Contact Form Validation

[EZE]

Okay, I made a some-what advanced contact form, which allows the user to choose with radio buttons out of 2 people to send the e-mail too(and a 'both' option), their e-mail name, their email address, the email subject, the e-mail message, and a checkbox to strip html tags. If the user doesn't type in a name, it uses their e-mail address as the name, so the name is not a required field. Also, EZE is checked for the "who to send it to" when the page loads. The form is self-submitting, which is the way I like it, but I am having trouble with the php validation proccess. Here is my long contact form code so far:

<?
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$sent = $_POST['send'];
$inputstf = 'Staff Member: <input type="radio" value="eze" name="to" checked="true" title="Send Message To EZE"/>EZE <input type="radio" value="tendin" name="to" title="Send Message To Tendin"/>Tendin <input type="radio" value="both" name="to" title="Send Message To Both EZE And Tendin"/>Both<br>';

$inputnm = 'Name:<input type="text" name="name" title="Your Prefered Email Name" value="' . $name . '"/><br>';

$inpitem = 'Email:<input type="text" name="email" title="Your Email Address" value="' . $email . '"/><br>';

$inputsub = 'Subject:<input type="text" name="subject" title="The Email Subject" value="' . $subject . '"/><br>';

$inputmsg = 'Message:<textarea title="Enter Your Message Here" name="message" value="' . $message . '"></textarea><br>';
if($_POST['to'] == 'eze'){
	$to = '[email protected]';
	$toname = 'EZE';
	$himthem = 'him';
	$toto = '[email protected]';
}
elseif($_POST['to'] == 'tendin'){
	$to = '[email protected]';
	$toname = 'Tendin';
	$himthem = 'him';
	$toto = '[email protected]';
}
elseif($_POST['to'] == 'both'){
	$to = '[email protected],[email protected]';
	$toname = 'EZE and Tendin';
	$himthem = 'them';
	$toto = '[email protected] and [email protected]';
}
$extra = "From: \"$name\" <$email> \r\n";
if($sent){
$valid=true;
if(!$email){
	$errmsg.='\t*You did not enter a E-mail address.<br>';
	$inpitem = '<span style="color:#FF0000;">*</span> Email:<input type="text" name="email" title="Your Email Address" value="' . $email . '"/><br>';
	$valid=false;
}
if(!name){
	$extra="From: $email \r\n";
}
if(!$subject){
	$errmsg.='\t*You did not type anything for the subject.<br>';
	$inputsub = '<span style="color:#FF0000;">*</span> Subject:<input type="text" name="subject" title="The Email Subject" value="' . $subject . '"/><br>';
	$valid=false;
}
if(!$message){
	$errmsg.='\t*You did not enter any text for the message.<br>';
	$inputmsg = '<span style="color:#FF0000;">*</span> Message:<textarea title="Enter Your Message Here" name="message" value="' . $message . '"></textarea><br>';
	$valid=false;
}
}
if($valid != true){
echo '' . $errmsg . '<form method="post" name="email_form" action="' . $_SERVER['PHP_SELF'] . '" onsubmit="document.email_form.send.value=\'Sending...\';document.email_form.send.disabled=\'true\';document.email_form.reset.value=\'Not Available\';document.email_form.reset.disabled=\'true\';" onReset="return confirm(\'Are you sure you wish to reset all form fields?\');">
' . $inputstf . '
' . $inputnm . '
' . $inpitem . '
' . $inputsub . '
' . $inputmsg . '
<input type="checkbox" name="html" title="Check This To Remove Any Inputted HTML Tags From Any Form Fields. If Unchecked, HTML Will Show Up As Plain Text."/> Delete HTML Tags?<sup><small>*Note* If not checked, HTML will show up as text.</small></sup><br>
<input type="reset" value="Reset Fields" title="Reset All Fields" name="reset"/> <input type="submit" value="Send" name="send" title="Send Email"/>
</form>';
}
else{
if($_POST['html']){
$name = strip_tags($name);
$subject = strip_tags($subject);
$message = strip_tags($message);
}
$name = stripslashes($name);
$subject = stripslashes($subject);
$message = stripslashes($message);
$ip = gethostbyaddr($_SERVER['REMOTE_ADDR']);

$browser = $_SERVER['HTTP_USER_AGENT'];
$date = date("l, g:i:s A, F dS, Y");
$ref = $_SERVER['HTTP_REFERER'];
$mail  = mail($to, $subject, "$message\n----- \nUsers IP: $ip\nUsers Browser: $browser\nDate Sent: $date\nSent From: $ref", $extra);
if($mail){
echo "Your message has been sent to $toname, $name.<br />Click <a href=\"contact.php\" title=\"Send $toname another message.\">here</a> to send $toname another message, or click <a href=\"mailto:$to\" title=\"Send $toname a message through your email client.\">here</a> to contact $himthem directly at $toto through you email client. Please note that your IP address, the http location from where you submitted this email, and exact date of when this email was sent, have all been recorded in the email, so if you have spammed, sent any type of inappropriate email, or hotlinked this form script, your IP will be banned from being able to view this site.";
}
else{
	echo'An unknown error occured while sending the email, click <a href="contact.php" title="Go Back And Try Again">here</a> to go back and try to send the message again. Or contact the site administrator at <a href="mailto:[email protected]&subject=Mail Form Error" title="E-mail The Site Administrator">[email protected]</a>';
}
}
?>

The sent email contains the input from the user, and a "signature" that states the users IP and ISP, their Browser, the http location from where the form was submitted, and the users browser. The problem is that when the user hits the submit button, no matter what, the page just refreshes, and nothing happens. The email isn't sent, and the form fields don't have a value from what the user submitted. I have the feeling the porblem is staring me right in the face, but I can't see it. Any suggestions?

[corbin]

Dunno if it has anything to do with it, but if(!name){ isn't helping...

 

 

[yzerman]

Check your server logs. When I tried this script on my webhost, it was blocked at the host and I received the warning:

 

[Fri Feb 2 23:17:47 2007] [error] [client 74.244.245.250] mod_security: Warning. Pattern match "([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}" at POST_PAYLOAD [hostname "sandynpaul.com"] [uri "/test/mail.php"]

 

now I am not a regex junky, but it looks like that mod is looking for any email being sent thru a php script and blocking it.

[corbin]

Pretty sure that's just your server that does that though lol

[EZE]

Okay, then how can I add validation like that? Here is my script without the validation.

<?
$inputstf = 'Staff Member: <input type="radio" value="eze" name="to" checked="true" title="Send Message To EZE"/>EZE <input type="radio" value="tendin" name="to" title="Send Message To Tendin"/>Tendin <input type="radio" value="both" name="to" title="Send Message To Both EZE And Tendin"/>Both<br>';

$inputnm = 'Name:<input type="text" name="name" title="Your Prefered Email Name"/><br>';

$inpitem = 'Email:<input type="text" name="email" title="Your Email Address"/><br>';

$inputsub = 'Subject:<input type="text" name="subject" title="The Email Subject"/><br>';

$inputmsg = 'Message:<textarea title="Enter Your Message Here" name="message"></textarea><br>';
if($_POST['to'] == 'eze'){
	$to = '[email protected]';
	$toname = 'EZE';
	$himthem = 'him';
	$toto = '[email protected]';
}
elseif($_POST['to'] == 'tendin'){
	$to = '[email protected]';
	$toname = 'Tendin';
	$himthem = 'him';
	$toto = '[email protected]';
}
elseif($_POST['to'] == 'both'){
	$to = '[email protected],[email protected]';
	$toname = 'EZE and Tendin';
	$himthem = 'them';
	$toto = '[email protected] and [email protected]';
}
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$extra = "From: \"$name\" <$email> \r\n";
if(!$email and !$subject and !$message and !$to){
echo '<form method="post" name="email_form" action="' . $_SERVER['PHP_SELF'] . '" onsubmit="document.email_form.send.value=\'Sending...\';document.email_form.send.disabled=\'true\';document.email_form.reset.value=\'Not Available\';document.email_form.reset.disabled=\'true\';" onReset="return confirm(\'Are you sure you wish to reset all form fields?\');">
' . $inputstf . '
' . $inputnm . '
' . $inpitem . '
' . $inputsub . '
' . $inputmsg . '
<input type="checkbox" name="html" title="Check This To Remove Any Inputted HTML Tags From Any Form Fields. If Unchecked, HTML Will Show Up As Plain Text."/> Delete HTML Tags?<sup><small>*Note* If not checked, HTML will show up as text.</small></sup><br>
<input type="reset" value="Reset Fields" title="Reset All Fields" name="reset"/> <input type="submit" value="Send" name="send" title="Send Email"/>
</form>';
}
else{
if($_POST['html']){
$name = strip_tags($name);
$subject = strip_tags($subject);
$message = strip_tags($message);
}
$name = stripslashes($name);
$subject = stripslashes($subject);
$message = stripslashes($message);
$ip = gethostbyaddr($_SERVER['REMOTE_ADDR']);

$browser = $_SERVER['HTTP_USER_AGENT'];
$date = date("l, g:i:s A, F dS, Y");
$ref = $_SERVER['HTTP_REFERER'];
$mail  = mail($to, $subject, "$message\n----- \nUsers IP: $ip\nUsers Browser: $browser\nDate Sent: $date\nSent From: $ref", $extra);
echo "Your message has been sent to $toname, $name.<br />Click <a href=\"contact.php\" title=\"Send $toname another message.\">here</a> to send $toname another message, or click <a href=\"mailto:$to\" title=\"Send $toname a message through your email client.\">here</a> to contact $himthem directly at $toto through you email client. Please note that your IP address, the http location from where you submitted this email, and exact date of when this email was sent, have all been recorded in the email, so if you have spammed, sent any type of inappropriate email, or hotlinked this form script, your IP will be banned from being able to view this site.";
}
?>