Jump to content
xisto Community
Sign in to follow this  
Cena_54

Using A Php Contact Form Please Help

Recommended Posts

I have this followowing code stored in my /contact/index.php webpage:

<html><head><title>PHP Form Mailer - phpFormMailer (easy to use and more secure than many cgi formmailers)</title><style>BODY{color:#000000; font-size: 8pt; font-family: Verdana}.button {background-color: rgb(128,128,128); color:#ffffff; font-size: 8pt;}.inputc {font-size: 8pt;}</style></head><body><form name="phpformmailer" action="contact.php" align="center" method="post">  <div align="center"><center><table bgcolor="#F2F2F2" width="528" cellspacing="6">	<tr>	  <td width="159"><strong>Contact Us</strong></td>	  <td width="349"><a	  href="http://thedemosite.co.uk/phpformmailer/source_code_php_form_mailer_more_secure_than_cgi_form_mailers.php"><small>PHP	  Form Mailer - phpFormMailer <strong>- Source code</strong></small></a></td>	</tr>	<tr>	  <td align="right" width="159"><small>Your name:</small></td>	  <td width="349"><font face="Arial"><input class="inputc" size="29" name="name"></font></td>	</tr>	<tr>	  <td align="right" width="159"><font color="#000080" size="1">*</font><small> Your email	  address:</small></td>	  <td align="left" width="349"><font face="Arial"><input class="inputc" size="29"	  name="email"></font></td>	</tr>	<tr align="middle">	  <td align="right" width="159"><font color="#000080" size="1">*</font><small> Confirm email	  address:</small></td>	  <td width="349" align="left"><font face="Arial"><input class="inputc" size="29"	  name="email2"></font></td>	</tr>	<tr>	  <td align="right" width="159"><font color="#000080" size="1">*</font><small> Subject:</small></td>	  <td width="349"><font face="Arial"><input class="inputc" size="29" name="thesubject"></font></td>	</tr>	<tr>	  <td align="right" width="159"> <p><font color="#000080" size="1">*</font><small> Your	  request or query:</small></td>	  <td width="349"><textarea style="FONT-SIZE: 10pt" name="themessage" rows="7" cols="27"></textarea></td>	</tr>	<tr>	  <td width="159"></td>	  <td width="349"><script language="JavaScript"><!--function validateForm() { var okSoFar=true with (document.phpformmailer) {  var foundAt = email.value.indexOf("@",0)  if (foundAt < 1 && okSoFar)  {	okSoFar = false	alert ("Please enter a valid email address.")	email.focus()  }  var e1 = email.value  var e2 = email2.value  if (!(e1==e2) && okSoFar)  {	okSoFar = false	alert ("Email addresses you entered do not match.  Please re-enter.")	email.focus()  }  if (thesubject.value=="" && okSoFar)  {	okSoFar=false	alert("Please enter the subject.")	thesubject.focus()  }  if (themessage.value=="" && okSoFar)  {	okSoFar=false	alert("Please enter the details for your enquiry.")	themessage.focus()  }  if (okSoFar==true)  submit(); }}// --></script><input type="button" class="button"	  value="Send" name="B1" ONCLICK="java script:validateForm()"><small> <small>You must fill in	  the fields marked with a *</small></small></td>	</tr>  </table>  </center></div></form></body></html>

and the following code stored in my /contact.php webpage obviously with the appropriate variables and text changed though:

