Page 1 of 1

Need to add a basic Captcha Script to a contact us page

Posted: Fri Oct 29, 2010 6:54 am
by Jongleur
Hi,

I'd like to add a captcha text to a contact page. It has only fourfields, name, email address, how did you hear about us (radio buttons), and a feedback textbox.

I used an online site to create the php script, so that when a user clicks the submit button it goes to feedback.php. However, I want some validation done for these four fields and the captcha and only if it passes, should i move onto feedback.php. At feedback.php if all goes well, it redirects again to thankyou.php.

So what I need is validation for my four fields + add a basic captcha on the contactus.php page itself and continue on to feedback.php if all is well..

Can someone please help?
thanks
Jongleur

Code: Select all

<form method=post action="/feedback.php">

<div id="adm-content">

<div id="generic-font">



<table width=440 border=0 cellspacing=10 cellpadding=0>

   <tr>

      <td valign=top align=left>

Please use  form below to write to us.

      </td>

   </tr>

   <tr>

      <td valign=top align=left>

         <b>First Name:</b><br>

      <input type=text name="name" size=25></td>

   </tr>

   <tr>

      <td valign=top align=left>

         <b>Email:</b><br>

      <input type=text name="email" size=25></td>

   </tr>

   <tr>

      <td valign=top>

         <b>How did you hear about us?</b><br>

      <input type=radio name="fromwho" value="A popular search engine">A popular search engine<br>

      <input type=radio name="fromwho" value="Link from another site">Link from another site<br>

      <input type=radio name="fromwho" value="From a friend">From a friend

      </td>

   </tr>

   <tr>

      <td colspan=2>&nbsp;</td>

   </tr>

   <tr>

      <td colspan=2 valign=top align=left>

         <b>Please write your query / comment / suggestion in the box below:

         </b><br>

      <textarea cols=70 rows=10 name="comments"></textarea>

      <p>

      <input type="submit" value="Send Message">

      <input type="reset" value="Clear the form"></td>

   </tr>

</table>



<!-- Option 2 -->

<INPUT TYPE="hidden" NAME="success" VALUE="http://www.mysite.com">



<input type="hidden" name="required_fields" value="Name,email">

</div></div><!-- end #contactus-content-->

</form>

Re: Need to add a basic Captcha Script to a contact us page

Posted: Fri Oct 29, 2010 7:37 am
by klevis miho
I would recommend you to use php's filter_var
for validating the input.
Then using google's recaptcha for the captcha

Re: Need to add a basic Captcha Script to a contact us page

Posted: Wed Nov 03, 2010 1:33 am
by Jongleur
Take a look at this code, and tell me how to remove the feedback form info from here and direct to feedback.php file please.

I want to validate in the contactus.php (the text is below), but once everything is ok, send the values to feedback.php

Code: Select all

<?php 
$your_email ='yourname@your-website.com';// <<=== update to your email address

session_start();
$errors = '';
$name = '';
$visitor_email = '';
$user_message = '';

if(isset($_POST['submit']))
{
	
	$name = $_POST['name'];
	$visitor_email = $_POST['email'];
	$user_message = $_POST['message'];
	///------------Do Validations-------------
	if(empty($name)||empty($visitor_email))
	{
		$errors .= "\n Name and Email are required fields. ";	
	}
	if(IsInjected($visitor_email))
	{
		$errors .= "\n Bad email value!";
	}
	if(empty($_SESSION['6_letters_code'] ) ||
	  strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
	{
	//Note: the captcha code is compared case insensitively.
	//if you want case sensitive match, update the check above to
	// strcmp()
		$errors .= "\n The captcha code does not match!";
	}
	
	if(empty($errors))
	{
		//send the email
		$to = $your_email;
		$subject="New form submission";
		$from = $your_email;
		$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
		
		$body = "A user  $name submitted the contact form:\n".
		"Name: $name\n".
		"Email: $visitor_email \n".
		"Message: \n ".
		"$user_message\n".
		"IP: $ip\n";	
		
		$headers = "From: $from \r\n";
		$headers .= "Reply-To: $visitor_email \r\n";
		
		mail($to, $subject, $body,$headers);
		
		header('Location: thank-you.html');
	}
}

// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<title></title>
</head>

<body>

<h4 id="box-search">SEARCH</h4>

<form action="#">
<input id="search-box" type="text">
<input id="glass" type="image" src="./images/glass.gif" alt="magnifying glass">
</form>



<!-- begin #contactus-content-->
<form method=post action="./feedback.php">

<table width=440 border=0 cellspacing=10 cellpadding=0>
	<tr>
		<td valign=top align=left>
We would like to hear from you.
		</td>
	</tr>
	<tr>
		<td valign=top align=left>
			<b>First Name:</b><br>
		<input type=text name="name" size=25></td>
	</tr>
	<tr>
		<td valign=top align=left>
			<b>Email:</b><br>
		<input type=text name="email" size=25></td>
	</tr>
	<tr>
		<td valign=top>
			<b>How did you hear about our website?</b><br>
		<input type=radio name="fromwho" value="A popular search engine">A popular search engine<br>
		<input type=radio name="fromwho" value="Link from another site">Link from another site<br>
		<input type=radio name="fromwho" value="From a friend">From a friend
		</td>
	</tr>
	<tr>
		<td valign=top>

			<img src="./captcha/captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br>
			<label for='message'>Enter the code above here :</label><br>
			<input id="6_letters_code" name="6_letters_code" type="text"><br>
			<small>Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh</small>
		</td>
	</tr>
	<tr>
		<td colspan=2>&nbsp;</td>
	</tr>
	<tr>
		<td colspan=2 valign=top align=left>
			<b>Please write your query / comment / suggestion in the box below:
			</b><br>
		<textarea cols=70 rows=10 name="comments"></textarea>
		<p>
		<input type="submit" value="Send Message">
		<input type="reset" value="Clear the form"></td>
	</tr>
</table>

<!-- Option 2 -->
<INPUT TYPE="hidden" NAME="success" VALUE="http://www.mysite.org">

<input type="hidden" name="required_fields" value="Name,email">
</form>
<script language='JavaScript' type='text/javascript'>


function refreshCaptcha()
{
	var img = document.images['captchaimg'];
	img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>



<?php include("footer.php"); ?>



</body>
</html>
I have a separate feedback.php that looks like this:

Code: Select all

<?php
/*
    CHFEEDBACK.PHP Feedback Form PHP Script Ver 2.13.0
    Generated by thesitewizard.com's Feedback Form Wizard 2.13.0.
    Copyright 2000-2008 by Christopher Heng. All rights reserved.
    thesitewizard is a trademark of Christopher Heng.

    Get the latest version, free, from:
        http://www.thesitewizard.com/wizards/feedbackform.shtml

	You can read the Frequently Asked Questions (FAQ) at:
		http://www.thesitewizard.com/wizards/faq.shtml
	
	I can be contacted at:
		http://www.thesitewizard.com/feedback.php
	Note that I do not normally respond to questions that have
	already been answered in the FAQ, so *please* read the FAQ.

    LICENCE TERMS
    
    1. You may use this script on your website, with or
    without modifications, free of charge.
    
    2. You may NOT distribute or republish this script,
    whether modified or not. The script can only be
    distributed by the author, Christopher Heng.
    
    3. THE SCRIPT AND ITS DOCUMENTATION ARE PROVIDED
    "AS IS", WITHOUT WARRANTY OF ANY KIND, NOT EVEN THE
    IMPLIED WARRANTY OF MECHANTABILITY OR FITNESS FOR A
    PARTICULAR PURPOSE. YOU AGREE TO BEAR ALL RISKS AND
    LIABILITIES ARISING FROM THE USE OF THE SCRIPT,
    ITS DOCUMENTATION AND THE INFORMATION PROVIDED BY THE
    SCRIPTS AND THE DOCUMENTATION.

    If you cannot agree to any of the above conditions, you
    may not use the script. 
    
    Although it is not required, I would be most grateful
    if you could also link to thesitewizard.com at:

       http://www.thesitewizard.com/

*/

// ------------- CONFIGURABLE SECTION ------------------------

// $mailto - set to the email address you want the form
// sent to, eg
//$mailto		= "youremailaddress@example.com" ;

$mailto = 'naveen@mysite.org';

// the pages to be displayed, eg
$formurl = "http://www.mysite.org/contactus.php" ;
$errorurl = "" ;
$thankyouurl = "http://www.mysite.org/thankyou.php" ;

$email_is_required = 1;
$name_is_required = 1;
$uself = 0;
$use_envsender = 0;
$use_webmaster_email_for_from = 0;
$use_utf8 = 1;

// -------------------- END OF CONFIGURABLE SECTION ---------------

$headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;
$content_type = (!isset( $use_utf8 ) || ($use_utf8 == 0)) ? 'Content-Type: text/plain; charset="iso-8859-1"' : 'Content-Type: text/plain; charset="utf-8"' ;
if (!isset( $use_envsender )) { $use_envsender = 0 ; }
$envsender = "-f$mailto" ;
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$fromwho = $_POST['fromwho'] ;
$comments = $_POST['comments'] ;
$http_referrer = getenv( "HTTP_REFERER" );

// $subject - set to the Subject line of the email, eg
//$subject	= "Feedback Form" ;

$subject = "$name contacted me from the website" ;


if (!isset($_POST['email'])) {
	header( "Location: $formurl" );
	exit ;
}
if (($email_is_required && (empty($email) || !ereg("@", $email))) || ($name_is_required && empty($name))) {
	header( "Location: $errorurl" );
	exit ;
}
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
	header( "Location: $errorurl" );
	exit ;
}
if (empty($email)) {
	$email = $mailto ;
}
$fromemail = (!isset( $use_webmaster_email_for_from ) || ($use_webmaster_email_for_from == 0)) ? $email : $mailto ;

if (get_magic_quotes_gpc()) {
	$comments = stripslashes( $comments );
}

$messageproper =
	"This message was sent from:\n" .
	"$http_referrer\n" .
	"------------------------------------------------------------\n" .
	"Name of sender: $name\n" .
	"Email of sender: $email\n" .
	"How did sender hear of website: $fromwho\n" .
	"------------------------- COMMENTS -------------------------\n\n" .
	$comments .
	"\n\n------------------------------------------------------------\n" ;

$headers =
	"From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\" <$email>" . $headersep . "X-Mailer: chfeedback.php 2.13.0" .
	$headersep . 'MIME-Version: 1.0' . $headersep . $content_type ;

if ($use_envsender) {
	mail($mailto, $subject, $messageproper, $headers, $envsender );
}
else {
	mail($mailto, $subject, $messageproper, $headers );
}
header( "Location: $thankyouurl" );
exit ;

?>