Need help understanding a bit of PHP code

I need help understanding if some PHP code does what I think it does.

We are replacing our old Contact Form (which had no safety measures) and want it to have two safety features:

  1. a simple security code question, like “Using only numbers, what is 10 plus 15?”
  2. a way of cleaning, or sanitizing the submitted data to remove potentially damaging hacker codes

We think we found both - but we are not sure :frowning:

I found a pre-made contact form here: http://www.freecontactform.com/free.php that definitely has feature #1, but I can’t tell if it has feature #2

Below are their two pieces of pre-made PHP code that I think are applicable.

We need to know if:
a) it will work with PHP version 5+
b) the #2 (anti-spammer/anti-hacker) features* are in there

*for my educational reasons, can you tell me which lines of code are the anti-hacker ones?

Thank you for your help :slight_smile:

freecontactformsettings.php

<?php
$email_to = "youremailaddress@yourdomain.com"; // your email address
$email_subject = "Contact Form Message"; // email subject line
$thankyou = "thankyou.htm"; // thank you page
// if you update the question on the form -
// you need to update the questions answer below
$antispam_answer = "15";
?>

freecontactformprocess.php

<?php
/**
 * 
 * URL: www.freecontactform.com
 * 
 * Version: FreeContactForm Free V2.1
 * 
 * Copyright (c) 2012 Stuart Cochrane
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 * 
 * 
 * Note: This is NOT the same code as the PRO version
 * 
 */

if(isset($_POST['Email_Address'])) {
	
	include 'freecontactformsettings.php';
	
	function died($error) {
		echo "Sorry, but there were error(s) found with the form you submitted. ";
		echo "These errors appear below.<br /><br />";
		echo $error."<br /><br />";
		echo "Please go back and fix these errors.<br /><br />";
		die();
	}
	
	if(!isset($_POST['Full_Name']) ||
		!isset($_POST['Email_Address']) ||
		!isset($_POST['Telephone_Number']) ||
		!isset($_POST['Your_Message']) || 
		!isset($_POST['AntiSpam'])		
		) {
		died('Sorry, there appears to be a problem with your form submission.');		
	}
	
	$full_name = $_POST['Full_Name']; // required
	$email_from = $_POST['Email_Address']; // required
	$telephone = $_POST['Telephone_Number']; // not required
	$comments = $_POST['Your_Message']; // required
	$antispam = $_POST['AntiSpam']; // required
	
	$error_message = "";
	
	$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/';
  if(preg_match($email_exp,$email_from)==0) {
  	$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
  if(strlen($full_name) < 2) {
  	$error_message .= 'Your Name does not appear to be valid.<br />';
  }
  if(strlen($comments) < 2) {
  	$error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }
  
  if($antispam <> $antispam_answer) {
	$error_message .= 'The Anti-Spam answer you entered is not correct.<br />';
  }
  
  if(strlen($error_message) > 0) {
  	died($error_message);
  }
	$email_message = "Form details below.\\r\
";
	
	function clean_string($string) {
	  $bad = array("content-type","bcc:","to:","cc:");
	  return str_replace($bad,"",$string);
	}
	
	$email_message .= "Full Name: ".clean_string($full_name)."\\r\
";
	$email_message .= "Email: ".clean_string($email_from)."\\r\
";
	$email_message .= "Telephone: ".clean_string($telephone)."\\r\
";
	$email_message .= "Message: ".clean_string($comments)."\\r\
";
	
$headers = 'From: '.$email_from."\\r\
".
'Reply-To: '.$email_from."\\r\
" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
header("Location: $thankyou");
?>
<script>location.replace('<?php echo $thankyou;?>')</script>
<?php
}
die();
?>

Hi there,

As far as I can see, it shouldn’t be a problem.

Hard to say without seeing the form which submits its input to this PHP script.

