Jump to content

contact form and captcha issue


ianhaney

Recommended Posts

Hi

 

I am having bit of a issue with a contact form and captcha code where it is not being validated and working, in my mailer.php script, I just get a blank white page after clicking submit on the contact page

 

below is my contact form script

<?php
if(!empty($errors)){
echo "<p class='err'>".nl2br($errors)."</p>";
}
?>
<div id='contact_form_errorloc' class='err'></div>
<form method="POST" name="contact_form" action="mailer.php"> 
<p>
<label for='name'>Name: </label><br>
<input type="text" name="name" value='<?php echo htmlentities($name) ?>'>
</p>
<p>
<label for='email'>Email: </label><br>
<input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>'>
</p>
<p>
<label for='phone'>Phone: </label><br>
<input type="text" name="phone" value='<?php echo htmlentities($phone) ?>'>
</p>

<p>
How Did You Find Us?
<br />
<select name="foundus" required="required">
  <option value="">Select...</option>
  <option value="Google">Google</option>
  <option value="Facebook">Facebook</option>
  <option value="Other">Other</option>
</select>
</p>

<p>
<label for='message'>Message: </label><br>
<textarea name="message" value='<?php echo htmlentities($message) ?>'></textarea>
</p>

<br />

<p>
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br>
<label for='message'>Enter the code above here :</label><br>
<input id="6_letters_code" name="6_letters_code" type="text"><br>
<small>Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh</small>
</p>
<br />
<input type="submit" value="Submit" name='submit'>
</form>
<script language="JavaScript">
// Code for validating the form
// Visit http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
// for details
var frmvalidator  = new Validator("contact_form");
//remove the following two lines if you like error message box popups
frmvalidator.EnableOnPageErrorDisplaySingleBox();
frmvalidator.EnableMsgsTogether();

frmvalidator.addValidation("name","req","Please provide your name"); 
frmvalidator.addValidation("email","req","Please provide your email");
frmvalidator.addValidation("email","email","Please enter a valid email address");
frmvalidator.addValidation("phone","req","Please provide your phone number");  
frmvalidator.addValidation("phone","phone","Please enter a valid phone number");
frmvalidator.addValidation("message","req","Please enter your enquiry");
frmvalidator.addValidation("foundus","req","Please select how you found us");
</script>
<script language='JavaScript' type='text/javascript'>
function refreshCaptcha()
{
	var img = document.images['captchaimg'];
	img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>

below is my mailer.php script

<?php 

error_reporting(E_ALL);
ini_set('display_errors', 1);

$your_email ='email address';// <<=== update to your email address

session_start();
$errors = '';
$name = '';
$visitor_email = '';
$phone = '';
$foundus = '';
$message = '';

if(isset($_POST['submit']))
{
	
	if(empty($_SESSION['6_letters_code'] ) ||
    strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
  {
      //Note: the captcha code is compared case insensitively.
      //if you want case sensitive match, update the check above to
      // strcmp()
    $errors .= "n <div class='contact-text-sitemap'>The captcha code does not match!</div>";
  }
	
	$name = $_POST['name'];
	$visitor_email = $_POST['email'];
	$phone = $_POST['phone'];
	$foundus = $_POST['foundus'];	
	$message = $_POST['message'];
	///------------Do Validations-------------
	if(empty($name)||empty($visitor_email)||empty($phone)||empty($message))
	{
		$errors .= "\n Name, Email, Phone and Message are required fields. ";	
	}
	if(IsInjected($visitor_email))
	{
		$errors .= "\n Bad email value!";
	}
	
	if(empty($errors))
	{
		//send the email
		$to = $your_email;
		$subject="New Website Enquiry";
		$from = $your_email;
		$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
		
		$body = "A user  $name submitted the contact form:\n".
		"Name: $name\n".
		"Email: $visitor_email \n".
		"Phone: $phone \n".
		"How Did You Find Us: $foundus \n".
		"Message: \n ".
		"$message\n".
		
		$headers = "From: $from \r\n";
		$headers .= "Reply-To: $visitor_email \r\n";
		
		mail($to, $subject, $body,$headers);
		
		header('Location: thank-you.php');
	}
}

// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>
Edited by ianhaney
Link to comment
Share on other sites

Something like this:

session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
//
$your_email ='email address';// <<=== update to your email address
$errors = '';
$name = '';
$visitor_email = '';
$phone = '';
$foundus = '';
$message = '';
//*****
echo "in mailer script<br>";
if(isset($_POST['submit']))
{
echo "Got submit<br>";
if(empty($_SESSION['6_letters_code']) ||
strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
{
//Note: the captcha code is compared case insensitively.
//if you want case sensitive match, update the check above to
// strcmp()
$errors .= "n <div class='contact-text-sitemap'>The captcha code does not match!</div>";
}
echo "captcha check: $errors<br>";
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$phone = $_POST['phone'];
$foundus = $_POST['foundus'];
$message = $_POST['message'];
///------------Do Validations-------------
if(empty($name)||empty($visitor_email)||empty($phone)||empty($message))
{
$errors .= "\n Name, Email, Phone and Message are required fields. ";
}
echo "inputs check: $errors<br>";
if(IsInjected($visitor_email))
{
$errors .= "\n Bad email value!";
}
echo "injection check: $errors<br>";
if(empty($errors))
{
//send the email
$to = $your_email;
$subject="New Website Enquiry";
$from = $your_email;
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$body = "A user $name submitted the contact form:\n".
"Name: $name\n".
"Email: $visitor_email \n".
"Phone: $phone \n".
"How Did You Find Us: $foundus \n".
"Message: \n ".
"$message\n".
$headers = "From: $from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
echo "Mail parts:<br>to $to subj $subj<br>";
echo "body $body<br>";
echo "headers $headers<br>";
mail($to, $subject, $body,$headers);
// header('Location: thank-you.php');
echo "Mail call was made";
}
}
echo "no submit found";
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.