...

View Full Version : Captcha Contact Form



Genie1
09-13-2009, 12:31 AM
Hello Guys,

I have got a contact form which works fine, but when i used this tutorial it just gives me a blank page when i click on submit. If someone could please help, as it will be apericiated. Thank you

contact backside


<?php
session_start();
$Title = $_POST['Title'];
$firstname = $_POST['firstname'];
$surname= $_POST['surname'];
$email = $_POST['email'] ;
$phone_number = $_POST['phone_number'];
$pref = $_POST['pref'];
$subject = "Test Form" ;
$message="

Title: $Title
\nFirst Name: $firstname
\nSurname: $surname
\nEmail From: $email
\nContact Number: $phone_number
\nMessage: $message
\nPreferred Contact is .::$pref::.

";
$user_answer = $_POST['answer'];
$real_answer = $_SESSION['answer'];


if(empty($user_answer != $real_answer) {
echo "Math question was incorrect, please try again";
} else {
mail( "Test@Test.com", "$subject", $message, "From: $email" );
echo "Thank you for using our mail form.<br/>";
echo "Your email has been sent.";
<script type="text/javascript">
<!--
window.location = "http://www.Test.com/thankyou.html"
//-->
</script>
}
?>


Tutorial

http://www.thetutorialblog.com/2009/07/21/php-contact-form/

Once again, thank you

Zangeel
09-13-2009, 12:34 AM
empty() was used incorrectly, there was a missing ), and you cannot inject JS in php, you need to stop execution of the php script.

Like zis!



<?php
session_start();
$Title = $_POST['Title'];
$firstname = $_POST['firstname'];
$surname= $_POST['surname'];
$email = $_POST['email'] ;
$phone_number = $_POST['phone_number'];
$pref = $_POST['pref'];
$subject = "Test Form" ;
$message="

Title: $Title
\nFirst Name: $firstname
\nSurname: $surname
\nEmail From: $email
\nContact Number: $phone_number
\nMessage: $message
\nPreferred Contact is .::$pref::.

";
$user_answer = $_POST['answer'];
$real_answer = $_SESSION['answer'];


if($user_answer != $real_answer) {
echo "Math question was incorrect, please try again";
} else {
mail( "Test@Test.com", "$subject", $message, "From: $email" );
echo "Thank you for using our mail form.<br/>";
echo "Your email has been sent.";
?>
<script type="text/javascript">
<!--
window.location = "http://www.Test.com/thankyou.html"
//-->
</script>
<?php
}
?>

Genie1
09-13-2009, 12:39 AM
Hello,

THank you for your reply, i would like to ask say that i dont get an blank pages :) however it goes straight to "thank you" page, rather than checking if the answer is correct or not.

Any ideas why?

Thank you

Zangeel
09-13-2009, 12:43 AM
Well whasts on the page that contains the form? And has the captcha code and all

Genie1
09-13-2009, 12:52 AM
Hello,

THank you

Here is the code



<fieldset>
<legend class="formL"><img src="images/contactus.gif" width="150" height="35" alt="ContactForm" /></legend>
<?php
session_start();
?>
<form method="post" action="email.php">
<table id="form">
<tr>
<td title="Please enter your first name."><font>First Name</font> <font color="#FF0000" size="-2"><sup>&#42;</sup></font></td><td><input type="text" id="firstname" size="26" maxlength="12" name="firstname"/></td>
</tr>
<tr>
<td title="Please enter your surname."><font>Surname</font> <font color="#FF0000" size="-2"><sup>&#42;</sup></font></td><td><input type="text" id="surname" size="26" maxlength="12" name="surname" /></td>
</tr>
<tr>
<td title="Please enter your email address."><font>Email Adress</font> <font color="#FF0000" size="-2"><sup>&#42;</sup></font></td><td><input type="text" id="email" size="26" maxlength="40" name="email" /></td>
</tr>
<tr>
<td><font>Message</font></td><td title="Please enter your message."><textarea rows="5" cols="49" name="message"></textarea></td>
</tr>
<tr>
<td>
<?php
$num_one = rand() % 10;
$num_two = rand() & 10;
$final_num = $num_one + $num_two;
$_SESSION['answer'] = $final_num;
echo $num_one . ' + ' . $num_two . ' = ';
?>
</td>
<td>
<input type="text" name="answer" />
</td>
</tr>
<tr>
<td></td><td><input type="submit" value="Send" name="submit" /></td>
</tr>
</table>
</form>
</fieldset>

Zangeel
09-13-2009, 01:05 AM
It looks ok.

Debug it like this, on email.php put



print_r($_POST);
print_r($_SESSION);


somewhere in the php tags (might wanna remove the redirect for now)

It'll show all the post data, and any sessions. If it has the answer session and the post data answer, then i wouldnt know whats wrong with it.

Genie1
09-13-2009, 01:13 AM
Hello,

For somereason it works now??

I am not sure, why this has happend, but when i test the form, it redirects me correctly, and i get an email :) however i dont get what i have typed in my contact form (text area of message)

Any ideas?

Thank you

Zangeel
09-13-2009, 01:24 AM
Well the way you have your form set up it has no validation. So if someone inputs nothing, the form still sends.

If/Else is good for this


if ( strlen ($_POST['email'] ) < 1 )
{
echo 'Fill in blahblah';
} else if ( strlen ( $_POST['name'] ) < 1 ) //... etc

also, this might explain why theres nothing in the mail



$message="

Title: $Title
\nFirst Name: $firstname
\nSurname: $surname
\nEmail From: $email
\nContact Number: $phone_number
\nMessage: $message
\nPreferred Contact is .::$pref::.

";


$message = $message??

Genie1
09-13-2009, 01:51 AM
Hello,


THank you, got that working now :)

Regarding checking if the end user has entered anything or not, to be honest with you am not that bothered, i would prefer if they dont send me an email lol

I just dont want bots to send me spam thats all, but as time goes, i hope to have more time to learn php, and then i can tweak this and other stuff.

I would like to ask, do i need any security on this form or not? I think i dont because if someone writes in the message feild

<break code and delete database >

it wouldnt be recognised by my email system.

Am i right?

Thank you

Zangeel
09-13-2009, 02:07 AM
The only real danger to a site is stuff like cross site scripting and database sql injections, neither really apply here. I think youll be fine here.

prasanthmj
09-14-2009, 05:54 AM
Since you are using the email form field value in the form in the mail() header (like: "From: $email"), there is a threat of email injection. You may sanitize the headers by filtering any \r\n from the email field.

See the IsInjected() function in the page below:
PHP Form to email (http://www.html-form-guide.com/email-form/php-form-to-email.html)

More info on contact form security:
HTML contact form with CAPTCHA (http://www.html-form-guide.com/contact-form/html-contact-form-captcha.html)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum