Page 1 of 1

Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 10:00 am
by MadzCK
I have a form, and was able to remove the fields that don't need to process (submit, reset) by removing the name. However, for the captcha to process it needs a "name" that the php page can process. But it's sending in the email and although it's not a huge problem, it's rather annoying. I've searched google and various forums, but can find a way to get rid of the field coming in the email without pulling the name. I'd think there'd be a way to strip it in the build message part, but can't figure out the correct way to code it. The field I don't want to come through is named Captcha_code.

Below you will find the php code, here is what comes through and what we'd like to come through.

What comes in the email... we basically just want the last part "Captcha code: mgmes3" to not be sent, it's only needed early in the php form, I don't need it to come through in the email.

Name: My Name
Company: My Company
Address: 1234 My address
CityStateZip: City, ST 123456
Phone: 952-123-4567
Fax: 952-123-4567
Email: myemail@ourdomain.com
Status: Subscribe
Newsletters: Cranes, Truck Equipment, Log Loaders Captcha code: mgmes3

Code: Select all

<?php session_start(); ?>
 
<?php
 
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
 
$securimage = new Securimage();
 
if ($securimage->check($_POST['captcha_code']) == false) {
 
  die('The code you entered was incorrect.  Go back, press the refresh button and try again.');
}
 
$aDoor = $_POST['newsletters'];
  if(empty($aDoor)) 
  {
    echo("You didn't select any newsletters to subscribe to. Go back, press the refresh button and try again.");
  } 
 
else
 
{
 
$my_email = "myemail@yourdomain.com";
 
 
$continue = "index.html";
 
$errors = array();
 
if(count($_COOKIE)){foreach(array_keys($_COOKIE) as $value){unset($_REQUEST[$value]);}}
 
function recursive_array_check_header($element_value)
{
 
global $set;
 
if(!is_array($element_value)){if(preg_match("/(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)/i",$element_value)){$set = 1;}}
else
{
 
foreach($element_value as $value){if($set){break;} recursive_array_check_header($value);}
 
}
 
}
 
recursive_array_check_header($_REQUEST);
 
if($set){$errors[] = "You cannot send an email header";}
 
unset($set);
 
if(isset($_REQUEST['email']) && !empty($_REQUEST['email']))
{
 
if(preg_match("/(%0A|%0D|\n+|\r+|:)/i",$_REQUEST['email'])){$errors[] = "Email address may not contain a new line or a colon";}
 
$_REQUEST['email'] = trim($_REQUEST['email']);
 
if(substr_count($_REQUEST['email'],"@") != 1 || stristr($_REQUEST['email']," ")){$errors[] = "Email address is invalid";}else{$exploded_email = explode("@",$_REQUEST['email']);if(empty($exploded_email[0]) || strlen($exploded_email[0]) > 64 || empty($exploded_email[1])){$errors[] = "Email address is invalid";}else{if(substr_count($exploded_email[1],".") == 0){$errors[] = "Email address is invalid";}else{$exploded_domain = explode(".",$exploded_email[1]);if(in_array("",$exploded_domain)){$errors[] = "Email address is invalid";}else{foreach($exploded_domain as $value){if(strlen($value) > 63 || !preg_match('/^[a-z0-9-]+$/i',$value)){$errors[] = "Email address is invalid"; break;}}}}}}
 
}
 
if(!(isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']))){$errors[] = "You must enable referrer logging to use the form";}
 
function recursive_array_check_blank($element_value)
{
 
global $set;
 
if(!is_array($element_value)){if(!empty($element_value)){$set = 1;}}
else
{
 
foreach($element_value as $value){if($set){break;} recursive_array_check_blank($value);}
 
}
 
}
 
recursive_array_check_blank($_REQUEST);
 
if(!$set){$errors[] = "You cannot send a blank form, please ensure all fields are completed.";}
 
unset($set);
 
if(count($errors)){foreach($errors as $value){print "$value<br>";} exit;}
 
if(!defined("PHP_EOL")){define("PHP_EOL", strtoupper(substr(PHP_OS,0,3) == "WIN") ? "\r\n" : "\n");}
 
function build_message($request_input){if(!isset($message_output)){$message_output ="";}if(!is_array($request_input)){$message_output = $request_input;}else{foreach($request_input as $key => $value){if(!empty($value)){if(!is_numeric($key)){$message_output .= str_replace("_"," ",ucfirst($key)).": ".build_message($value).PHP_EOL;}else{$message_output .= build_message($value).", ";}}}}return rtrim($message_output,", ");}
 
$message = build_message($_REQUEST);
 
$message = $message . PHP_EOL.PHP_EOL."-- ".PHP_EOL."";
 
$message = stripslashes($message);
 
$subject = "eNewsletter Subscription Management";
 
$headers = "From: " . $_REQUEST['email'];
 
mail($my_email,$subject,$message,$headers);
 
}
?>
 
<script language="JavaScript" type="text/JavaScript">
<!--
window.location.href = "http://www.yourdomain.com/thanks.html";
//-->
</script>
 

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 2:28 pm
by greyhoundcode
Would some sort of check within your build_message() function do the trick?
MadzCK wrote:

Code: Select all

function build_message($request_input)
{
    if (!isset($message_output))
    {
        $message_output ="";
    }
 
    if (!is_array($request_input))
    {
        $message_output = $request_input;
    }
    else
    {
        foreach ($request_input as $key => $value)
        {
            if (!empty($value))
            {
                /* if ($key == 'captcha')
                   break; */
 
                if (!is_numeric($key))
                {
                    $message_output .= str_replace("_"," ",ucfirst($key)).": ".build_message($value).PHP_EOL;
                }
                else
                {
                    $message_output .= build_message($value).", ";
                }
            }
        }
    }
 
    return rtrim($message_output,", ");
}
 
$message = build_message($_REQUEST);

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 2:35 pm
by McInfo
Quick fix: In the original code, at line 13, add

Code: Select all

unset($_POST['captcha_code']);
This does not prevent someone from injecting other variables into the email, though. It is a blacklist approach. It would be better to use a whitelist approach and allow only certain variables.

Edit: This post was recovered from search engine cache.

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 2:46 pm
by MadzCK
Neither removed the field, it was as though the php file just ignored them. No errors or anything. It's really not that big of a deal. I thought it might be a quick fix, but I think because I'm not calling each individual field, it's not realistic to remove one from the email. It's doing what it's supposed to do minus that and I'm the only one that gets it, so I'll just leave it as is for now.

Thanks for all the help!

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 3:25 pm
by McInfo
Sorry, that should have been

Code: Select all

unset($_POST['captcha_code'], $_REQUEST['captcha_code']);
Still, it would be better to refactor the code so it relies on a list of specific fields instead of blindly grabbing everything from the request.

Edit: This post was recovered from search engine cache.

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 3:35 pm
by MadzCK
That did it - thank you!.

I am getting this error now, but it is processing correctly.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\inetpub\vhosts\yourdomain.com\httpdocs\newsletter.php:1) in C:\inetpub\vhosts\yourdomain.com\httpdocs\newsletter.php on line 1

The first few lines of code now are:

Code: Select all

<?php session_start();?>
 
<?php
 
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
 
$securimage = new Securimage();
 
if ($securimage->check($_POST['captcha_code']) == false) {
 
  die('The code you entered was incorrect.  Go back, press the refresh button and try again.');
}
 
unset($_POST['captcha_code'], $_REQUEST['captcha_code']);
 
$aDoor = $_POST['newsletters'];
  if(empty($aDoor)) 
  {
    echo("You didn't select any newsletters to subscribe to. Go back, press the refresh button and try again.");
  } 
 
else
 
{
 

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 3:40 pm
by McInfo
Remove any whitespace before the first "<?php".

Why do you need to start a session? There don't appear to be any session variables accessed in the script (unless they are in the included file).

Edit: This post was recovered from search engine cache.

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 3:46 pm
by MadzCK
I don't think there is any. I just double checked.

It starts at line 1 with no spaces.

The captcha program asked to have that added at the top. I'll try taking it out and see if the captcha works.

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 3:52 pm
by McInfo
Change

Code: Select all

<?php session_start();?>
 
<?php
 
to

Code: Select all

<?php session_start();
 
Edit: This post was recovered from search engine cache.

Re: Form to Email - Remove Captcha Code from email

Posted: Thu Jan 21, 2010 4:01 pm
by MadzCK
GOT IT!!! There was stuff before I just couldn't see it.

My Notepad++ some how got switched to the format UTF-8 so even though I couldn't see any white space, junk was getting put in. Thanks to this post http://kasolutions.wordpress.com/2009/0 ... eady-sent/ they explained the switch from UTF-8. I just switched my format from UTF-8 to UTF-8 without BOM and problem solved with no captcha coming through.

Thank you so much for all of your help.

BTW - the reason I don't have it set up to call individual fields is that the original page I set it up for had dynamic field names depending on which of 1500 products you choose, and they could have multiple ones or one. It was the easiest way I could find to get it to pull anything entered.