Hi guys, as the title TOTAL newbie here!
I am building a form mail function and found this one on a site to use as a starting point
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$email = $HTTP_POST_VARS['email'];
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
I understand how to manipulate it to my needs (I think!!) but also read an artcle on email injection for spamming and wasnt sure whether and/or how to also put this code into the above function. The code I read to do this was:
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
[... direct user to an error page and quit ...]
}
How do I incorporate that in the above or is it covered with the !preg bit?
Any help would be greatly appreciated.
Thanks
Andrew
Total newbie form mail question
Moderator: General Moderators
Re: Total newbie form mail question
I don' t understand what exactly do you want : to stop a robot from spamming your email using a script or to check the email and name to specific pattern.
The script you put checks the existence of type of pattern in the name.
To stop a robot from spamming you use a CAPTCHA script. There many forms of it : put scrambled text behind an image, a word using a specific font, put a series of images of objects. This type of script is more complex than the simple mail one you read and used. There are many tutorials out there even free scripts that come with instructions.
The script you put checks the existence of type of pattern in the name.
To stop a robot from spamming you use a CAPTCHA script. There many forms of it : put scrambled text behind an image, a word using a specific font, put a series of images of objects. This type of script is more complex than the simple mail one you read and used. There are many tutorials out there even free scripts that come with instructions.
Re: Total newbie form mail question
Hi, it is just to stop somone from using the script to cc emails elsewhere so they cannot insert line breaks and add loads of addresses.....
Re: Total newbie form mail question
OK, I have tweaked the form and it seems to be working really well except it does not seem to complain in the name field is empty - is that becuase I have had to use the /n and how do I get around it?? I have pasted the code below.
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$time = $HTTP_POST_VARS['time']."\n";
$name = $HTTP_POST_VARS['name']."\n";
$postcode = $HTTP_POST_VARS['postcode']."\n";
$address1 = $HTTP_POST_VARS['address1']."\n";
$address2 = $HTTP_POST_VARS['address2']."\n";
$address3 = $HTTP_POST_VARS['address3']."\n";
$email = $HTTP_POST_VARS['email']."\n";
$phone = $HTTP_POST_VARS['phone']."\n";
$mobile = $HTTP_POST_VARS['mobile']."\n";
$Date_Day = $HTTP_POST_VARS['Date_Day']."\n";
$Date_Month = $HTTP_POST_VARS['Date_Month']."\n";
$comment = $HTTP_POST_VARS['comment'];
$allfields = "Time to Call: $time"."Name: $name"."Postcode: $postcode"."Address1: $address1"."Address2: $address2"."Address3: $address3"."Email: $email"."Phone: $phone"."Mobile: $mobile"."Day to call: $Date_Day"."Month to call: $Date_Month"."Comment: $comment";
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($name == "") {
echo "<h4>Please enter you name</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
/*elseif (mail("andrew@crystalclearit.co.uk","Feedback from Callback Form", "From: $email", $allfields )) {*/
elseif (mail("andrew@crystalclearit.co.uk","Feedback from Callback Form", $allfields, "From: $email" )) {
echo "<h4>Thank you for sending email</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$time = $HTTP_POST_VARS['time']."\n";
$name = $HTTP_POST_VARS['name']."\n";
$postcode = $HTTP_POST_VARS['postcode']."\n";
$address1 = $HTTP_POST_VARS['address1']."\n";
$address2 = $HTTP_POST_VARS['address2']."\n";
$address3 = $HTTP_POST_VARS['address3']."\n";
$email = $HTTP_POST_VARS['email']."\n";
$phone = $HTTP_POST_VARS['phone']."\n";
$mobile = $HTTP_POST_VARS['mobile']."\n";
$Date_Day = $HTTP_POST_VARS['Date_Day']."\n";
$Date_Month = $HTTP_POST_VARS['Date_Month']."\n";
$comment = $HTTP_POST_VARS['comment'];
$allfields = "Time to Call: $time"."Name: $name"."Postcode: $postcode"."Address1: $address1"."Address2: $address2"."Address3: $address3"."Email: $email"."Phone: $phone"."Mobile: $mobile"."Day to call: $Date_Day"."Month to call: $Date_Month"."Comment: $comment";
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($name == "") {
echo "<h4>Please enter you name</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
/*elseif (mail("andrew@crystalclearit.co.uk","Feedback from Callback Form", "From: $email", $allfields )) {*/
elseif (mail("andrew@crystalclearit.co.uk","Feedback from Callback Form", $allfields, "From: $email" )) {
echo "<h4>Thank you for sending email</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>