Page 1 of 1
E-mail form validation
Posted: Tue Feb 28, 2006 3:14 pm
by vietboy505
I need help on the e-mail form, can any one help me?
I want the form to check if everything is inputs correct such as an valid e-mail.
If the user choose General, it will send to general email.
general@email.com. If the user choose Customer, it will send to Customer e-mail.
customer@email.com. Is this have something to do with switch case?
From: Name [General or Customer]
The subject is either : General/Customer question from Name [date()]
The body is Comments, plus a timestamp.
Code: Select all
<form name="email_form" action="<?php echo $PHP_SELF; ?>" method="post">
<input type="hidden" name="require" value="Name,Email,Purpose,Comments">
<table>
<tr>
<td align="right">Name:</td>
<td><input name="Name" size="25"></td>
</tr>
<tr>
<td align="right">E-mail:</td>
<td><input name="Email" size="25"></td>
</tr>
<tr>
<td align="right">Purpose:</td>
<td><select name="Purpose">
<option value="General">General
<option value="Customer">Customer
</select>
</td>
</tr>
<tr>
<td align="right">Comments:</td>
<td><textarea name="Comments" rows="10" cols="40"></textarea>
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit" name="email_form">
<input type="reset" value="Reset" name="reset"></td>
</tr>
</table>
</form>
Thanks alot.
Posted: Tue Feb 28, 2006 3:17 pm
by neophyte
Where's your code?
Posted: Tue Feb 28, 2006 3:18 pm
by feyd
To say the least, we've had several discussions on input validation recently with regard to creating emails. Dig them out first.
Posted: Tue Feb 28, 2006 9:05 pm
by vietboy505
i did some digging..
and this what I can do so far..
Code: Select all
<?php
function determineEmail($Purpose)
{
if($Purpose == "General") {
$mailTo="Name1 <name1@mail.com>, Name2 <name2@mail.com>";
} elseif($Purpose == "Customer") {
$mailTo="Name2 <name2@mail.com>, Name3 <name3@mail.com>";
} else {
//proably won't be in here
$mailTo="name5@mail.com";
}
}
if(!empty($message)){ // only send if the form has been filled out.
$mailHeaders="From : $Name [$Email]";
$mailSubject="$Purpose from $Name";
$mailBody="Sent by $Name ($Email) on " . date('M j,Y h:i:s') . " \n\n";
$mailBody.="Message : \n\n $message";
mail($mailTo, $mailSubject, $mailBody, $mailHeaders);
echo "<b>Your email has been sent!</b><br>";
}
echo('<form name="email_form" method="post">
<input type="hidden" name="require" value="Name,Email,Purpose,Comments">
<table>
<tr>
<td align="right">Name:</td>
<td><input name="Name" size="25"></td>
</tr>
<tr>
<td align="right">E-mail:</td>
<td><input name="Email" size="25"></td>
</tr>
<tr>
<td align="right">Purpose:</td>
<td><select name="Purpose">
<option value="General">General
<option value="Customer">Customer
</select>
</td>
</tr>
<tr>
<td align="right">Comments:</td>
<td><textarea name="Comments" rows="10" cols="40"></textarea>
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit" name="ema
il_form">
<input type="reset" value="Reset" name="reset"></td>
</tr>
</table>
</form>');
?>
Posted: Tue Feb 28, 2006 9:10 pm
by John Cartwright
it is still possible for people to inject headers into your code, since you are never validating the $_POST variables..
Posted: Tue Feb 28, 2006 9:30 pm
by vietboy505
please show me the solution thx

Posted: Tue Feb 28, 2006 9:37 pm
by John Cartwright
a simple search of "validating email" brought up the first result of
viewtopic.php?t=44709&highlight=validating+email
Please be more thorough with your searches in the future

Posted: Tue Feb 28, 2006 10:28 pm
by vietboy505
I get the "Invalid Email" right away.
Code: Select all
<?php
function determineEmail($Purpose)
{
if($Purpose == "General") {
$mailTo="Name1 <name1@mail.com>, Name2 <name2@mail.com>";
} elseif($Purpose == "Customer") {
$mailTo="Name2 <name2@mail.com>, Name3 <name3@mail.com>";
} else {
//proably won't be in here
$mailTo="name5@mail.com";
}
}
if(!preg_match("/^([0-9a-zA-Z]([-.w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-w]
*[0-9a-zA-Z].)+[a-zA-Z]{2,9})$/",$_POST["Email"])) {
//email address is invalid
die("Invalid Email");
}
if(!empty($message)){ // only send if the form has been filled out.
$mailHeaders="From : $Name [$Email]";
$mailSubject="$Purpose from $Name";
$mailBody="Sent by $Name ($Email) on " . date('M j,Y h:i:s') . " \n\n";
$mailBody.="Message : \n\n $message";
mail($mailTo, $mailSubject, $mailBody, $mailHeaders);
echo "<b>Your email has been sent!</b><br>";
}
echo('<form name="email_form" method="post">
<input type="hidden" name="require" value="Name,Email,Purpose,Comments">
<table>
<tr>
<td align="right">Name:</td>
<td><input name="Name" size="25"></td>
</tr>
<tr>
<td align="right">E-mail:</td>
<td><input name="Email" size="25"></td>
</tr>
<tr>
<td align="right">Purpose:</td>
<td><select name="Purpose">
<option value="General">General
<option value="Customer">Customer
</select>
</td>
</tr>
<tr>
<td align="right">Comments:</td>
<td><textarea name="Comments" rows="10" cols="40"></textarea>
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit" name="email_form">
<input type="reset" value="Reset" name="reset"></td>
</tr>
</table>
</form>');
?>
Posted: Tue Feb 28, 2006 11:04 pm
by Benjamin
This will validate Emails.
Code: Select all
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
if (check_email_address($email)) {
echo $email . ' is a valid email address.';
} else {
echo $email . ' is not a valid email address.';
}
Posted: Tue Feb 28, 2006 11:08 pm
by Roja
agtlewis wrote:This will validate Emails.
Not to nitpick, but there are valid emails (according to the RFC) that will not accept as valid.
Thats why I generally link to the
ValidateEmail function.
Longer, but its more accurate. (Its taken from the definitive regex for email validation.. see the source code for more info).
However, I suspect thats not the only problem here..