<?php/* PHP Form Mailer - phpFormMailer v2.1, last updated 30th Nov 2005 - check back often for updates!   (easy to use and more secure than many cgi form mailers) FREE from:				  http://www.thedemosite.co.uk/	  Should work fine on most Unix/Linux platforms */// ------- three variables you MUST change below  -------------------------------------------------------$valid_ref1="http://Your--domain/contact.html";// chamge "Your--domain" to your domain$valid_ref2="http://forums.xisto.com/no_longer_exists/ chamge "Your--domain" to your domain$replyemail="YOU@Your--domain";//change to your email address// ------------------------------------------------------------//clean input in case of header injection attempts!function clean_input_4email($value, $check_all_patterns = true){ $patterns[0] = '/(anti-spam-content-type:)/'; $patterns[1] = '/to:/'; $patterns[2] = '/cc:/'; $patterns[3] = '/(anti-spam-bcc:)/'; if ($check_all_patterns) {  $patterns[4] = '/r/';  $patterns[5] = '/n/';  $patterns[6] = '/%0a/';  $patterns[7] = '/%0d/'; } //NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0. return preg_replace($patterns, "", strtolower($value));}$name = clean_input_4email($_POST["name"]);$email = clean_input_4email($_POST["email"]);$thesubject = clean_input_4email($_POST["thesubject"]);$themessage = clean_input_4email($_POST["themessage"], false);$error_msg='ERROR - not sent. Try again.';$success_sent_msg='<p align="center"><strong> </strong></p>				   <p align="center"><strong>Your message has been successfully sent to us<br>				   </strong> and we will reply as soon as possible.</p>				   <p align="center">A copy of your query has been sent to you.</p>				   <p align="center">Thank you for contacting us.</p>';$replymessage = "Hi $nameThank you for your email.We will endeavour to reply to you shortly.Please DO NOT reply to this email.Below is a copy of the message you submitted:--------------------------------------------------Subject: $thesubjectQuery:$themessage--------------------------------------------------Thank you";// email variable not set - load $valid_ref1 pageif (!isset($_POST['email'])){ echo "<script language="JavaScript"><!--n "; echo "top.location.href = "$valid_ref1"; n// --></script>"; exit;}$ref_page=$_SERVER["HTTP_REFERER"];$valid_referrer=0;if($ref_page==$valid_ref1) $valid_referrer=1;elseif($ref_page==$valid_ref2) $valid_referrer=1;if(!$valid_referrer){ echo "<script language="JavaScript"><!--n alert("$error_msg");n"; echo "top.location.href = "$valid_ref1"; n// --></script>"; exit;}$themessage = "name: $name nQuery: $themessage";mail("$replyemail",	 "$thesubject",	 "$themessage",	 "From: $emailnReply-To: $email");mail("$email",	 "Receipt: $thesubject",	 "$replymessage",	 "From: $replyemailnReply-To: $replyemail");echo $success_sent_msg;/*  PHP Form Mailer - phpFormMailer (easy to use and more secure than many cgi form mailers)   FREE from:	http://www.thedemosite.co.uk/	   */?>

However, what my problem is, is when I click on the send/submit button nothing happens.
Please help.
Thanks a lot in advance.

Share this post


Link to post
Share on other sites

just to clarify somthing...both of these files are in the same file correct??as in it simply goes looking like thiscontact/ <folder.... contact.php index.php

Edited by Albus Dumbledore (see edit history)

Share this post


Link to post
Share on other sites

Nothing happens or it does send you to /contact.php? when you hit the button, check the address bar and see where is it now, if you are still in index.php, there should be a problem with your javascript, else the problem should be in that php, in which I'll have to take a closer look... But try these things first....

Share this post


Link to post
Share on other sites

A silly question, but you've checked to make sure that php scripts work fine on your server, correct? If so, then what do you mean "nothing happens?" As in it goes to the contact.php page and says the message wasn't sent; or when you click the button it doesn't even change to the contact.php page. If you problem is the latter then it's almost assuredly the javascript code that is bugging out. So remove the form validation code and then try to see if it works. If so we can help you troubleshoot the validation code...or you could simply rewrite it in php which might be easier, and would work with all browsers (even if someone has an anchient computer).If you want to just use/modify another script lemme know and i'll be happy to post the one I wrote (which i know for a fact is in working condition).

Share this post


Link to post
Share on other sites

Hey gaea, I would like to see that script you talk about, could you post it please? You mean a form validation script right?

Share this post


Link to post
Share on other sites

Hey gaea, I would like to see that script you talk about, could you post it please? You mean a form validation script right?


Alright, here you go (this is a parred down version...without all my site specific crap). If you want help modifying this script to add extra functions just lemme know what you want, and i'll try and help you add it.

Like the origonal script that you posted this uses two pages, one with the origonal form, and one with the action. It is entirely possible to write the entire thing in one page instead...but this is just the way that I did it.

The first page is named 'contact.php'. It merely gathers the information to send to the second page. It is importaint that this be a php script if you want it to log the person's IP adderess, Refering page, and browser type.


Contact.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://forums.xisto.com/no_longer_exists/ php script</title></head><body><form method="post" action="sendmail.php"><!-- DO NOT change ANY of the php sections --><?php/* This section gathers the user's IP adderess, refering page, and browser name */$ipi = getenv("REMOTE_ADDR");$httprefi = getenv ("HTTP_REFERER");$httpagenti = getenv ("HTTP_USER_AGENT");?><input type="hidden" name="ip" value="<?php echo $ipi ?>" /><input type="hidden" name="httpref" value="<?php echo $httprefi ?>" /><input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" />Write any message you care to include here<br /><center><table border=0><tbody><tr><td><font color="red">*</font>Name: </td><td><input type="text" name="visitor" size="51" /></td></tr><tr><td><font color="red">*</font>Email: </td><td><input type="text" name="visitormail" size="51" /></td></tr><tr><td> Subject: </td><td><input type="text" name="subject" size="51" /></td></tr><tr><td><font color="red">*</font>Message:   </td><td><textarea name="notes" rows="7" cols="50"></textarea></td><tr><td></td><td align="center"><input type="submit" value="Send Mail" /></td></tr></tbody></table></center></form><p>  </p></body></html>

The second page is named 'sendmail.php'. It is responcible for all the error checking (if a problem is found it lists the problem, and gives the user the form to resubmit), as well as the actual sending of the email, and writting a confirmation message.

sendmail.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://forums.xisto.com/no_longer_exists/ php script</title></head><body><?php$passedTests = "yes";if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))){echo "<h2>The following error(s) encountered:</h2>";echo "<font color='red'>*Invalid email address. <br /></font>";$passedTests = "no";}if(empty($visitor) || empty($visitormail) || empty($notes )) {	if($passedTests == "yes"){	echo "<h2>The following error(s) encountered:</h2>";	}echo "<font color='red'>*Please fill in ALL of the required fields. <br /></font>";$passedTests = "no";}/*Prepare to send the email.  Formatting etc */$todayis = date("l, F j, Y, g:i a");$subject = $subject;$subject2 = "****Subject of email you want to appear****";$notes = stripcslashes($notes);$message = " $todayis \nFrom: $visitor ($visitormail)\nSubject: $subject \nMessage: $notes \nAdditional Info : IP = $ip \nBrowser Info: $httpagent \n";$from = "From: $visitormail\r\n";/*If all checks are passed, then send the email and display a thankyou message*/if($passedTests == "yes"){mail("****Your Email Adderess Here******", $subject2, $message, $from);?><p align="center"><h2>Thankyou for your feedback!</h2><center><br /><table border=0><tbody><tr><td>Date: </td><td><?php echo $todayis ?></td></tr><tr><td>Name: </td><td><?php echo $visitor ?> ( <?php echo $visitormail ?> )</td></tr><tr><td>Subject: </td><td><?php echo $subject ?></td></tr><tr><td></td><td></td></tr><tr><td>Message:   </td><td><?php $notesout = str_replace("\r", "<br/>", $notes);echo $notesout; ?></td></tr></tbody></table></center></p><?php}else{/*Otherwise, display the orgional form again to allow the user to correct their input*/?><br /><form method="post" action="sendmail.php"><?php$ipi = getenv("REMOTE_ADDR");$httprefi = getenv ("HTTP_REFERER");$httpagenti = getenv ("HTTP_USER_AGENT");?><input type="hidden" name="ip" value="<?php echo $ipi ?>" /><input type="hidden" name="httpref" value="<?php echo $httprefi ?>" /><input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" /><center><table border=0><tbody><tr><td><font color="red">*</font>Name: </td><td><input type="text" name="visitor" size="51" /></td></tr><tr><td><font color="red">*</font>Email: </td><td><input type="text" name="visitormail" size="51" /></td></tr><tr><td> Subject: </td><td><input type="text" name="subject" size="51" /></td></tr><tr><td><font color="red">*</font>Message:   </td><td><textarea name="notes" rows="7" cols="50"></textarea></td><tr><td></td><td align="center"><input type="submit" value="Send Mail" /></td></tr></tbody></table></center></form><?php}?><p>  </p></body></html>

I tried to make comments explaining things...lemme know if you need help clearifying any of it. Please don't forget to change the subject and email fields to match your requirements.
Edited by gaea (see edit history)

Share this post


Link to post
Share on other sites

Alright, so you take the validation thing inside the sendmail.php... I was kinda actually hoping you had it in JavaScript, more like something AJAX.. But thanks anyway! (I know that those things wont work if the user has js turned off but I know its a very little percentage so I can live with it :):P )Thanks for your help anyway!

Share this post


Link to post
Share on other sites

Alright, so you take the validation thing inside the sendmail.php... I was kinda actually hoping you had it in JavaScript, more like something AJAX.. But thanks anyway! (I know that those things wont work if the user has js turned off but I know its a very little percentage so I can live with it :):P )
Thanks for your help anyway!


I'm not quite sure why you'd want to have it in java script...php is sssoooo much more powerful, and easy to use/code.

If you really want to use javascript there are many premade scripts out there. A fairly customizable form validator script can be found at: http://forums.xisto.com/no_longer_exists/.

There are many good tutorials out there as well. I'm partial to htmlgoodies.com, mostly because i learned alot from their tutorials. The relevant page would be: http://www.htmlgoodies.com/primers/jsp/article.php/3589631

If you really have your heart set on using javascript i can help you costumize the code to suit your site...but if i were you i'd *strongly* recommend trying to do it in php...as you have to use it to send the email anyways...and it is easier, less buggy, more secure, and compatible with 100% of the people looking at your page.

Share this post


Link to post
Share on other sites

Couple of problems with your script gaea:1. It doesn't check the input for email header injection attempts and clean it before processing.2. If there are errors in the form, it returns the user to an empty form with no error messages to let them know what is wrong.

Share this post


Link to post
Share on other sites

Yes, Tyseen knows what he speaks about! hehe, so Tyssen, do you have any secure validating script you can share? i have not checked those pages you posted gaea, they are opening as i type... thanks!

Share this post


Link to post
Share on other sites

Couple of problems with your script gaea:

1. It doesn't check the input for email header injection attempts and clean it before processing.

2. If there are errors in the form, it returns the user to an empty form with no error messages to let them know what is wrong.

 


Both of these are good points (though the script *does* return error messages...so im not quite sure where you got that from). Adding the origonal information back into the form would take about 2 seconds worth of time, and so is deffinatly worth doing.

 

As far as header injection attempts...that is also a good point. But where do you stop? There are sssooooo many possible exploits that if you wanted to write a 100% secure script it'd take you a rather long time. What would you say qualifies as "good enough?" Removing any occurances of "\r" or "\n?" And 0x0D/%0D, and %0A? Or stopping all the MIME vulnerabilites? Or other vunrabilities that randomly appear on the net? Where do you draw the line?

 

Also, no offence, but paying money to use a feedback form script seems rather ludacris to me. Except if you are really desperate and don't know how to write your own code.

 

----------

EDITED:

----------

 

Anyways, after a little work i added both of your suggestions to my script. It only protects against the From field being exploited by "\r", "\n?", "0x0D/%0D", and "%0A". Which means that it isn't 100% secure...but should stop virtually all attempts to use the form to send email to other people instead of (or as well as) the origonal hard coded email adderess. Which means that your feedback form can't be used by a spammer to send out unsollicited emails. I also had it email the spammer/hijacker's IP adderess back to you incase you wish to report them.

 

The new code is something like this:

(sendmail.php)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;<html><head></head><body><table bgcolor="#ffffff" cellpadding="28"><tbody><tr><td><?php$passedTests = "yes";$Hijacked = "no";$HijackAttempt=$visitormail;   if (eregi("\r",$HijackAttempt) || eregi("\n",$HijackAttempt) || eregi("%0A",$HijackAttempt) || eregi("0x0D/%0D",$HijackAttempt))   {   $passedTests = "no";   $Hijacked = "yes";}	if($Hijacked == "yes"){	echo "<font color='red'><h2>Email Header Injection Attempt Detected!  Your IP Address has been logged, and will be reported shortly.</h2></font><br />";		$todayis = date("l, F j, Y, g:i a");	$subject = $subject;	$subject2 = "EMAIL HEADER INJECTION ATTEMPT";	$notes = stripcslashes($notes);	$message = " $todayis \n	EMAIL HEADER INJECTION ATTEMPT DETECTED from $visitor ($visitormail). \n 		IP Address = $ip \n	Subject: $subject \n	Message: $notes \n	Browser Info: $httpagent \n";	$from2 = "From: YOURNAME@YOURWEBSITE.COM\r\n";	mail("YOURNAME@YOURWEBSITE.COM", $subject2, $message, $from2);	}if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))){echo "<h2>The following error(s) were encountered:</h2>";echo "<font color='red'>*Invalid email address. <br /></font>";$passedTests = "no";}if(empty($visitor) || empty($visitormail) || empty($notes )) {	if($passedTests == "yes"){	echo "<h2>The following error(s) were encountered:</h2>";	}echo "<font color='red'>*Please fill in ALL of the required fields. <br /></font>";$passedTests = "no";}$todayis = date("l, F j, Y, g:i a");$subject = $subject;$subject2 = "Feedback from YOURWEBSITE.COM";$notes = stripcslashes($notes);$message = " $todayis \nFrom: $visitor ($visitormail)\nSubject: $subject \nMessage: $notes \nAdditional Info : IP = $ip \nBrowser Info: $httpagent \n";$from = "From: $visitormail\r\n";if($passedTests == "yes"){mail("YOURNAME@YOURWEBSITE.COM", $subject2, $message, $from);?><p align="center"><h2>Thankyou for your feedback!</h2><center><br /><table border=0><tr><td>Date: </td><td><?php echo $todayis ?></td></tr><tr><td>Name: </td><td><?php echo $visitor ?> ( <?php echo $visitormail ?> )</td></tr><tr><td>Subject: </td><td><?php echo $subject ?></td></tr><tr><td></td><td></td></tr><tr><td>Message:   </td><td><?php $notesout = str_replace("\r", "<br/>", $notes);echo $notesout; ?></td></tr></table></center></p><?php}else{?><br /><form method="post" action="sendmail.php"><?php$ipi = getenv("REMOTE_ADDR");$httprefi = getenv ("HTTP_REFERER");$httpagenti = getenv ("HTTP_USER_AGENT");?><input type="hidden" name="ip" value="<?php echo $ipi ?>" /><input type="hidden" name="httpref" value="<?php echo $httprefi ?>" /><input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" /><center><table border=0<tbody><tr align=left><td><font color="red">*</font>Name: </td><td><input type="text" name="visitor" size="51" value="<?php echo $visitor ?>" /></td></tr><tr align=left><td><font color="red">*</font>Email: </td><td><input type="text" name="visitormail" size="51" value="<?php echo $visitormail ?>" /></td></tr><tr align=left><td> Subject: </td><td><input type="text" name="subject" size="51" value="<?php echo $subject ?>" /></td></tr><tr align=left><td><font color="red">*</font>Message:   </td><td><textarea name="notes" rows="7" cols="50"><?php echo $notes ?></textarea></td><tr align=left><td></td><td align="center"><input type="submit" value="Send Mail" /></td></tr></tbody></table></center></form><?php}?><p> </p></td></tr></tbody></table></body></html>

Once again, Don't forget to change YOURNAME@YOURWEBSITE.COM to your actual email adderess.

 

If you have any other requests/suggestions I'd be happy to attempt to impliment them or help you do it yourself.

Edited by gaea (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.