What this script does do is the following:

[LIST]
[]It checks if the field “Email_Address” is set (presumably checks if someone has filled out an email address).
[
]If so, the next thing it does is to include the file “freecontactformsettings.php”. This is an unknown, as you don’t post the contents of this file.
[]Then it checks to see if the fields “Full_Name”, “Email_Address”, “Telephone_Number”, “Your_Message” and “AntiSpam” have values.
[
]It then checks that the email address is a valid one (using a reg ex) and that the variable $antispam is equal to the variable $antispam_answer.
[*]It then puts together an email message, sends it and redirects to the page defined in the variable $thankyou.
[/LIST]To answer your question, I’d say: it looks good, but either post the complete script, or just try it out on your server (doesn’t have to be on the live site).
There’s nothing in the code you posted that looks evil.

Or, as a third option, if you fancy a challenge you could code a contact form up from scratch.
It’s not very hard, then you’d also be sure that it worked as expected.
I could help you with that if you like.

The regex for the email is a bit iffy (validating email addresses is notoriously hard), but should work.

+1 for that.
It’s completely annoying when you enter your email address into a form, only for the form to tell you that the mail address that you entered and have been using for years is invalid.
I therefore tend to be a bit more lax with such a check: some characters, an at sign, some more characters, a dot and some more characters tends to do.

If you fancy blowing your mind, look here to see a more coplicated regex for validating email addresses: http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html

Thank you Pullo and StarLion !

I did paste in the code for the form below. And I am concerned about the “regex” you mentioned…:eek:

My explanation of what I was looking for was a bit fuzzy. I’ll try again…:blush:

This article http://web-op.com/forms-article.php talks about making Contact Forms that can’t be hijacked. It says:

Without the availability of email addresses to harvest from websites, spammers have turned the setback of feedback and contact forms into a springboard to send even more spam. By entering malicious data into the contact form, hackers or spammers can fool the PHP script into sending mass amounts of spam from your site. Thankfully, there is a solution that is fairly easy: Cleaning the data.

and suggests using some PHP code like this to prevent it:

// Mail header removal
function remove_headers($string) {
  $headers = array(
    "/to\\:/i",
    "/from\\:/i",
    "/bcc\\:/i",
    "/cc\\:/i",
    "/Content\\-Transfer\\-Encoding\\:/i",
    "/Content\\-Type\\:/i",
    "/Mime\\-Version\\:/i"
  );
  return preg_replace($headers, '', $string); }

The free form I found does not APPEAR to have any such code in it, but perhaps their developers took care of the issue a different way. That is what I was trying to ask in the original post: Does the FreeContactForm code also avoid the hijacking issue by some other method?

Email address validation: about the concern StarLion mentioned - How would I completely remove the whole email address validation step? Many of my customers are elderly and prefer to leave a phone number rather than an email. They may just type something like “none” in the email space, and I want that to be OK.

Thanks! :smiley:

<!--
URL: www.freecontactform.com
Version: FreeContactForm Free V2.2
Copyright (c) 2012 Stuart Cochrane
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<title>Contact Us</title>
	<script src="freecontactformvalidation.js"></script>
	<script>
	required.add('Full_Name','NOT_EMPTY','Full Name');
	required.add('Email_Address','EMAIL','Email Address');
	required.add('Your_Message','NOT_EMPTY','Your Message');
	required.add('AntiSpam','NOT_EMPTY','Anti-Spam Question');
	</script>
	<link rel="stylesheet" type="text/css" href="freecontactform.css">
	</head>
	<body>
	
	<form name="freecontactform" method="post" action="freecontactformprocess.php" onsubmit="return validate.check(this)">
	<table width="400px" class="freecontactform">
	<tr>
	 <td colspan="2">
	
	 <div class="freecontactformheader">Contact Us Form</div>
	
	 <div class="freecontactformmessage">Fields marked with <span class="required_star"> * </span> are mandatory.</div>
	
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	  <label for="Full_Name" class="required">Full Name<span class="required_star"> * </span></label>
	 </td>
	 <td valign="top">
	  <input type="text" name="Full_Name" id="Full_Name" maxlength="80" style="width:230px">
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	  <label for="Email_Address" class="required">Email Address<span class="required_star"> * </span></label>
	 </td>
	 <td valign="top">
	  <input type="text" name="Email_Address" id="Email_Address" maxlength="100" style="width:230px">
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	  <label for="Telephone_Number" class="not-required">Telephone Number</label>
	 </td>
	 <td valign="top">
	  <input type="text" name="Telephone_Number" id="Telephone_Number" maxlength="100" style="width:230px">
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	  <label for="Your_Message" class="required">Your Message<span class="required_star"> * </span></label>
	 </td>
	 <td valign="top">
	  <textarea style="width:230px;height:160px" name="Your_Message" id="Your_Message" maxlength="2000"></textarea>
	 </td>
	</tr>
	<tr>
	 <td colspan="2" style="text-align:center" >
	  <div class="antispammessage">
	  To help prevent automated spam, please answer this question
	  <br /><br />
		  <div class="antispamquestion">
		   <span class="required_star"> * </span>
		   Using only numbers, what is 10 plus 15? &nbsp;
		   <input type="text" name="AntiSpam" id="AntiSpam" maxlength="100" style="width:30px">
		  </div>
	  </div>
	 </td>
	</tr>
	<tr>
	 <td colspan="2" style="text-align:center" >
	 <br /><br />
	  <input type="submit" value=" Submit Form " style="width:200px;height:40px">
	  <br /><br />
	  <!--
	  If you want to remove this author link,
	  please purchase an unbranded version from: http://www.freecontactform.com/unbranded_form.php
	  Or upgrade to the professional version at: http://www.freecontactform.com/professional.php
	  -->
	  <div style="font-size:0.9em">Form provided by <a href="http://www.freecontactform.com" target="_blank">Free Contact Form</a></div>
	  <br /><br />
	 </td>
	</tr>
	</table>
	</form>
</body>
</html>

My favorite feature of GMail is the Filters. And it annoys me immensely when a site disallows the plus (+) in my email address!!

Oh right.
Yeah, the code you provided in your original post kind of does this, in so far as it scrubs any occurrences of “content-type”,“bcc:”,“to:” or “cc:” from the mail body and the headers:

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:");
  return str_replace($bad,"",$string);
}
    
$email_message .= "Full Name: ".clean_string($full_name)."\\r\
";
$email_message .= "Email: ".clean_string($email_from)."\\r\
";
$email_message .= "Telephone: ".clean_string($telephone)."\\r\
";
$email_message .= "Message: ".clean_string($comments)."\\r\
";
    
$headers = 'From: '.$email_from."\\r\
".
'Reply-To: '.$email_from."\\r\
" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);

As to whether that’s enough to be 100% on the safe side, I wouldn’t like to say.
It seems like a good start though and I’d like to think that your hosting company would let you know if your contact form was being used to send out hundreds of thousands of spam mails every day.

What do other people think??

How would I completely remove the whole email address validation step?

Remove, or comment out this line:

if(preg_match($email_exp,$email_from)==0) {
  $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}

The script will still require a value to be entered in the Email field, but won’t validate it against the aforementioned reg-ex.

HTH

I created a trial Contact Form page, and installed both the stock version and my own version of the pre-made contact form. And failed. Help?

Here is the trial page: http://easydigging.com/Contact-1.html

It’s a responsive page, so on wide screens the stock version is on the left and my own version is on the right. If you are looking at it with a skinny screen device, the stock will be above and my own version will be below.

[B]The stock one acts as if it is sending emails to me - but they never appear.

My version gives error messages even with all good data entered in the fields.

