankyou_page" );
- }
- }
- mysqli_close($conn);
- ob_end_flush();
- ?>
- <?php
- session_start();
- ob_start();
- $host = "HOST NAME"; // Host name
- $username = "USERNAME"; // Mysql username
- $password = "PASSWORD"; // Mysql password
- $db_name = "DATABASE"; // Database name
- $tbl_name = "booking"; // Table name
- // Connect to server and select databse.
- $conn = mysqli_connect($host, $username, $password)or die("cannot connect");
- mysqli_select_db($conn, $db_name)or die("cannot select DB");
- $sql = "SELECT * FROM $tbl_name";
- $result = mysqli_query($conn, $sql);
- ?>
- <head>
- <meta charset="utf-8">
- <title>Ryan Simms | Booking</title>
- <!-- ****** faviconit.com favicons ****** -->
- <link rel="shortcut icon" href="../images/favicon.ico">
- <!-- ****** faviconit.com favicons ****** -->
- <link id ="pageStyle" rel="stylesheet" href='../css/defaultStyle.css' type='text/css'> <!-- Loads Default Stylesheet -->
- <script src="../scripts/lightSwitch.js"></script> <!-- Loads LightSwitch Script -->
- <script src="../scripts/cookie.js"></script> <!-- Loads Cookie Message Remove Script -->
- <script src="../scripts/holidays.js"></script> <!-- Loads Holiday Themes -->
- <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto' type='text/css'>
- <script src='https://www.google.com/recaptcha/api.js'></script>
- </head>
- <body>
- <?php
- while($rows = mysqli_fetch_array($result)) {
- ?>
- <p><?php echo $rows['forename']." ".$rows['surname']; ?></p>
- <p><?php echo $rows['arrive_date']." - ".$rows['depart_date']; ?></p>
- <?php
- }
- mysqli_close($conn);
- ?>
- </body>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement