i have an error with this contact form:http://www.bravosquadgaming.com/test/contact.php when you incorrectly input the security code it still sends mail.
was wondering if someone could help me out at all and tell me please what i am doing wrong?
here is the code:
contact.php
Code: Select all
<?php
session_start();
if(isset($_POST["code"])) {
if(($_SESSION['captcha_code'] == $_POST['code']) && (!empty($_SESSION['captcha_code'])) ) {
//Passed!
$captcha_msg="";
}else{
// Not passed 8-(
$captcha_msg="";
if(isset($_POST["MM_insert"])){
unset($_POST["MM_insert"]);
}
if(isset($_POST["MM_update"])){
unset($_POST["MM_update"]);
}
}
}
class CaptchaImage {
var $font = "verdana.ttf";
function hex_to_dec($hexcolor){
//convert hex hex values to decimal ones
$dec_color=array('r'=>hexdec(substr($hexcolor,0,2)),'g'=>hexdec(substr($hexcolor,2,2)),'b'=>hexdec(substr($hexcolor,4,2)));
return $dec_color;
}
function generateCode($characters) {
/* list all possible characters, similar looking characters and vowels have been removed */
$possible = '23456789bcdfghjkmnpqrstvwxyz';
$code = '';
$i = 0;
while ($i < $characters) {
$code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
$i++;
}
return $code;
}
function CaptchaImage($width='120',$height='30',$characters='6',$hex_bg_color='FFFFFF',$hex_text_color="FF0000",$hex_noise_color="CC0000", $img_file='captcha.jpg') {
$rgb_bg_color=$this->hex_to_dec($hex_bg_color);
$rgb_text_color=$this->hex_to_dec($hex_text_color);
$rgb_noise_color=$this->hex_to_dec($hex_noise_color);
$code = $this->generateCode($characters);
/* font size will be 60% of the image height */
$font_size = $height * 0.60;
$image = @imagecreate($width, $height) or die('Cannot Initialize new GD image stream');
/* set the colours */
$background_color = imagecolorallocate($image, $rgb_bg_color['r'], $rgb_bg_color['g'],$rgb_bg_color['b']);
$text_color = imagecolorallocate($image, $rgb_text_color['r'], $rgb_text_color['g'],$rgb_text_color['b']);
$noise_color = imagecolorallocate($image, $rgb_noise_color['r'], $rgb_noise_color['g'],$rgb_noise_color['b']);
/* generate random dots in background */
for( $i=0; $i<($width*$height)/3; $i++ ) {
imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
}
/* generate random lines in background */
for( $i=0; $i<($width*$height)/150; $i++ ) {
imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
}
/* create textbox and add text */
$textbox = imagettfbbox($font_size, 0, $this->font, $code);
$x = ($width - $textbox[4])/2;
$y = ($height - $textbox[5])/2;
imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code);
/* save the image */
imagejpeg($image,$img_file);
imagedestroy($image);
echo "<img src=\"$img_file?".time()."\" width=\"$width\" height=\"$height\" alt=\"security code\" id=\"captchaImg\">";
$_SESSION['captcha_code'] = $code;
}
}
?>
<?php include('includes/corefuncs.php');
if (function_exists('nukeMagicQuotes')) {
nukeMagicQuotes();
}
// process the email
if (array_key_exists('send', $_POST)) {
$to = 'you@youremail.com'; // use your own email address
$heading = '**You Have Mail**';
// list expected fields
$expected = array('name', 'email', 'subject', 'message', 'code');
// set required fields
$required = array('name', 'email', 'subject', 'message', 'code');
// create empty array for any missing fields
$missing = array();
// assume that there is nothing suspect
$suspect = false;
// create a pattern to locate suspect phrases
$pattern = '/Content-Type:|Bcc:|Cc:/i';
// function to check for suspect phrases
function isSuspect($val, $pattern, &$suspect) {
// if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
}
}
else {
// if one of the suspect phrases is found, set Boolean to true
if (preg_match($pattern, $val)) {
$suspect = true;
}
}
}
// check the $_POST array and any sub-arrays for suspect content
isSuspect($_POST, $pattern, $suspect);
if ($suspect) {
$mailSent = false;
unset($missing);
}
else {
// process the $_POST variables
foreach ($_POST as $key => $value) {
// assign to temporary variable and strip whitespace if not an array
$temp = is_array($value) ? $value : trim($value);
// if empty and required, add to $missing array
if (empty($temp) && in_array($key, $required)) {
array_push($missing, $key);
}
// otherwise, assign to a variable of the same name as $key
elseif (in_array($key, $expected)) {
${$key} = $temp;
}
}
}
// validate the email address
if (!empty($email)) {
// regex to ensure no illegal characters in email address
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
// reject the email address if it doesn't match
if (!preg_match($checkEmail, $email)) {
array_push($missing, 'email');
}
}
// go ahead only if not suspect and all required fields OK
if (!$suspect && empty($missing)) {
// build the message
$comments = "Name: $name\n\n";
$comments .= "Email: $email\n\n";
$comments .= "Message: $message";
// limit line length to 70 characters
$message = wordwrap($message, 70);
// create additional headers
$additionalHeaders = 'From: <WebContact>';
if (!empty($email)) {
$additionalHeaders .= "\r\nReply-To: $email";
}
// send it
$mailSent = mail($to, $heading, $comments, $additionalHeaders);
if ($mailSent) {
// $missing is no longer needed if the email is sent, so unset it
unset($missing);
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Contact Our Company</title>
<link href="assets/formstyle.css" rel="stylesheet" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {
color: #00FF00;
font-weight: bold;
font-style: italic;
}
.style4 {color: #FF0000; font-style: italic; }
-->
</style>
</head>
<body>
<div id="form-area">
<p>
<?php
if ($_POST && isset($missing)) {
?>
<span class="warning"><em>Please complete the missing item(s) indicated.</em></span></p>
<p>
<?php
}
elseif ($_POST && !$mailSent) {
?>
<span class="warning"><em>Sorry, there was a problem sending your message. Please try later.</em></span></p>
<p>
<?php
}
elseif ($_POST && $mailSent) {
?>
<span class="style1">Thank You....Your Message Was Successfully Sent. </span></p>
<p>
<?php } ?>
</p>
<form id="feedback" method="post" action="">
<p>
<label for="name"><span class="style4">*</span><em> Your Name:</em>
<?php
if (isset($missing) && in_array('name', $missing)) { ?>
<span class="warning"><em>Please Enter Your Name !! </em></span>
<?php } ?>
</label>
<input name="name" id="name" type="text" class="formbox"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['name']).'"';} ?>
/>
</p>
<p>
<label for="email"><span class="style4">*</span><em> Your E-mail :</em>
<?php
if (isset($missing) && in_array('email', $missing)) { ?>
<span class="warning"><em>Please Enter Your E-mail !! </em></span>
<?php } ?>
</label>
<input name="email" id="email" type="text" class="formbox"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['email']).'"';} ?>
/>
</p>
<p>
<label for="subject"><span class="style4">*</span><em> Your Subject:</em>
<?php
if (isset($missing) && in_array('subject', $missing)) { ?>
<span class="warning"><em>Please Enter Your Subject !! </em></span>
<?php } ?>
</label>
<input name="subject" id="subject" type="text" class="formbox"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['subject']).'"';} ?>
/>
</p>
<p>
<label for="message"><span class="style4">*</span><em> Your Message :</em>
<?php
if (isset($missing) && in_array('message', $missing)) { ?>
<span class="warning"><em>Please Enter Your Message !! </em></span>
<?php } ?>
</label>
<textarea name="message" id="message" cols="60" rows="8"><?php
if (isset($missing)) {
echo htmlentities($_POST['message']);
} ?></textarea>
</p>
<p>
<?php $captcha = new CaptchaImage(150,50,5,'FFFFFF','FF0000','999999');?></p>
<p>
<label for="code"><span class="style4">*</span><em> Type Security Code :</em>
<?php
if (isset($missing) && in_array('code', $missing)) { ?>
<span class="warning"><em>Please Enter Security Code!! </em></span>
<?php } ?>
</label>
<input name="code" id="code" type="text" class="formbox"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['code']).'"';} ?>
/>
<p>
<input name="send" id="send" type="submit" value="Send Message" class="button" />
</p>
</form>
</div>
</div>
</body>
</html>