[TheOne6152]

To start off I am very new to php and coding in general. I made this little PHP mail form to register a person for a summer camp (found here http://futsocusa.net...istration.html) and in the e-mail account it mails the forms to is getting massive amounts of spammed forms. I was wondering how I would make this form spam proof? All hep would be greatly appreciated. Thank You

Here is my PHP form

<?php

$subject =  $name . " - FUTSOC Summer Soccer Program"; 
$name = $_POST["name"];
$sex = $_POST['sex'];
$age = $_POST["age"]; 
$birthdate = $_POST["birthdate"];
$grade = $_POST["grade"];
$school = $_POST["school"];
$exptype = $_POST["exptype"];
$expyears = $_POST["expyears"];
$insurance = $_POST["insurance"];
$insphone = $_POST["insphone"]; 
$physician = $_POST["physician"]; 
$physphone = $_POST["physphone"];
$medcon = $_POST["medcon"];
$medicalconditions = $_POST["medicalconditions"];
$mothername = $_POST["mothername"];
$motheremail = $_POST["motheremail"];
$motherwork = $_POST["motherwork"];
$mothercell = $_POST["mothercell"];
$motherhome = $_POST["motherhome"];
$motheremployment = $_POST["motheremployment"];
$motheraddress = $_POST["motheraddress"];
$motherpickup = $_POST["motherpickup"];
$fathername = $_POST["fathername"];
$fatheremail = $_POST["fatheremail"];
$fatherwork = $_POST["fatherwork"];
$fathercell = $_POST["fathercell"];
$fatherhome = $_POST["fatherhome"];
$fatheremployment = $_POST["fatheremployment"];
$fatheraddress = $_POST["fatheraddress"];
$fatherpickup = $_POST["fatherpickup"];
$emergencyname1 = $_POST["emergencyname1"];
$emegencyphone1 = $_POST["emegencyphone1"];
$emergencyname2 = $_POST["emergencyname2"];
$emegencyphone2 = $_POST["emegencyphone2"];
$halforfull = $_POST["halforfull"];
$plan = $_POST["plan"];
foreach($_POST['week'] as $value) {
$week .= "$value";
}
$other = $_POST["other"];

$name = stripslashes($name); 
$email = stripslashes($email); 
$mothername = stripslashes($mothername);
$motheremail = stripslashes($motheremail);
$fathername = stripslashes($fathername);
$fatheremail = stripslashes($fatheremail);

$message = "
Name: $name \n
Sex: $sex \n
Age: $age \n 
Birth Date: $birthdate \n
Grade: $grade \n
School: $school \n

Insurance: $insurance \n
Insurance Phone:$insphone \n
Physician:$physician \n
Physician Phone:$physphone \n
Medican Condition: $medcon \n
Other Medical Conditions: $medicalconditions \n

Mother: $mothername \n
E-Mail: $motheremail \n
Work Phone: $motherwork \n
Cell Phone: $mothercell \n
Home Phone: $motherhome \n
Employment: $motheremployment \n
Address: $motheraddress \n
Mother Permitted to pick up participant(s): $motherpickup \n

Father: $fathername \n
E-Mail: $fatheremail \n
Work Phone: $fatherwork \n
Cell Phone: $fathercell \n
Home Phone: $fatherhome \n
Employment: $fatheremployment \n
Address: $fatheraddress \n
Father Permitted to pick up participant(s): $fatherpickup \n

Emergency Contact #1: $emergencyname1 \n
Phone Number: $emegencyphone1 \n

Emergency Contact #1: $emergencyname2 \n
Phone Number: $emegencyphone2 \n

Half Day or Full Day: $halforfull \n
Plan: $plan \n
Weeks: $week \n
Other Dates: $other \n
";

$from = "From: $motheremail";

mail("youremail@yourhost.com", $subject, $message, $from);

header ("location:http://www.futsocusa.net/fundingsummer.html"); 
?>

This post has been edited by CTphpnwb: 03 May 2012 - 02:01 PM

[no2pencil]

This isn't an issue with PHP. You can't make or prevent your email from being spammed by the recipient with code. Most likely the recipient (isp, mail, or whatever) is detecting one of two conditions & spamming the email :

1.) You are sending this from a non-commercial account (with your isp). ISPs will split residential & commercial subnets, to combat spam & other illegal activities. If your ip address is on the residential subnet, email is most likely spammed out.

