4 Replies - 2331 Views - Last Post: 06 October 2009 - 12:09 AM Rate Topic: ***** 1 Votes

#1 tscott  Icon User is offline

  • D.I.C Regular

Reputation: 2
  • View blog
  • Posts: 370
  • Joined: 30-January 09

Breaking Down this PHP Contact Form

Posted 20 September 2009 - 04:09 PM

Hi guys I'm trying to do my first contact form and I've found this one on the net it seems like a pretty good secure form but the author doesn't really break down what each thing does.

http://www.jacquelin...om/contact.html this is the form I'm trying to edit this is my gf's website.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Sendemail Script</title>
</head>
<body>

<!-- Reminder: Add the link for the 'next page' (at the bottom) --> 
<!-- Reminder: Change 'YourEmail' to Your real email --> 

<?php

$ip = $_POST['ip']; 
$httpref = $_POST['httpref']; 
$httpagent = $_POST['httpagent']; 
$visitor = $_POST['visitor']; 
$visitormail = $_POST['visitormail']; 
$notes = $_POST['notes'];
$attn = $_POST['attn'];


if (eregi('http:', $notes)) {
die ("Do NOT try that! ! ");
}
if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) 
{
echo "<h2>Use Back - Enter valid e-mail</h2>\n"; 
$badinput = "<h2>Feedback was NOT submitted</h2>\n";
echo $badinput;
die ("Go back! ! ");
}

if(empty($visitor) || empty($visitormail) || empty($notes )) {
echo "<h2>Use Back - fill in all fields</h2>\n";
die ("Use back! ! "); 
}

$todayis = date("l, F j, Y, g:i a");

$attn = $attn; 
$subject = $attn; 

$notes = stripcslashes($notes); 

$message = " $todayis [EST] \n
Attention: $attn \n
Message: $notes \n 
From: $visitor ($visitormail)\n
Additional Info : IP = $ip \n
Browser Info: $httpagent \n
Referral : $httpref \n
";

$from = "From: $visitormail\r\n";


mail("jacquelinezinn@Hotmail.com", $subject, $message, $from);

?>

<p align="center">
Date: <?php echo $todayis ?> 
<br />
Thank You : <?php echo $visitor ?> ( <?php echo $visitormail ?> ) 
<br />

Attention: <?php echo $attn ?>
<br /> 
Message:<br /> 
<?php $notesout = str_replace("\r", "<br/>", $notes); 
echo $notesout; ?> 
<br />
<?php echo $ip ?> 

<br /><br />
<a href="contact.php"> Next Page </a> 
</p> 

</body>
</html>






<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Email Form </title>
</head>
<body>

<form method="post" action="sendeail.php">

<!-- DO NOT change ANY of the php sections -->
<?php
$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
?>

<input type="hidden" name="ip" value="<?php echo $ipi ?>" />
<input type="hidden" name="httpref" value="<?php echo $httprefi ?>" />
<input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" />


Your Name: <br />
<input type="text" name="visitor" size="35" />
<br />
Your Email:<br />
<input type="text" name="visitormail" size="35" />
<br /> <br />
<br />
Attention:<br />
<select name="attn" size="1">
<option value=" Sales n Billing ">Sales n Billing </option> 
<option value=" General Support ">General Support </option> 
<option value=" Technical Support ">Technical Support </option> 
<option value=" Webmaster ">Webmaster </option> 
</select>
<br /><br />
Mail Message:
<br />
<textarea name="notes" rows="4" cols="40"></textarea>
<br />
<input type="submit" value="Send Mail" />
<br />
</form>

</body>
</html>



This post has been edited by tscott: 20 September 2009 - 04:10 PM


Is This A Good Question/Topic? 0
  • +

Replies To: Breaking Down this PHP Contact Form

#2 Christopher Elison  Icon User is offline

  • D.I.C Head

Reputation: 39
  • View blog
  • Posts: 230
  • Joined: 29-December 08

Re: Breaking Down this PHP Contact Form

Posted 20 September 2009 - 04:45 PM

There's quite a lot there, but I'll try and go through some things. Ok, I'll mention the second script first, this contains your actual form, you'll notice the form has action="sendmail.php". This means the sendmail.php script is called once your form is submitted.

