SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Need help understanding a bit of PHP code...

    I need help understanding if some PHP code does what I think it does.

    We are replacing our old Contact Form (which had no safety measures) and want it to have two safety features:
    1) a simple security code question, like "Using only numbers, what is 10 plus 15?"
    2) a way of cleaning, or sanitizing the submitted data to remove potentially damaging hacker codes

    We think we found both - but we are not sure

    I found a pre-made contact form here: http://www.freecontactform.com/free.php that definitely has feature #1, but I can't tell if it has feature #2

    Below are their two pieces of pre-made PHP code that I think are applicable.

    We need to know if:
    a) it will work with PHP version 5+
    b) the #2 (anti-spammer/anti-hacker) features* are in there


    *for my educational reasons, can you tell me which lines of code are the anti-hacker ones?

    Thank you for your help

    freecontactformsettings.php
    PHP Code:
    <?php
    $email_to 
    "youremailaddress@yourdomain.com"// your email address
    $email_subject "Contact Form Message"// email subject line
    $thankyou "thankyou.htm"// thank you page
    // if you update the question on the form -
    // you need to update the questions answer below
    $antispam_answer "15";
    ?>
    freecontactformprocess.php
    PHP Code:
    <?php
    /**
     * 
     * URL: [url]www.freecontactform.com[/url]
     * 
     * Version: FreeContactForm Free V2.1
     * 
     * Copyright (c) 2012 Stuart Cochrane
     *
     * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
     * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
     * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
     * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
     * THE SOFTWARE.
     * 
     * 
     * Note: This is NOT the same code as the PRO version
     * 
     */

    if(isset($_POST['Email_Address'])) {
        
        include 
    'freecontactformsettings.php';
        
        function 
    died($error) {
            echo 
    "Sorry, but there were error(s) found with the form you submitted. ";
            echo 
    "These errors appear below.<br /><br />";
            echo 
    $error."<br /><br />";
            echo 
    "Please go back and fix these errors.<br /><br />";
            die();
        }
        
        if(!isset(
    $_POST['Full_Name']) ||
            !isset(
    $_POST['Email_Address']) ||
            !isset(
    $_POST['Telephone_Number']) ||
            !isset(
    $_POST['Your_Message']) || 
            !isset(
    $_POST['AntiSpam'])        
            ) {
            
    died('Sorry, there appears to be a problem with your form submission.');        
        }
        
        
    $full_name $_POST['Full_Name']; // required
        
    $email_from $_POST['Email_Address']; // required
        
    $telephone $_POST['Telephone_Number']; // not required
        
    $comments $_POST['Your_Message']; // required
        
    $antispam $_POST['AntiSpam']; // required
        
        
    $error_message "";
        
        
    $email_exp '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
      if(
    preg_match($email_exp,$email_from)==0) {
          
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
      }
      if(
    strlen($full_name) < 2) {
          
    $error_message .= 'Your Name does not appear to be valid.<br />';
      }
      if(
    strlen($comments) < 2) {
          
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
      }
      
      if(
    $antispam <> $antispam_answer) {
        
    $error_message .= 'The Anti-Spam answer you entered is not correct.<br />';
      }
      
      if(
    strlen($error_message) > 0) {
          
    died($error_message);
      }
        
    $email_message "Form details below.\r\n";
        
        function 
    clean_string($string) {
          
    $bad = array("content-type","bcc:","to:","cc:");
          return 
    str_replace($bad,"",$string);
        }
        
        
    $email_message .= "Full Name: ".clean_string($full_name)."\r\n";
        
    $email_message .= "Email: ".clean_string($email_from)."\r\n";
        
    $email_message .= "Telephone: ".clean_string($telephone)."\r\n";
        
    $email_message .= "Message: ".clean_string($comments)."\r\n";
        
    $headers 'From: '.$email_from."\r\n".
    'Reply-To: '.$email_from."\r\n" .
    'X-Mailer: PHP/' phpversion();
    mail($email_to$email_subject$email_message$headers);
    header("Location: $thankyou");
    ?>
    <script>location.replace('<?php echo $thankyou;?>')</script>
    <?php
    }
    die();
    ?>

  2. #2
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,941
    Mentioned
    215 Post(s)
    Tagged
    12 Thread(s)
    Hi there,

    Quote Originally Posted by Greg Baka View Post
    We need to know if: a) it will work with PHP version 5+
    As far as I can see, it shouldn't be a problem.