2.) You are sending email from your home or other isp, & this ip address does not match the reverse nslookup address for the domain of which your domain name claims to be. This is another indication of spam, & will most likely spam out your email.

You can update your mxrecords to have the ip address of your current location, but again if this is a residential address, there is little that can be done to fix it. That is, other than upgrading your connection with your isp.

One of the most difficult things with troubleshooting email issues with PHP, is that php just sends the email. It isn't a full mail transfer agent. The email is sent, & that is that.

[CTphpnwb]

First off, this is hideous:

$subject =  $name . " - FUTSOC Summer Soccer Program"; 
$name = $_POST["name"];
$sex = $_POST['sex'];
$age = $_POST["age"]; 
$birthdate = $_POST["birthdate"];
$grade = $_POST["grade"];
$school = $_POST["school"];

After copying values from the post array you then copy the copy into the $message variable. What's the point in that?

As for spam, you need to use a captcha to stop/slow down the bots.

[TheOne6152]

CTphpnwb, on 03 May 2012 - 08:51 AM, said:

First off, this is hideous:

$subject =  $name . " - FUTSOC Summer Soccer Program"; 
$name = $_POST["name"];
$sex = $_POST['sex'];
$age = $_POST["age"]; 
$birthdate = $_POST["birthdate"];
$grade = $_POST["grade"];
$school = $_POST["school"];

After copying values from the post array you then copy the copy into the $message variable. What's the point in that?

As for spam, you need to use a captcha to stop/slow down the bots.

Thankyou for your response, but how would I apply CAPTCHA to this form?

[Chrisx84]

When you register on the reCaptcha website they give you code to use.

With that code just do

if ($recaptcha) {
mail("futsoccamp@gmail.com", $subject, $message, $from);
}

[CTphpnwb]

Recaptcha is nice because they use two captchas. One they know the answer to, and that's the test to see if it's a human. The other captcha is usually something that OCR software couldn't translate, so they take the responses from many humans (who got the known captcha correct and assume that the most frequent response is correct when they get enough responses. You get good security and they get massive parallel biological processing power as people help them digitize old books, newspapers, and magazines.

[TheOne6152]

Okay so I signed up for captcha and installed it and everything, but when I test the form it doesnt send it to my e-mail.

Again, I greatly appreciate all your help guys.

Here is where the new form is located: http://www.futsocusa...egistration.php
Here is the php code

<?php

require_once('captcha/recaptchalib.php');
  $privatekey = "******";
  $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

  if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
         "(reCAPTCHA said: " . $resp->error . ")");
  } else {
    // Your code here to handle a successful verification

