This script is called by an HTML form using the POST command with this file as the action. Example: <FORM METHOD="POST" ACTION="formhandler.



Similar documents
Form Mail Tutorial. Introduction. The cgi-bin

PHP Authentication Schemes

Tableau Server Trusted Authentication

Inserting the Form Field In Dreamweaver 4, open a new or existing page. From the Insert menu choose Form.

JAVASCRIPT AND COOKIES

Webair CDN Secure URLs

PHP Tutorial From beginner to master

Novell Identity Manager

Website Development Komodo Editor and HTML Intro

Working with forms in PHP

MailForm Copyright 2000 Left Side Software Pty Ltd

Configuring Web services

HTML Form Widgets. Review: HTML Forms. Review: CGI Programs

Tableau Server Trusted Authentication

Designing for Dynamic Content

Motivation retaining redisplaying

Dynamic Web-Enabled Data Collection

versasrs HelpDesk quality of service

An Introduction To The Web File Manager

Fachgebiet Technische Informatik, Joachim Zumbrägel

Working With Virtual Hosts on Pramati Server

PHP Form Handling. Prof. Jim Whitehead CMPS 183 Spring 2006 May 3, 2006

TCP/IP Networking, Part 2: Web-Based Control

Viewing Form Results

Linklok URL TM V2.90

Project 2: Web Security Pitfalls

Internet Technologies

HTML Forms and CONTROLS

PDG Software. Site Design Guide

infilename outfilename signcert privkey headers flags

PHP Debugging. Draft: March 19, Christopher Vickery

FORMS. Introduction. Form Basics

Creating a generic user-password application profile

Facebook Twitter YouTube Google Plus Website

Using sftp in Informatica PowerCenter

<option> eggs </option> <option> cheese </option> </select> </p> </form>

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?

Developers Guide. Designs and Layouts HOW TO IMPLEMENT WEBSITE DESIGNS IN DYNAMICWEB. Version: English

How to Configure edgebox as a Web Server

07 Forms. 1 About Forms. 2 The FORM Tag. 1.1 Form Handlers

Webapps Vulnerability Report

How to Create and Send a Froogle Data Feed

The Basics of Dynamic SAS/IntrNet Applications Roderick A. Rose, Jordan Institute for Families, School of Social Work, UNC-Chapel Hill

Discovering Devices CHAPTER

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

payment solutions The DirectOne E-Commerce System Technical Manual

Advertisers: Recommendations regarding how to integrate Reactivpub tags in Joomla

SAS Macros as File Management Utility Programs

PanelView Plus. Technology in the Spotlight

NASA Workflow Tool. User Guide. September 29, 2010

Connecting with Computer Science, 2e. Chapter 5 The Internet

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop

The Power Loader GUI

WIRIS quizzes web services Getting started with PHP and Java

IBM FileNet eforms Designer

Intro to Mail Merge. Contents: David Diskin for the University of the Pacific Center for Professional and Continuing Education. Word Mail Merge Wizard

CrushFTP User Manager

Designing and Implementing Forms 34

Securing Adobe connect Server and CQ Server

Forensic Analysis of Internet Explorer Activity Files

HELP DESK MANUAL INSTALLATION GUIDE

Enhanced Connector Applications SupportPac VP01 for IBM WebSphere Business Events 3.0.0

Software documentation systems

SAS/IntrNet 9.4: Application Dispatcher

Using the Bulk Export/Import Feature

Insight Student for Chromebooks - Auto Configuration

CardSwipe Integration

Using Adobe Dreamweaver CS4 (10.0)

CREATING WEB FORMS WEB and FORMS FRAMES AND

ARC: appmosphere RDF Classes for PHP Developers

Managed Service Edition - G1

Interspire Website Publisher Developer Documentation. Template Customization Guide

SysPatrol - Server Security Monitor

At the most basic level you need two things, namely: You need an IMAP account and you need an authorized source.

PageR Enterprise Monitored Objects - AS/400-5

Introduction. How does FTP work?

Using Windows Task Scheduler instead of the Backup Express Scheduler

Transferring Your Internet Services

Create a New Database in Access 2010

SyncTool for InterSystems Caché and Ensemble.

Retailman POS Multi-location Setup

Guide to Analyzing Feedback from Web Trends

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Bank Reconciliation Import BR-1005

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

HowTo. Planning table online

How To Use Optimum Control EDI Import. EDI Invoice Import. EDI Supplier Setup General Set up

Chapter 2: Interactive Web Applications

INTERNET DOMAIN NAME SYSTEM

Web Design. Links and Navigation

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

Transcription:

