assign("arrival_time", "--"); $tpl->assign("departure_time", "--"); $tpl->assign('form_display', true); if(!isset($_SESSION['token'])) { $token = md5(uniqid(rand(), TRUE)); //save it in the session $_SESSION['token'] = $token; $_SESSION['token_time'] = time(); } $tpl->assign("title", "Biz’s Cabin by the River – Stay with us for your visit to Nauvoo"); $tpl->assign("form_action", $_SERVER['PHP_SELF']); if(isset($_POST['request_x']) && isset($_POST['request_y'])) { $data = $_POST; //sanitize data $sanitize_args = array( 'name'=>FILTER_SANITIZE_STRING, 'email'=>FILTER_SANITIZE_EMAIL, 'phone_area'=>FILTER_SANITIZE_NUMBER_INT, 'phone_pre'=>FILTER_SANITIZE_NUMBER_INT, 'phone_ext'=>FILTER_SANITIZE_NUMBER_INT, 'arrivalYear'=>FILTER_SANITIZE_NUMBER_INT, 'arrivalMonth'=>FILTER_SANITIZE_STRING, 'arrivalDay'=>FILTER_SANITIZE_NUMBER_INT, 'departureYear'=>FILTER_SANITIZE_NUMBER_INT, 'departureMonth'=>FILTER_SANITIZE_STRING, 'departureDay'=>FILTER_SANITIZE_NUMBER_INT, 'party_number'=>FILTER_SANITIZE_NUMBER_INT, 'comments'=>FILTER_SANITIZE_STRING, 'key'=>FILTER_SANITIZE_STRING, 'request'=>FILTER_SANITIZE_STRING ); $data = filter_var_array($data, $sanitize_args); //validate data $validate_args = array( 'name'=>array('filter'=>FILTER_VALIDATE_REGEXP,'options'=>array('regexp'=>'/.+/')), 'email'=>FILTER_VALIDATE_EMAIL, 'phone_area'=>FILTER_VALIDATE_INT, 'phone_pre'=>FILTER_VALIDATE_INT, 'phone_ext'=>FILTER_VALIDATE_INT, 'arrivalYear'=>FILTER_VALIDATE_INT, 'arrivalMonth'=>array('filter'=>FILTER_VALIDATE_REGEXP,'options'=>array('regexp'=>'/.+/')), 'arrivalDay'=>FILTER_VALIDATE_INT, 'departureYear'=>FILTER_VALIDATE_INT, 'departureMonth'=>array('filter'=>FILTER_VALIDATE_REGEXP,'options'=>array('regexp'=>'/.+/')), 'departureDay'=>FILTER_VALIDATE_INT, 'party_number'=>FILTER_VALIDATE_INT, 'comments'=>FILTER_SANITIZE_STRING, 'key'=>FILTER_SANITIZE_STRING, 'request'=>FILTER_SANITIZE_STRING ); //compare to session if(!isset($_SESSION['token'])) { $_SESSION['token'] == "invalid token". md5(uniqid(rand(), TRUE)); } if ($_POST['key'] == $_SESSION['token']) { $valid_submission = true; } else { $valid_submission = false; } //new dBug($valid_submission); //put the dates together if(!empty($data['departureYear']) && !empty($data['departureDay']) && !empty($data['departureMonth'])) { $data['departureDate'] = makeTimeStamp($data['departureYear'], $data['departureMonth'], $data['departureDay']); $tpl->assign("departure_time", $data['departureDate']); } else { $data['departureDate'] = null; $tpl->assign("departure_time", "--"); } if(!empty($data['arrivalYear']) && !empty($data['arrivalDay']) && !empty($data['arrivalMonth'])) { $data['arrivalDate'] = makeTimeStamp($data['arrivalYear'], $data['arrivalMonth'], $data['arrivalDay']); $tpl->assign("arrival_time", $data['arrivalDate']); } else { $data['arrivalDate'] = null; $tpl->assign("arrival_time", "--"); } $data = filter_var_array($data, $validate_args); $fp->process($data, $passthrough = array('comments','arrivalDate','departureDate','party_number','request','key','arrivalYear','arrivalMonth','arrivalDay','departureYear','departureMonth','departureDay')); //new dBug($data); if(!$fp->validCheck()) { //show errors $tpl->assign('form', $data); $tpl->assign('key', $data['key']); } else { if($valid_submission == true) { //put phone number together $data['phone'] = $data['phone_area'].