Page 1 of 1

PHP code - something is wrong

Posted: Sun Feb 07, 2010 3:45 pm
by dek
Hi

I have a contact form which looks good but when i test the form by inputting my name, e-mail and a test message i get returned with this confirmation message.


'Thank You ick edwads

We will be in touch as soon as possible.'

Now my name is nick edwards and this is what i put into the name field of the form. I don't understand why it misses off the 'n' in my first name and the 'r' in my surname on the confirmation message?

And the e-mail I receive looks like this:
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------

Name: ick edwads
Email: ickedwads56@fsmail.et
Message: testig testig 1 2 3


My name is incomplete, my e-mail is missing the first letter of my name, the 'r' in edwards and the 'n' of .net.
My test message is missing the 'n' in testing (testig).

As I'm no coder I am at a loss with this. Could someone here take a quick look at the code and tell me if something needs to be changed to fix this problem?

This is the code:

<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {

/******** START OF CONFIG SECTION *******/
$sendto = "nickedwards@tailoredpersonaltraining.co.uk";
$subject = "Website Contact Enquiry";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message printed if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious code content detected.</font><br><b> Your IP Number of </b>".getenv("REMOTE_ADDR")."<b> has been logged.</b></p>";
/******** END OF CONFIG SECTION *******/

$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $emailn";
$headers . "MIME-Version: 1.0n"
. "Content-Transfer-Encoding: 7bitn"
. "Content-type: text/html; charset = \"iso-8859-1\";nn";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}

// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i'; // build the pattern match string

$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $message);

// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc:/i","/Content-Type:/i","/cc:/i","/to:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);

// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}

// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------

Name: $name
Email: $email
Message: $message

_______________________________________
End of Email
";
// Check the email address entered matches the standard email address format
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as soon as possible.</p>";

}
}
else {
?>
<p align="center">Please complete all details of your enquiry<br>and we will get back to you shortly.</p>
<br>
<form method="post"><input name="op" type="hidden" value="send" />
<table width="626">
<tr>
<td><p>Name:</p></td>
<td>
<input name="name" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td><p>E-mail:</p></td>
<td>
<input name="email" type="text" size="40" maxlength="150"> </td>
</tr>

<tr>
<td valign="top"><p>Message:</p></td>
<td><textarea name="message" cols="80" rows="6"></textarea></td>
</tr>
<tr><td></td>
<td><input name="submit" type="submit" value="Send Message" /></td>
</tr>
</table>
</form>
<?php } ?>

Re: PHP code - something is wrong

Posted: Sun Feb 07, 2010 4:48 pm
by manohoo

Code: Select all

$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i';
$name = preg_replace($pattern, "", $name); 
 
Your pattern contains an "n" and an "r", therefore they will be removed from $name.
Simplify it, or do it incrementally and check the results as you build it.

Re: PHP code - something is wrong

Posted: Mon Feb 08, 2010 3:23 pm
by dek
OK, i just deleted the 'n' and 'r' from the $pattern string and now it works. Not sure why they were in there in the first place?

Anyway, now my problem is my contact form does not show in the page. As you can see from the code, i have this line included:
<?php include "http://www.tailoredpersonaltraining.co. ... tactme.php";?>

From the little i understand about PHP this line of code should put the form into my 'contact_me' webpage. But it doesn't. The page is blank. I have the contactme.php file in the contact_me folder next to my contact_me index page in Dreamweaver.
Can you let me know what i need to do to get this contact form inserted into the page?

Your help is greatly appreciated

Re: PHP code - something is wrong

Posted: Tue Feb 09, 2010 3:18 am
by dek
I have tried different configurations of this input code but nothing works. Can anybody spot something wrong with this line of code as it looks good to me.
<?php include "http://www.tailoredpersonaltraining.co. ... tactme.php";?>
I have seen other forms with similar lines of code which work.
I'm banging my head against a brick wall :banghead:

Please help

Re: PHP code - something is wrong

Posted: Wed Feb 10, 2010 4:00 am
by social_experiment
I have the contactme.php file in the contact_me folder next to my contact_me index page in Dreamweaver.
Is the contact_me.php on your webserver or on the server of the url you have posted? Have you tried using :

Code: Select all

<?php include "contact_me/contactme.php"; ?>

Re: PHP code - something is wrong

Posted: Wed Feb 10, 2010 3:24 pm
by dek
I've tried using the simpler line which you suggest to no avail.
Is the contact_me.php on your webserver or on the server of the url you have posted?
The contactme.php is in the contact_me folder which also has the index.htm file in it. The contact_me folder is on my netfirms server in the www folder with the rest of my website.
Does the contactme.php have to be free standing within the www folder and not contained within a folder itself? Will that work?
I need the contactme.php script to operate within the index.htm file when i view it online.
So far all i get is the index.htm webpage when i view my page online with no php script contact form showing up on the page. All the page shows is a sentence telling the viewer that 'they can use the contact form below to get in touch with me' but up to this point the page is blank. There is no contact form on the page.

I can't believe how long this one thing is taking me to get right. There is still so much left to do on my website but until i can get this sorted i can't move forward.
I'm obviously not doing something right here. One piece of the puzzle is missing. I need to find that piece.

Please help

Re: PHP code - something is wrong

Posted: Wed Feb 10, 2010 4:13 pm
by social_experiment
If you want it included on any page in the same directory it would be :

Code: Select all

<?php include('contactme.php'); ?>
Any other page will need to have the correct path (relative to the file you want to use the contactme.php page) in the include statement.

Re: PHP code - something is wrong

Posted: Wed Feb 10, 2010 4:52 pm
by dek
OK. Its working now. :D :D :D Thank you so much.

Though it only worked when i changed the index.htm file to a index.php file. Being a php noob i had now idea this was the case. I have been trying to marry the contactme.php file into a index.htm file.

Small problem though; in firefox it looks great but in internet explorer the name and e-mail input boxes are not in the proper position. They are centred above the main input box instead of hanging to the left next to the words name & e-mail. It looks wrong. Any workarounds for something like this??

Re: PHP code - something is wrong

Posted: Wed Feb 10, 2010 5:22 pm
by social_experiment
Yes, you can change the look with stylesheets (css).