Total newbie form mail question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
andyc123
Forum Newbie
Posts: 3
Joined: Wed Apr 23, 2008 4:08 am

Total newbie form mail question

Post by andyc123 »

Hi guys, as the title TOTAL newbie here!

I am building a form mail function and found this one on a site to use as a starting point

<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php

/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$email = $HTTP_POST_VARS['email'];
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];

/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}

/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>


I understand how to manipulate it to my needs (I think!!) but also read an artcle on email injection for spamming and wasnt sure whether and/or how to also put this code into the above function. The code I read to do this was:

if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {

[... direct user to an error page and quit ...]

}

How do I incorporate that in the above or is it covered with the !preg bit?

Any help would be greatly appreciated.

Thanks

Andrew
Rovas
Forum Contributor
Posts: 272
Joined: Mon Aug 21, 2006 7:09 am
Location: Romania

Re: Total newbie form mail question

Post by Rovas »

I don' t understand what exactly do you want : to stop a robot from spamming your email using a script or to check the email and name to specific pattern.
The script you put checks the existence of type of pattern in the name.
To stop a robot from spamming you use a CAPTCHA script. There many forms of it : put scrambled text behind an image, a word using a specific font, put a series of images of objects. This type of script is more complex than the simple mail one you read and used. There are many tutorials out there even free scripts that come with instructions.
andyc123
Forum Newbie
Posts: 3
Joined: Wed Apr 23, 2008 4:08 am

Re: Total newbie form mail question

Post by andyc123 »

Hi, it is just to stop somone from using the script to cc emails elsewhere so they cannot insert line breaks and add loads of addresses.....
andyc123
Forum Newbie
Posts: 3
Joined: Wed Apr 23, 2008 4:08 am

Re: Total newbie form mail question

Post by andyc123 »

OK, I have tweaked the form and it seems to be working really well except it does not seem to complain in the name field is empty - is that becuase I have had to use the /n and how do I get around it?? I have pasted the code below.

<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php

/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */

$time = $HTTP_POST_VARS['time']."\n";
$name = $HTTP_POST_VARS['name']."\n";
$postcode = $HTTP_POST_VARS['postcode']."\n";
$address1 = $HTTP_POST_VARS['address1']."\n";
$address2 = $HTTP_POST_VARS['address2']."\n";
$address3 = $HTTP_POST_VARS['address3']."\n";
$email = $HTTP_POST_VARS['email']."\n";
$phone = $HTTP_POST_VARS['phone']."\n";
$mobile = $HTTP_POST_VARS['mobile']."\n";
$Date_Day = $HTTP_POST_VARS['Date_Day']."\n";
$Date_Month = $HTTP_POST_VARS['Date_Month']."\n";
$comment = $HTTP_POST_VARS['comment'];

$allfields = "Time to Call: $time"."Name: $name"."Postcode: $postcode"."Address1: $address1"."Address2: $address2"."Address3: $address3"."Email: $email"."Phone: $phone"."Mobile: $mobile"."Day to call: $Date_Day"."Month to call: $Date_Month"."Comment: $comment";

/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($name == "") {
echo "<h4>Please enter you name</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}



/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
/*elseif (mail("andrew@crystalclearit.co.uk","Feedback from Callback Form", "From: $email", $allfields )) {*/

elseif (mail("andrew@crystalclearit.co.uk","Feedback from Callback Form", $allfields, "From: $email" )) {
echo "<h4>Thank you for sending email</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} else {
echo "<h4>Can't send email to $email</h4>";
}



?>
</body>
</html>
Post Reply