php contact form

[danny322]

Hello everyone.

 

Im new to this forum as im very inexperienced with php and i need some help. The link below is a contact form for a website i am building, i HAVE to use the php code thats in the script already but it really makes to sense to me at all, i dont know where to start 

 

http://www.geneticsweb.co.uk/contact.php

 

When the form is filled out it doesnt send anything to the "[email protected]" email account, i just get taken to a blank page.

 

I would be hugely grateful if somebody could help me get this working.

 

Thankyou, Daniel

[LemonInflux]

Can we see some code?

[runnerjp]

could you paste the code on here so we can have alook at it please

[danny322]

Certainly......

 

<?
function antispam()
{
// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
    if (!isset($_SERVER['HTTP_USER_AGENT'])) {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was indeed POST'ed:
    //  (requires your html form to use: action="post")
    if (!$_SERVER['REQUEST_METHOD'] == "POST") {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was posted from an approved host name.
    if (!strstr($_SERVER['HTTP_REFERER'], "cashincar")) {
        //logBadRequest();
        header("HTTP/1.0 403 Forbidden");
        exit;
    }
// Attempt to defend against header injections:
    $badStrings = array("Content-Type:",
    "MIME-Version:",
    "Content-Transfer-Encoding:",
    "bcc:",
    "cc:",
    "http://www.genetics.co.uk/contact.php");
// Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v){
        foreach($badStrings as $v2){
            if (strpos($v, $v2) !== false) {
                //        logBadRequest();
                header("HTTP/1.0 403 Forbidden");
                exit;
            }
        }
        
    }
    
}
// do stuff to the post
if ($_POST) {
antispam();
while (list($key, $value) = each($_POST)) {
$$key = $value;
$message .=$key.": ".$value."\n";
}
//mail form    
$message = "There has been a message/request from ".$_SERVER['HTTP_HOST']."\n\n".$message;
$message .="-----------------------\n\n";
$message = stripslashes($message);
mail("[email protected]", "Genetics Feedback", $message, "From: [email protected]");
} 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>geNetics Web - Next Generation Web Development</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="gen.css">
</head>
<body>
<div id="wrapper">
  <div id="about_us">
    <ul>
      <li><a href="index.html"> Home</a></li>
      <li><a href="our_team.html">Our team</a></li>
      <li><a href="about_us.html">About us</a></li>
      <li><a href="our_work.html">Our work</a></li>
      <li><a href="contact.php"class="yourhere">Contact</a></li>
    </ul>
<p>Please don't hesitate to contact us, we will be more than happy to help. Simply fill out the form below:</p>
<div class="form"><form name="contact" action="contact.php" method="POST">
  Your Name:<br>
  <input class="form_style" name="name" type="text" size="20" maxlength="30"/><br><br>
  Telephone:<br>
  <input class="form_style" name="telephone" type="text" size="20" maxlength="20" /><br><br>
  Email:<br>
  <input class="form_style" name="email" type="text" size="20" maxlength="50" /><br><br>
  Comments and Questions:<br>
     <textarea class="form_style" name="comments" cols="20" rows="5"></textarea><br>
  <input class="submitbtn" name="submit" type="submit" value="Submit"/>
  </form></div>
</div>

  <div id="footer">Next generation web development</div>	
</body>
</html>

[LemonInflux]

I'll read it in a sec. Until then, put the following at the top of the page and re-run:

 

error_reporting(E_ALL);
ini_set('display_errors', '1');

[danny322]

shall i just put it underneath the  <?  tag?

[revraz]

Yes

[runnerjp]

intresting this should work... wat does the error say?

[danny322]

Hey.

 

I have pasted my updated code below. Still no luck 

 

If you visit http://www.geneticsweb.co.uk/contact.php you will see the error im getting.

 

Thanks

 

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
if(isset($_POST['submit'])) { 
$to = "[email protected]"; 
$subject = "Genetics Feedback"; 
$name_field = $_POST['name'];
$telephone_field = $_POST['telephone']; 
$email_field = $_POST['email']; 
$comments_field = $_POST['comments']; 
$message = $_GET['message'];

$body = "From: $name_field\n E-Mail: $telephone_field\n Telephone: $email_field\n Comments:\n $comments"; 


if(mail($to, $subject, $body)) { 
$message = "Sent!";}
else { echo "Mail failed"; } 

function antispam()
{
// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
    if (!isset($_SERVER['HTTP_USER_AGENT'])) {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was indeed POST'ed:
    //  (requires your html form to use: action="post")
    if (!$_SERVER['REQUEST_METHOD'] == "POST") {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was posted from an approved host name.
    if (!strstr($_SERVER['HTTP_REFERER'], "cashincar")) {
        //logBadRequest();
        header("HTTP/1.0 403 Forbidden");
        exit;
    }
// Attempt to defend against header injections:
    $badStrings = array("Content-Type:",
    "MIME-Version:",
    "Content-Transfer-Encoding:",
    "bcc:",
    "cc:",
    "http://www.genetics.co.uk/contact.php");
// Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v){
        foreach($badStrings as $v2){
            if (strpos($v, $v2) !== false) {
                //        logBadRequest();
                header("HTTP/1.0 403 Forbidden");
                exit;
            }
        }

    }

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>geNetics Web - Next Generation Web Development</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="gen.css">
</head>
<body>
<div id="wrapper">
  <div id="about_us">
    <ul>
      <li><a href="index.html"> Home</a></li>
      <li><a href="our_team.html">Our team</a></li>
      <li><a href="about_us.html">About us</a></li>
      <li><a href="our_work.html">Our work</a></li>
      <li><a href="contact.php"class="yourhere">Contact</a></li>
    </ul>



<p>Please don't hesitate to contact us, we will be more than happy to help. Simply fill out the form below:</p>
<div class="form"><form name="contact" action="contact.php" method="POST">
  Your Name:<br>
  <input class="form_style" name="name" type="text" size="20" maxlength="30"/><br><br>
  Telephone:<br>
  <input class="form_style" name="telephone" type="text" size="20" maxlength="20" /><br><br>
  Email:<br>
  <input class="form_style" name="email" type="text" size="20" maxlength="50" /><br><br>
  Comments and Questions:<br>
     <textarea class="form_style" name="comments" cols="20" rows="5"></textarea><br>
   <input class="submitbtn" name="submit" type="submit" value="Submit"/>
   </form>
   <?php echo $message ; ?>
   </div>
</div>

  <div id="footer">Next generation web development</div> 
</body>
</html>

[~n[EO]n~]

you have left one curly bracket  }

 

<?php
// add one here
}
?>

[danny322]

Oh dear lol. Thanks neon.

 

It seems to be ok now but what i want is for a message to be displayed below the 'submit' button that says "sent" or "error". Could you help? I have had a go at doing this but if you go back to http://www.geneticsweb.co.uk/contact.php there is an error message saying

Notice: Undefined variable: message in /www/geneticsweb.co.uk/contact.php on line 96

 

Thanks

[~n[EO]n~]

I got that err in my pc too...

$message= ""; // declare this blank at top after line 3 

 

BTW you haven't validated your fields , I can submit blank 

[danny322]

Thanks again neon.

 

Sorry to ask so many questions.......but how do i validate the fields?

 

Thanks 

[~n[EO]n~]

Replace this code, hope it works 

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$message = "";
// here is the validation----- modify the message as you wish 
	if (empty($_POST['email']))
	$message = "Please enter an email<br />";
	if(!ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", $_POST['email'])) 
	$message .= "Please enter an valid email<br />";
	if (empty($_POST['name']))
	$message .= "Please enter name<br />";
	if (empty($_POST['telephone']))
	$message .= "Please enter telephone<br />";
//----------------end of validation 

if(isset($_POST['submit']) && empty($message)) 
{ 

$to = "[email protected]"; 
$subject = "Genetics Feedback"; 
$name_field = $_POST['name'];
$telephone_field = $_POST['telephone']; 
$email_field = $_POST['email']; 
$comments_field = $_POST['comments']; 
$message = $_GET['message'];

$body = "From: $name_field\n E-Mail: $telephone_field\n Telephone: $email_field\n Comments:\n $comments"; 


	if(mail($to, $subject, $body)) 
	{ 
	$message = "Sent!";
	}
	else { 
	echo "Mail failed"; 
	} 

function antispam()
{
// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
    if (!isset($_SERVER['HTTP_USER_AGENT'])) {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was indeed POST'ed:
    //  (requires your html form to use: action="post")
    if (!$_SERVER['REQUEST_METHOD'] == "POST") {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was posted from an approved host name.
    if (!strstr($_SERVER['HTTP_REFERER'], "cashincar")) {
        //logBadRequest();
        header("HTTP/1.0 403 Forbidden");
        exit;
    }
// Attempt to defend against header injections:
    $badStrings = array("Content-Type:",
    "MIME-Version:",
    "Content-Transfer-Encoding:",
    "bcc:",
    "cc:",
    "http://www.genetics.co.uk/contact.php");
// Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v)
{
        foreach($badStrings as $v2){
            if (strpos($v, $v2) !== false) 
		{
                //        logBadRequest();
                header("HTTP/1.0 403 Forbidden");
                exit;
            }
     }

    }
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>geNetics Web - Next Generation Web Development</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="gen.css">
</head>
<body>
<div id="wrapper">
  <div id="about_us">
    <ul>
      <li><a href="index.html"> Home</a></li>
      <li><a href="our_team.html">Our team</a></li>
      <li><a href="about_us.html">About us</a></li>
      <li><a href="our_work.html">Our work</a></li>
      <li><a href="contact.php"class="yourhere">Contact</a></li>
    </ul>



<p>Please don't hesitate to contact us, we will be more than happy to help. Simply fill out the form below:</p>
<div class="form"><form name="contact" action="contact.php" method="POST">
  Your Name:<br>
  <input class="form_style" name="name" type="text" size="20" maxlength="30"/><br><br>
  Telephone:<br>
  <input class="form_style" name="telephone" type="text" size="20" maxlength="20" /><br><br>
  Email:<br>
  <input class="form_style" name="email" type="text" size="20" maxlength="50" /><br><br>
  Comments and Questions:<br>
     <textarea class="form_style" name="comments" cols="20" rows="5"></textarea><br>
   <input class="submitbtn" name="submit" type="submit" value="Submit"/>
   </form>
   <?php if (!empty($message)) { echo $message;} ?>
   </div>
</div>

  <div id="footer">Next generation web development</div> 
</body>
</html>

[danny322]

Thanks for the code  heres whats happening now lol...... http://www.geneticsweb.co.uk/contact.php

[runnerjp]

i did it and it sent ... whats the problem

[~n[EO]n~]

Sorry , silly mistake LOL, now try this...

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$message = "";

if(isset($_POST['submit'])) 
{ 

// here is the validation----- modify the message as you wish 
		if (empty($_POST['email']))
		$message = "Please enter an email<br />";
		if(!ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", $_REQUEST['email'])) 
		$message .= "Please enter an valid email<br />";
		if (empty($_POST['name']))
		$message .= "Please enter name<br />";
		if (empty($_POST['telephone']))
		$message .= "Please enter telephone<br />";
//----------------end of validation 
	if (empty($message)) {

	$to = "[email protected]"; 
	$subject = "Genetics Feedback"; 
	$name_field = $_POST['name'];
	$telephone_field = $_POST['telephone']; 
	$email_field = $_POST['email']; 
	$comments_field = $_POST['comments']; 
	$message = $_GET['message'];

	$body = "From: $name_field\n E-Mail: $telephone_field\n Telephone: $email_field\n Comments:\n $comments"; 


	if(mail($to, $subject, $body)) 
	{ 
	$message = "Sent!";
	}
	else { 
	echo "Mail failed"; 
	} 

function antispam()
{
// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
    if (!isset($_SERVER['HTTP_USER_AGENT'])) {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was indeed POST'ed:
    //  (requires your html form to use: action="post")
    if (!$_SERVER['REQUEST_METHOD'] == "POST") {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was posted from an approved host name.
    if (!strstr($_SERVER['HTTP_REFERER'], "cashincar")) {
        //logBadRequest();
        header("HTTP/1.0 403 Forbidden");
        exit;
    }
// Attempt to defend against header injections:
    $badStrings = array("Content-Type:",
    "MIME-Version:",
    "Content-Transfer-Encoding:",
    "bcc:",
    "cc:",
    "http://www.genetics.co.uk/contact.php");
// Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v)
{
        foreach($badStrings as $v2){
            if (strpos($v, $v2) !== false) 
		{
                //        logBadRequest();
                header("HTTP/1.0 403 Forbidden");
                exit;
            }
     }

    }
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>geNetics Web - Next Generation Web Development</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="gen.css">
</head>
<body>
<div id="wrapper">
  <div id="about_us">
    <ul>
      <li><a href="index.html"> Home</a></li>
      <li><a href="our_team.html">Our team</a></li>
      <li><a href="about_us.html">About us</a></li>
      <li><a href="our_work.html">Our work</a></li>
      <li><a href="contact.php"class="yourhere">Contact</a></li>
    </ul>



<p>Please don't hesitate to contact us, we will be more than happy to help. Simply fill out the form below:</p>
<div class="form"><form name="contact" action="check3.php" method="POST">
  Your Name:<br>
  <input class="form_style" name="name" type="text" size="20" maxlength="30"/><br><br>
  Telephone:<br>
  <input class="form_style" name="telephone" type="text" size="20" maxlength="20" /><br><br>
  Email:<br>
  <input class="form_style" name="email" type="text" size="20" maxlength="50" /><br><br>
  Comments and Questions:<br>
     <textarea class="form_style" name="comments" cols="20" rows="5"></textarea><br>
   <input class="submitbtn" name="submit" type="submit" value="Submit"/>
   </form>
   <?php if (!empty($message)) { echo $message;} ?>
   </div>
</div>

