PHP code - something is wrong
Moderator: General Moderators
PHP code - something is wrong
Hi
I have a contact form which looks good but when i test the form by inputting my name, e-mail and a test message i get returned with this confirmation message.
'Thank You ick edwads
We will be in touch as soon as possible.'
Now my name is nick edwards and this is what i put into the name field of the form. I don't understand why it misses off the 'n' in my first name and the 'r' in my surname on the confirmation message?
And the e-mail I receive looks like this:
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: ick edwads
Email: ickedwads56@fsmail.et
Message: testig testig 1 2 3
My name is incomplete, my e-mail is missing the first letter of my name, the 'r' in edwards and the 'n' of .net.
My test message is missing the 'n' in testing (testig).
As I'm no coder I am at a loss with this. Could someone here take a quick look at the code and tell me if something needs to be changed to fix this problem?
This is the code:
<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
/******** START OF CONFIG SECTION *******/
$sendto = "nickedwards@tailoredpersonaltraining.co.uk";
$subject = "Website Contact Enquiry";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message printed if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious code content detected.</font><br><b> Your IP Number of </b>".getenv("REMOTE_ADDR")."<b> has been logged.</b></p>";
/******** END OF CONFIG SECTION *******/
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $emailn";
$headers . "MIME-Version: 1.0n"
. "Content-Transfer-Encoding: 7bitn"
. "Content-type: text/html; charset = \"iso-8859-1\";nn";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}
// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i'; // build the pattern match string
$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $message);
// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc:/i","/Content-Type:/i","/cc:/i","/to:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);
// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: $name
Email: $email
Message: $message
_______________________________________
End of Email
";
// Check the email address entered matches the standard email address format
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as soon as possible.</p>";
}
}
else {
?>
<p align="center">Please complete all details of your enquiry<br>and we will get back to you shortly.</p>
<br>
<form method="post"><input name="op" type="hidden" value="send" />
<table width="626">
<tr>
<td><p>Name:</p></td>
<td>
<input name="name" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td><p>E-mail:</p></td>
<td>
<input name="email" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td valign="top"><p>Message:</p></td>
<td><textarea name="message" cols="80" rows="6"></textarea></td>
</tr>
<tr><td></td>
<td><input name="submit" type="submit" value="Send Message" /></td>
</tr>
</table>
</form>
<?php } ?>
I have a contact form which looks good but when i test the form by inputting my name, e-mail and a test message i get returned with this confirmation message.
'Thank You ick edwads
We will be in touch as soon as possible.'
Now my name is nick edwards and this is what i put into the name field of the form. I don't understand why it misses off the 'n' in my first name and the 'r' in my surname on the confirmation message?
And the e-mail I receive looks like this:
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: ick edwads
Email: ickedwads56@fsmail.et
Message: testig testig 1 2 3
My name is incomplete, my e-mail is missing the first letter of my name, the 'r' in edwards and the 'n' of .net.
My test message is missing the 'n' in testing (testig).
As I'm no coder I am at a loss with this. Could someone here take a quick look at the code and tell me if something needs to be changed to fix this problem?
This is the code:
<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
/******** START OF CONFIG SECTION *******/
$sendto = "nickedwards@tailoredpersonaltraining.co.uk";
$subject = "Website Contact Enquiry";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message printed if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious code content detected.</font><br><b> Your IP Number of </b>".getenv("REMOTE_ADDR")."<b> has been logged.</b></p>";
/******** END OF CONFIG SECTION *******/
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $emailn";
$headers . "MIME-Version: 1.0n"
. "Content-Transfer-Encoding: 7bitn"
. "Content-type: text/html; charset = \"iso-8859-1\";nn";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}
// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i'; // build the pattern match string
$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $message);
// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc:/i","/Content-Type:/i","/cc:/i","/to:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);
// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: $name
Email: $email
Message: $message
_______________________________________
End of Email
";
// Check the email address entered matches the standard email address format
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as soon as possible.</p>";
}
}
else {
?>
<p align="center">Please complete all details of your enquiry<br>and we will get back to you shortly.</p>
<br>
<form method="post"><input name="op" type="hidden" value="send" />
<table width="626">
<tr>
<td><p>Name:</p></td>
<td>
<input name="name" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td><p>E-mail:</p></td>
<td>
<input name="email" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td valign="top"><p>Message:</p></td>
<td><textarea name="message" cols="80" rows="6"></textarea></td>
</tr>
<tr><td></td>
<td><input name="submit" type="submit" value="Send Message" /></td>
</tr>
</table>
</form>
<?php } ?>
Re: PHP code - something is wrong
Code: Select all
$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i';
$name = preg_replace($pattern, "", $name);
Simplify it, or do it incrementally and check the results as you build it.
Re: PHP code - something is wrong
OK, i just deleted the 'n' and 'r' from the $pattern string and now it works. Not sure why they were in there in the first place?
Anyway, now my problem is my contact form does not show in the page. As you can see from the code, i have this line included:
<?php include "http://www.tailoredpersonaltraining.co. ... tactme.php";?>
From the little i understand about PHP this line of code should put the form into my 'contact_me' webpage. But it doesn't. The page is blank. I have the contactme.php file in the contact_me folder next to my contact_me index page in Dreamweaver.
Can you let me know what i need to do to get this contact form inserted into the page?
Your help is greatly appreciated
Anyway, now my problem is my contact form does not show in the page. As you can see from the code, i have this line included:
<?php include "http://www.tailoredpersonaltraining.co. ... tactme.php";?>
From the little i understand about PHP this line of code should put the form into my 'contact_me' webpage. But it doesn't. The page is blank. I have the contactme.php file in the contact_me folder next to my contact_me index page in Dreamweaver.
Can you let me know what i need to do to get this contact form inserted into the page?
Your help is greatly appreciated
Last edited by dek on Tue Feb 09, 2010 3:19 am, edited 1 time in total.
Re: PHP code - something is wrong
I have tried different configurations of this input code but nothing works. Can anybody spot something wrong with this line of code as it looks good to me.
<?php include "http://www.tailoredpersonaltraining.co. ... tactme.php";?>
I have seen other forms with similar lines of code which work.
I'm banging my head against a brick wall
Please help
<?php include "http://www.tailoredpersonaltraining.co. ... tactme.php";?>
I have seen other forms with similar lines of code which work.
I'm banging my head against a brick wall
Please help
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: PHP code - something is wrong
Is the contact_me.php on your webserver or on the server of the url you have posted? Have you tried using :I have the contactme.php file in the contact_me folder next to my contact_me index page in Dreamweaver.
Code: Select all
<?php include "contact_me/contactme.php"; ?>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: PHP code - something is wrong
I've tried using the simpler line which you suggest to no avail.
Does the contactme.php have to be free standing within the www folder and not contained within a folder itself? Will that work?
I need the contactme.php script to operate within the index.htm file when i view it online.
So far all i get is the index.htm webpage when i view my page online with no php script contact form showing up on the page. All the page shows is a sentence telling the viewer that 'they can use the contact form below to get in touch with me' but up to this point the page is blank. There is no contact form on the page.
I can't believe how long this one thing is taking me to get right. There is still so much left to do on my website but until i can get this sorted i can't move forward.
I'm obviously not doing something right here. One piece of the puzzle is missing. I need to find that piece.
Please help
The contactme.php is in the contact_me folder which also has the index.htm file in it. The contact_me folder is on my netfirms server in the www folder with the rest of my website.Is the contact_me.php on your webserver or on the server of the url you have posted?
Does the contactme.php have to be free standing within the www folder and not contained within a folder itself? Will that work?
I need the contactme.php script to operate within the index.htm file when i view it online.
So far all i get is the index.htm webpage when i view my page online with no php script contact form showing up on the page. All the page shows is a sentence telling the viewer that 'they can use the contact form below to get in touch with me' but up to this point the page is blank. There is no contact form on the page.
I can't believe how long this one thing is taking me to get right. There is still so much left to do on my website but until i can get this sorted i can't move forward.
I'm obviously not doing something right here. One piece of the puzzle is missing. I need to find that piece.
Please help
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: PHP code - something is wrong
If you want it included on any page in the same directory it would be :
Any other page will need to have the correct path (relative to the file you want to use the contactme.php page) in the include statement.
Code: Select all
<?php include('contactme.php'); ?>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: PHP code - something is wrong
OK. Its working now.
Thank you so much.
Though it only worked when i changed the index.htm file to a index.php file. Being a php noob i had now idea this was the case. I have been trying to marry the contactme.php file into a index.htm file.
Small problem though; in firefox it looks great but in internet explorer the name and e-mail input boxes are not in the proper position. They are centred above the main input box instead of hanging to the left next to the words name & e-mail. It looks wrong. Any workarounds for something like this??
Though it only worked when i changed the index.htm file to a index.php file. Being a php noob i had now idea this was the case. I have been trying to marry the contactme.php file into a index.htm file.
Small problem though; in firefox it looks great but in internet explorer the name and e-mail input boxes are not in the proper position. They are centred above the main input box instead of hanging to the left next to the words name & e-mail. It looks wrong. Any workarounds for something like this??
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: PHP code - something is wrong
Yes, you can change the look with stylesheets (css).
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering