Home > Archive > PHP Programming > April 2008 > Problem with a contact me php form. Anyone look please?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problem with a contact me php form. Anyone look please?
|
|
| Mike Barnard 2008-03-25, 7:10 pm |
| Hi.
I know next to nothing about PHP, and to be honest I don't need to
learn it. I just need a simple form to work. Can anyone look at it
for me?
I have downloaded a freebie php script for a spam free email contact
form. This is where it came from...
http://www.stevedawson.com/article0015.php
I have butchered it slightly, but not the basic code, just the excess
table stuff. The problem is that a valid email address I entered as a
test returns as invalid. Can anyone tell me if the script is any good
and worth persevering with or is there better somewhere? I don't mind
the inbox filling up with tests if you should so fancy! :)
You will find my version at www.thermachek.com/ on the contact link.
Ah, just thought. You won't see the code as it will be processed
first. I'll paste it at the end.
OK, here I go again, off to the land of nod. 14 past 11 at night.
Thanks all. G'night.
<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
/* ******* START OF CONFIG SECTION ****** */
$sendto = "info [alpha tango] thermachek (delta oscar tango) com";
// I messed up this address just for usenet. It's not like this on my
// site.
$subject = "Email from Thermachek website";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message printed if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious
code content detected.
</font><br><b>Your IP Number of <b>".getenv("REMOTE_ADDR")."</b> has
been logged.</b></p>";
/* ******* END OF CONFIG SECTION ****** */
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $email\n";
$headers . "MIME-Version: 1.0\n"
. "Content-Transfer-Encoding: 7bit\n"
. "Content-type: text/html; charset =
\"iso-8859-1\";\n\n";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block
website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage";
exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage";
exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage";
exit();}
// Patterm match search to strip out the invalid charcaters, this
prevents the mail injection spammer
$pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; //
build the pattern match string
$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $message);
// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you
have set in the above config section
$find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);
// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo
"$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo
"$SpamErrorMessage"; exit();}
// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo
"$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo
"$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
Email from Thermachek website
-----------------------------------------------------------------------------
Name: $name
Email: $email
Message: $message
_______________________________________
End of Email
";
// Check the email address enmtered matches the standard email address
format
if (!eregi("^[A-Z0-9_%-]+@[A-Z0-9_%-]+\.a[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a
href='java script: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='java script:
history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a
href='java script: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a
href='java script: history.go(-1)'>Click here to go back</a>.</p>";
}
// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as
soon as possible.</p>";
}
}
else {
?>
<form method="post"><INPUT NAME="op" TYPE="hidden" VALUE="send">
<div> <!-- Block container for the input elements -->
<table>
<tr>
<td><p>Name:</p></td>
<td>
<input name="name" type="text" size="30" maxlength="150">
</td>
</tr>
<tr>
<td><p>E-mail:</p></td>
<td>
<input name="email" type="text" size="30" maxlength="150">
</td>
</tr>
<tr>
<td valign="top"><p>Message:</p></td>
<td><textarea name="message" cols="50"
rows="20"></textarea></td>
</tr>
<tr><td></td> <td><input name="submit" type="submit" value="Send
Message"></td></tr>
</table>
</div>
</form>
<?php } ?>
| |
| Jerry Stuckle 2008-03-25, 7:10 pm |
| Mike Barnard wrote:
> Hi.
>
>
> I know next to nothing about PHP, and to be honest I don't need to
> learn it. I just need a simple form to work. Can anyone look at it
> for me?
>
> I have downloaded a freebie php script for a spam free email contact
> form. This is where it came from...
>
> http://www.stevedawson.com/article0015.php
>
> I have butchered it slightly, but not the basic code, just the excess
> table stuff. The problem is that a valid email address I entered as a
> test returns as invalid. Can anyone tell me if the script is any good
> and worth persevering with or is there better somewhere? I don't mind
> the inbox filling up with tests if you should so fancy! :)
>
> You will find my version at www.thermachek.com/ on the contact link.
> Ah, just thought. You won't see the code as it will be processed
> first. I'll paste it at the end.
>
> OK, here I go again, off to the land of nod. 14 past 11 at night.
>
> Thanks all. G'night.
>
>
>
>
>
>
>
>
>
>
>
>
> <?php
> if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
>
> /* ******* START OF CONFIG SECTION ****** */
>
>
>
>
> $sendto = "info [alpha tango] thermachek (delta oscar tango) com";
>
> // I messed up this address just for usenet. It's not like this on my
> // site.
>
>
>
>
> $subject = "Email from Thermachek website";
>
> // Select if you want to check form for standard spam text
>
> $SpamCheck = "Y"; // Y or N
>
> $SpamReplaceText = "*content removed*";
>
> // Error message printed if spam form attack found
>
> $SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious
> code content detected.
>
> </font><br><b>Your IP Number of <b>".getenv("REMOTE_ADDR")."</b> has
> been logged.</b></p>";
>
> /* ******* END OF CONFIG SECTION ****** */
> $name = $HTTP_POST_VARS['name'];
> $email = $HTTP_POST_VARS['email'];
> $message = $HTTP_POST_VARS['message'];
> $headers = "From: $email\n";
> $headers . "MIME-Version: 1.0\n"
> . "Content-Transfer-Encoding: 7bit\n"
> . "Content-type: text/html; charset =
> \"iso-8859-1\";\n\n";
> if ($SpamCheck == "Y") {
> // Check for Website URL's in the form input boxes as if we block
> website URLs from the form,
> // then this will stop the spammers wastignt ime sending emails
> if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage";
> exit();}
> if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage";
> exit();}
> if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage";
> exit();}
>
> // Patterm match search to strip out the invalid charcaters, this
> prevents the mail injection spammer
> $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; //
> build the pattern match string
>
> $name = preg_replace($pattern, "", $name);
> $email = preg_replace($pattern, "", $email);
> $message = preg_replace($pattern, "", $message);
>
> // Check for the injected headers from the spammer attempt
> // This will replace the injection attempt text with the string you
> have set in the above config section
> $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
> $email = preg_replace($find, "$SpamReplaceText", $email);
> $name = preg_replace($find, "$SpamReplaceText", $name);
> $message = preg_replace($find, "$SpamReplaceText", $message);
>
> // Check to see if the fields contain any content we want to ban
> if(stristr($name, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
> if(stristr($message, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
>
> // Do a check on the send email and subject text
> if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
> if(stristr($subject, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
> }
> // Build the email body text
> $emailcontent = "
> -----------------------------------------------------------------------------
> Email from Thermachek website
> -----------------------------------------------------------------------------
> Name: $name
> Email: $email
> Message: $message
>
> _______________________________________
> End of Email
> ";
> // Check the email address enmtered matches the standard email address
> format
> if (!eregi("^[A-Z0-9_%-]+@[A-Z0-9_%-]+\.a[A-Z]{2,6}$", $email)) {
> echo "<p>It appears you entered an invalid email address</p><p><a
> href='java script: history.go(-1)'>Click here to go back</a>.</p>";
> }
>
> elseif (!trim($name)) {
> echo "<p>Please go back and enter a Name</p><p><a href='java script:
> history.go(-1)'>Click here to go back</a>.</p>";
> }
>
>
> elseif (!trim($message)) {
> echo "<p>Please go back and type a Message</p><p><a
> href='java script: history.go(-1)'>Click here to go back</a>.</p>";
> }
>
> elseif (!trim($email)) {
> echo "<p>Please go back and enter an Email</p><p><a
> href='java script: history.go(-1)'>Click here to go back</a>.</p>";
> }
>
> // Sends out the email or will output the error message
> elseif (mail($sendto, $subject, $emailcontent, $headers)) {
> echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as
> soon as possible.</p>";
> }
> }
> else {
> ?>
>
>
> <form method="post"><INPUT NAME="op" TYPE="hidden" VALUE="send">
> <div> <!-- Block container for the input elements -->
>
> <table>
> <tr>
> <td><p>Name:</p></td>
> <td>
> <input name="name" type="text" size="30" maxlength="150">
> </td>
> </tr>
> <tr>
> <td><p>E-mail:</p></td>
> <td>
> <input name="email" type="text" size="30" maxlength="150">
> </td>
> </tr>
>
> <tr>
> <td valign="top"><p>Message:</p></td>
> <td><textarea name="message" cols="50"
> rows="20"></textarea></td>
> </tr>
> <tr><td></td> <td><input name="submit" type="submit" value="Send
> Message"></td></tr>
> </table>
>
> </div>
> </form>
> <?php } ?>
>
>
>
>
If you don't need to learn php, hire a consultant to fix it for you.
This is a group to help PHP programmers, not give you free consulting
services.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
| Mike Barnard 2008-03-26, 4:04 am |
| On Tue, 25 Mar 2008 20:04:19 -0500, Jerry Stuckle
<jstucklex@attglobal.net> wrote:
>Mike Barnard wrote:
>
>If you don't need to learn php, hire a consultant to fix it for you.
>
>This is a group to help PHP programmers, not give you free consulting
>services.
Ooooooooooo. Who got out of bed the wrong side this morning then? Not
getting enough? Work, I mean.
| |
| Jerry Stuckle 2008-03-26, 8:04 am |
| Mike Barnard wrote:
> On Tue, 25 Mar 2008 20:04:19 -0500, Jerry Stuckle
> <jstucklex@attglobal.net> wrote:
>
>
> Ooooooooooo. Who got out of bed the wrong side this morning then? Not
> getting enough? Work, I mean.
>
>
Nope, got more work than I can handle. But this newsgroup is not to
provide you with free consulting. If you don't want to learn PHP, find
your sucker somewhere else.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
| Mike Barnard 2008-03-27, 7:14 pm |
| On Wed, 26 Mar 2008 07:11:21 -0500, Jerry Stuckle
<jstucklex@attglobal.net> wrote:
>Mike Barnard wrote:
>
>Nope, got more work than I can handle. But this newsgroup is not to
>provide you with free consulting. If you don't want to learn PHP, find
>your sucker somewhere else.
The group hasn't got a 'purpose' as such other than discussing php.
(Yes, there will be a charter somewhere, but I am not wasting my time
looking for it.) If someone wants to volunteer to help it's
apprecieated. If not, fine, but abusing someone just for asking is
wrong.
Cya.
| |
| Sir Robin 2008-04-02, 4:32 am |
| On Wed, 26 Mar 2008 08:26:50 +0000, Mike Barnard
<m.barnard.trousers@thunderin.co.uk> wrote:
>On Tue, 25 Mar 2008 20:04:19 -0500, Jerry Stuckle
><jstucklex@attglobal.net> wrote:
>
>
>Ooooooooooo. Who got out of bed the wrong side this morning then? Not
>getting enough? Work, I mean.
I *was* thinking about debugging your code, but... too arrogant - you don't
mock people when you come in and say 'do my work, I don't need to learn it'.
You can ask - with 'please' - but if someone criticizes you, this is not the
way to respond.
--
***/--- Sir Robin (aka Jani Saksa) Bi-Sex and proud of it! ---\***
**/ email: robsku@fiveam.NO-SPAM.org, <*> Reg. Linux user #290577 \**
*| Me, Drugs, DooM, Photos, Writings... http://soul.fiveam.org/robsku |*
**\--- GSM/SMS: +358 44 927 3992 ---/**
"Jokainen linkki, jonka päätteenä on ".org", on kelvoton tiedonlähde."
- Nikolas Mäki
| |
| Guillaume 2008-04-02, 8:12 am |
| Krustov a écrit :
> <comp.lang.php>
> <Sir Robin>
> <Wed, 02 Apr 2008 09:29:25 +0300>
> <em96v3ht3gpmq211o7t3l4c0dvj2vqn7oh@4ax.com>
>
>
> If somebody criticizes him - perhaps you think he should say something
> like 'please criticize me some more' ? .
First there is a world between "Criticize me more" and the answer he gave.
Something like "Okay, you're right about it, but I have
reasons/problems/difficulties, <insert random justification here>. Thus
I asked, hoping for someone with free time to spare to help me." is in
the middle, and nicely expected, may it be a lie or the truth (which I
don't really care about).
Second, one should realize a difference between a real criticism (i.e. a
constructed argue) and a sarcastic reply. Jerry's one was real, he was
not mocking that person but replying accordingly to what was nothing
more than a request for a free consulting service.
There was absolutely no need to mock him in return of this argue, while
I would have understand if Jerry's reply was something like "you're a
lazy person".
Regards,
--
Guillaume
| |
| Paul Herber 2008-04-02, 8:12 am |
| On Wed, 02 Apr 2008 14:10:15 +0200, Guillaume
<ggrason@NOSPAM.gmail.com.INVALID> wrote:
>Krustov a écrit :
>
>First there is a world between "Criticize me more" and the answer he gave.
Ignore Krusty. He refuses to use an HTML validator and then spends a
w looking for a missing </table> tag.
--
Regards, Paul Herber, Sandrila Ltd.
http://www.sandrila.co.uk/ http://www.pherber.com/
| |
| Krustov 2008-04-02, 8:12 am |
| <comp.lang.php>
<Paul Herber>
<Wed, 02 Apr 2008 13:23:42 +0100>
<1iu6v3199vluc66m38ccai568q8gjn1qga@news.gradwell.net>
> Ignore Krusty. He refuses to use an HTML validator and then spends a
> w looking for a missing </table> tag
>
Why do you tell lies ? .
It was a w before i got around to having a look at it .
--
www.krustov.co.uk
|
|
|
|
|