<?php /* formhandler.php Script by Bernard Pegis (bp@amdgsoftware.com) 3/16/02 version 1.0 - initial version version 1.1 - fixes a bug in the comma delimited file date stamp - put in click here... link at end before displaying thanks This script is called by an HTML form using the POST command with this file as the action. Example: <FORM METHOD="POST" ACTION="formhandler.php"> FormHandler is a configurable PHP script which is used for receiving data from an HTML form and either displaying, emailing or saving the results. When saving the results, a comma delimited file is created on the server with the last two fields being the date and time, respectively, at which the data was entered. After saving or emailing the results, they can be also displayed on the screen to the user. Displayed and emailed results can be shown in either the comma delimited format or in a more user-friendly format which shows the field name and the data in tabular columns. Descriptions of the options and examples are below. Each option is selected by adding a hidden field to the form with the name of the option. The field's value will be the setting for the option. Option: todo writefile, email, display writefile: create a comma delimited file on the server. The filename is established in the filename option. email: sends the results of the form to the email address in the mailto option with the subject in the mailsubject option in the format selected by the displayformat option. The originating IP address and script, HTML referring page, and the user's browser type are also emailed. display: neither writes a file nor emails the results. Only shows the data from the form on the screen in the format selected by the displayformat option Example: to write data to a file, add the following field to your form: <input type=hidden name="todo" value="writefile"> Option: filename any valid file name

data is written to the file in a comma delimited format. If the filename ends in.php then the data will be more or less obscured from unauthorized viewing. This is accomplished by commenting out the data and causing the PHP parser to ignore the data when the file is requested for viewing. To get the data, you must use the FTP GET command, rather than using HTTP. If the filename ends in anything else, anybody will be able to view the data by simply entering the filename as an HTTP request in a browser. Relative and absolute paths are accepted and used. If no path is included, the file is written in the same directory as the script and form. Example: <input type=hidden name="filename" value="xy.txt"> Option: afterpage "" or any valid html or php document. if blank, the script will prompt the user with a generic "thank you" message, otherwise the document indicated will be loaded after the form has been submitted and processed. Example: <input type=hidden name="afterpage" value="thanks.html"> Option: mailto any valid email address This is required if todo is set to "email". This is the address to which the form's results will be emailed. The format selected by the displayformat option will be used. Example: <input type=hidden name="mailto" value="bp@amdgsoftware.com"> Option: mailsubject any string value This is the subject which will be used in the email message which will be sent if todo is set to "email". Example: <input type=hidden name="mailsubject" value="survey results"> Option: displayformat comma, tabular this is the format used when the data is either displayed or emailed. comma will have the data in a comma delimited format and tabular will show the data along with the field names. Example: <input type=hidden name="displayformat" value="comma"> Option: showinfo true, false This option is ignored if todo is set to "display". This causes the form's data to be shown to the user after form submission when todo is set to either "email" or "writefile"

Example: <input type=hidden name="showinfo" value="false"> */ $od = ""; $x = ""; $goafter = ""; $mailto = ""; $mailsubject = ""; $displayformat = ""; $resultsd = "You submitted the following information:<br><center><table border>"; $resultsm = ""; $todayd = date("m-d-y"); $todayt = date("h:i:s"); reset($http_post_vars); while (list ($key, $val) = each ($HTTP_POST_VARS)) { if ($key == "todo"): $od = $val; elseif ($key == "filename"): $filename = $val; elseif ($key == "mailto"): $mailto = $val; elseif ($key == "mailsubject"): $mailsubject = $val; elseif ($key == "displayformat"): $displayformat = $val; elseif ($key == "afterpage"): $goafter = $val; elseif ($key == "showinfo"): $showinfo = $val; $x.= "\"". $val. "\","; $resultsm.= "$key = $val\n"; if ($val == ""): $val = " "; $resultsd.= "<tr><td>$key</td><td>$val</td></tr>"; } $x = substr($x, 0, strlen($x) - 1); $resultsd.= "</table>"; $resultsm.= "\n\n-----------------------------------------\n\n"; $resultsm.= "Sent by: ". $HTTP_SERVER_VARS['PHP_SELF']. "\n";

$resultsm.= "Possible prior page: ". $HTTP_SERVER_VARS['HTTP_REFERER']. "\n"; $resultsm.= "Browser: ". $HTTP_SERVER_VARS['HTTP_USER_AGENT']. "\n"; $resultsm.= "From IP: ". $HTTP_SERVER_VARS['REMOTE_ADDR']. "\n"; if ($od == "writefile"): if (substr($filename, strlen($filename) - 3, 3) == "php"): $obfuscate = true; $obfuscate = false; if (file_exists($filename)): $fp = fopen ($filename, "a+"); //this opens the file $fp = fopen ($filename, "w"); //this creates the file if ($obfuscate): /* This file header serves to hide the data, regardless of the unix file permissions. While it is bad form to have the initiating php tag (i.e. <?php) and not the terminating tag in the file, it is too much effort to ensure that the?> stays at the end, and it works perfectly well without it. The way it works is to force the php parser to ignore the data by telling it that it is a series of comments */ fwrite($fp, "<center><b>error. You May Not View This File</b></center><?php /*\n"); fwrite($fp, "------------------------------------*/\n"); $x.= ",\"". $todayd. "\",\"". $todayt. "\""; if ($obfuscate) {$x = "/*". $x. "*/";} fwrite($fp, $x. "\n"); fclose($fp); // chmod($filename, 0606); if ($showinfo == "true"): echo $resultsd; elseif ($od == "email"): if ($displayformat == "comma"): mail($mailto, $mailsubject, $x); mail($mailto, $mailsubject, $resultsm); if ($showinfo == "true"):

echo $resultsd; elseif ($od == "display"): echo $resultsd; if ($goafter == ""): echo "<center><font size = +3>Thank you for submitting your form.</font></center>"; if (($od == "display") or ($showinfo == true)): echo "<center><hr><a href=\"". $goafter. "\">Click here when finished</a></center>"; echo "<html><head><meta HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=". $goafter. "\"></head><body></body></html>";?>

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information