  <div id="footer">Next generation web development</div> 
</body>
</html>

[rajivgonsalves]

just put a if statement above your validation code

 

if (isset($_POST['submit']))
{
	if (empty($_POST['email']))
	$message = "Please enter an email<br />";
	if(!ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", $_POST['email'])) 
	$message .= "Please enter an valid email<br />";
	if (empty($_POST['name']))
	$message .= "Please enter name<br />";
	if (empty($_POST['telephone']))
	$message .= "Please enter telephone<br />";
}

[danny322]

Neon...when i fill out the form and click 'submit', i get this message ->

Notice: Undefined index: message in /www/geneticsweb.co.uk/contact.php on line 27

this is the code which is on line 27:

$message = $_GET['message'];

 

Do i not need it?

 

Also, it sends the email fine but if you notice, once 'submit' is clicked the layout changes and the page looks terrible 

 

Thanks again

[~n[EO]n~]

Hmmm... there is name conflict in your text field and error message so please change

This message to..

$message = $_GET['message'];

to

$user_message = $_GET['message'];

or anything else you feel comfortable

[danny322]

hmmm, im still getting the same message ??? heres the code i have now.......was it just that one line i needed to change to $user_message?

 

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$message = "";

if(isset($_POST['submit'])) 
{ 

// here is the validation----- modify the message as you wish 
		if (empty($_POST['email']))
		$message = "Please enter an email<br />";
		if(!ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", $_REQUEST['email'])) 
		$message .= "Please enter an valid email<br />";
		if (empty($_POST['name']))
		$message .= "Please enter name<br />";
		if (empty($_POST['telephone']))
		$message .= "Please enter telephone<br />";
//----------------end of validation 
	if (empty($message)) {

	$to = "[email protected]"; 
	$subject = "Genetics Feedback"; 
	$name_field = $_POST['name'];
	$telephone_field = $_POST['telephone']; 
	$email_field = $_POST['email']; 
	$comments_field = $_POST['comments']; 
	$user_message = $_GET['message'];

	$body = "From: $name_field\n E-Mail: $telephone_field\n Telephone: $email_field\n Comments:\n $comments"; 


	if(mail($to, $subject, $body)) 
	{ 
	$message = "Sent!";
	}
	else { 
	echo "Mail failed"; 
	} 

function antispam()
{
// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
    if (!isset($_SERVER['HTTP_USER_AGENT'])) {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was indeed POST'ed:
    //  (requires your html form to use: action="post")
    if (!$_SERVER['REQUEST_METHOD'] == "POST") {
        die("Forbidden - You are not authorized to view this page");
        exit;
    }
// Make sure the form was posted from an approved host name.
    if (!strstr($_SERVER['HTTP_REFERER'], "cashincar")) {
        //logBadRequest();
        header("HTTP/1.0 403 Forbidden");
        exit;
    }
// Attempt to defend against header injections:
    $badStrings = array("Content-Type:",
    "MIME-Version:",
    "Content-Transfer-Encoding:",
    "bcc:",
    "cc:",
    "http://www.genetics.co.uk/contact.php");
// Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v)
{
        foreach($badStrings as $v2){
            if (strpos($v, $v2) !== false) 
		{
                //        logBadRequest();
                header("HTTP/1.0 403 Forbidden");
                exit;
            }
     }

    }
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>geNetics Web - Next Generation Web Development</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="gen.css">
</head>
<body>
<div id="wrapper">
  <div id="about_us">
    <ul>
      <li><a href="index.html"> Home</a></li>
      <li><a href="our_team.html">Our team</a></li>
      <li><a href="about_us.html">About us</a></li>
      <li><a href="our_work.html">Our work</a></li>
      <li><a href="contact.php"class="yourhere">Contact</a></li>
    </ul>



<p>Please don't hesitate to contact us, we will be more than happy to help. Simply fill out the form below:</p>
<div class="form"><form name="contact" action="contact.php" method="POST">
  Your Name:<br>
  <input class="form_style" name="name" type="text" size="20" maxlength="30"/><br><br>
  Telephone:<br>
  <input class="form_style" name="telephone" type="text" size="20" maxlength="20" /><br><br>
  Email:<br>
  <input class="form_style" name="email" type="text" size="20" maxlength="50" /><br><br>
  Comments and Questions:<br>
     <textarea class="form_style" name="comments" cols="20" rows="5"></textarea><br>
   <input class="submitbtn" name="submit" type="submit" value="Submit"/>
   </form>
   <?php if (!empty($message)) { echo $message;} ?>
   </div>
</div>

  <div id="footer">Next generation web development</div> 
</body>
</html>

[runnerjp]

it means u are nameing more then 1 textfiled the same as anouther have look through other parts of script and see if any match