API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 22nd, 2018
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.27 KB | None | 0 0
raw download clone embed print report
  1. <h2>Booking Info</h2>
  2. <label>Number of Guests *</label>
  3. <input name="guests" type="number" min="1" max="8" required>
  4. <label>Arrival Date *</label>
  5. <input name="arriveDate" id="arriveDate" type="date" required>
  6. <label>Departure Date *</label>
  7. <input name="departDate" id="departDate" type="date" required>
  8. <a href="" target="_blank">Check Availability</a>
  9.  
  10. <h2>Personal Info</h2>
  11. <label>First Name *</label>
  12. <input name="fname" type="text" maxlength="20" required>
  13. <label>Last Name *</label>
  14. <input name="lname" type="text" maxlength="20" required>
  15. <label>Address</label>
  16. <input name="address" type="text">
  17.  
  18. <h2>Contact Info</h2>
  19. <label>Phone Number *</label>
  20. <input name="number" type="tel" required>
  21. <label>Mobile Number</label>
  22. <input name="mnumber" type="tel">
  23. <label>Email Address *</label>
  24. <input name="email" type="email" required>
  25.  
  26. <h2>Additional Info</h2>
  27. <textarea name="info" maxlength="300"></textarea><br>
  28. <div class="g-recaptcha" data-sitekey="6LdrxD4UAAAAACAaVAR6U9BjOEDC9-j4QaOzBsFh"></div>
  29. <input type="submit" name="submit" value="Submit">
  30. <input type="reset" name="reset" value="Reset">
  31.  
  32. <?php
  33.  
  34. session_start();
  35. ob_start();
  36.  
  37. $host = "HOST NAME"; // Host name
  38. $user = "USERNAME"; // Mysql username
  39. $password = "PASSWORD"; // Mysql password
  40. $db_name = "DATABASE"; // Database name
  41. $tbl_name = "booking"; // Table name
  42.  
  43. // Connect to server and select databse.
  44. $conn = mysqli_connect($host, $user, $password)or die("cannot connect");
  45. mysqli_select_db($conn, $db_name)or die("cannot select DB");
  46.  
  47. /*
  48. This bit sets the URLs of the supporting pages.
  49. If you change the names of any of the pages, you will need to change the values here.
  50. */
  51. $feedback_page = "request";
  52. $error_page = "error-message";
  53. $thankyou_page = "thank-you";
  54.  
  55. function post_captcha($user_response) {
  56. $fields_string = '';
  57. $fields = array(
  58. 'secret' => 'SECRET KEY',
  59. 'response' => $user_response
  60. );
  61. foreach($fields as $key=>$value)
  62. $fields_string .= $key . '=' . $value . '&';
  63. $fields_string = rtrim($fields_string, '&');
  64.  
  65. $ch = curl_init();
  66. curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
  67. curl_setopt($ch, CURLOPT_POST, count($fields));
  68. curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
  69. curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
  70.  
  71. $result = curl_exec($ch);
  72. curl_close($ch);
  73.  
  74. return json_decode($result, true);
  75. }
  76.  
  77. // Call the function post_captcha
  78. $res = post_captcha($_POST['g-recaptcha-response']);
  79.  
  80. if (!$res['success']) {
  81. // What happens when the CAPTCHA wasn't checked
  82. header( "Location: $error_page" );
  83. } else {
  84.  
  85.  
  86. error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_STRICT);
  87.  
  88. set_include_path("." . PATH_SEPARATOR . ($UserDir = dirname($_SERVER['DOCUMENT_ROOT'])) . "/pear/php" . PATH_SEPARATOR . get_include_path());
  89. require_once "Mail.php";
  90.  
  91. /* SMTP Host Settings */
  92. $host = "ssl://mailout.one.com";
  93. $username = "USERNAME";
  94. $password = "PASSWORD";
  95. $port = "PORT";
  96.  
  97. /*
  98. This first bit sets the email address that you want the form to be submitted to.
  99. You will need to change this value to a valid email address that you can access.
  100. */
  101. $email_from = "admin@ryan-simms.com";
  102. $to = "MY EMAIL";
  103.  
  104. /*
  105. This next bit loads the form field data into variables.
  106. If you add a form field, you will need to add it here.
  107. */
  108. $email_subject = "Snowdon View Booking";
  109. $guests = $_REQUEST['guests'];
  110. $arrival = date('d/m/Y', strtotime( $_REQUEST['arriveDate'] ));
  111. $departure = date('d/m/Y', strtotime( $_REQUEST['departDate'] ));
  112.  
  113. $first_name = $_REQUEST['fname'];
  114. $last_name = $_REQUEST['lname'];
  115. $address = $_REQUEST['address'];
  116.  
  117. $phone = $_REQUEST['number'];
  118. $mobile = $_REQUEST['mnumber'];
  119. $email_address = $_REQUEST['email'];
  120.  
  121. $comments = $_REQUEST['info'];
  122.  
  123. $email_body =
  124. "New Guest Booking For ".$first_name." ".$last_name. "rnrn" .
  125.  
  126. "Guests: ".$guests. "rn" .
  127. "Arrival Date: ".$arrival. "rn" .
  128. "Departure Date: ".$departure. "rnrn" .
  129.  
  130. "Address: ".$address. "rn" .
  131. "Phone Number: ".$phone. "rn" .
