I am building a flash website and I want contact information sent to my gmail address.
The Lynda.com tutorial I am using says I need to "enter the php address." What is that and how do I do it?
This is my code edited
if (thename.text == "" || theemail.text == "" || thephone.text == "" || themessage.text =="") {
thefeedback.text = "*Please fill out all fields";
} else {
var allvars:URLVariables = new URLVariables()
allvars.name = thename.text;
allvars.email = theemail.text;
allvars.phone = thephone.text;
allvars.message = themessage.text;
// Send info to a new request
var mailAddress:URLRequest = new URLRequest("http://whatever goes here.php");
mailAddress.data = allvars;
mailAddress.method = URLRequestMethod.POST;
sendToURL(mailAddress);
thefeedback.text = "Thank You";
thename.text = "";
theemail.text = "";
thephone.text = "";
themessage.text = "";
}
Presumably they mean "A URL that resolves to the PHP script that they taught you to write", but "php address" is not a standard term.
When you press submit on any form it is taking that information (first name, last name, body text, etc) and then it needs to be sent somewhere so that it can be given to gmail or anther email service as an actual email.
Now PHP on a server can take the information, turn it into an email, and send it from you to them.
You can do this by using POST and the URL is to a PHP script that lives somewhere.
Now that script needs set up, you can learn how HERE
Good luck friend!
You can use Zend PHP to use PHP functions from Flash.
This tutorial is pretty good: http://www.flepstudio.org/forum/tutorials/3421-actionscript-3-0-zend-amf.html
Related
I would like to create a wordpress user with contributor privelages, remotely. However, I would like to also create their wordpress account using an email that I manipulate by using their id (from login on my site) and #example.com. So it would essentially be: id##example.com. I am very new to programming. I have looked and looked and just continue to scratch my head. What would be best practice for doing this? Any examples, resources, explanations would be appreciated!
I was thinking of creating a link in their account page that when the logged in user clicks it it will redirect them to a page that will create their user account within wordpress framework. They would have to be logged into my site to access.
I am not sure how to do the email portion of your question. Although, I would like to know how to meld the two together. However, if you are needing unique emails for wordpress you can by-pass this required section (required if using wp dashboard to create user). I found this recently.
You could simply:
$user_name = //however you get your unique identifier this will be their screen name
$user_id = username_exists( $user_name );
if ( !$user_id and email_exists($user_email) == false ) {
$user_id = wp_create_user( $user_name, $user_email );
wp_update_user(array(
'ID' => $user_id,
'role' => 'contributor'
));
}
If your users actually do have an email account on your server and you want them to receive emails from wordpress.. this will not fix your situation.
there are many ways to do this. the cleanest would probably at the moment be to use the Wordpress API together with JWT authentication.
Here is an easier solution. On the Remote Wordpress Installation you stick something like this into your functions.php
function remote_create_user() {
$token = (isset($_GET['token'])) ? sanitize_text_field($_GET['token']) : '';
$action = (isset($_GET['action'])) ? sanitize_text_field($_GET['action']) : '';
//this is not particularly secure, but let's assume your wordpress page has https which should encrypt the url...
//im just setting some random string to compare to
if ($token != '712031ff105541219fcc741d99a9addd' || $action != 'createuser') {
return;
}
$username = sanitize_text_field($_GET['username']);
$email = sanitize_text_field($_GET['email']);
//making sure the user doesn already exist
$user_id = username_exists($username);
if (!$user_id and email_exists($email) == false) {
$random_password = wp_generate_password($length = 12, $include_standard_special_chars = false);
//creating the user
$user_id = wp_create_user($username, $random_password, $email);
if ($user_id) {
//here you could send the user a welcome mail. if you want, include the password in the mail or just make him press the "forgot password" button
//wp_mail($to, $subject, $message);
echo "User created";
}
} else {
echo "User already exists.";
}
}
add_action('init', 'remote_create_user');
On the system you want to send the command from, you can then do something like this (on the serverside, you can't to this from the browser, because the "authentication" token will be visible in the javascript...
$createuser = file_get_contents('https://yourdomain.com/?token=712031ff105541219fcc741d99a9addd&action=createuser&username=test3&email=test3#test.com');
//depending on the result in $createuser, give an error message or redirect him to your wordpress login page or something
i hope this gives you some ideas.
Edit: Aboves init function is missing a wp_die() at the end. we dont want the whole page rendered here. also, this is just a quick & dirty solution.
Look into Wordpress Rest API or also custom endpoints.
I'm trying to add something to my website where:
If the date is a certain date, I want it to send me an email; however every time I refresh the page on that day it resends the email. I don't want it to do this - only send the email once.
I know a little about SESSIONS and such but not enough to implement them. This is my code, any help would be appreciated.
