1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my contact php code okay?

Discussion in 'HTML, Graphics & Programming' started by Atomic, 17 Oct 2009.

  1. Atomic

    Hitman

    Joined: 27 Jan 2005

    Posts: 834

    Hello, I'm wondering if someone can be kind enough to at least give me some pointers with regards to creating a php script.

    I have an xhtml page(s) that's the main contact form in which the php will get the data from, and I have a OK and failure page for after the button is pressed. I need php code to be exclusive to a php page and not mixed with the xhtml. The main css style sheet will style all webpages and the contact form in the xhtml page.

    I need it to be secure and I'll try and try add recaptcha to it after.

    I've looked at tecrite and phpmailer code, and seeing it has over 1,000 lines of code it kind of went way over my head.

    Code:
    <?php
    
    // get posted data into local variables
    $EmailFrom = Trim(stripslashes($_POST['EmailFrom'])); 
    $EmailTo = "jon@mywebsite.com";
    $Subject = "from web site";
    $Name = Trim(stripslashes($_POST['Name'])); 
    $Address = Trim(stripslashes($_POST['Address'])); 
    $Telephone = Trim(stripslashes($_POST['Telephone'])); 
    $message = Trim(stripslashes($_POST['message'])); 
    
    // validation
    $validationOK=true;
    if (Trim($EmailFrom)=="") $validationOK=false;
    if (Trim($message)=="") $validationOK=false;
    if (!$validationOK) {
      print "<meta http-equiv=\"refresh\" content=\"0;URL=failure.htm\">";
      exit;
    }
    
    // prepare email body text
    $Body = "";
    $Body .= "Name: ";
    $Body .= $Name;
    $Body .= "\n";
    $Body .= "Address: ";
    $Body .= $Address;
    $Body .= "\n";
    $Body .= "Telephone: ";
    $Body .= $Telephone;
    $Body .= "\n";
    $Body .= "message: ";
    $Body .= $message;
    $Body .= "\n";
    
    // send email 
    $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
    
    // redirect to success page 
    if ($success){
      print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.htm\">";
    }
    else{
      print "<meta http-equiv=\"refresh\" content=\"0;URL=failure.htm\">";
    }
    ?>
    
     
  2. robmiller

    Capodecina

    Joined: 26 Dec 2003

    Posts: 16,522

    Location: London

    What happens when I write a script that requests that script every second of every day, and your inbox fills with hundreds of thousands of messages? What happens when I enter:

    Code:
    >
    CC: foo@bar.com, bar@baz.com, baz@foo.com, foobar@example.com, hundredsof@addresses.com
    From: <fake@example.com
    
    as my "from" address, and suddenly your script is spamming thousands of people and your hosting gets cancelled for abuse of your T&Cs?

    In other words: why not just use a pre-made script that has less holes in it than Swiss cheese?
     
  3. Atomic

    Hitman

    Joined: 27 Jan 2005

    Posts: 834

    Where can I get a premade script that does what I need? I've seen loads but all seem very to offer something different.
     
  4. Hotwired

    Sgarrista

    Joined: 17 Aug 2009

    Posts: 7,812

    There are good reasons for there being over 1000 lines of code in working examples, they've already sorted the bugs.
     
  5. Inquisitor

    Capodecina

    Joined: 12 Apr 2004

    Posts: 11,788

    Location: Birmingham

    [pedant]I dunno about you but I like scripts that have lots of Swiss cheese in them.[/pedant]
     
  6. Chandler_90

    Mobster

    Joined: 13 Feb 2004

    Posts: 2,645

    Location: South Shields

    I used this recently in the website I did for work.

    It allows a user to basically send an email to us via the website..

    Dunno if this will help you but I figure it will do no harm putting it up for you to look at :)

    The HTML is:

    Code:
    
    
    <div id="page">
    <!-- start content -->
    
    <div id="content">
    <div class="post4">
    
    <h1 class="title">Contact us..</h1>
     <p class="byline"><small>by filling out the form below:</small></p>
    
    <div id="contact-area">
    <form method="post" action="contactengine.php">
    
    <table>
    <tr>
    <td class="left"><label>Name:</label></td>
    <td><input type="text" name="Name" /></td>
    </tr>
    
    <tr>
    <td class="left"><label>Email:</label></td>
    <td><input type="text" name="Email" /></td>
    </tr>
     
    <tr>
    <td class="left"><label>Phone Number:</label></td>
    <td><input type="text" name="Tel" /></td>
    </tr>
         
    <tr>
    <td class="left"><label>City:</label></td>
    <td><input type="text" name="City" /></td>
    </tr>		
            
    <tr>
    <td class="left"><label>Message:</label></td>
    <td><textarea name="Message" rows="10" cols="50"></textarea></td>
    </tr>
    <tr>
    <td><input type="submit" name="submit" value="Submit" class="submit-button" /></td>
    </tr>
    </table>
    </form>
    </div>	
    </div>
    
    You can view this @ www.crane-express.com/contact.html

    Then you need a engine to process the data inputted by the user:

    Code:
    <?php
    
    $EmailFrom = "Website";
    $EmailTo = "*****Insertyouraddress@yourdomain.com*****";
    $Subject = "*****Website Message*****";
    $Name = Trim(stripslashes($_POST['Name'])); 
    $Tel = Trim(stripslashes($_POST['Tel'])); 
    $Email = Trim(stripslashes($_POST['Email'])); 
    $Message = Trim(stripslashes($_POST['Message'])); 
    
    // validation
    $validationOK=true;
    if (!$validationOK) {
      print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
      exit;
    }
    
    // prepare email body text
    $Body = "";
    $Body .= "Name: ";
    $Body .= $Name;
    $Body .= "\n";
    $Body .= "Tel: ";
    $Body .= $Tel;
    $Body .= "\n";
    $Body .= "City: ";
    $Body .= $City;
    $Body .= "\n";
    $Body .= "Email: ";
    $Body .= $Email;
    $Body .= "\n";
    $Body .= "Message: ";
    $Body .= $Message;
    $Body .= "\n";
    
    // send email 
    $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
    
    // redirect to success page 
    if ($success){
      print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.php\">";
    }
    else{
      print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
    }
    ?>
    
    Then you just need a success page to forward to.. changing the value at the bottom of the contact engine.

    Its a no frills method.. but might get you started on a path to something you prefer.

    Also.. there is little or no validation involved in this.. i am still needing to address that..
     
  7. Atomic

    Hitman

    Joined: 27 Jan 2005

    Posts: 834

    I've ended up using the tectite code which is doing the job. Just need to add recaptcha in to it if possible at a later date