Is my contact php code okay?

Associate
Joined
27 Jan 2005
Posts
830
Hello, I'm wondering if someone can be kind enough to at least give me some pointers with regards to creating a php script.

I have an xhtml page(s) that's the main contact form in which the php will get the data from, and I have a OK and failure page for after the button is pressed. I need php code to be exclusive to a php page and not mixed with the xhtml. The main css style sheet will style all webpages and the contact form in the xhtml page.

I need it to be secure and I'll try and try add recaptcha to it after.

I've looked at tecrite and phpmailer code, and seeing it has over 1,000 lines of code it kind of went way over my head.

Code:
<?php

// get posted data into local variables
$EmailFrom = Trim(stripslashes($_POST['EmailFrom'])); 
$EmailTo = "[email protected]";
$Subject = "from web site";
$Name = Trim(stripslashes($_POST['Name'])); 
$Address = Trim(stripslashes($_POST['Address'])); 
$Telephone = Trim(stripslashes($_POST['Telephone'])); 
$message = Trim(stripslashes($_POST['message'])); 

// validation
$validationOK=true;
if (Trim($EmailFrom)=="") $validationOK=false;
if (Trim($message)=="") $validationOK=false;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=failure.htm\">";
  exit;
}

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Address: ";
$Body .= $Address;
$Body .= "\n";
$Body .= "Telephone: ";
$Body .= $Telephone;
$Body .= "\n";
$Body .= "message: ";
$Body .= $message;
$Body .= "\n";

// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// redirect to success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.htm\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=failure.htm\">";
}
?>
 
Soldato
Joined
26 Dec 2003
Posts
16,522
Location
London
What happens when I write a script that requests that script every second of every day, and your inbox fills with hundreds of thousands of messages? What happens when I enter:


as my "from" address, and suddenly your script is spamming thousands of people and your hosting gets cancelled for abuse of your T&Cs?

In other words: why not just use a pre-made script that has less holes in it than Swiss cheese?
 
Associate
OP
Joined
27 Jan 2005
Posts
830
Where can I get a premade script that does what I need? I've seen loads but all seem very to offer something different.
 
Soldato
Joined
13 Feb 2004
Posts
2,654
Location
South Shields
I used this recently in the website I did for work.

It allows a user to basically send an email to us via the website..

Dunno if this will help you but I figure it will do no harm putting it up for you to look at :)

The HTML is:

Code:
<div id="page">
<!-- start content -->

<div id="content">
<div class="post4">

<h1 class="title">Contact us..</h1>
 <p class="byline"><small>by filling out the form below:</small></p>

<div id="contact-area">
<form method="post" action="contactengine.php">

<table>
<tr>
<td class="left"><label>Name:</label></td>
<td><input type="text" name="Name" /></td>
</tr>

<tr>
<td class="left"><label>Email:</label></td>
<td><input type="text" name="Email" /></td>
</tr>
 
<tr>
<td class="left"><label>Phone Number:</label></td>
<td><input type="text" name="Tel" /></td>
</tr>
     
<tr>
<td class="left"><label>City:</label></td>
<td><input type="text" name="City" /></td>
</tr>		
        
<tr>
<td class="left"><label>Message:</label></td>
<td><textarea name="Message" rows="10" cols="50"></textarea></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit" class="submit-button" /></td>
</tr>
</table>
</form>
</div>	
</div>

You can view this @ www.crane-express.com/contact.html

Then you need a engine to process the data inputted by the user:

Code:
<?php

$EmailFrom = "Website";
$EmailTo = "*****[email protected]*****";
$Subject = "*****Website Message*****";
$Name = Trim(stripslashes($_POST['Name'])); 
$Tel = Trim(stripslashes($_POST['Tel'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Message = Trim(stripslashes($_POST['Message'])); 

// validation
$validationOK=true;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
  exit;
}

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "\n";
$Body .= "City: ";
$Body .= $City;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";

// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// redirect to success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.php\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>

Then you just need a success page to forward to.. changing the value at the bottom of the contact engine.

Its a no frills method.. but might get you started on a path to something you prefer.

Also.. there is little or no validation involved in this.. i am still needing to address that..
 
Associate
OP
Joined
27 Jan 2005
Posts
830
I've ended up using the tectite code which is doing the job. Just need to add recaptcha in to it if possible at a later date
 
Back
Top Bottom