Page 1 of 1

E-mail form validation

Posted: Tue Feb 28, 2006 3:14 pm
by vietboy505
I need help on the e-mail form, can any one help me?

I want the form to check if everything is inputs correct such as an valid e-mail.

If the user choose General, it will send to general email. general@email.com. If the user choose Customer, it will send to Customer e-mail. customer@email.com. Is this have something to do with switch case?

From: Name [General or Customer]
The subject is either : General/Customer question from Name [date()]
The body is Comments, plus a timestamp.

Code: Select all

<form name="email_form" action="<?php echo $PHP_SELF; ?>" method="post">
<input type="hidden" name="require" value="Name,Email,Purpose,Comments">
<table>
<tr>
	<td align="right">Name:</td>
	<td><input name="Name" size="25"></td>
</tr>

<tr>
	<td align="right">E-mail:</td>
	<td><input name="Email" size="25"></td>
</tr>

<tr>
	<td align="right">Purpose:</td>
	<td><select name="Purpose">
	<option value="General">General
	<option value="Customer">Customer
	</select>
	</td>
</tr>

<tr>
	<td align="right">Comments:</td>
	<td><textarea name="Comments" rows="10" cols="40"></textarea>
	</td>
</tr>

<tr>
	<td colspan="2" align="center"><input type="submit" value="Submit" name="email_form">
	<input type="reset" value="Reset" name="reset"></td>
</tr>

</table>
</form>
Thanks alot.

Posted: Tue Feb 28, 2006 3:17 pm
by neophyte
Where's your code?

Posted: Tue Feb 28, 2006 3:18 pm
by feyd
To say the least, we've had several discussions on input validation recently with regard to creating emails. Dig them out first.

Posted: Tue Feb 28, 2006 9:05 pm
by vietboy505
i did some digging..
and this what I can do so far..

Code: Select all

<?php

function determineEmail($Purpose)
{
        if($Purpose == "General") {
                $mailTo="Name1 <name1@mail.com>, Name2 <name2@mail.com>";

        } elseif($Purpose == "Customer") {
                $mailTo="Name2 <name2@mail.com>, Name3 <name3@mail.com>";
        } else {
        //proably won't be in here
                $mailTo="name5@mail.com";
        }
}

if(!empty($message)){ // only send if the form has been filled out.
  $mailHeaders="From : $Name [$Email]";
  $mailSubject="$Purpose from $Name";
  $mailBody="Sent by $Name ($Email) on " . date('M j,Y h:i:s') . " \n\n";
  $mailBody.="Message : \n\n $message";
mail($mailTo, $mailSubject, $mailBody, $mailHeaders);
  echo "<b>Your email has been sent!</b><br>";
}


echo('<form name="email_form" method="post">
<input type="hidden" name="require" value="Name,Email,Purpose,Comments">
<table>
<tr>
    <td align="right">Name:</td>
    <td><input name="Name" size="25"></td>
</tr>

<tr>
    <td align="right">E-mail:</td>
    <td><input name="Email" size="25"></td>
</tr>

<tr>
    <td align="right">Purpose:</td>
    <td><select name="Purpose">
    <option value="General">General
<option value="Customer">Customer
    </select>
    </td>
</tr>

<tr>
    <td align="right">Comments:</td>
    <td><textarea name="Comments" rows="10" cols="40"></textarea>
    </td>
</tr>

<tr>
    <td colspan="2" align="center"><input type="submit" value="Submit" name="ema
il_form">
    <input type="reset" value="Reset" name="reset"></td>
</tr>

</table>
</form>');
?>

Posted: Tue Feb 28, 2006 9:10 pm
by John Cartwright
it is still possible for people to inject headers into your code, since you are never validating the $_POST variables..

Posted: Tue Feb 28, 2006 9:30 pm
by vietboy505
please show me the solution thx :)

Posted: Tue Feb 28, 2006 9:37 pm
by John Cartwright
a simple search of "validating email" brought up the first result of

viewtopic.php?t=44709&highlight=validating+email

:roll:

Please be more thorough with your searches in the future ;)

Posted: Tue Feb 28, 2006 10:28 pm
by vietboy505
I get the "Invalid Email" right away.

Code: Select all

<?php

function determineEmail($Purpose)
{
	if($Purpose == "General") {
		$mailTo="Name1 <name1@mail.com>, Name2 <name2@mail.com>";

	} elseif($Purpose == "Customer") {
		$mailTo="Name2 <name2@mail.com>, Name3 <name3@mail.com>";
	} else {
	//proably won't be in here
		$mailTo="name5@mail.com";
	}
}

if(!preg_match("/^([0-9a-zA-Z]([-.w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-w]
*[0-9a-zA-Z].)+[a-zA-Z]{2,9})$/",$_POST["Email"])) {
//email address is invalid
die("Invalid Email");
} 

if(!empty($message)){ // only send if the form has been filled out. 
  $mailHeaders="From : $Name [$Email]";  
  $mailSubject="$Purpose from $Name";  
  $mailBody="Sent by $Name ($Email) on " . date('M j,Y h:i:s') . " \n\n";  
  $mailBody.="Message : \n\n $message";  

  mail($mailTo, $mailSubject, $mailBody, $mailHeaders); 
  echo "<b>Your email has been sent!</b><br>";  
}


echo('<form name="email_form" method="post">
<input type="hidden" name="require" value="Name,Email,Purpose,Comments">
<table>
<tr>
    <td align="right">Name:</td>
    <td><input name="Name" size="25"></td>
</tr>

<tr>
    <td align="right">E-mail:</td>
    <td><input name="Email" size="25"></td>
</tr>

<tr>
    <td align="right">Purpose:</td>
    <td><select name="Purpose">
    <option value="General">General
    <option value="Customer">Customer
    </select>
    </td>
</tr>

<tr>
    <td align="right">Comments:</td>
    <td><textarea name="Comments" rows="10" cols="40"></textarea>
    </td>
</tr>

<tr>
    <td colspan="2" align="center"><input type="submit" value="Submit" name="email_form">
    <input type="reset" value="Reset" name="reset"></td>
</tr>

</table>
</form>');
?>

Posted: Tue Feb 28, 2006 11:04 pm
by Benjamin
This will validate Emails.

Code: Select all

function check_email_address($email) {
  // First, we check that there's one @ symbol, and that the lengths are right
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
    return false;
  }
  // Split it into sections to make life easier
  $email_array = explode("@", $email);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
     if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
      return false;
    }
  }  
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
        return false; // Not enough parts to domain
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
        return false;
      }
    }
  }
  return true;
}

if (check_email_address($email)) {
  echo $email . ' is a valid email address.';
} else {
  echo $email . ' is not a valid email address.';
}

Posted: Tue Feb 28, 2006 11:08 pm
by Roja
agtlewis wrote:This will validate Emails.
Not to nitpick, but there are valid emails (according to the RFC) that will not accept as valid.

Thats why I generally link to the ValidateEmail function.

Longer, but its more accurate. (Its taken from the definitive regex for email validation.. see the source code for more info).

However, I suspect thats not the only problem here..