  132. "Mobile Number: ".$mobile. "rn" .
  133. "Email Address: ".$email_addresss. "rn" .
  134.  
  135. "Additional Information: " . $comments;
  136.  
  137. /*
  138. The following function checks for email injection.
  139. Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
  140. */
  141. function isInjected($str) {
  142. $injections = array('(n+)',
  143. '(r+)',
  144. '(t+)',
  145. '(%0A+)',
  146. '(%0D+)',
  147. '(%08+)',
  148. '(%09+)'
  149. );
  150. $inject = join('|', $injections);
  151. $inject = "/$inject/i";
  152. if(preg_match($inject,$str)) {
  153. return true;
  154. }
  155. else {
  156. return false;
  157. }
  158. }
  159.  
  160. /* Stop certain usernames */
  161. $badWords = array("BAD WORDS REMOVED");
  162.  
  163. $containsBadWord = false;
  164. foreach ( $badWords as $badWord ) {
  165. if ( stripos($first_name, $badWord) !== false || stripos($last_name, $badWord) !== false || stripos($email_address, $badWord) !== false || stripos($comments, $badWord) !== false || stripos($address, $badWord) !== false) {
  166. $containsBadWord = true;
  167. break; //We do this just to save a few loops where unneccesary
  168. }
  169. }
  170.  
  171. // If the user tries to access this script directly, redirect them to the feedback form,
  172. if (!isset($email_address)) {
  173. $_SESSION['message'] = 'An error has occured, please try again!';
  174. header( "Location: $feedback_page" );
  175. }
  176.  
  177. // If the form fields are empty, redirect to the error page.
  178. else if (empty($first_name) || empty($email_address)) {
  179. $_SESSION['message'] = 'Please fill out the entire form!';
  180. header( "Location: $error_page" );
  181. }
  182.  
  183. /*
  184. If email injection is detected, redirect to the error page. */
  185. else if ( isInjected($email_address) || isInjected($first_name) || isInjected($last_name) || isInjected($comments) || isInjected($address)) {
  186. $_SESSION['message'] = 'An error has occured, please try again!';
  187. header( "Location: $error_page" );
  188. }
  189.  
  190. /*If user enters a bad word in form*/
  191. else if ($containsBadWord) {
  192. $_SESSION['message'] = 'Inappropriate word detected!';
  193. header( "Location: $error_page" );
  194. }
  195.  
  196. // If we passed all previous tests, send the email then redirect to the thank you page.
  197. else {
  198.  
  199. $sql = "INSERT INTO $tbl_name(forename, surname, arrive_date, depart_date)VALUES('$first_name', '$last_name', '$arrival', '$departure')";
  200. $result = mysqli_query($conn, $sql);
  201.  
  202. $headers = array ('From' => $email_from, 'To' => $to, 'Subject' => $email_subject);
  203. $smtp = Mail::factory('smtp', array ('host' => $host, 'port' => $port, 'auth' => true, 'username' => $username, 'password' => $password));
  204. $mail = $smtp->send($to, $headers, $email_body);
  205.  
  206. header( "Location: $thankyou_page" );
  207. }
  208. }
  209. mysqli_close($conn);
  210. ob_end_flush();
  211. ?>
  212.  
  213. <?php
  214.  
  215. session_start();
  216. ob_start();
  217.  
  218. $host = "HOST NAME"; // Host name
  219. $username = "USERNAME"; // Mysql username
  220. $password = "PASSWORD"; // Mysql password
  221. $db_name = "DATABASE"; // Database name
  222. $tbl_name = "booking"; // Table name
  223.  
  224. // Connect to server and select databse.
  225. $conn = mysqli_connect($host, $username, $password)or die("cannot connect");
  226. mysqli_select_db($conn, $db_name)or die("cannot select DB");
  227.  
  228. $sql = "SELECT * FROM $tbl_name";
  229.  
  230. $result = mysqli_query($conn, $sql);
  231.  
  232. ?>
  233.  
  234. <head>
  235.  
  236. <meta charset="utf-8">
  237. <title>Ryan Simms | Booking</title>
  238.  
  239. <!-- ****** faviconit.com favicons ****** -->
  240. <link rel="shortcut icon" href="../images/favicon.ico">
  241. <!-- ****** faviconit.com favicons ****** -->
  242.  
  243. <link id ="pageStyle" rel="stylesheet" href='../css/defaultStyle.css' type='text/css'> <!-- Loads Default Stylesheet -->
  244. <script src="../scripts/lightSwitch.js"></script> <!-- Loads LightSwitch Script -->
  245. <script src="../scripts/cookie.js"></script> <!-- Loads Cookie Message Remove Script -->
  246. <script src="../scripts/holidays.js"></script> <!-- Loads Holiday Themes -->
  247. <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto' type='text/css'>
  248. <script src='https://www.google.com/recaptcha/api.js'></script>
  249.  
  250. </head>
  251.  
  252. <body>
  253.  
  254. <?php
  255.  
  256. while($rows = mysqli_fetch_array($result)) {
  257. ?>
  258. <p><?php echo $rows['forename']." ".$rows['surname']; ?></p>
  259. <p><?php echo $rows['arrive_date']." - ".$rows['depart_date']; ?></p>
  260. <?php
  261. }
  262.  
  263.  
  264. mysqli_close($conn);
  265. ?>
  266.  
  267. </body>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!