TL;DR - How to send an email from the website once if the date is a set date?
//Inspections
<?php
$recipients = array("Fake#email.com","Another#FakeEmail.com");
$to = implode(",", $recipients);
$subject = "Inspection Reminder.";
$bedMsg = "There is a BEDROOM inspection in five days!";
$comMsg = "There is a KITCHEN inspection in five days!";
$dateInspect = date("05/11/16"); //Set to a certain date for testing
if ($dateInspect == "05/11/16"){
mail($to,$subject,$comMsg);
} elseif ($dateInspect == "26/11/16"){
mail($to,$subject,$comMsg);
} elseif ($dateInspect == "24/11/16"){
mail($to,$subject,$bedMsg);
} else {
;
}
?>
The better solution is to use an database to store the flag of sending the email on a specific day.
But, if you running a simple website and don't want to go for database, you can simply create a file after the sent, and always check if that file exists.
$dateInspect = date("05-11-16");
if(!file_exists("mail_sent_".$dateInspect.".txt")){
// .. SEND YOUR E-MAIL
// create the file
file_put_contents("mail_sent_".$dateInspect.".txt", "mail sent this day");
}
Attention: Don't use slashes on date, as it will generate an filename as: mail_sent_05/11/16.txt which is an invalid name, filenames can't have slashes.
I am writing a wedding website with a basic form to get the guest email address, guest name(s), guest dinner option, the number of children they are bringing, and a requested song they would like played. I then want to take these values and send them via PHP mail function to an email address. Here is what I have so far:
Here is the snippet of my javascript. The variables emailAddr, g1_name, and g1_dinner all have the correct values in them when I log it to the console.
var data = {
email : emailAddr,
g1Name : g1_name,
g1Dinner : g1_dinner
};
$.post("email.php", data, function(){
alert("Email Success");
});
Here is the PHP:
<?php
$to = "test#email.com";
$from = $_POST['email'];
$guestName_1 = $_POST['g1Name'];
$guestDinner_1 = $_POST['g1Dinner'];
$message = "Email: "+$from +"\n\nGuest 1: "+$guestName_1+" - "+$guestDinner_1;
$message = wordwrap($message, 70);
mail($to,"Wedding RSVP",$message);
?>
Here is what is actually getting POST'd:
And here is the email I get from my web host:
So my main question is why is what is getting POST to my PHP file different than I am specifying?
And a follow up, why am I getting emailed a 0 and not the string I set?
And is this the right way to do something like this?
Any help is appreciated! Thanks!
PHP 101: String concatenation uses ., you're using +, which is mathematical addition.
'string' + 'string' => generally "0" or wonky integer as result
'string' . 'string' => 'stringstring'
I want to make my site multi langueage. I have seen in packages like prestashop, the translations are saved to a file like this:
<?php
$_lang['contact_header_steps'] = "Order whatever you like in 4 easy steps";
$_lang['contact_steps_1'] = "Fill out the form";
$_lang['contact_steps_2'] = "We will send you a payment link";
$_lang['contact_steps_3'] = "Pay online";
$_lang['contact_steps_3a'] = "";
?>
so this is what I did. I work with smarty and in my templates i use (expample): {$LANG.contact_header_steps}
and i use a global detection that stores the slected language in a cookie so my site knows wich language to show.
All work fine but now i want to build a easy management system.
I want to write to this file (like mentioned above) from the admin (without DB). I have seen this in prestashop but after looking in to the core i just got lost.
so when i open the translation page it must read this file and create 2 input fields. when i save it must save to this file
What is the best way to approach this?
Give every language a 'code name' ex: English:en ; France:fr ; etc.
Assuming you stored the language in cookie $_COOKIE['lang']
<?php
$mylang = $_COOKIE['lang']; //get the cookie
//define the translation here
$_lang['en']['contact_header_steps'] = "Order whatever you like in 4 easy steps";
$_lang['en']['contact_steps_1'] = "Fill out the form";
$_lang['en']['contact_steps_2'] = "We will send you a payment link";
$_lang['en']['contact_steps_3'] = "Pay online";
$_lang['en']['contact_steps_3a'] = "";
$_lang['fr']['contact_header_steps'] = "OTHER_LANG";
$_lang['fr']['contact_steps_1'] = "THAT_I";
$_lang['fr']['contact_steps_2'] = "HAVE_NO";
$_lang['fr']['contact_steps_3'] = "IDEA_OF";
$_lang['fr']['contact_steps_3a'] = "HERE";
echo $_lang[$mylang]['contact_header_steps']; //use it to call the language
?>
I have this form by which a user sends me an email. I don't know if it is secured, or if issues with security appear only if sql is involved...