$subject =  $name . " - FUTSOC Summer Soccer Program"; 
$name = $_POST["name"];
$sex = $_POST['sex'];
$age = $_POST["age"]; 
$birthdate = $_POST["birthdate"];
$grade = $_POST["grade"];
$school = $_POST["school"];
$exptype = $_POST["exptype"];
$expyears = $_POST["expyears"];
$insurance = $_POST["insurance"];
$insphone = $_POST["insphone"]; 
$physician = $_POST["physician"]; 
$physphone = $_POST["physphone"];
$medcon = $_POST["medcon"];
$medicalconditions = $_POST["medicalconditions"];
$mothername = $_POST["mothername"];
$motheremail = $_POST["motheremail"];
$motherwork = $_POST["motherwork"];
$mothercell = $_POST["mothercell"];
$motherhome = $_POST["motherhome"];
$motheremployment = $_POST["motheremployment"];
$motheraddress = $_POST["motheraddress"];
$motherpickup = $_POST["motherpickup"];
$fathername = $_POST["fathername"];
$fatheremail = $_POST["fatheremail"];
$fatherwork = $_POST["fatherwork"];
$fathercell = $_POST["fathercell"];
$fatherhome = $_POST["fatherhome"];
$fatheremployment = $_POST["fatheremployment"];
$fatheraddress = $_POST["fatheraddress"];
$fatherpickup = $_POST["fatherpickup"];
$emergencyname1 = $_POST["emergencyname1"];
$emegencyphone1 = $_POST["emegencyphone1"];
$emergencyname2 = $_POST["emergencyname2"];
$emegencyphone2 = $_POST["emegencyphone2"];
$halforfull = $_POST["halforfull"];
$plan = $_POST["plan"];
foreach($_POST['week'] as $value) {
$week .= "$value";
}
$other = $_POST["other"];

$name = stripslashes($name); 
$email = stripslashes($email); 
$mothername = stripslashes($mothername);
$motheremail = stripslashes($motheremail);
$fathername = stripslashes($fathername);
$fatheremail = stripslashes($fatheremail);

$message = "
Name: $name \n
Sex: $sex \n
Age: $age \n 
Birth Date: $birthdate \n
Grade: $grade \n
School: $school \n

Insurance: $insurance \n
Insurance Phone:$insphone \n
Physician:$physician \n
Physician Phone:$physphone \n
Medican Condition: $medcon \n
Other Medical Conditions: $medicalconditions \n

Mother: $mothername \n
E-Mail: $motheremail \n
Work Phone: $motherwork \n
Cell Phone: $mothercell \n
Home Phone: $motherhome \n
Employment: $motheremployment \n
Address: $motheraddress \n
Mother Permitted to pick up participant(s): $motherpickup \n

Father: $fathername \n
E-Mail: $fatheremail \n
Work Phone: $fatherwork \n
Cell Phone: $fathercell \n
Home Phone: $fatherhome \n
Employment: $fatheremployment \n
Address: $fatheraddress \n
Father Permitted to pick up participant(s): $fatherpickup \n

Emergency Contact #1: $emergencyname1 \n
Phone Number: $emegencyphone1 \n

Emergency Contact #1: $emergencyname2 \n
Phone Number: $emegencyphone2 \n

Half Day or Full Day: $halforfull \n
Plan: $plan \n
Weeks: $week \n
Other Dates: $other \n
";

$from = "From: $motheremail";

mail("youremail@yourhost.com", $subject, $message, $from);

header ("location:http://www.futsocusa.net/fundingsummer.html"); 
  }
?>

This post has been edited by CTphpnwb: 03 May 2012 - 04:42 PM
Reason for edit:: removed private key & email address

[CTphpnwb]

It appears to be working from here, but mail() only passes the message to your mail server. There's no way for it to know if the message was actually sent or received.

Below is untested, but hopefully it will give you an idea about getting rid of repetitive code:

<?php
$message = <<<mess
Name: !name \n
Sex: !sex \n
Age: !age \n 
Birth Date: !birthdate \n
Grade: !grade \n
School: !school \n

Insurance: !insurance \n
Insurance Phone:!insphone \n
Physician:!physician \n
Physician Phone:!physphone \n
Medican Condition: !medcon \n
Other Medical Conditions: !medicalconditions \n

Mother: !mothername \n
E-Mail: !motheremail \n
Work Phone: !motherwork \n
Cell Phone: !mothercell \n
Home Phone: !motherhome \n
Employment: !motheremployment \n
Address: !motheraddress \n
Mother Permitted to pick up participant(s): !motherpickup \n

