working on debugging this contact form. I grabbed the original off the net, customized it a bit. It was passed on and customized some more for security. Now it is no longer working. The server is thought to be the issue. Could I have advice on how to best trouble shoot this please?
or what would be a better way to secure it?
thank you
<?php
//If the form is submitted
if(isset($_POST['submitted'])) {
//Check to see if the honeypot captcha field was filled in
if(trim($_POST['checking']) !== '') {
$hasError = true;
} else {
//Check to make sure that the name field is not empty
if(trim($_POST['contactFName']) === '') {
$nameFError = 'You forgot to enter your First name.';
if(trim($_POST['contactLName']) === '') {
$nameLError = 'You forgot to enter your Last name.';
}
$hasError = true;
} else if(trim($_POST['contactLName']) === '') {
$nameLError = 'You forgot to enter your Last name.';
$hasError = true;
}
else {
$name = trim($_POST['contactFName'])." ".trim($_POST['contactLName']);
// filtering on spambot text - SCB
if(strpos($name,'../') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'..\\\\') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.htm') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.html') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.ini') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.php') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.htaccess') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.bat') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.reg') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.sct') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.vb') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.ws') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.php') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'.aspx') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'/etc') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'/passwd') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'Response.Write') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'injected_value') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
if(strpos($name,'C:\\\\') !== false) { $hasError = true; $commentError = 'Your name contains invalid characters. Please revise.'; }
}
//Check to make sure sure that a valid email address is submitted
if(trim($_POST['email']) === '') {
$emailError = 'You forgot to enter your email address.';
$hasError = true;
} else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\\.[A-Z]{2,4}$", trim($_POST['email']))) {
$emailError = 'You entered an invalid email address.';
$hasError = true;
} else {
$email = trim($_POST['email']);
}
//Check to make sure comments were entered
if(trim($_POST['comments']) === '') {
$commentError = 'You forgot to enter your comments.';
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$comments = stripslashes(trim($_POST['comments']));
} else {
$comments = trim($_POST['comments']);
}
// filtering on spambot text - SCB
if(strpos($_POST['comments'],'../') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'..\\\\') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.htm') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.html') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.ini') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.php') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.htaccess') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.bat') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.reg') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.sct') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.vb') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.ws') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.php') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'.aspx') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'/etc') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'/passwd') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'C:\\\\') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'Response.Write') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
if(strpos($_POST['comments'],'injected_value') !== false) { $hasError = true; $commentError = 'Your comment contains invalid characters. Please revise.'; }
}
// SCB - record IP
$ip = $_SERVER['REMOTE_ADDR'];
//If there is no error, send the email
if(!isset($hasError)) {
$emailTo = 'xyz.xyz@email.com';
$emailTo2 = 'xyz.xyz@email.com'; //testing only - remove on launch
$subject = 'FORM - Contact Form Submission from '.$name;
$sendCopy = trim($_POST['sendCopy']);
$body = "Name: $name \
\
Email: $email \
\
Comments: $comments \
\
IP: $ip";
$bodyNoIp = "Name: $name \
\
Email: $email \
\
Comments: $comments";
$headers = 'From: us to you <'.$emailTo.'>' . "\\r\
" . 'Reply-To: ' . $email;
mail($emailTo, $subject, $body, $headers);
mail($emailTo2, $subject, $body, $headers);
if($sendCopy == true) {
$subject = 'Thank you for your interest in us';
$headers = "From: $name <$email>";
mail($email, $subject, $bodyNoIp, $headers);
}
$emailSent = true;
}
//If there is an error, send the email to SCB for testing
if(isset($hasError)) {
$emailTo = 'xyz.xyz@email.com';
$subject = 'ERROR - Contact Form Submission from '.$name;
$sendCopy = trim($_POST['sendCopy']);
$body = "Name: $name \
\
Email: $email \
\
Comments: $comments \
\
IP: $ip";
$headers = 'From: us to you<'.$emailTo.'>' . "\\r\
" . 'Reply-To: ' . $email;
mail($emailTo, $subject, $body, $headers);
//$emailSent = true;
}
}
} ?>