$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");


These 3 lines assign the client's IP address, the referring page and their web browser's user agent to 3 separate variables.

You'll notice immediately below 3 hidden form fields:
<input type="hidden" name="ip" value="<?php echo $ipi ?>" />
<input type="hidden" name="httpref" value="<?php echo $httprefi ?>" />
<input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" />


The values of the variables mentioned above are assigned to these form fields, this is done so these 3 pieces of information can be sent along with the actual email subject, text body, sender email, etc, but because the fields are hidden we can't see them (unless we view the page source).

The rest of the form should be pretty self explanatory, now onto the sendmail.php script...

$ip = $_POST['ip'];
$httpref = $_POST['httpref'];
$httpagent = $_POST['httpagent'];
$visitor = $_POST['visitor'];
$visitormail = $_POST['visitormail'];
$notes = $_POST['notes'];
$attn = $_POST['attn'];


All the form fields in your contact form had a name="" attribute. All the values of the form fields you posted are available to PHP in an associative array called '$_POST', to get at the value of the form field you simply get the value from the $_POST associate array using the field name as the key, here we can see variables being assigned in correlation to their associated POST values. Notice the 'ip', 'httpref' and 'httpagent' hidden values from the form are also available to the script.


if (eregi('http:', $notes)) {
die ("Do NOT try that! ! ");
}
if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,".")))
{


Here we see some very rudimentary validation checking, firstly the script will exit with an error if the note contains any occurence of 'http:' in it (not very ideal). Secondly, the visitor's email address then undergoes (very basic and rudimentary) validation, if the sender email address isn't blank and it contains at least an '@' sign and a dot (.), then the script continues. This is far from ideal, but would suffice for learning purposes. Better validation should employ the use of regex patterns or PHPs inbuilt validation functions.


if(empty($visitor) || empty($visitormail) || empty($notes )) {
echo "<h2>Use Back - fill in all fields</h2>\n";
die ("Use back! ! ");
}


This bit of the code checks to see if either of the visitor, visitoremail or notes (the message body) variables are empty, if none of them are empty the script continues....


$todayis = date("l, F j, Y, g:i a");


Assigns the current date and time to a variable to be used in the text displayed once the email has been sent.


mail("jacquelinezinn@Hotmail.com", $subject, $message, $from);


Uses the inbuilt PHP mail function to (hopefully) successfully send the email to the specified email address and with the subject, message and sender email from the contact form.

I hope that goes at least some way to shedding a bit more light on this :)

This post has been edited by Christopher Elison: 20 September 2009 - 04:52 PM

Was This Post Helpful? 0
  • +
  • -

#3 tscott  Icon User is offline

  • D.I.C Regular

Reputation: 2
  • View blog
  • Posts: 370
  • Joined: 30-January 09

Re: Breaking Down this PHP Contact Form

Posted 20 September 2009 - 05:08 PM

This is what I've got:
http://www.jacquelin...com/contact.php
if you fill out the form I don't get an email at all and when I click submit it takes me here:
http://www.jacquelin...om/sendeail.php

http://www.jacquelin...om/contact.html if needed
Was This Post Helpful? 0
  • +
  • -

#4 Christopher Elison  Icon User is offline

  • D.I.C Head

Reputation: 39
  • View blog
  • Posts: 230
  • Joined: 29-December 08

Re: Breaking Down this PHP Contact Form

Posted 20 September 2009 - 05:16 PM

This is presumably what's doing it, one of those variables must be empty, if it's unused then you have to get rid of it.

You've changed the contact form, you need to change the sendmail.php too, it won't work with just any contact form, it needs to know what values are being passed to it for it to work.

This post has been edited by Christopher Elison: 20 September 2009 - 05:19 PM

Was This Post Helpful? 0
  • +
  • -

#5 tscott  Icon User is offline

  • D.I.C Regular

Reputation: 2
  • View blog
  • Posts: 370
  • Joined: 30-January 09

Re: Breaking Down this PHP Contact Form

Posted 06 October 2009 - 12:09 AM

please delete this topic I no longer need it thanks
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1