$data['phone_pre'].$data['phone_ext']; //put the dates together if(!empty($data['departureYear']) && !empty($data['departureDay']) && !empty($data['departureMonth'])) { $data['departureDate'] = makeTimeStamp($data['departureYear'], $data['departureMonth'], $data['departureDay']); } else { $data['departureDate'] = '0000-00-00'; } if(!empty($data['arrivalYear']) && !empty($data['arrivalDay']) && !empty($data['arrivalMonth'])) { $data['arrivalDate'] = makeTimeStamp($data['arrivalYear'], $data['arrivalMonth'], $data['arrivalDay']); } else { $data['arrivalDate'] = '0000-00-00'; } //save the data and send email $sql = "INSERT INTO requests SET name=".$db->qstr($data['name'], get_magic_quotes_gpc()).", email='".$data['email']."', phone='".$data['phone']."', arrival=".$db->dbdate($data['arrivalDate']).", departure=".$db->dbdate($data['departureDate']).", party_number='".$data['party_number']."', comments=".$db->qstr($data['comments'], get_magic_quotes_gpc()).", key_check='".$data['key']."', ip='".$_SERVER['REMOTE_ADDR']."'"; $save = $db->Execute($sql); //format phone $data['phone'] = "(".substr($data['phone'],0,3).") ".substr($data['phone'],3,3)."-".substr($data['phone'],6,4); //if it doesn't save email me with a notification if(!$save) { $headers = "From: nobody@bizscabinbytheriver.com"."\r\n"."Mime-Version: 1.0"."\r\n"."X-Mailer: PHP/" . phpversion(); $headers .= "Content-Type: text/plain; charset='UTF-8'"; $message = "A request has been submitted, but there was an error saving it in the db"; $message .= "Name: ".$data['name']."\r\n"; $message .= "E-mail: ".$data['email']."\r\n"; $message .= "Phone: ".$data['phone']."\r\n"; $message .= "Arrival Date: ".date("n-d-Y",$data['arrivalDate'])."\r\n"; $message .= "Departure Date: ".date("n-d-Y",$data['departureDate'])."\r\n"; $message .= "Number in Party: ".$data['party_number']."\r\n"; $message .= "Questions/Comments: ".htmlspecialchars_decode($data['comments'], ENT_QUOTES)."\r\n"; $message .= "Key_check: ".$data['key']."\r\n"; $message .= "IP: ".$data['ip']."\r\n"; mail('randydustin@gmail.com', 'biz request did not save', $message); } //need to get rid of slashes for display $data['comments'] = stripslashes($data['comments']); $to = "biz@mtcnow.net, randydustin@gmail.com"; $headers = "From: nobody@bizscabinbytheriver.com"."\r\n"."Reply-To: ".$data['email']."\r\n"."Mime-Version: 1.0"."\r\n"."X-Mailer: PHP/" . phpversion(); $headers .= "Content-Type: text/plain; charset='UTF-8'"; $subject = "A request has been submitted from Biz's Cabin by the River"; $message = "A request has been submitted\r\n\r\n "; $message .= "Name: ".$data['name']."\r\n\r\n "; $message .= "E-mail: ".$data['email']."\r\n "; $message .= "Phone: ".$data['phone']."\r\n "; $message .= "Arrival Date: ".date("n-d-Y",$data['arrivalDate'])."\r\n "; $message .= "Departure Date: ".date("n-d-Y",$data['departureDate'])."\r\n "; $message .= "Number in Party: ".$data['party_number']."\r\n "; $message .= "Questions/Comments: ".htmlspecialchars_decode($data['comments'], ENT_QUOTES)."\r\n "; mail($to,$subject,$message,$headers); $tpl->assign('form_display', false); $tpl->assign('data', $data); $tpl->assign('valid_submission', $valid_submission); } else { $tpl->assign('form_display', false); } } } else { $tpl->assign("key", $_SESSION['token']); } $tpl->display("index.tpl"); unset($_SESSION['errors']); ?>