Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder
    Join Date
    Dec 2005
    Posts
    149
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Captcha Contact Form

    Hello Guys,

    I have got a contact form which works fine, but when i used this tutorial it just gives me a blank page when i click on submit. If someone could please help, as it will be apericiated. Thank you

    contact backside
    PHP Code:
    <?php
    session_start
    ();
    $Title $_POST['Title'];
    $firstname $_POST['firstname'];
    $surname$_POST['surname'];
    $email $_POST['email'] ;
    $phone_number $_POST['phone_number'];
    $pref $_POST['pref'];
    $subject "Test Form" ;
    $message="

    Title: $Title 
    \nFirst Name: $firstname
    \nSurname: $surname
    \nEmail From: $email
    \nContact Number: $phone_number
    \nMessage: $message
    \nPreferred Contact is .::$pref::.

    "
    ;
    $user_answer $_POST['answer'];
    $real_answer $_SESSION['answer'];


    if(empty(
    $user_answer != $real_answer) {
        echo 
    "Math question was incorrect, please try again";
    } else {
        
    mail"Test@Test.com""$subject"$message"From: $email" );
        echo 
    "Thank you for using our mail form.<br/>";
        echo 
    "Your email has been sent.";
        <
    script type="text/javascript">
        <!--
            
    window.location "http://www.Test.com/thankyou.html"
        
    //-->
        
    </script>
    }
    ?>
    Tutorial

    http://www.thetutorialblog.com/2009/...-contact-form/

    Once again, thank you
    Tomorrow Could Be Your Day

  • #2
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    empty() was used incorrectly, there was a missing ), and you cannot inject JS in php, you need to stop execution of the php script.

    Like zis!

    PHP Code:
    <?php
    session_start
    ();
    $Title $_POST['Title'];
    $firstname $_POST['firstname'];
    $surname$_POST['surname'];
    $email $_POST['email'] ;
    $phone_number $_POST['phone_number'];
    $pref $_POST['pref'];
    $subject "Test Form" ;
    $message="

    Title: $Title 
    \nFirst Name: $firstname
    \nSurname: $surname
    \nEmail From: $email
    \nContact Number: $phone_number
    \nMessage: $message
    \nPreferred Contact is .::$pref::.

    "
    ;
    $user_answer $_POST['answer'];
    $real_answer $_SESSION['answer'];


    if(
    $user_answer != $real_answer) {
        echo 
    "Math question was incorrect, please try again";
    } else {
        
    mail"Test@Test.com""$subject"$message"From: $email" );
        echo 
    "Thank you for using our mail form.<br/>";
        echo 
    "Your email has been sent.";
        
    ?>
        <script type="text/javascript">
        <!--
            window.location = "http://www.Test.com/thankyou.html"
        //-->
        </script>
    <?php
    }
    ?>
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • #3
    Regular Coder
    Join Date
    Dec 2005
    Posts
    149
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hello,

    THank you for your reply, i would like to ask say that i dont get an blank pages however it goes straight to "thank you" page, rather than checking if the answer is correct or not.

    Any ideas why?

    Thank you
    Tomorrow Could Be Your Day

  • #4
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    Well whasts on the page that contains the form? And has the captcha code and all
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • #5
    Regular Coder
    Join Date
    Dec 2005
    Posts
    149
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hello,

    THank you

    Here is the code

    PHP Code:
    <fieldset>
    <legend class="formL"><img src="images/contactus.gif" width="150" height="35" alt="ContactForm" /></legend>
    <?php
    session_start
    ();
    ?>
    <form method="post" action="email.php">
    <table id="form">
    <tr>
    <td title="Please enter your first name."><font>First Name</font> <font color="#FF0000" size="-2"><sup>*</sup></font></td><td><input type="text" id="firstname" size="26" maxlength="12" name="firstname"/></td>
    </tr>
    <tr>
    <td title="Please enter  your surname."><font>Surname</font> <font color="#FF0000" size="-2"><sup>*</sup></font></td><td><input type="text" id="surname" size="26" maxlength="12" name="surname" /></td>
    </tr>
    <tr>
    <td title="Please enter your email address."><font>Email Adress</font> <font color="#FF0000" size="-2"><sup>*</sup></font></td><td><input type="text" id="email" size="26" maxlength="40" name="email" /></td>
    </tr>
    <tr>
    <td><font>Message</font></td><td title="Please enter your message."><textarea rows="5" cols="49" name="message"></textarea></td>
    </tr>
    <tr>
    <td>
    <?php                                         
                                                    $num_one 
    rand() % 10;
                                                    
    $num_two rand() & 10;
                                                    
    $final_num $num_one $num_two;
                                                    
    $_SESSION['answer'] = $final_num;
                                                    echo 
    $num_one ' + ' $num_two ' = ';
    ?>
    </td>
    <td>
    <input type="text" name="answer" />
    </td>
    </tr>
    <tr>
    <td></td><td><input type="submit" value="Send" name="submit" /></td>
    </tr>
    </table>
    </form>
    </fieldset>
    Tomorrow Could Be Your Day

  • #6
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    It looks ok.

    Debug it like this, on email.php put

    PHP Code:
    print_r($_POST);
    print_r($_SESSION); 
    somewhere in the php tags (might wanna remove the redirect for now)

    It'll show all the post data, and any sessions. If it has the answer session and the post data answer, then i wouldnt know whats wrong with it.
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • #7
    Regular Coder
    Join Date
    Dec 2005
    Posts
    149
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hello,

    For somereason it works now??

    I am not sure, why this has happend, but when i test the form, it redirects me correctly, and i get an email however i dont get what i have typed in my contact form (text area of message)

    Any ideas?

    Thank you
    Tomorrow Could Be Your Day

  • #8
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    Well the way you have your form set up it has no validation. So if someone inputs nothing, the form still sends.

    If/Else is good for this

    PHP Code:
    if ( strlen ($_POST['email'] ) < 
    {
      echo 
    'Fill in blahblah';
    } else if ( 
    strlen $_POST['name'] ) < //... etc 
    also, this might explain why theres nothing in the mail

    Code:
    $message="
    
    Title: $Title 
    \nFirst Name: $firstname
    \nSurname: $surname
    \nEmail From: $email
    \nContact Number: $phone_number
    \nMessage: $message
    \nPreferred Contact is .::$pref::.
    
    ";
    $message = $message??
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • Users who have thanked Zangeel for this post:

    Genie1 (09-13-2009)

  • #9
    Regular Coder
    Join Date
    Dec 2005
    Posts
    149
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hello,


    THank you, got that working now

    Regarding checking if the end user has entered anything or not, to be honest with you am not that bothered, i would prefer if they dont send me an email lol

    I just dont want bots to send me spam thats all, but as time goes, i hope to have more time to learn php, and then i can tweak this and other stuff.

    I would like to ask, do i need any security on this form or not? I think i dont because if someone writes in the message feild

    <break code and delete database >

    it wouldnt be recognised by my email system.

    Am i right?

    Thank you
    Tomorrow Could Be Your Day

  • #10
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    The only real danger to a site is stuff like cross site scripting and database sql injections, neither really apply here. I think youll be fine here.
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • #11
    Regular Coder
    Join Date
    Jul 2003
    Posts
    117
    Thanks
    0
    Thanked 17 Times in 17 Posts
    Since you are using the email form field value in the form in the mail() header (like: "From: $email"), there is a threat of email injection. You may sanitize the headers by filtering any \r\n from the email field.

    See the IsInjected() function in the page below:
    PHP Form to email

    More info on contact form security:
    HTML contact form with CAPTCHA


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •