0

I have made a php page that allows someone to send out an email to one of our representative with a sample text that they approve wind power. It's just a form that when submitted it sends out to whomever they checked and also sends me an email saying that they sent an email to these people...

My problem is that since the letter is editable, so someone that does not like Wind Power can also email these officials that they do like it and reject the proposal...


So my question is... how do I make the form so that before it submits to a database and then gives me the admin rights to allow or deny this submission...

Thanks again,
Electricfan

2
Contributors
7
Replies
8
Views
6 Years
Discussion Span
Last Post by Electricfan
0

that should read before it does the script to email to addresses, I can allow or deny submission

0

Add a field to the table called 'allowable' and set the default value to 'unread'.

When you log in it would do a query "select * from yourtable where allowable='unread'". If you click on allow you "update yourtable set allowable='allow' where id='id_of_message'" and also sends the mail. If you click on deny it sets it to 'denied'

Without seeing actual code I doubt I could give you better information than that, sorry.

0

This is the tellanofficial.php code

<?php

 

if(count($_POST)) {
foreach(array('fmail1','fmail2','fmail4','fmail3','email0','firstprospect','lastprospect','addressprospect','cityprospect','stateprospect','azipprospect','prefixprospect') as $key) $_POST[$key] = strip_tags($_POST[$key]);
if(!is_secure($_POST)) { die("thank you no thanks");}

# submits a notification to you when 
# the form is submitted

// Email address for copies to be sent to - sean@surfgraphics
$emailto = "name@domain.com"; 

// Notification email subject text for copies
$esubject = "<<<BNE TAKE ACTION SUBMISSION>>>"; 

// Email body text for notifications
$emailtext = "
$_POST[prefixprospect] $_POST[firstprospect] $_POST[lastprospect]
$_POST[addressprospect]
$_POST[cityprospect],$_POST[stateprospect] $_POST[azipprospect] 

$_POST[prospectmessage]

Has sent a Take Action email to following recipients:

$_POST[fmail1]
$_POST[fmail2]
$_POST[fmail3]
$_POST[fmail4]

";

# This function sends the email to you

@mail("$emailto", $esubject, $emailtext, "From: $_POST[email0]");

# This part is the function for sending to recipients

// Page to display after successful submission
// Change the thankyou.htm to suit

$thankyoupage = "index.html"; 

// Subject line for the recommendation - change to suit

$tsubject = "My support of Wind Prospect ";

// Change the text below for the email 
// Be careful not to change anyt "$_POST[value]" bits

$ttext = "

To: Our Local Prospect Official,
Subject: My support of Wind Prospect 

$_POST[prospectmessage]

Thank you...
$_POST[prefixprospect] $_POST[firstprospect] $_POST[lastprospect]
$_POST[addressprospect]
$_POST[cityprospect],$_POST[stateprospect] $_POST[azipprospect]
$_POST[email0]
";

# This sends the note to the addresses submitted
@mail("$_POST[fmail1],$_POST[fmail2],$_POST[fmail3],$_POST[fmail4]", $tsubject, $ttext, "FROM: $_POST[email0]");

# After submission, the thank you page
header("Location: $thankyoupage");
exit;
}

# Nothing further can be changed. Leave the below as is

function is_secure($ar) {
$reg = "/(Content-Type|Bcc|MIME-Version|Content-Transfer-Encoding)/i";
if(!is_array($ar)) { return preg_match($reg,$ar);}
$incoming = array_values_recursive($ar);
foreach($incoming as $k=>$v) if(preg_match($reg,$v)) return false;
return true;
}

function array_values_recursive($array) {
$arrayValues = array();
foreach ($array as $key=>$value) {
if (is_scalar($value) || is_resource($value)) {
$arrayValues[] = $value;
$arrayValues[] = $key;
}
elseif (is_array($value)) {
$arrayValues[] = $key;
$arrayValues = array_merge($arrayValues, array_values_recursive($value));
}
}
return $arrayValues;
}
?>
0

Between line 5 and 6 you should store all the values you're getting via $_POST into your database table along with an extra field to keep track of if it's been read/approved/denied. Make sure you have a unique auto_increment field to serve as the record id

On the extra field, what I'd probably do instead of setting the field to 'unread' or null or something would be to store an md5 hash like:

$hashdata=md5(time());

Either break the file into two files around line 38, or use a conditional statement. I'll get back to that one.

In your emailtext, I'm assuming the 'you' here means literally you, the owner of the page and not you, the person filling out the form. So in the emailtext I'd include a line like:

$inc_link_ap="http://www.mydomain.com/tellanofficial.php?msg=$id&status=approved&auth=$hashdata"
$inc_link_dn="http://www.mydomain.com/tellanofficial.php?msg=$id&status=denied&auth=$hashdata"

Include those two lines in the email that gets sent to you. This will give you a very simple interface to approve/deny the email.

Then wrap everything from line 38 down to line 73 in a conditional.
Here you'll want to compare the stored hash with the $_GET version and if 'status' is set to 'approve' and the hash matches then you pull the fields from the database and send the mail.

Lastly, I didn't look to see where your IF conditional on line 5 ends, but it should end at line 38 also. This will prevent the page from sending you another email.

Edited by dietdew12z: n/a

0

wow...thanks for the help.. I will try this today and hope for the best...I'm to working with php and adding db's to them so I'll see how it goes...

0

I'm really trying but not doing so well... I've built a database with all my fields..

But I'm lost with how to work with the hashdata

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.