Father: !fathername \n
E-Mail: !fatheremail \n
Work Phone: !fatherwork \n
Cell Phone: !fathercell \n
Home Phone: !fatherhome \n
Employment: !fatheremployment \n
Address: !fatheraddress \n
Father Permitted to pick up participant(s): !fatherpickup \n

Emergency Contact #1: !emergencyname1 \n
Phone Number: !emegencyphone1 \n

Emergency Contact #1: !emergencyname2 \n
Phone Number: !emegencyphone2 \n

Half Day or Full Day: !halforfull \n
Plan: !plan \n
Weeks: !week \n
Other Dates: !other \n
mess; // I'd read this in from a text file or database to keep it from cluttering the code.


require_once('captcha/recaptchalib.php');
  $privatekey = "******";
  $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

  if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
         "(reCAPTCHA said: " . $resp->error . ")");
  } else {
    // Your code here to handle a successful verification
$expected_keys = array("name","sex","age","age","birthdate","birthdate","grade", "school","exptype", "expyears", 'insurance', 'insphone' , 'physician' , 'physphone', 'medcon', 'medicalconditions', 'mothername', 'motheremail', 'motherwork', 'mothercell', 'motherhome', 'motheremployment', 'motheraddress', 'motherpickup', 'fathername', 'fatheremail', 'fatherwork', 'fathercell', 'fatherhome', 'fatheremployment', 'fatheraddress', 'fatherpickup', 'emergencyname1', 'emegencyphone1', 'emergencyname2', 'emegencyphone2', 'halforfull', 'plan', 'other');
$subject = " - FUTSOC Summer Soccer Program";
$strip = array("name",/* email, <--- is missing!*/ 'mothername', 'motheremail', 'fathername', 'fatheremail');
$replace = array();
$with = array();
foreach($expected_keys as $key) {
	if(isset($_POST[$key])) {
		if(in_array($key, $strip)) {
			$with[] = stripslashes($_POST[$key]);
		} else {
			$with[] = $_POST[$key];
		}
		$replace[] = '!'.$key;
	}
}
$week = '';
foreach($_POST['week'] as $value) {
	$week .= $value;
}
$with[] = "!week";
$replace[] = $week;


$from = "From: ".$_POST['motheremail'];
$message = str_replace($replace, $with, $message);
mail("youremail@yourhost.com", $subject, $message, $from);

header ("location:http://www.futsocusa.net/fundingsummer.html"); 
  }
?>

This post has been edited by CTphpnwb: 03 May 2012 - 02:01 PM

[TheOne6152]

CTphpnwb, on 03 May 2012 - 11:37 AM, said:

It appears to be working from here, but mail() only passes the message to your mail server. There's no way for it to know if the message was actually sent or received.

Below is untested, but hopefully it will give you an idea about getting rid of repetitive code:

<?php
$message = <<<mess
Name: !name \n
Sex: !sex \n
Age: !age \n 
Birth Date: !birthdate \n
Grade: !grade \n
School: !school \n

Insurance: !insurance \n
Insurance Phone:!insphone \n
Physician:!physician \n
Physician Phone:!physphone \n
Medican Condition: !medcon \n
Other Medical Conditions: !medicalconditions \n

Mother: !mothername \n
E-Mail: !motheremail \n
Work Phone: !motherwork \n
Cell Phone: !mothercell \n
Home Phone: !motherhome \n
Employment: !motheremployment \n
Address: !motheraddress \n
Mother Permitted to pick up participant(s): !motherpickup \n

Father: !fathername \n
E-Mail: !fatheremail \n
Work Phone: !fatherwork \n
Cell Phone: !fathercell \n
Home Phone: !fatherhome \n
Employment: !fatheremployment \n
Address: !fatheraddress \n
Father Permitted to pick up participant(s): !fatherpickup \n

Emergency Contact #1: !emergencyname1 \n
Phone Number: !emegencyphone1 \n

Emergency Contact #1: !emergencyname2 \n
Phone Number: !emegencyphone2 \n

Half Day or Full Day: !halforfull \n
Plan: !plan \n
Weeks: !week \n
Other Dates: !other \n
mess; // I'd read this in from a text file or database to keep it from cluttering the code.