Two strikes, and I am almost out… Help!
[/B]
Here are the bits of code that pertain:

Stock contact form HTML:

<!-- Stock Contact Form -->
<form name="freecontactform" method="post" action="freecontactformprocess.php" onsubmit="return validate.check(this)">
	<table width="400px" class="freecontactform">
	<tr>
	 <td colspan="2">
	   <div class="freecontactformheader">Contact Us Form</div>
	   <div class="freecontactformmessage">Fields marked with <span class="required_star"> * </span> are mandatory.</div>
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	   <label for="Full_Name" class="required">Full Name<span class="required_star"> * </span></label>
	 </td>
	 <td valign="top">
	   <input type="text" name="Full_Name" id="Full_Name" maxlength="80" style="width:230px">
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	   <label for="Email_Address" class="required">Email Address<span class="required_star"> * </span></label>
	 </td>
	 <td valign="top">
	   <input type="text" name="Email_Address" id="Email_Address" maxlength="100" style="width:230px">
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	   <label for="Telephone_Number" class="not-required">Telephone Number</label>
	 </td>
	 <td valign="top">
	   <input type="text" name="Telephone_Number" id="Telephone_Number" maxlength="100" style="width:230px">
	 </td>
	</tr>
	<tr>
	 <td valign="top">
	   <label for="Your_Message" class="required">Your Message<span class="required_star"> * </span></label>
	 </td>
	 <td valign="top">
	   <textarea style="width:230px;height:160px" name="Your_Message" id="Your_Message" maxlength="2000"></textarea>
	 </td>
	</tr>
	<tr>
	 <td colspan="2" style="text-align:center" >
	   <div class="antispammessage">
	   To help prevent automated spam, please answer this question
	   <br /><br />
		  <div class="antispamquestion">
		    <span class="required_star"> * </span>
		    Using only numbers, what is 6 plus 6? &nbsp;
		    <input type="text" name="AntiSpam" id="AntiSpam" maxlength="100" style="width:30px">
		  </div>
	   </div>
	 </td>
	</tr>
	<tr>
	 <td colspan="2" style="text-align:center" >
	   <br /><br />
	   <input type="submit" value=" Submit Form " style="width:200px;height:40px">
	   <br /><br />
	   <!--
	   If you want to remove this author link,
	   please purchase an unbranded version from: http://www.freecontactform.com/unbranded_form.php
	   Or upgrade to the professional version at: http://www.freecontactform.com/professional.php
	   -->
	  <div style="font-size:0.9em">Form provided by <a href="http://www.freecontactform.com" target="_blank">Free Contact Form</a></div>
	  <br /><br />
	 </td>
	</tr>
	</table>
</form>

My version of the contact form HTML: (Twitter Bootstrap site)

<form name="freecontactform" method="post" action="freecontactformprocess.php" onsubmit="return validate.check(this)">
     <fieldset>

		 <legend>Contact Us Form</legend>
         <label>Your Name:</label>
         <input class="input-block-level" type="text"
             name="Full_Name" id="Full_Name" placeholder="name here…">
	
		 <label>Email Address:</label>
         <input class="input-block-level" type="text"
	         name="Email_Address" id="Email_Address" placeholder="email here…">
	
	     <label>Telephone Number:</label>
         <input class="input-block-level" type="text"
	         name="Telephone_Number" id="Telephone_Number" placeholder="phone here…">
         <span class="help-block">We need either an email or phone to reply to you.</span>
	
	     <label>Your message:</label>		
	     <textarea class="input-block-level" rows="3" name="Your_Message" id="Your_Message" maxlength="2000">
		 </textarea>
		
     <div style=text-align:center; >
	     <label><strong>To prevent automated spam, you must answer this question:</strong></label>
	     <label>What is 6 + 6 ?</label>		
	     <input class="input-mini" type="text" maxlength="3"
	         name="AntiSpam" id="AntiSpam" placeholder="number">		
	     <br/ >
		 <div class="form-actions">
             <input class="btn btn-large btn-primary" type="submit" value="&nbsp; Submit Form &nbsp;">
		 </div>
	 </div>
     </fieldset>
</form>

Javascript: freecontactformvalidation.js

function has_id(id){try{var tmp=document.getElementById(id).value;}catch(e){return false;}
return true;}
function has_name(nm){try{var tmp=cfrm.nm.type;}catch(e){return false;}
return true;}
function $$(id){if(!has_id(id)&&!has_name(id)){alert("Field "+id+" does not exist!\
 Form validation configuration error.");return false;}
if(has_id(id)){return document.getElementById(id).value;}else{return;}}
function $val(id){return document.getElementById(id);}
function trim(id){$val(id).value=$val(id).value.replace(/^\\s+/,'').replace(/\\s+$/,'');}
var required={field:[],add:function(name,type,mess){this.field[this.field.length]=[name,type,mess];},out:function(){return this.field;},clear:function(){this.field=[];}};var validate={check:function(cform){var error_message='Please fix the following errors:\
\
';var mess_part='';var to_focus='';var tmp=true;for(var i=0;i<required.field.length;i++){if(this.checkit(required.field[i][0],required.field[i][1],cform)){}else{error_message=error_message+required.field[i][2]+' must be supplied\
';if(has_id(required.field[i][0])&&to_focus.length===0){to_focus=required.field[i][0];}
tmp=false;}}
if(!tmp){alert(error_message);}
if(to_focus.length>0){document.getElementById(to_focus).focus();}
return tmp;},checkit:function(cvalue,ctype,cform){if(ctype=="NOT_EMPTY"){if(this.trim($$(cvalue)).length<1){return false;}else{return true;}}else if(ctype=="EMAIL"){exp=/^[a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,4}$/;if($$(cvalue).match(exp)==null){return false;}else{return true;}}},trim:function(s){if(s.length>0){return s.replace(/^\\s+/,'').replace(/\\s+$/,'');}else{return s;}}};

PHP #1: freecontactformsettings.php

<?php
$email_to = "contact@easydigging.com"; // your email address
$email_subject = "Contact Form Message"; // email subject line
$thankyou = "confirmcontact.html"; // thank you page

// if you update the question on the form -
// you need to update the questions answer below
$antispam_answer = "12";
?>

PHP#2: freecontactformprocess.php

<?php
/**
 *
 * URL: www.freecontactform.com
 *
 * Version: FreeContactForm Free V2.1
 *
 * Copyright (c) 2012 Stuart Cochrane
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 *
 * Note: This is NOT the same code as the PRO version
 *
 */

if(isset($_POST['Email_Address'])) {
	
	include 'freecontactformsettings.php';
	
	function died($error) {
		echo "Sorry, but there were error(s) found with the form you submitted. ";
		echo "These errors appear below.<br /><br />";
		echo $error."<br /><br />";
		echo "Please go back and fix these errors.<br /><br />";
		die();
	}
	
	if(!isset($_POST['Full_Name']) ||
		!isset($_POST['Email_Address']) ||
		!isset($_POST['Telephone_Number']) ||
		!isset($_POST['Your_Message']) ||
		!isset($_POST['AntiSpam'])		
		) {
		died('Sorry, there appears to be a problem with your form submission.');		
	}
	
	$full_name = $_POST['Full_Name']; // required NOT
	$email_from = $_POST['Email_Address']; // required NOT
	$telephone = $_POST['Telephone_Number']; // not required
	$comments = $_POST['Your_Message']; // required
	$antispam = $_POST['AntiSpam']; // required
	
	$error_message = "";
/* Commented out these two pieces to allow anonymous comments (no name or no email address)
	$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/';
  if(preg_match($email_exp,$email_from)==0) {
  	$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
  if(strlen($full_name) < 2) {
  	$error_message .= 'Your Name does not appear to be valid.<br />';
  } */
  if(strlen($comments) < 2) {
  	$error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }

  if($antispam <> $antispam_answer) {
	$error_message .= 'The Anti-Spam answer you entered is not correct.<br />';
  }

  if(strlen($error_message) > 0) {
  	died($error_message);
  }
	$email_message = "Form details below.\\r\
";
	
	function clean_string($string) {
	  $bad = array("content-type","bcc:","to:","cc:");
	  return str_replace($bad,"",$string);
	}
	
	$email_message .= "Full Name: ".clean_string($full_name)."\\r\
";
	$email_message .= "Email: ".clean_string($email_from)."\\r\
";
	$email_message .= "Telephone: ".clean_string($telephone)."\\r\
";
	$email_message .= "Message: ".clean_string($comments)."\\r\
";
	
$headers = 'From: '.$email_from."\\r\
".
'Reply-To: '.$email_from."\\r\
" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
header("Location: $thankyou");
?>
<script>location.replace('<?php echo $thankyou;?>')</script>
<?php
}
die();
?>

This is why I tend to just use something like a Zend Framework component for checking email.

You can basically do this:


$emailToCheck = 'test@test.com';

$validator = new Zend_Validate_EmailAddress();

if ($validator->isValid($emailToCheck)){
 //email address is valid
}else{
 //email address is invalid
}


For me it’s a case of why re-invent the wheel? Someone else has already solved the problem, so I’ll just use that.

Hi Greg,

Well done for having a go at this on your own.
It’s the way to go.

So, there appear to be two problems:

This appears to be a mail configuration setting.
If we were going to debug this, you would have to see what is being submitted by the form and where things go wrong server-side.

But let’s stick with your solution:

The reason that it is returning with error messages is that you are calling the other form’s validate() method when you submit it.
There is something in this method which is causing it to return false and thus prevent submission.
However, the JavaScript you provided is minified and I don’t really want to pick my way through all of that.

So, we need to decide what to do.
Do you want to debug the original script, or do you want to construct a contact form on your own (my preferred solution)?

I can help you with either one. Just let me know.

Thanks Pullo :slight_smile: for any help you (or any other members) can give to create a Contact Form that will work with Twitter Bootstrap.

I did some searching this morning, but can not find any sort of tutorial that tells how to get a Twitter Bootstrap form to send an email or check for common Contact Form hijacking tricks. Most articles say to just tweak a generic Contact Form until it works :mad:

Many of my customers are elderly - some do not like giving their email and prefer to be phoned…
So my Contact Form design goals are:

  1. does not require text in any of the fields except the Message field
  2. has some method to prevent common hijacking methods
    Bonus Goals would be:
  3. some way to prevent bots from sending me messages through the form
  4. a filter on the Message field that prevents the email from sending if words like “viagra” or “SEO” appear in the message :rolleyes:

I’ve been working on the probem today, and have gotten a little closer. Here is what I have:

Contact page #2 is here: http://easydigging.com/Contact/Contact-2.html
It uses the FreeContactForm code. It now almost works - except I still am not receiving emails sent from it. This one is my preferred choice.

Contact page #3 is here: http://easydigging.com/Contact/Contact-3.html
It uses the wufoo.com code. It does work - but the free version has limitations I am not happy with.

Anybody know how to fix Contact page #2 ? Do you need me to post any code? I think all the code is in yesterday’s message. Except for little changes I did to the HTML which can be seen using View Source.

Thanks!

Ok, so lets have a look at this one then.
I just tried sending you a test message, through this form.
The validation seems to work ok and after submission I was redirected to http://easydigging.com/Contact/confirmcontact.html, which is as it should be.

But you say you’re not getting the mail.

First of all, check your spam folder.
I know this sounds simple, but would be a real DOH! moment if we try to debug this only to find out the messages are landing there.

Presuming that the spam folder is empty, please comment out (or remove) the following lines in your PHP script:

mail($email_to, $email_subject, $email_message, $headers); 
header("Location: $thankyou");

Then add the following in their place:

echo "Email to: $email_to<br />";
echo "Email subject: $email_subject<br />";
echo "Email message: $email_message<br />";
echo "Headers: $headers<br />";
exit();

Please let me know when you have done that.

Hi Pullo and all others who have been following this thread,

I discovered that my webhosting service (Yahoo!) uses a somewhat unconventional method of processing and transmitting emails from any Contact Form on my site. That’s why all the things we have tried have not worked. :frowning:

Since we can’t do it with PHP, I changed my approach to creating the Contact Form and re-started a new thread over on the JavaScript page. Here is the new thread:

I appreciate all the help you have given me here :slight_smile: