Jump to content

Recommended Posts

Hi, I am trying to set up a Contact form. It is a simple contact form that fetches basic details like name, email, phone no, and message and emails it to a preset ID.

This is what I have at the moment for contact.php from the contact form that uses <form action="contact.php" method="post">

 

<?php

// Check if the form has been submitted
if (isset($_POST['submit'])) {

    // Get the form data
    $name = $_POST['full_name'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];
    $message = $_POST['message'];

    // Send an email to the contact email address
    $to_email = 'email@mydomain.com';
    $subject = 'New Contact Form Submission';
    $body = 'From: ' . $name . "\n" .
            'Email: ' . $email . "\n" .
            'Phone: ' . $phone . "\n" .
            'Message: ' . $message;

    mail($to_email, $subject, $body);

    // Redirect the user to the thank you page
    header('Location: thank-you.html');
}

?>

It works, but I am worried about spammers and bad actors who might flood the form. How can I add measures to stop flooding and other critical spam actions? It would be great if someone could help me find a safe tutorial on the same or give me some pointers.

Thanks.

 

 

Link to comment
https://forums.phpfreaks.com/topic/317192-contact-us-form-how-to/
Share on other sites

1. CAPTCHA
2. CAPTCHA
3. Use a mailing library like PhpMailer or SwiftMailer instead of doing it yourself with mail() - not least because they will construct proper emails that are less likely to hit your spam filters
4. CAPTCHA

  • Like 1

Hi, I have a working contact form with CAPTCHA now. Please see the code below

contact.php is

<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Contact Us</title>

    <!--Load reCAPTCHA API -->

    <script src="https://www.google.com/recaptcha/api.js" async defer></script>

  </head>

  <body>
   
  <form method="post">


    <!-- Form -->
 
     <input type="text" name="name" value="Name"/>
     <input type="email" name="email" value="name@example.com"/>
     <input type="text" name="message" value="Your Message"/>

    <!-- CAPTCHA  --> 

    <div class="g-recaptcha" data-sitekey="SITEKEY"></div>


     <input type="submit" name="submit" value="Go!"/>   

  </form>
 
  <?php

  //Process form on submit 

  if (isset($_POST['submit'])) {

    require "process.php";

  }

  ?>

  </body>
</html>

 

process.php is

 

<?php

// Verify CAPTCHA

$error = "";
$secret = "SECRET KEY";
$url = "https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=".$_POST['g-recaptcha-response'];
$verify = json_decode(file_get_contents($url));

// Send email if all is good 

if($verify->success) {

    $to = "name@email.com";
    $subject = "Contact Form Submission";
    $body = "";
    foreach ($_POST as $k=>$v) {
        if ($k != "g-recaptcha-response") { $body .= "$k : $v\r\n"; }
    }
    if (!mail($to, $subject, $body)) {
        $error = " Failed to send email";
    }
    
} else { $error = "Invalid CAPTCHA"; }

// Output result

echo $error=="" ? "OK" : $error;


?>

 

Sadly, there is no error displayed when someone skips CAPTCHA. The kind of people I am expecting might most likely won't know that they should click the " I am not a robot " box. It would be nice if someone could help me add the same. Thanks.

There isn't an error because you didn't write any code to do that. If you want to show an error (and also redisplay the form) then give PHP appropriate code for it.

It'll be a little awkward, though, considering your form is shown before you try to process it. Any errors you try to show will display below the form, which isn't where people would normally expect to see them.
It's actually quite backwards from how things are normally done. You should rearrange your code a little so that (1) if the form was submitted you process it, and then (2) you can show the form (if you want) with appropriate error messages (if you want).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.