require_once('captcha/recaptchalib.php');
  $privatekey = "******";
  $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

  if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
         "(reCAPTCHA said: " . $resp->error . ")");
  } else {
    // Your code here to handle a successful verification
$expected_keys = array("name","sex","age","age","birthdate","birthdate","grade", "school","exptype", "expyears", 'insurance', 'insphone' , 'physician' , 'physphone', 'medcon', 'medicalconditions', 'mothername', 'motheremail', 'motherwork', 'mothercell', 'motherhome', 'motheremployment', 'motheraddress', 'motherpickup', 'fathername', 'fatheremail', 'fatherwork', 'fathercell', 'fatherhome', 'fatheremployment', 'fatheraddress', 'fatherpickup', 'emergencyname1', 'emegencyphone1', 'emergencyname2', 'emegencyphone2', 'halforfull', 'plan', 'other');
$subject = " - FUTSOC Summer Soccer Program";
$strip = array("name",/* email, <--- is missing!*/ 'mothername', 'motheremail', 'fathername', 'fatheremail');
$replace = array();
$with = array();
foreach($expected_keys as $key) {
	if(isset($_POST[$key])) {
		if(in_array($key, $strip)) {
			$with[] = stripslashes($_POST[$key]);
		} else {
			$with[] = $_POST[$key];
		}
		$replace[] = '!'.$key;
	}
}
$week = '';
foreach($_POST['week'] as $value) {
	$week .= $value;
}
$with[] = "!week";
$replace[] = $week;


$from = "From: ".$_POST['motheremail'];
$message = str_replace($replace, $with, $message);
mail("youremail@yourhost.com", $subject, $message, $from);

header ("location:http://www.futsocusa.net/fundingsummer.html"); 
  }
?>

Okay I tried yours and it doesn't work either. one thing I noticed was that the one I made redirected me to the other page. the one you gave me just went to the submit_form.php page. Anything else someone can come up with? I'm sorry for my lack of knowledge on this, I'm just new to PHP.

This post has been edited by CTphpnwb: 03 May 2012 - 02:00 PM

[CTphpnwb]

It wasn't intended to do anything different from your code. It was intended to clean it up a bit. It could still use more cleaning, and then some organization. The idea is to first make your code readable, then you can begin to think about whether or not it works.

[TheOne6152]

CTphpnwb, on 03 May 2012 - 02:19 PM, said:

It wasn't intended to do anything different from your code. It was intended to clean it up a bit. It could still use more cleaning, and then some organization. The idea is to first make your code readable, then you can begin to think about whether or not it works.

I am very grateful for your help, but right now i'm just trying to get it to work as soon as I can. I'm going to take your advice though and clean it up. But if anyone else could help me out with this, I would appreciate it.

[CTphpnwb]

CTphpnwb, on 03 May 2012 - 04:19 PM, said:

The idea is to first make your code readable, then you can begin to think about whether or not it works.

I know this seems counter intuitive. The truth is that organized, readable code is easy to get working. Unorganized code that works usually breaks as soon as you try to make that "one more change" to make the resulting page perfect. You end up spending more time than if you had focused on readability.

If you insist on making it work though, you could start with a simple script to see if you can mail at all:

<?php
mail("youremail@yourhost.com", "Testing", "If this doesn't get through you'll need to check your mail server.", "youremail@yourhost.com");
?>

This post has been edited by CTphpnwb: 03 May 2012 - 02:00 PM

[TheOne6152]

never mind on that last post. I finally got it. All I did was get your [CTphpnwb] code and where you wrote mess i put parenthesis and now it works perfect. Thankyou everyone for all the help.

[no2pencil]

Glad that you got it working!

[CTphpnwb]

By the way, if that's your real address you might get more spam. I'll remove it for you.