www.webdeveloper.com
Results 1 to 3 of 3

Thread: Site 'Contact' Form Does Not Work...

  1. #1
    Join Date
    Aug 2013
    Posts
    1

    Site 'Contact' Form Does Not Work...

    I'm new to all this and I'm pulling my hair out trying to figure out why my contact form on my web site wont work...

    When I fill in my forms required info and send, all I get is a blank page with 'http://www.pinkpigdesign.co.uk/php/mail_form.php' in the URL. Forwarding email address is working perfectly.

    Both codes are direct from templates.

    My php code:
    PHP Code:
    $yourEmail "enquiries@pinkpigdesign.co.uk"
    $yourWebsite "www.pinkpigdesin.co.uk"
    $thanksPage 'thankyou.html'
    $maxPoints 4
    $error_msg null;
    $result null;

    function 
    isBot() {
    $bots = array("Indy""Blaiz""Java""libwww-perl""Python""OutfoxBot""User-Agent""PycURL""AlphaServer""T8Abot""Syntryx""WinHttp""WebBandit""nicebot");

    $isBot false;
    foreach (
    $bots as $bot)
    if (
    strpos($_SERVER['HTTP_USER_AGENT'], $bot) !== false)
        
    $isBot true;

    if (empty(
    $_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ")
        
    $isBot true;

    exit(
    "Bots not allowed.</p>");
    }

    foreach (
    $badwords as $word)
        if (
    strpos($_POST['comments'], $word) !== false)
            
    $points += 2;

    foreach (
    $exploits as $exploit)
        if (
    strpos($_POST['comments'], $exploit) !== false)
            
    $points += 2;

    if (
    strpos($_POST['comments'], "http://") !== false || strpos($_POST['comments'], "www.") !== false)
        
    $points += 2;
    if (isset(
    $_POST['nojs']))
        
    $points += 1;
    if (
    preg_match("/(<.*>)/i"$_POST['comments']))
        
    $points += 2;
    if (
    strlen($_POST['name']) < 3)
        
    $points += 1;
    if (
    strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500))
        
    $points += 2;

    foreach (
    $_POST as $key => $value)
        
    $_POST[$key] = trim($value);

    if (empty(
    $_POST['name']) || empty($_POST['email']) || empty($_POST['comments'])) {
        
    $error_msg .= "Name, e-mail and comments are required fields. \n";
    } elseif (
    strlen($_POST['name']) > 15) {
        
    $error_msg .= "The name field is limited at 15 characters. Your first name or nickname will do! \n";
    } elseif (!
    preg_match("/^[a-zA-Z-'\s]*$/"stripslashes($_POST['name']))) {
        
    $error_msg .= "The name field must not contain special characters. \n";
    } elseif (!
    preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i'strtolower($_POST['email']))) {
        
    $error_msg .= "That is not a valid e-mail address. \n";
    } elseif (!empty(
    $_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i'$_POST['url']))
        
    $error_msg .= "Invalid website url.";

    if (
    $error_msg == NULL && $points <= $maxPoints) {
        
    $subject "Automatic Form Email";

        
    $message "You received this e-mail message through your website: \n\n";
        foreach (
    $_POST as $key => $val) {
            
    $message .= ucwords($key) . ": " clean($val) . "\r\n";
        }
        
    $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
        
    $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
        
    $message .= 'Points: '.$points;

        if (
    strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
            
    $headers   "From: $yourEmail \r\n";
            
    $headers  .= "Reply-To: {$_POST['email']}";
        } else {
            
    $headers   "From: $yourWebsite <$yourEmail> \r\n";
            
    $headers  .= "Reply-To: {$_POST['email']}";
        }

        if (
    mail($yourEmail,$subject,$message,$headers)) {
            if (!empty(
    $thanksPage)) {
                
    header("Location: $thanksPage");
                exit;
            } else {
                
    $result 'Your mail was successfully sent.';
            }
        } else {
            
    $error_msg 'Your mail could not be sent this time.';
        }
    } else {
        if (empty(
    $error_msg))
            
    $error_msg 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']';
    }
        }
    function 
    get_data($var) {
    if (isset(
    $_POST[$var]))
        echo 
    htmlspecialchars($_POST[$var]);

    My html code:
    HTML Code:
    <form class="required-form" action="php/mail_form.php"  method="POST">
        <ol class="forms">
    
        <li><label for="first_name"><em class="required">*</em> First Name</label>
        <input type="text" name="first_name" id="first_name" class="required"></li>
    
        <li><label for="last_name"><em class="required">*</em> Last Name</label>
        <input type="text" name="last_name" id="last_name" class="required"></li>
    
        <li><label for="telephone">Telephone</label>
        <input type="text" name="telephone" id="telephone"></li>
    
        <li><label for="email"><em class="required">*</em> Email</label>
        <input type="text" name="email" id="email" class="required"></li>
    
        <li><label for="message"><em class="required">*</em> Message</label>
        <textarea name="message" id="message" class="required" cols="45" rows="5"></textarea></li>
    
    <li class="buttons submit"><button type="submit">Submit</button></li>
    
    </ol>
    I probably can't see the error for looking so I hope someone can shed some light on this problem... Cheers!
    Last edited by NogDog; 08-29-2013 at 01:27 PM. Reason: added [php] tags and [html] tags

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,241
    You have an extra "}" right before your function declaration. (This assumes the only thing missing from the PHP code you pasted here is the opening "<?php" tag?)

    PS: if the editor you use does not catch syntax errors like that, from the command line you can do the following to check for such:
    Code:
    php -l name_of_file.php
    Last edited by NogDog; 08-29-2013 at 01:34 PM.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,317
    Only other critical remarks I can make are that your $_POST array has not been sanitized in to a safe array for later use in the script.

    It is VERY bad practice to store back in to the $_POST array any type of alteration or sanitizing procedure. It has been documented in security papers that the POST array can change should a hacker attempt a double post within milliseconds of pushing good data then bad data.


    Example of something to consider...

    PHP Code:
    function sanitize($s){return stripslashes(htmlentities(trim($s)));}

    if( !isset( 
    $_POST['submit'] ) ) die("Not on form today!");
        
        
    // create a whitelist array using keys for the inputs accepted and empty values ready to store sanitized inputs
        
    $safe_POST = array("name"=>"","comments"=>"","email"=>"","url"=>"","nojs"=>"");
        
        
    // now clean house
        
    foreach( $safe_POST as $key=>$v$safe_POST[$key] = sanitize$_POST[$key] );
        
        
    $yourEmail "enquiries@pinkpigdesign.co.uk"
        
    $yourWebsite "www.pinkpigdesin.co.uk"
        
    $thanksPage 'thankyou.html'
        
    $maxPoints 4
        
    $error_msg null;
        
    $result null;

        function 
    isBot() {
            
    $bots = array("Indy""Blaiz""Java""libwww-perl""Python""OutfoxBot""User-Agent""PycURL""AlphaServer""T8Abot""Syntryx""WinHttp""WebBandit""nicebot");
            
    $isBot false;
            
    $isbot = (empty($_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ") ? true $isBot;
            foreach (
    $bots as $bot)
                
    $isBot strpos($_SERVER['HTTP_USER_AGENT'], $bot)>true $isbot;
        return 
    $isBot;
        }
        
    // run a bot test
        
    if( isBot() ) die("Bots not allowed.");


        foreach (
    $badwords as $word)
            
    $points += (strpos($safe_POST['comments'], $word)>0;

        foreach (
    $exploits as $exploit)
            
    $points += (strpos($safe_POST['comments'], $exploit)>0;

        
    $points += (strpos($safe_POST['comments'], "http://") !== false || strpos($safe_POST['comments'], "www.") !== false)>0;
        
    $points += (isset($safe_POST['nojs']))? 0;
        
    $points += (preg_match("/(<.*>)/i"$safe_POST['comments']))? 0;
        
    $points += (strlen($safe_POST['name']) < 3)? 0;
        
    $points += (strlen($safe_POST['comments']) < 15 || strlen($safe_POST['comments'] > 1500))? 0;

    ........ 
    Remember that strpos returns a NUMERIC value which if nothing is found it is zero, you may want to consider using a regular expression to find any bad words, etc.

    Good policy to check if the script is being called because of a form post, if a form post is made, the submit button will be a variable available to test and you can chose to test and run script or not.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles