Hi All
I have a contact form which needs securing, i've added some validation but not sure if its enough. If someone would kindly check it out and help me make it more secure i'd really appreciate it. Also if anyone can suggest ways to improve it please do as i want to create a form which i can use on many projects
the code is
PHP Code:
<?php
$emailAddress = 'myemailaddress';
/* config end */
require "phpmailer/class.phpmailer.php";
session_start(); /* starts session to save generated random number */
if(isset($_POST['submit']))
{
$input1 = $_POST['myField1'];
$input2 = $_POST['myField2'];
$input3 = $_POST['myField3'];
$input4 = $_POST['comment'];
if((preg_match('/[^a-zA-Z]/', $input1) || strlen($input1)<5))
{
#need to allow spaces
$error[] = "Input1 be longer than 5 chars must not contain numbers or be left blank.";
}
if(preg_match('/[^a-zA-Z]/', $input2) || ( ( strlen( $input2 )<5 ) || ( strlen( $input2 ) >15)))
{
$error[] = "Input2 be longer than 5 chars but less than 15 must not contain numbers or be left blank.";
}
// Set up regular expression strings to evaluate the value of email variable against
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
// Run the preg_match() function on regex against the email address
if (!preg_match($regex, $input3))
{
$error[] = "Email error";
}
if((isset($_POST['captcha'])) && $_POST['captcha'] == $_SESSION['captcha'])
{
unset($_SESSION['captcha']); /* this line makes session free, we recommend you to keep it */
}
else
{
$error[] = 'Validation Check Incorrect';#echo "Passed!"; /* YOUR CODE GOES HERE */
}
if(!isset($error))
{
$sent = 1;
echo "<h1>Email Sent</h1>";
$mail = new PHPMailer();
$mail->IsMail();
$mail->AddReplyTo($input3, $input1);
$mail->AddAddress($emailAddress);
$mail->SetFrom($input3, $input1);
$mail->Subject = "Test Email!";
$mail->MsgHTML($input4);
$mail->Send();
}
else
{
$sent = 0;
}
}
?>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Contact</title>
<script type="text/javascript" src="latest-jquery/jquery-1.5.1.min.js"></script>
<script type="text/javascript" src="latest-jquery-ui/jquery-ui.min.js"></script>
<script type="text/javascript" src="captcha/jquery.captcha.js"></script>
<link href="captcha/captcha.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" charset="utf-8">
$(function() {
$(".ajax-fc-container").captcha({
borderColor: "silver",
text: "Verify that you are a human,<br />drag <span>scissors</span> into the circle."
});
});
</script>
</head>
<body>
<?php
if (isset($error))#Display any errors
{?>
<p class='message error'><ul><?php foreach($error as $error){echo "<li>".$error."</li>";}?></ul></p><?php
}
if($sent == 0)#IF FORM IS NOT SENT OF HAS ERRORS SHOW THE FORM ELSE HIDE THE FORM
{?>
<form action="#" method="post" id="myForm">
<p><label for="Input1">Input 1</label><input type="text" name="myField1" value="<?php if(isset($input1)){echo $input1;}?>"></p>
<p><label for="Input2">Input 2</label><input type="text" name="myField2" value="<?php if(isset($input2)){echo $input2;}?>"></p>
<p><label for="Input3">Input 3</label><input type="text" name="myField3" value="<?php if(isset($input3)){echo $input3;}?>"></p>
<p><label for="Input4">Input 4</label><br /><textarea name="comment" cols="36" rows="6"><?php if(isset($input4)){echo $input4;}?></textarea></p>
<!-- Begin of captcha -->
<div class="ajax-fc-container">You must enable javascript to see captcha here!</div>
<!-- End of captcha -->
<p><input id="submit" type="submit" name="submit" value="Submit"></p>
</form><?php
}?>
</body>
</html>
many thanks
Luke
Before you post, read our: 
please can someone take a look at my contact form and help make it secure?
