8 Replies Latest reply on Aug 3, 2007 5:20 AM by tommysauce

    PHP Contact form

    tommysauce Level 1
      Hi folks,

      I have created a PHP contact form script from a tutorial - which when clicking the Submit button the info is sent to an email address. I have uploaded it to my server and tested it and it lworks completely fine.

      My question is, within the PHP code is the instruction: "From: noreply@example.com" - when I check my email it appears exactly that From: noreply@example.com - which ends up in the junk folder. On the actual Contact form there are fields for Name, Email address and Comments - so is there a way that the senders information 'Email address' appears in the email rather than the one showing? i.e. "From: noreply@example.com"

      Here's my code for guidance:


      <?php
      if(isset($_POST['Submit'])) {
      $name = $_POST['name'];
      $email = $_POST['email'];
      $comments = $_POST['comments'];
      $mailing = $_POST['mailing'];
      if($name == '' or $email == '' or $comments == '') {
      $err = true;
      $msg = 'Please complete your name, email address and comments to submit the form.';
      } else {
      $mailmsg = 'The following email has been sent from the contact form:' . "\n\n";
      $mailmsg.= 'Name: ' . $name . "\n";
      $mailmsg.= 'Email: ' . $email . "\n";
      $mailmsg.= 'Comments: ' . $comments . "\n";
      if($mailing == 'true') {
      $mailmsg.= 'I would like to be added to the mailing list';
      }
      if (eregi("\r",$email) || eregi("\n",$email)){
      die ("spam!");

      } else {
      if(mail('info@89monkeys.co.uk','Contact Form', $mailmsg, "From: noreply@example.com")) {
      header("Location: thankyou.html");
      }
      }
      }
      }
      ?>


      Many thanks in advance.
        • 1. Re: PHP Contact form
          Level 7
          tommysauce wrote:
          > My question is, within the PHP code is the instruction: "From:
          > noreply@example.com" - when I check my email it appears exactly that From:
          > noreply@example.com - which ends up in the junk folder. On the actual Contact
          > form there are fields for Name, Email address and Comments - so is there a way
          > that the senders information 'Email address' appears in the email rather than
          > the one showing? i.e. "From: noreply@example.com"

          The simple answer is to change it to "From: $email". However, the code
          that you are using has only very flimsy protection against your form
          being used as a spam relay.

          I suggest using the following function to filter user input:

          // function to check for suspect phrases
          function isSuspect($val, $pattern, &$suspect) {
          // if the variable is an array, loop through each element
          // and pass it recursively back to the same function
          if (is_array($val)) {
          foreach ($val as $item) {
          isSuspect($item, $pattern, $suspect);
          }
          }
          else {
          // if one of the suspect phrases is found, set Boolean to true
          if (preg_match($pattern, $val)) {
          $suspect = true;
          }
          }
          }

          Use it like this:

          $suspect = false;
          $pattern = '/Content-type:|Bcc:|Cc:/i';
          // check the $_POST array
          isSuspect($_POST, $pattern, $suspect);
          if (!$suspect) {
          // process the form
          }

          --
          David Powers, Adobe Community Expert
          Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
          Author, "PHP Solutions" (friends of ED)
          http://foundationphp.com/
          • 2. Re: PHP Contact form
            tommysauce Level 1
            Thanks for the quick response David and giving me more info regarding the email coding.

            Just one small (blonde) question though as I'm still getting a steer on PHP. As I dont want to 'mess up' the coding that's already there (it's from a tutorial) where exactly do I place the new code you've given me? Do I need to replace any of the original code? If you could highlight this, i would be most greatful.

            Many thanks in advance,
            • 3. Re: PHP Contact form
              Level 7
              tommysauce wrote:
              > As I dont want to 'mess up' the coding that's already there (it's
              from a
              > tutorial) where exactly do I place the new code you've given me?

              The function doesn't need to go in a specific place, as long as it's
              accessible by the script. However, for the sake of simplicity, I'll put
              it in the place that it's used. I have also moved up the check on the
              email address.

              <?php
              if(isset($_POST['Submit'])) {
              // begin by assuming that there is nothing suspicious
              $suspect = false;

              // pattern to check for suspicious content
              $pattern = '/Content-type:|Bcc:|Cc:/i';

              // function to check for suspect phrases
              function isSuspect($val, $pattern, &$suspect) {
              // if the variable is an array, loop through each element
              // and pass it recursively back to the same function
              if (is_array($val)) {
              foreach ($val as $item) {
              isSuspect($item, $pattern, $suspect);
              }
              }
              else {
              // if one of the suspect phrases is found, set Boolean to true
              if (preg_match($pattern, $val)) {
              $suspect = true;
              }
              }
              }

              // check the $_POST array
              isSuspect($_POST, $pattern, $suspect);

              // check email address for illegal characters
              // this is moved up from its position in the original script
              $email = $_POST['email'];
              if (eregi("\r",$email) || eregi("\n",$email)){
              $suspect = true;
              }

              // if nothing suspicious has been found, process the form
              if (!$suspect) {
              $name = $_POST['name'];
              $comments = $_POST['comments'];
              $mailing = $_POST['mailing'];
              if($name == '' or $email == '' or $comments == '') {
              $err = true;
              $msg = 'Please complete your name, email address and comments to
              submit the form.';
              }
              else {
              $mailmsg = 'The following email has been sent from the contact
              form:' . "\n\n";
              $mailmsg.= 'Name: ' . $name . "\n";
              $mailmsg.= 'Email: ' . $email . "\n";
              $mailmsg.= 'Comments: ' . $comments . "\n";
              if($mailing == 'true') {
              $mailmsg.= 'I would like to be added to the mailing list';
              }
              // send the mail
              if(mail('info@89monkeys.co.uk','Contact Form', $mailmsg, "From:
              $email")) {
              // although this will work, you should use a full URL to
              redirect the page
              // for example: header('Location:
              http://www.example.com/thankyou.html');
              header("Location: thankyou.html");
              }
              }
              }
              // suspicious content has been found - send a neutral message
              else {
              $err = true;
              $msg = 'Sorry, your message could not be sent';
              }
              }
              ?>

              --
              David Powers, Adobe Community Expert
              Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
              Author, "PHP Solutions" (friends of ED)
              http://foundationphp.com/
              • 4. Re: PHP Contact form
                tommysauce Level 1
                Thanks very much for David -- I Shall give a play ASAP!

                Your help is very much appreciated!
                • 5. Re: PHP Contact form
                  tommysauce Level 1
                  Hi David,

                  Just to let you know I have used your code. However in the email client whereas before the 'sent' info was: "From: noreply@example.com" now that part is just blank. The senders info does show up on the top line off the body of the email, is that what you meant by moving up the check on the email?

                  Many thanks once again.
                  • 6. Re: PHP Contact form
                    Level 7
                    tommysauce wrote:
                    > Just to let you know I have used your code. However in the email client
                    > whereas before the 'sent' info was: "From: noreply@example.com" now that part
                    > is just blank. The senders info does show up on the top line off the body of
                    > the email, is that what you meant by moving up the check on the email?

                    No, it should be in there

                    --
                    David Powers, Adobe Community Expert
                    Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
                    Author, "PHP Solutions" (friends of ED)
                    http://foundationphp.com/
                    • 7. Re: PHP Contact form
                      Level 7
                      David Powers wrote:
                      > tommysauce wrote:
                      >> Just to let you know I have used your code. However in the email
                      >> client whereas before the 'sent' info was: "From: noreply@example.com"
                      >> now that part is just blank. The senders info does show up on the top
                      >> line off the body of the email, is that what you meant by moving up
                      >> the check on the email?
                      >
                      > No, it should be in there

                      Oops, hit the wrong button...

                      The user's email should be in the From field. As you can see, it's in
                      the code, in place of the noreply@example.com:

                      mail('info@89monkeys.co.uk','Contact Form', $mailmsg, "From: $email")

                      If you want the user's email to be in the reply-to field, change the
                      code like this:

                      if($mailing == 'true') {
                      $mailmsg.= 'I would like to be added to the mailing list';
                      }

                      /********************************** New section *********/
                      // prepare additional headers
                      $headers = "From: $email\r\n";
                      $headers .= "Reply-to: $email";
                      /********************************************************/

                      // send the mail - CHANGE THE LAST ARGUMENT TO $headers
                      if(mail('info@89monkeys.co.uk','Contact Form', $mailmsg, $headers)) {

                      --
                      David Powers, Adobe Community Expert
                      Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
                      Author, "PHP Solutions" (friends of ED)
                      http://foundationphp.com/
                      • 8. Re: PHP Contact form
                        tommysauce Level 1
                        Thanks David,

                        That's bang on the button!! Thanks so much for this - you're a legend.

                        Cheers
                        Thomas