Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

add ip address to contact form


Guest

Recommended Posts

i have read all of the topics that involve adding new fields to the contact form, but none of them had the same lines as my contact page for some reason.

 

 

i would like to record the user's ip addres, env report, etc etc.

 

how could i achieve this?

 

my contact_us.php

<?php
/*
 $Id: contact_us.php,v 1.42 2003/06/12 12:17:07 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 $error = false;
 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
$name = tep_db_prepare_input($HTTP_POST_VARS['name']);
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email']);
$enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']);

if (tep_validate_email($email_address)) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);

  tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
} else {
  $error = true;

  $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
}
 }

 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));
?>

header tags

<body>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading" align="center"><?php echo HEADING_TITLE; ?></td>
 </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
<?php
 if ($messageStack->size('contact') > 0) {
?>
  <tr>
	<td><?php echo $messageStack->output('contact'); ?></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
<?php
 }

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {
?>
  <tr>
	<td class="main" align="center"><?php echo TEXT_SUCCESS; ?></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
  <tr>
	<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
	  <tr class="infoBoxContents">
		<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
		  <tr>
			<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
			<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
			<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
		  </tr>
		</table></td>
	  </tr>
	</table></td>
  </tr>
<?php
 } else {
?>
  <tr>
	<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
	  <tr class="infoBoxContents">
		<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
		  <tr>
			<td class="main"><?php echo ENTRY_NAME; ?></td>
			<td class="main"><?php echo tep_draw_input_field('name', '', 'maxlength="255", class="linksearch", size="30"'); ?></td>
		  </tr>
		  <tr>
			<td class="main"><?php echo ENTRY_EMAIL; ?></td>
			<td class="main"><?php echo tep_draw_input_field('email', '', 'maxlength="255", class="linksearch", size="30"'); ?></td>
		  </tr>
		  <tr>
			<td class="main" colspan="2"><?php echo ENTRY_ENQUIRY; ?></td>
		  </tr>
		  <tr>
			<td colspan="2"><?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?></td>
		  </tr>
		</table></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
<?php
 }
?>
</table></form></td>
<!-- body_text_eof //-->

<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

that looks very useful and i plan to install it, thank you :)

but what i need is to have whoever sends a message, their ip and env report is attatched to the message, unfortunately this modification doesn't seem to have that

 

would i need to edit general.php with the new inputs i need?

i assume i can make a hidden input via plain html, add the code to pull their ip, something like:

<input type="hidden" name="ip" value="<?php echo $REMOTE_ADDR; ?>">

and it would work?

 

but simply plugging this into the contact_us.php file doesn't seem to work, i also edited:

if (tep_validate_email($email_address)) {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);

 

to have

if (tep_validate_email($email_address)) {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $ip, $name, $email_address);

 

and it didn't work. i seem to be missing something?

Link to comment
Share on other sites

would i need to edit general.php with the new inputs i need?

i assume i can make a hidden input via plain html, add the code to pull their ip, something like:

<input type="hidden" name="ip" value="<?php echo $REMOTE_ADDR; ?>">

and it would work?

 

I wouldn't do that. All form inputs, including hidden ones, are spoofable. It's trivial for someone to save a copy of your page locally, edit the hidden input to show any IP they want, and then submit the edited form back to you. Hidden inputs are great, but you can't trust them any more than you can trust any other inputs.

 

but simply plugging this into the contact_us.php file doesn't seem to work, i also edited:

if (tep_validate_email($email_address)) {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);

 

to have

if (tep_validate_email($email_address)) {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $ip, $name, $email_address);

 

and it didn't work. i seem to be missing something?

 

You're trying to add $ip as a separate argument for tep_mail. Instead, as in the example from the above poster, you need to make the user's IP address a part of the email body.

Link to comment
Share on other sites

if (tep_validate_email($email_address)) {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry."\n".$_SERVER["REMOTE_ADDR"]."\n".$_SERVER["HTTP_USER_AGENT"], $name, $email_address);

that did the trick, thank you :)

 

 

It's trivial for someone to save a copy of your page locally, edit the hidden input to show any IP they want, and then submit the edited form back to you. Hidden inputs are great, but you can't trust them any more than you can trust any other inputs.

i did not think of that, good point. i forget how petty some people are :lol:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...