    Quote Originally Posted by Greg Baka View Post
    b) the #2 (anti-spammer/anti-hacker) features* are in there
    Hard to say without seeing the form which submits its input to this PHP script.

    What this script does do is the following:
    • It checks if the field "Email_Address" is set (presumably checks if someone has filled out an email address).
    • If so, the next thing it does is to include the file "freecontactformsettings.php". This is an unknown, as you don't post the contents of this file.
    • Then it checks to see if the fields "Full_Name", "Email_Address", "Telephone_Number", "Your_Message" and "AntiSpam" have values.
    • It then checks that the email address is a valid one (using a reg ex) and that the variable $antispam is equal to the variable $antispam_answer.
    • It then puts together an email message, sends it and redirects to the page defined in the variable $thankyou.
    To answer your question, I'd say: it looks good, but either post the complete script, or just try it out on your server (doesn't have to be on the live site).
    There's nothing in the code you posted that looks evil.

    Or, as a third option, if you fancy a challenge you could code a contact form up from scratch.
    It's not very hard, then you'd also be sure that it worked as expected.
    I could help you with that if you like.

  3. #3
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    The regex for the email is a bit iffy (validating email addresses is notoriously hard), but should work.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  4. #4
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,941
    Mentioned
    215 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by StarLion View Post
    validating email addresses is notoriously hard
    +1 for that.
    It's completely annoying when you enter your email address into a form, only for the form to tell you that the mail address that you entered and have been using for years is invalid.
    I therefore tend to be a bit more lax with such a check: some characters, an at sign, some more characters, a dot and some more characters tends to do.

    If you fancy blowing your mind, look here to see a more coplicated regex for validating email addresses: http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html

  5. #5
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thank you Pullo and StarLion !

    I did paste in the code for the form below. And I am concerned about the "regex" you mentioned....

    My explanation of what I was looking for was a bit fuzzy. I'll try again...

    This article http://web-op.com/forms-article.php talks about making Contact Forms that can't be hijacked. It says:
    Without the availability of email addresses to harvest from websites, spammers have turned the setback of feedback and contact forms into a springboard to send even more spam. By entering malicious data into the contact form, hackers or spammers can fool the PHP script into sending mass amounts of spam from your site. Thankfully, there is a solution that is fairly easy: Cleaning the data.
    and suggests using some PHP code like this to prevent it:
    PHP Code:
    // Mail header removal
    function remove_headers($string) { 
      
    $headers = array(
        
    "/to\:/i",
        
    "/from\:/i",
        
    "/bcc\:/i",
        
    "/cc\:/i",
        
    "/Content\-Transfer\-Encoding\:/i",
        
    "/Content\-Type\:/i",
        
    "/Mime\-Version\:/i" 
      
    ); 
      return 
    preg_replace($headers''$string); } 
    The free form I found does not APPEAR to have any such code in it, but perhaps their developers took care of the issue a different way. That is what I was trying to ask in the original post: Does the FreeContactForm code also avoid the hijacking issue by some other method?

    Email address validation: about the concern StarLion mentioned - How would I completely remove the whole email address validation step? Many of my customers are elderly and prefer to leave a phone number rather than an email. They may just type something like "none" in the email space, and I want that to be OK.

    Thanks!

    PHP Code:
    <!--
    URLwww.freecontactform.com
    Version
    FreeContactForm Free V2.2
    Copyright 
    (c2012 Stuart Cochrane
    THE SOFTWARE IS PROVIDED 
    "AS IS"WITHOUT WARRANTY OF ANY KINDEXPRESS OR
    IMPLIEDINCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENTIN NO EVENT SHALL THE
    AUTHORS 
    OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIMDAMAGES OR OTHER
    LIABILITY
    WHETHER IN AN ACTION OF CONTRACTTORT OR OTHERWISEARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE
    .
    -->
    <!
    DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <
    html>
        <
    head>
        <
    meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <
    title>Contact Us</title>
        <
    script src="freecontactformvalidation.js"></script>
        <script>
        required.add('Full_Name','NOT_EMPTY','Full Name');
        required.add('Email_Address','EMAIL','Email Address');
        required.add('Your_Message','NOT_EMPTY','Your Message');
        required.add('AntiSpam','NOT_EMPTY','Anti-Spam Question');
        </script>
        <link rel="stylesheet" type="text/css" href="freecontactform.css">
        </head>
        <body>
        
        <form name="freecontactform" method="post" action="freecontactformprocess.php" onsubmit="return validate.check(this)">
        <table width="400px" class="freecontactform">
        <tr>
         <td colspan="2">
          
         <div class="freecontactformheader">Contact Us Form</div>
          
         <div class="freecontactformmessage">Fields marked with <span class="required_star"> * </span> are mandatory.</div>
          
         </td>
        </tr>
        <tr>
         <td valign="top">
          <label for="Full_Name" class="required">Full Name<span class="required_star"> * </span></label>
         </td>
         <td valign="top">
          <input type="text" name="Full_Name" id="Full_Name" maxlength="80" style="width:230px">
         </td>
        </tr>
        <tr>
         <td valign="top">
          <label for="Email_Address" class="required">Email Address<span class="required_star"> * </span></label>
         </td>
         <td valign="top">
          <input type="text" name="Email_Address" id="Email_Address" maxlength="100" style="width:230px">
         </td>
        </tr>
        <tr>
         <td valign="top">
          <label for="Telephone_Number" class="not-required">Telephone Number</label>
         </td>
         <td valign="top">
          <input type="text" name="Telephone_Number" id="Telephone_Number" maxlength="100" style="width:230px">
         </td>
        </tr>
        <tr>
         <td valign="top">
          <label for="Your_Message" class="required">Your Message<span class="required_star"> * </span></label>
         </td>
         <td valign="top">
          <textarea style="width:230px;height:160px" name="Your_Message" id="Your_Message" maxlength="2000"></textarea>
         </td>
        </tr>
        <tr>
         <td colspan="2" style="text-align:center" >
          <div class="antispammessage">
          To help prevent automated spam, please answer this question
          <br /><br />
              <div class="antispamquestion">
               <span class="required_star"> * </span>
               Using only numbers, what is 10 plus 15? &nbsp; 
               <input type="text" name="AntiSpam" id="AntiSpam" maxlength="100" style="width:30px">
              </div>
          </div>
         </td>
        </tr>
        <tr>
         <td colspan="2" style="text-align:center" >
         <br /><br />
          <input type="submit" value=" Submit Form " style="width:200px;height:40px">
          <br /><br />
          <!-- 
          If you want to remove this author link, 
          please purchase an unbranded version from: http://www.freecontactform.com/unbranded_form.php 
          Or upgrade to the professional version at: http://www.freecontactform.com/professional.php
          -->
          <div style="font-size:0.9em">Form provided by <a href="http://www.freecontactform.com" target="_blank">Free Contact Form</a></div>
          <br /><br />
         </td>
        </tr>
        </table>
        </form>
    </body>
    </html> 

  6. #6
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,337
    Mentioned
    192 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by Pullo View Post
    It's completely annoying when you enter your email address into a form, only for the form to tell you that the mail address that you entered and have been using for years is invalid.
    My favorite feature of GMail is the Filters. And it annoys me immensely when a site disallows the plus (+) in my email address!!
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Git is for EVERYONE
    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains

  7. #7
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,941
    Mentioned
    215 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by Greg Baka View Post
    This article http://web-op.com/forms-article.php talks about making Contact Forms that can't be hijacked. It says:
    and suggests using some PHP code like this to prevent it:
    PHP Code:
    // Mail header removal
    function remove_headers($string) { 
      
    $headers = array(
        
    "/to\:/i",
        
    "/from\:/i",
        
    "/bcc\:/i",
        
    "/cc\:/i",
        
    "/Content\-Transfer\-Encoding\:/i",
        
    "/Content\-Type\:/i",
        
    "/Mime\-Version\:/i" 
      
    ); 
      return 
    preg_replace($headers''$string); } 
    Oh right.
    Yeah, the code you provided in your original post kind of does this, in so far as it scrubs any occurrences of "content-type","bcc:","to:" or "cc:" from the mail body and the headers:

    Code PHP:
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "Full Name: ".clean_string($full_name)."\r\n";
    $email_message .= "Email: ".clean_string($email_from)."\r\n";
    $email_message .= "Telephone: ".clean_string($telephone)."\r\n";
    $email_message .= "Message: ".clean_string($comments)."\r\n";
     
    $headers = 'From: '.$email_from."\r\n".
    'Reply-To: '.$email_from."\r\n" .
    'X-Mailer: PHP/' . phpversion();
    mail($email_to, $email_subject, $email_message, $headers);

    As to whether that's enough to be 100% on the safe side, I wouldn't like to say.
    It seems like a good start though and I'd like to think that your hosting company would let you know if your contact form was being used to send out hundreds of thousands of spam mails every day.

    What do other people think??

    How would I completely remove the whole email address validation step?
    Remove, or comment out this line:

    Code PHP:
    if(preg_match($email_exp,$email_from)==0) {
      $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
    }

    The script will still require a value to be entered in the Email field, but won't validate it against the aforementioned reg-ex.

    HTH

  8. #8
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I created a trial Contact Form page, and installed both the stock version and my own version of the pre-made contact form. And failed. Help?

    Here is the trial page: http://easydigging.com/Contact-1.html

    It's a responsive page, so on wide screens the stock version is on the left and my own version is on the right. If you are looking at it with a skinny screen device, the stock will be above and my own version will be below.

    The stock one acts as if it is sending emails to me - but they never appear.

    My version gives error messages even with all good data entered in the fields.

    Two strikes, and I am almost out... Help!

    Here are the bits of code that pertain:

    Stock contact form HTML:
    HTML Code:
    <!-- Stock Contact Form -->
    <form name="freecontactform" method="post" action="freecontactformprocess.php" onsubmit="return validate.check(this)">
    	<table width="400px" class="freecontactform">
    	<tr>
    	 <td colspan="2">
    	   <div class="freecontactformheader">Contact Us Form</div>
    	   <div class="freecontactformmessage">Fields marked with <span class="required_star"> * </span> are mandatory.</div>
    	 </td>
    	</tr>
    	<tr>
    	 <td valign="top">
    	   <label for="Full_Name" class="required">Full Name<span class="required_star"> * </span></label>
    	 </td>
    	 <td valign="top">
    	   <input type="text" name="Full_Name" id="Full_Name" maxlength="80" style="width:230px">
    	 </td>
    	</tr>
    	<tr>
    	 <td valign="top">
    	   <label for="Email_Address" class="required">Email Address<span class="required_star"> * </span></label>
    	 </td>
    	 <td valign="top">
    	   <input type="text" name="Email_Address" id="Email_Address" maxlength="100" style="width:230px">
    	 </td>
    	</tr>
    	<tr>
    	 <td valign="top">
    	   <label for="Telephone_Number" class="not-required">Telephone Number</label>
    	 </td>
    	 <td valign="top">
    	   <input type="text" name="Telephone_Number" id="Telephone_Number" maxlength="100" style="width:230px">
    	 </td>
    	</tr>
    	<tr>
    	 <td valign="top">
    	   <label for="Your_Message" class="required">Your Message<span class="required_star"> * </span></label>
    	 </td>
    	 <td valign="top">
    	   <textarea style="width:230px;height:160px" name="Your_Message" id="Your_Message" maxlength="2000"></textarea>
    	 </td>
    	</tr>
    	<tr>
    	 <td colspan="2" style="text-align:center" >
    	   <div class="antispammessage">
    	   To help prevent automated spam, please answer this question
    	   <br /><br />
    		  <div class="antispamquestion">
    		    <span class="required_star"> * </span>
    		    Using only numbers, what is 6 plus 6? &nbsp; 
    		    <input type="text" name="AntiSpam" id="AntiSpam" maxlength="100" style="width:30px">
    		  </div>
    	   </div>
    	 </td>
    	</tr>
    	<tr>
    	 <td colspan="2" style="text-align:center" >
    	   <br /><br />
    	   <input type="submit" value=" Submit Form " style="width:200px;height:40px">
    	   <br /><br />
    	   <!-- 
    	   If you want to remove this author link, 
    	   please purchase an unbranded version from: http://www.freecontactform.com/unbranded_form.php 
    	   Or upgrade to the professional version at: http://www.freecontactform.com/professional.php
    	   -->
    	  <div style="font-size:0.9em">Form provided by <a href="http://www.freecontactform.com" target="_blank">Free Contact Form</a></div>
    	  <br /><br />
    	 </td>
    	</tr>
    	</table>
    </form>
    My version of the contact form HTML: (Twitter Bootstrap site)
    HTML Code:
    <form name="freecontactform" method="post" action="freecontactformprocess.php" onsubmit="return validate.check(this)">
         <fieldset>
             
    		 <legend>Contact Us Form</legend>
             <label>Your Name:</label>
             <input class="input-block-level" type="text"
                 name="Full_Name" id="Full_Name" placeholder="name here…">
    	     
    		 <label>Email Address:</label>
             <input class="input-block-level" type="text" 
    	         name="Email_Address" id="Email_Address" placeholder="email here…">
    	
    	     <label>Telephone Number:</label>
             <input class="input-block-level" type="text" 
    	         name="Telephone_Number" id="Telephone_Number" placeholder="phone here…">
             <span class="help-block">We need either an email or phone to reply to you.</span>
    	
    	     <label>Your message:</label>		 
    	     <textarea class="input-block-level" rows="3" name="Your_Message" id="Your_Message" maxlength="2000">
    		 </textarea>
    		 
         <div style=text-align:center; >
    	     <label><strong>To prevent automated spam, you must answer this question:</strong></label>
    	     <label>What is 6 + 6 ?</label>		 
    	     <input class="input-mini" type="text" maxlength="3"
    	         name="AntiSpam" id="AntiSpam" placeholder="number">		
    	     <br/ >
    		 <div class="form-actions">
                 <input class="btn btn-large btn-primary" type="submit" value="&nbsp; Submit Form &nbsp;">
    		 </div>
    	 </div>
         </fieldset>
    </form>
    Javascript: freecontactformvalidation.js
    Code:
    function has_id(id){try{var tmp=document.getElementById(id).value;}catch(e){return false;}
    return true;}
    function has_name(nm){try{var tmp=cfrm.nm.type;}catch(e){return false;}
    return true;}
    function $$(id){if(!has_id(id)&&!has_name(id)){alert("Field "+id+" does not exist!\n Form validation configuration error.");return false;}
    if(has_id(id)){return document.getElementById(id).value;}else{return;}}
    function $val(id){return document.getElementById(id);}
    function trim(id){$val(id).value=$val(id).value.replace(/^\s+/,'').replace(/\s+$/,'');}
    var required={field:[],add:function(name,type,mess){this.field[this.field.length]=[name,type,mess];},out:function(){return this.field;},clear:function(){this.field=[];}};var validate={check:function(cform){var error_message='Please fix the following errors:\n\n';var mess_part='';var to_focus='';var tmp=true;for(var i=0;i<required.field.length;i++){if(this.checkit(required.field[i][0],required.field[i][1],cform)){}else{error_message=error_message+required.field[i][2]+' must be supplied\n';if(has_id(required.field[i][0])&&to_focus.length===0){to_focus=required.field[i][0];}
    tmp=false;}}
    if(!tmp){alert(error_message);}
    if(to_focus.length>0){document.getElementById(to_focus).focus();}
    return tmp;},checkit:function(cvalue,ctype,cform){if(ctype=="NOT_EMPTY"){if(this.trim($$(cvalue)).length<1){return false;}else{return true;}}else if(ctype=="EMAIL"){exp=/^[a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/;if($$(cvalue).match(exp)==null){return false;}else{return true;}}},trim:function(s){if(s.length>0){return s.replace(/^\s+/,'').replace(/\s+$/,'');}else{return s;}}};
    PHP #1: freecontactformsettings.php
    PHP Code:
    <?php
    $email_to 
    "contact@easydigging.com"// your email address
    $email_subject "Contact Form Message"// email subject line
    $thankyou "confirmcontact.html"// thank you page

    // if you update the question on the form -
    // you need to update the questions answer below
    $antispam_answer "12";
    ?>
    PHP#2: freecontactformprocess.php
    PHP Code:
    <?php
    /**
     * 
     * URL: www.freecontactform.com
     * 
     * Version: FreeContactForm Free V2.1
     * 
     * Copyright (c) 2012 Stuart Cochrane
     *
     * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
     * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
     * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
     * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
     * THE SOFTWARE.
     * 
     * 
     * Note: This is NOT the same code as the PRO version
     * 
     */

    if(isset($_POST['Email_Address'])) {
        
        include 
    'freecontactformsettings.php';
        
        function 
    died($error) {
            echo 
    "Sorry, but there were error(s) found with the form you submitted. ";
            echo 
    "These errors appear below.<br /><br />";
            echo 
    $error."<br /><br />";
            echo 
    "Please go back and fix these errors.<br /><br />";
            die();
        }
        
        if(!isset(
    $_POST['Full_Name']) ||
            !isset(
    $_POST['Email_Address']) ||
            !isset(
    $_POST['Telephone_Number']) ||
            !isset(
    $_POST['Your_Message']) || 
            !isset(
    $_POST['AntiSpam'])        
            ) {
            
    died('Sorry, there appears to be a problem with your form submission.');        
        }
        
        
    $full_name $_POST['Full_Name']; // required NOT
        
    $email_from $_POST['Email_Address']; // required NOT
        
    $telephone $_POST['Telephone_Number']; // not required
        
    $comments $_POST['Your_Message']; // required
        
    $antispam $_POST['AntiSpam']; // required
        
        
    $error_message "";
    /* Commented out these two pieces to allow anonymous comments (no name or no email address)
        $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
      if(preg_match($email_exp,$email_from)==0) {
          $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
      }
      if(strlen($full_name) < 2) {
          $error_message .= 'Your Name does not appear to be valid.<br />';
      } */
      
    if(strlen($comments) < 2) {
          
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
      }
      
      if(
    $antispam <> $antispam_answer) {
        
    $error_message .= 'The Anti-Spam answer you entered is not correct.<br />';
      }
      
      if(
    strlen($error_message) > 0) {
          
    died($error_message);
      }
        
    $email_message "Form details below.\r\n";
        
        function 
    clean_string($string) {
          
    $bad = array("content-type","bcc:","to:","cc:");
          return 
    str_replace($bad,"",$string);
        }
        
        
    $email_message .= "Full Name: ".clean_string($full_name)."\r\n";
        
    $email_message .= "Email: ".clean_string($email_from)."\r\n";
        
    $email_message .= "Telephone: ".clean_string($telephone)."\r\n";
        
    $email_message .= "Message: ".clean_string($comments)."\r\n";
        
    $headers 'From: '.$email_from."\r\n".
    'Reply-To: '.$email_from."\r\n" .
    'X-Mailer: PHP/' phpversion();
    mail($email_to$email_subject$email_message$headers);
    header("Location: $thankyou");
    ?>
    <script>location.replace('<?php echo $thankyou;?>')</script>
    <?php
    }
    die();
    ?>

  9. #9
    Non-Member
    Join Date
    Oct 2007
    Posts
    363
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pullo View Post
    +1 for that.
    It's completely annoying when you enter your email address into a form, only for the form to tell you that the mail address that you entered and have been using for years is invalid.
    I therefore tend to be a bit more lax with such a check: some characters, an at sign, some more characters, a dot and some more characters tends to do.

    If you fancy blowing your mind, look here to see a more coplicated regex for validating email addresses: http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html
    This is why I tend to just use something like a Zend Framework component for checking email.

    You can basically do this:

    PHP Code:
    $emailToCheck 'test@test.com';

    $validator = new Zend_Validate_EmailAddress();

    if (
    $validator->isValid($emailToCheck)){
     
    //email address is valid
    }else{
     
    //email address is invalid

    For me it's a case of why re-invent the wheel? Someone else has already solved the problem, so I'll just use that.

  10. #10
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,941
    Mentioned
    215 Post(s)
    Tagged
    12 Thread(s)
    Hi Greg,

    Well done for having a go at this on your own.
    It's the way to go.

    So, there appear to be two problems:

    Quote Originally Posted by Greg Baka View Post
    The stock one acts as if it is sending emails to me - but they never appear.
    This appears to be a mail configuration setting.
    If we were going to debug this, you would have to see what is being submitted by the form and where things go wrong server-side.

    But let's stick with your solution:
    Quote Originally Posted by Greg Baka View Post
    My version gives error messages even with all good data entered in the fields.
    The reason that it is returning with error messages is that you are calling the other form's validate() method when you submit it.
    There is something in this method which is causing it to return false and thus prevent submission.
    However, the JavaScript you provided is minified and I don't really want to pick my way through all of that.

    So, we need to decide what to do.
    Do you want to debug the original script, or do you want to construct a contact form on your own (my preferred solution)?

    I can help you with either one. Just let me know.

  11. #11
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thanks Pullo for any help you (or any other members) can give to create a Contact Form that will work with Twitter Bootstrap.

    I did some searching this morning, but can not find any sort of tutorial that tells how to get a Twitter Bootstrap form to send an email or check for common Contact Form hijacking tricks. Most articles say to just tweak a generic Contact Form until it works

    Many of my customers are elderly - some do not like giving their email and prefer to be phoned...
    So my Contact Form design goals are:
    1) does not require text in any of the fields except the Message field
    2) has some method to prevent common hijacking methods
    Bonus Goals would be:
    3) some way to prevent bots from sending me messages through the form
    4) a filter on the Message field that prevents the email from sending if words like "viagra" or "SEO" appear in the message

    I've been working on the probem today, and have gotten a little closer. Here is what I have:

    Contact page #2 is here: http://easydigging.com/Contact/Contact-2.html
    It uses the FreeContactForm code. It now almost works - except I still am not receiving emails sent from it. This one is my preferred choice.

    Contact page #3 is here: http://easydigging.com/Contact/Contact-3.html
    It uses the wufoo.com code. It does work - but the free version has limitations I am not happy with.

    Anybody know how to fix Contact page #2 ? Do you need me to post any code? I think all the code is in yesterday's message. Except for little changes I did to the HTML which can be seen using View Source.

    Thanks!

  12. #12
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,941
    Mentioned
    215 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by Greg Baka View Post
    Contact page #2 is here: http://easydigging.com/Contact/Contact-2.html
    It uses the FreeContactForm code. It now almost works - except I still am not receiving emails sent from it. This one is my preferred choice.
    Ok, so lets have a look at this one then.
    I just tried sending you a test message, through this form.
    The validation seems to work ok and after submission I was redirected to http://easydigging.com/Contact/confirmcontact.html, which is as it should be.

    But you say you're not getting the mail.

    First of all, check your spam folder.
    I know this sounds simple, but would be a real DOH! moment if we try to debug this only to find out the messages are landing there.

    Presuming that the spam folder is empty, please comment out (or remove) the following lines in your PHP script:

    Code PHP:
    mail($email_to, $email_subject, $email_message, $headers); 
    header("Location: $thankyou");
    Then add the following in their place:

    Code PHP:
    echo "Email to: $email_to<br />";
    echo "Email subject: $email_subject<br />";
    echo "Email message: $email_message<br />";
    echo "Headers: $headers<br />";
    exit();

    Please let me know when you have done that.

  13. #13
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi Pullo and all others who have been following this thread,

    I discovered that my webhosting service (Yahoo!) uses a somewhat unconventional method of processing and transmitting emails from any Contact Form on my site. That's why all the things we have tried have not worked.

    Since we can't do it with PHP, I changed my approach to creating the Contact Form and re-started a new thread over on the JavaScript page. Here is the new thread:
    http://www.sitepoint.com/forums/show...16#post5260316

    I appreciate all the help you have given me here


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •