PHWinfo - Afficher un message - Problem with a contact me php form. Anyone look please?

26/03/2008, 03h04

Mike Barnard wrote:
> Hi.
>
>
> I know next to nothing about PHP, and to be honest I don't need to
> learn it. I just need a simple form to work. Can anyone look at it
> for me?
>
> I have downloaded a freebie php script for a spam free email contact
> form. This is where it came from...
>
> http://www.stevedawson.com/article0015.php
>
> I have butchered it slightly, but not the basic code, just the excess
> table stuff. The problem is that a valid email address I entered as a
> test returns as invalid. Can anyone tell me if the script is any good
> and worth persevering with or is there better somewhere? I don't mind
> the inbox filling up with tests if you should so fancy!

>
> You will find my version at www.thermachek.com/ on the contact link.
> Ah, just thought. You won't see the code as it will be processed
> first. I'll paste it at the end.
>
> OK, here I go again, off to the land of nod. 14 past 11 at night.
>
> Thanks all. G'night.
>
>
>
>
>
>
>
>
>
>
>
>
> <?php
> if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
>
> /* ******* START OF CONFIG SECTION ****** */
>
>
>
>
> $sendto = "info [alpha tango] thermachek (delta oscar tango) com";
>
> // I messed up this address just for usenet. It's not like this on my
> // site.
>
>
>
>
> $subject = "Email from Thermachek website";
>
> // Select if you want to check form for standard spam text
>
> $SpamCheck = "Y"; // Y or N
>
> $SpamReplaceText = "*content removed*";
>
> // Error message printed if spam form attack found
>
> $SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious
> code content detected.
>
> </font><br><b>Your IP Number of <b>".getenv("REMOTE_ADDR")."</b> has
> been logged.</b></p>";
>
> /* ******* END OF CONFIG SECTION ****** */
> $name = $HTTP_POST_VARS['name'];
> $email = $HTTP_POST_VARS['email'];
> $message = $HTTP_POST_VARS['message'];
> $headers = "From: $email\n";
> $headers . "MIME-Version: 1.0\n"
> . "Content-Transfer-Encoding: 7bit\n"
> . "Content-type: text/html; charset =
> \"iso-8859-1\";\n\n";
> if ($SpamCheck == "Y") {
> // Check for Website URL's in the form input boxes as if we block
> website URLs from the form,
> // then this will stop the spammers wastignt ime sending emails
> if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage";
> exit();}
> if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage";
> exit();}
> if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage";
> exit();}
>
> // Patterm match search to strip out the invalid charcaters, this
> prevents the mail injection spammer
> $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; //
> build the pattern match string
>
> $name = preg_replace($pattern, "", $name);
> $email = preg_replace($pattern, "", $email);
> $message = preg_replace($pattern, "", $message);
>
> // Check for the injected headers from the spammer attempt
> // This will replace the injection attempt text with the string you
> have set in the above config section
> $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
> $email = preg_replace($find, "$SpamReplaceText", $email);
> $name = preg_replace($find, "$SpamReplaceText", $name);
> $message = preg_replace($find, "$SpamReplaceText", $message);
>
> // Check to see if the fields contain any content we want to ban
> if(stristr($name, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
> if(stristr($message, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
>
> // Do a check on the send email and subject text
> if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
> if(stristr($subject, $SpamReplaceText) !== FALSE) {echo
> "$SpamErrorMessage"; exit();}
> }
> // Build the email body text
> $emailcontent = "
> -----------------------------------------------------------------------------
> Email from Thermachek website
> -----------------------------------------------------------------------------
> Name: $name
> Email: $email
> Message: $message
>
> _______________________________________
> End of Email
> ";
> // Check the email address enmtered matches the standard email address
> format
> if (!eregi("^[A-Z0-9_%-]+@[A-Z0-9_%-]+\.a[A-Z]{2,6}$", $email)) {
> echo "<p>It appears you entered an invalid email address</p><p><a
> href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
> }
>
> elseif (!trim($name)) {
> echo "<p>Please go back and enter a Name</p><p><a href='javascript:
> history.go(-1)'>Click here to go back</a>.</p>";
> }
>
>
> elseif (!trim($message)) {
> echo "<p>Please go back and type a Message</p><p><a
> href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
> }
>
> elseif (!trim($email)) {
> echo "<p>Please go back and enter an Email</p><p><a
> href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
> }
>
> // Sends out the email or will output the error message
> elseif (mail($sendto, $subject, $emailcontent, $headers)) {
> echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as
> soon as possible.</p>";
> }
> }
> else {
> ?>
>
>
> <form method="post"><INPUT NAME="op" TYPE="hidden" VALUE="send">
> <div> 
>
> <table>
> <tr>
> <td><p>Name:</p></td>
> <td>
> <input name="name" type="text" size="30" maxlength="150">
> </td>
> </tr>
> <tr>
> <td><p>E-mail:</p></td>
> <td>
> <input name="email" type="text" size="30" maxlength="150">
> </td>
> </tr>
>
> <tr>
> <td valign="top"><p>Message:</p></td>
> <td><textarea name="message" cols="50"
> rows="20"></textarea></td>
> </tr>
> <tr><td></td> <td><input name="submit" type="submit" value="Send
> Message"></td></tr>
> </table>
>
> </div>
> </form>
> <?php } ?>
>
>
>
>

If you don't need to learn php, hire a consultant to fix it for you.

This is a group to PHP programmers, not give you free consulting
services.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

26/03/2008, 03h04	#2
Jerry Stuckle Messages: n/a Hébergeur:	Re: Problem with a contact me php form. Anyone look please? Mike Barnard wrote: > Hi. > > > I know next to nothing about PHP, and to be honest I don't need to > learn it. I just need a simple form to work. Can anyone look at it > for me? > > I have downloaded a freebie php script for a spam free email contact > form. This is where it came from... > > http://www.stevedawson.com/article0015.php > > I have butchered it slightly, but not the basic code, just the excess > table stuff. The problem is that a valid email address I entered as a > test returns as invalid. Can anyone tell me if the script is any good > and worth persevering with or is there better somewhere? I don't mind > the inbox filling up with tests if you should so fancy! > > You will find my version at www.thermachek.com/ on the contact link. > Ah, just thought. You won't see the code as it will be processed > first. I'll paste it at the end. > > OK, here I go again, off to the land of nod. 14 past 11 at night. > > Thanks all. G'night. > > > > > > > > > > > > > <?php > if (isset($_POST["op"]) && ($_POST["op"]=="send")) { > > /* ***** START OF CONFIG SECTION **** / > > > > > $sendto = "info [alpha tango] thermachek (delta oscar tango) com"; > > // I messed up this address just for usenet. It's not like this on my > // site. > > > > > $subject = "Email from Thermachek website"; > > // Select if you want to check form for standard spam text > > $SpamCheck = "Y"; // Y or N > > $SpamReplaceText = "content removed"; > > // Error message printed if spam form attack found > > $SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious > code content detected. > > </font><br><b>Your IP Number of <b>".getenv("REMOTE_ADDR")."</b> has > been logged.</b></p>"; > > / ***** END OF CONFIG SECTION **** */ > $name = $HTTP_POST_VARS['name']; > $email = $HTTP_POST_VARS['email']; > $message = $HTTP_POST_VARS['message']; > $headers = "From: $email\n"; > $headers . "MIME-Version: 1.0\n" > . "Content-Transfer-Encoding: 7bit\n" > . "Content-type: text/html; charset = > \"iso-8859-1\";\n\n"; > if ($SpamCheck == "Y") { > // Check for Website URL's in the form input boxes as if we block > website URLs from the form, > // then this will stop the spammers wastignt ime sending emails > if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; > exit();} > if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; > exit();} > if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; > exit();} > > // Patterm match search to strip out the invalid charcaters, this > prevents the mail injection spammer > $pattern = '/(;\|\\|\|`\|>\|<\|&\|^\|"\|'."\n\|\r\|'".'\|{\|}\|[\|]\|\)\|\()/i'; // > build the pattern match string > > $name = preg_replace($pattern, "", $name); > $email = preg_replace($pattern, "", $email); > $message = preg_replace($pattern, "", $message); > > // Check for the injected headers from the spammer attempt > // This will replace the injection attempt text with the string you > have set in the above config section > $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i"); > $email = preg_replace($find, "$SpamReplaceText", $email); > $name = preg_replace($find, "$SpamReplaceText", $name); > $message = preg_replace($find, "$SpamReplaceText", $message); > > // Check to see if the fields contain any content we want to ban > if(stristr($name, $SpamReplaceText) !== FALSE) {echo > "$SpamErrorMessage"; exit();} > if(stristr($message, $SpamReplaceText) !== FALSE) {echo > "$SpamErrorMessage"; exit();} > > // Do a check on the send email and subject text > if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo > "$SpamErrorMessage"; exit();} > if(stristr($subject, $SpamReplaceText) !== FALSE) {echo > "$SpamErrorMessage"; exit();} > } > // Build the email body text > $emailcontent = " > ----------------------------------------------------------------------------- > Email from Thermachek website > ----------------------------------------------------------------------------- > Name: $name > Email: $email > Message: $message > > _______________________________________ > End of Email > "; > // Check the email address enmtered matches the standard email address > format > if (!eregi("^[A-Z0-9_%-]+@[A-Z0-9_%-]+\.a[A-Z]{2,6}$", $email)) { > echo "<p>It appears you entered an invalid email address</p><p><a > href='javascript: history.go(-1)'>Click here to go back</a>.</p>"; > } > > elseif (!trim($name)) { > echo "<p>Please go back and enter a Name</p><p><a href='javascript: > history.go(-1)'>Click here to go back</a>.</p>"; > } > > > elseif (!trim($message)) { > echo "<p>Please go back and type a Message</p><p><a > href='javascript: history.go(-1)'>Click here to go back</a>.</p>"; > } > > elseif (!trim($email)) { > echo "<p>Please go back and enter an Email</p><p><a > href='javascript: history.go(-1)'>Click here to go back</a>.</p>"; > } > > // Sends out the email or will output the error message > elseif (mail($sendto, $subject, $emailcontent, $headers)) { > echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as > soon as possible.</p>"; > } > } > else { > ?> > > > <form method="post"><INPUT NAME="op" TYPE="hidden" VALUE="send"> > <div> <!-- Block container for the input elements --> > > <table> > <tr> > <td><p>Name:</p></td> > <td> > <input name="name" type="text" size="30" maxlength="150"> > </td> > </tr> > <tr> > <td><p>E-mail:</p></td> > <td> > <input name="email" type="text" size="30" maxlength="150"> > </td> > </tr> > > <tr> > <td valign="top"><p>Message:</p></td> > <td><textarea name="message" cols="50" > rows="20"></textarea></td> > </tr> > <tr><td></td> <td><input name="submit" type="submit" value="Send > Message"></td></tr> > </table> > > </div> > </form> > <?php } ?> > > > > If you don't need to learn php, hire a consultant to fix it for you. This is a group to PHP programmers, not give you free consulting services. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================