Dilip Posted August 16, 2023 Share Posted August 16, 2023 Hi, I am trying to set up a Contact form. It is a simple contact form that fetches basic details like name, email, phone no, and message and emails it to a preset ID. This is what I have at the moment for contact.php from the contact form that uses <form action="contact.php" method="post"> <?php // Check if the form has been submitted if (isset($_POST['submit'])) { // Get the form data $name = $_POST['full_name']; $email = $_POST['email']; $phone = $_POST['phone']; $message = $_POST['message']; // Send an email to the contact email address $to_email = 'email@mydomain.com'; $subject = 'New Contact Form Submission'; $body = 'From: ' . $name . "\n" . 'Email: ' . $email . "\n" . 'Phone: ' . $phone . "\n" . 'Message: ' . $message; mail($to_email, $subject, $body); // Redirect the user to the thank you page header('Location: thank-you.html'); } ?> It works, but I am worried about spammers and bad actors who might flood the form. How can I add measures to stop flooding and other critical spam actions? It would be great if someone could help me find a safe tutorial on the same or give me some pointers. Thanks. Quote Link to comment Share on other sites More sharing options...
requinix Posted August 16, 2023 Share Posted August 16, 2023 1. CAPTCHA 2. CAPTCHA 3. Use a mailing library like PhpMailer or SwiftMailer instead of doing it yourself with mail() - not least because they will construct proper emails that are less likely to hit your spam filters 4. CAPTCHA 1 Quote Link to comment Share on other sites More sharing options...
Dilip Posted August 16, 2023 Author Share Posted August 16, 2023 Hi, thanks I do remember seeing a video which talks about using reCAPTCHA in contact.php. Will try to find it again. Also, I am using Namecheap shared hosting. Is it possible to use phpMailer or SwiftMailer while using shared hosting? Quote Link to comment Share on other sites More sharing options...
requinix Posted August 16, 2023 Share Posted August 16, 2023 Those are just PHP libraries. PHP code. They'll work just as well as your own code does. 1 Quote Link to comment Share on other sites More sharing options...
Dilip Posted August 16, 2023 Author Share Posted August 16, 2023 It needs Composer though, right? Quote Link to comment Share on other sites More sharing options...
requinix Posted August 16, 2023 Share Posted August 16, 2023 You don't have to if you don't want to, but it is the package management tool for PHP. And it's not like you have to install any actual software - Composer is, itself, also PHP code that you can simply run. 1 Quote Link to comment Share on other sites More sharing options...
Dilip Posted August 17, 2023 Author Share Posted August 17, 2023 Hi, I have a working contact form with CAPTCHA now. Please see the code below contact.php is <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Contact Us</title> <!--Load reCAPTCHA API --> <script src="https://www.google.com/recaptcha/api.js" async defer></script> </head> <body> <form method="post"> <!-- Form --> <input type="text" name="name" value="Name"/> <input type="email" name="email" value="name@example.com"/> <input type="text" name="message" value="Your Message"/> <!-- CAPTCHA --> <div class="g-recaptcha" data-sitekey="SITEKEY"></div> <input type="submit" name="submit" value="Go!"/> </form> <?php //Process form on submit if (isset($_POST['submit'])) { require "process.php"; } ?> </body> </html> process.php is <?php // Verify CAPTCHA $error = ""; $secret = "SECRET KEY"; $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=".$_POST['g-recaptcha-response']; $verify = json_decode(file_get_contents($url)); // Send email if all is good if($verify->success) { $to = "name@email.com"; $subject = "Contact Form Submission"; $body = ""; foreach ($_POST as $k=>$v) { if ($k != "g-recaptcha-response") { $body .= "$k : $v\r\n"; } } if (!mail($to, $subject, $body)) { $error = " Failed to send email"; } } else { $error = "Invalid CAPTCHA"; } // Output result echo $error=="" ? "OK" : $error; ?> Sadly, there is no error displayed when someone skips CAPTCHA. The kind of people I am expecting might most likely won't know that they should click the " I am not a robot " box. It would be nice if someone could help me add the same. Thanks. Quote Link to comment Share on other sites More sharing options...
requinix Posted August 17, 2023 Share Posted August 17, 2023 There isn't an error because you didn't write any code to do that. If you want to show an error (and also redisplay the form) then give PHP appropriate code for it. It'll be a little awkward, though, considering your form is shown before you try to process it. Any errors you try to show will display below the form, which isn't where people would normally expect to see them. It's actually quite backwards from how things are normally done. You should rearrange your code a little so that (1) if the form was submitted you process it, and then (2) you can show the form (if you want) with appropriate error messages (if you want). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.