html:
<form id="form4" action="send_mic.php" name="form4" method="post" >
<textarea name="message4" cols="4" rows="4" id="message4" ></textarea><br />
<input type="text" id="name4" name="name4" value="" /><br />
<input type="text" id="email4" name="email4" value="" /><br />
<input type="submit" value="" id="submit" />
</form>
jquery:
<script type="text/javascript">
$(document).ready(function () {
$('#form4').ajaxForm({
beforeSubmit: validate
});
function validate(formData, jqForm, options) {
var name = $('input[name=name4]').fieldValue();
var email = $('input[name=email4]').fieldValue();
var message = $('textarea[name=message4]').fieldValue();
if (!name[0]) {
alert('Please enter a value for name');
return false;
}
if (!email[0]) {
alert('Please enter a value for email');
return false;
}
if (!message[0]) {
alert('Please enter a value for message');
return false;
}
else {
$("#content").fadeOut(1000, function () {
$(this).html("<img src='images/postauto3.png'/>").fadeIn(2000);
});
var message = $('textarea[name=message4]').val('');
var name = $('input[name=name4]').val('');
var email = $('input[name=email4]').val('');
}
}
});
</script>
php:
<?php
if($_POST){
$email = $_POST['email4'];
$name = $_POST ['name4'];
$message = $_POST ['message4'];
// response hash
$ajaxresponse = array('type'=>'', 'message4'=>'');
try {
// do some sort of data validations, very simple example below
$all_fields = array('name4', 'email4', 'message4');
foreach($all_fields as $field){
if(empty($_POST[$field])){
throw new Exception('Required field "'.ucfirst($field).'" missing input.');
}
}
// ok, if field validations are ok
// now Send Email, ect.
// let's assume everything is ok, setup successful response
$subject = "New Contact";
//get todays date
$todayis = date("l, F j, Y, g:i a") ;
$message = " $todayis \n
Attention: \n\n
Please see the message below: \n\n
Email Address: $email \n\n
Message: $message \n\n
";
$from = "From: $email\r\n";
//put your email address here
mail("contact#....ro", $subject, $message, $from);
//prep json response
$ajaxresponse['type'] = 'success';
$ajaxresponse['message'] = 'Thank You! Will be in touch soon';
} catch(Exception $e){
$ajaxresponse['type'] = 'error';
$ajaxresponse['message'] = $e->getMessage();
}
// now we are ready to turn this hash into JSON
print json_encode($ajaxresponse);
exit;
}
?>
So, are there any security problems when using forms to send emails? Is this ok?
Thanks!
In general, rule of the thumb should always be: NEVER trust user provided data. And no, your code is not bullet proof. Since you do not verify nor sanitize user input and you use mail() at the same time you are vulnerable. User can easily feed you with crafted value for email4 filed. Since you use form data directly, then email4 can be used to inject additional mail headers to your outgoing mail. It these headers would be BCC: or CC: or even TO: then then you would be simply acting as spam relay. For example if I post this
some#address.com
CC: spamvictim1#foo.com, spamvictim2#foo.com, spamvictim3#foo.com,
X-Spam-Owned: Whoa
as your email4 then your header would end looking like this:
To: some#address.com
CC: spamvictim1#foo.com, spamvictim2#foo.com, spamvictim3#foo.com,
X-Spam-Owned: Whoa
to post multiline data you simply glue texts with CRLFs.
To avoid security holes like this you should consider dropping mail() and use something more clever that would take care of something like this too (not that mail() is bad, but you need to know what you are doing as it is rather low than high level function). I suggest using PHPMailer or similar package. You should always verify user provided data (especially ensure that single-line fields, like subject are really single line - stripping CRLFs suffice). Add captcha as you are open to automated form submission.
You could add a captcha to prevent spam.
You could protect against email injections by using:
filter_var($email, FILTER_VALIDATE_EMAIL)
I think this form is safe, mean that no one can really h#ck your website throught this form.
But you need to add somethings for better result:
1. You should also check the post variable in php server side, mean that you should check if email / name / message is valid of not
2. You should add some captcha to prevent spam
You can additionally wrap your server side code with
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
/* special ajax here */
die($content);
}
This will ensure the ajax request is coming on the server.
And please mind your ID that you are using in one of your jQuery selector in your question.
Even if you are not working with database, there could be security problems in email sending. Of course you can't be hacked by this form, but the problems will occure when the user will input something like this in EMail field:
email-address1#example.com // there is a new line here
CC:email-address2#example.com,email-addresses3#example.com,.............................email-addressesn#example.com
so the best you can do is sanitizing all the input fields for mail function, to prevent such spam delivery. And as #WebnetMobile.com has already sad, never trust user inputs
I don't see a security issue in there, since you are not modifying anything on your server side. Might be an issue with spam though. Add some captcha to it. The rest looks ok.
You should add captcha , client side and server side validation in form