File: //home/hurlinghamclinic.co.uk/public_html/includes/booking-form-code.php
<?php
$form_your_email ='b.sykes@vanillacircus.co.uk';// <<=== update to your email address (all enquiries)
session_start();
$form_visitor_email = '';
$promo_code = '';
$title = '';
$first_name = '';
$last_name = '';
$dob = '';
$tel = '';
$form_visitor_email = '';
$time_to_call = '';
$heard_from = '';
if(isset($_POST['submit']))
{
$promo_code=$_POST['promo'];
$title = $_POST['title'];
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$dob = $_POST['bdate'];
$tel = $_POST['phone'];
$form_visitor_email = $_POST['email'];
$time_to_call = $_POST['besttime'];
$heard_from = $_POST['hearaboutus'];
///------------Do Validations-------------
if(empty($first_name))
{
$form_errors .= "\n Please fill in your Name.";
}
if(strpos($message,'http://') !== false){
$form_errors .= "\n Please do not include any links or urls in your content.";
}
if(empty($form_visitor_email))
{
$form_errors .= "\n Please fill in your Email.";
}
if(empty($tel))
{
$form_errors .= "\n Please fill in your Telephone.";
}
if(IsInjected($form_visitor_email))
{
$form_errors .= "\n Bad email value!";
}
//do the state selection
if(empty($form_errors))
{ $_SESSION['visitor_name']=$first_name;
//send the email
$form_to = $form_your_email;
$form_subject="Hurlingham Clinic Enquiry";
$form_from = $form_visitor_email;
$form_ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$form_body = '<div align="center">'.
'<table border="1" cellspacing="5" cellpadding="5" width="80%">'.
'<tr><td nowrap="nowrap" colspan="2" ><p align="center">Hurlingham Clinic Enquiry</p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Promo Code</p>'.
'<td width="100%"><p>'."$promo_code".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Title</p>'.
'<td width="100%"><p>'."$title".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>First Name</p>'.
'<td width="100%"><p>'."$first_name".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Last Name</p>'.
'<td width="100%"><p>'."$last_name".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Date of Birth</p>'.
'<td width="100%"><p>'."$dob".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>e-mail address</p>'.
'<td width="100%"><p>'."$form_visitor_email".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Telephone </p>'.
'<td width="100%"><p>'."$tel".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Best Time To Call</p>'.
'<td width="100%"><p>'."$time_to_call".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Where did you hear about us?</p>'.
'<td width="100%"><p>'."$heard_from".' </p>'.
'<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Request IP</p>'.
'<td width="100%"><p>'."$form_ip".' </p></table>'.
'</div>';
$visitor_body="";
$form_headers = "From: $form_from \r\n";
$form_headers .= "Reply-To: $form_visitor_email \r\n";
$form_headers .= "MIME-Version: 1.0\r\n";
$form_headers .= "Content-Type: text/html; charset=utf-8 \r\n";
mail($form_to, $form_subject, $form_body,$form_headers);
$visitor_body='';
$form_headers = "From: no-reply@rubbishclearance.me.uk \r\n";
$form_headers .= "MIME-Version: 1.0\r\n";
$form_headers .= "Content-Type: text/html; charset=utf-8 \r\n";
$visitor_subject='Thank you for contacting Hurlingham Clinic';
//mail($form_visitor_email, $visitor_subject, $visitor_body,$form_headers);
header('Location: /thank-you.php');
}
}
// Function to validate against any email injection attempts
function IsInjected($form_str)
{
$form_injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$form_inject = join('|', $form_injections);
$form_inject = "/$form_inject/i";
if(preg_match($form_inject,$form_str))
{
return true;
}
else
{
return false;
}
}
?>