Page 1 of 1

contact form help

Posted: Fri Aug 29, 2008 7:02 pm
by utdfederation
hello all.

i have an error with this contact form:http://www.bravosquadgaming.com/test/contact.php when you incorrectly input the security code it still sends mail.

was wondering if someone could help me out at all and tell me please what i am doing wrong?

here is the code:

contact.php

Code: Select all

<?php
session_start();
if(isset($_POST["code"])) {
    if(($_SESSION['captcha_code'] == $_POST['code']) && (!empty($_SESSION['captcha_code'])) ) {
        //Passed!
        $captcha_msg="";
    }else{
        // Not passed 8-(
        $captcha_msg="";
        if(isset($_POST["MM_insert"])){
            unset($_POST["MM_insert"]);
        }
        if(isset($_POST["MM_update"])){
            unset($_POST["MM_update"]);
        }
    }
}
class CaptchaImage {
    var $font = "verdana.ttf";
    function hex_to_dec($hexcolor){
    //convert hex hex values to decimal ones
    $dec_color=array('r'=>hexdec(substr($hexcolor,0,2)),'g'=>hexdec(substr($hexcolor,2,2)),'b'=>hexdec(substr($hexcolor,4,2)));
    return $dec_color;
    }
    function generateCode($characters) {
        /* list all possible characters, similar looking characters and vowels have been removed */
        $possible = '23456789bcdfghjkmnpqrstvwxyz'; 
        $code = '';
        $i = 0;
        while ($i < $characters) { 
            $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
            $i++;
        }
        return $code;
    }
    function CaptchaImage($width='120',$height='30',$characters='6',$hex_bg_color='FFFFFF',$hex_text_color="FF0000",$hex_noise_color="CC0000", $img_file='captcha.jpg') {
        $rgb_bg_color=$this->hex_to_dec($hex_bg_color);
        $rgb_text_color=$this->hex_to_dec($hex_text_color);
        $rgb_noise_color=$this->hex_to_dec($hex_noise_color);
        $code = $this->generateCode($characters);
        /* font size will be 60% of the image height */
        $font_size = $height * 0.60;
        $image = @imagecreate($width, $height) or die('Cannot Initialize new GD image stream');
        /* set the colours */
        $background_color = imagecolorallocate($image, $rgb_bg_color['r'], $rgb_bg_color['g'],$rgb_bg_color['b']);
        $text_color = imagecolorallocate($image, $rgb_text_color['r'], $rgb_text_color['g'],$rgb_text_color['b']);
        $noise_color = imagecolorallocate($image, $rgb_noise_color['r'], $rgb_noise_color['g'],$rgb_noise_color['b']);
        /* generate random dots in background */
        for( $i=0; $i<($width*$height)/3; $i++ ) {
            imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
        }
        /* generate random lines in background */
        for( $i=0; $i<($width*$height)/150; $i++ ) {
            imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
        }
        /* create textbox and add text */
        $textbox = imagettfbbox($font_size, 0, $this->font, $code);
        $x = ($width - $textbox[4])/2;
        $y = ($height - $textbox[5])/2;
        imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code);
        /* save the image */
        imagejpeg($image,$img_file);
        imagedestroy($image);
        echo "<img src=\"$img_file?".time()."\" width=\"$width\" height=\"$height\" alt=\"security code\" id=\"captchaImg\">";
        $_SESSION['captcha_code'] = $code;
    }
 
}
?>
<?php include('includes/corefuncs.php');
if (function_exists('nukeMagicQuotes')) {
  nukeMagicQuotes();
  }
 
// process the email
if (array_key_exists('send', $_POST)) {
  $to = 'you@youremail.com'; // use your own email address
  $heading = '**You Have Mail**';
  
  // list expected fields
  $expected = array('name', 'email', 'subject', 'message', 'code');
  // set required fields
  $required = array('name', 'email', 'subject', 'message', 'code');
  // create empty array for any missing fields
  $missing = array();
  
  // assume that there is nothing suspect
  $suspect = false;
  // create a pattern to locate suspect phrases
  $pattern = '/Content-Type:|Bcc:|Cc:/i';
  
  // function to check for suspect phrases
  function isSuspect($val, $pattern, &$suspect) {
    // if the variable is an array, loop through each element
    // and pass it recursively back to the same function
    if (is_array($val)) {
      foreach ($val as $item) {
        isSuspect($item, $pattern, $suspect);
        }
      }
    else {
      // if one of the suspect phrases is found, set Boolean to true
      if (preg_match($pattern, $val)) {
        $suspect = true;
        }
      }
    }
  
  // check the $_POST array and any sub-arrays for suspect content
  isSuspect($_POST, $pattern, $suspect);
  
  if ($suspect) {
    $mailSent = false;
    unset($missing);
    }
  else {
    // process the $_POST variables
    foreach ($_POST as $key => $value) {
      // assign to temporary variable and strip whitespace if not an array
      $temp = is_array($value) ? $value : trim($value);
      // if empty and required, add to $missing array
      if (empty($temp) && in_array($key, $required)) {
        array_push($missing, $key);
        }
      // otherwise, assign to a variable of the same name as $key
      elseif (in_array($key, $expected)) {
        ${$key} = $temp;
        }
      }
    }
  
  // validate the email address
  if (!empty($email)) {
    // regex to ensure no illegal characters in email address 
    $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
    // reject the email address if it doesn't match
    if (!preg_match($checkEmail, $email)) {
      array_push($missing, 'email');
      }
    }
  
  // go ahead only if not suspect and all required fields OK
  if (!$suspect && empty($missing)) {
    // build the message
    $comments = "Name: $name\n\n";
    $comments .= "Email: $email\n\n";
    $comments .= "Message: $message";
 
    // limit line length to 70 characters
    $message = wordwrap($message, 70);
    
    // create additional headers
    $additionalHeaders = 'From: <WebContact>';
    if (!empty($email)) {
      $additionalHeaders .= "\r\nReply-To: $email";
      }
    
    // send it  
    $mailSent = mail($to, $heading, $comments, $additionalHeaders);
    if ($mailSent) {
      // $missing is no longer needed if the email is sent, so unset it
      unset($missing);
      }
    }
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Contact Our Company</title>
<link href="assets/formstyle.css" rel="stylesheet" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {
    color: #00FF00;
    font-weight: bold;
    font-style: italic;
}
.style4 {color: #FF0000; font-style: italic; }
-->
</style>
</head>
 
<body>
 
 
    
 
<div id="form-area">
      <p>
              <?php
        if ($_POST && isset($missing)) {
        ?>
            <span class="warning"><em>Please complete the missing item(s) indicated.</em></span></p>
        <p>
              <?php
          }
        elseif ($_POST && !$mailSent) {
        ?>
            <span class="warning"><em>Sorry, there was a problem sending your message. Please try later.</em></span></p>
        <p>
              <?php
          }
        elseif ($_POST && $mailSent) {
        ?>
                <span class="style1">Thank You....Your Message Was Successfully Sent. </span></p>
        <p>
              <?php } ?>
        </p>
        <form id="feedback" method="post" action="">
            <p>
                <label for="name"><span class="style4">*</span><em> Your Name:</em> 
                <?php
                if (isset($missing) && in_array('name', $missing)) { ?>
                <span class="warning"><em>Please Enter Your Name !! </em></span>
                <?php } ?>
                </label>
                <input name="name" id="name" type="text" class="formbox" 
                <?php if (isset($missing)) {
                  echo 'value="'.htmlentities($_POST['name']).'"';} ?>
                />
            </p>
            <p>
                <label for="email"><span class="style4">*</span><em> Your E-mail :</em> 
                <?php
                if (isset($missing) && in_array('email', $missing)) { ?>
                <span class="warning"><em>Please Enter Your E-mail !! </em></span>
                <?php } ?>
                </label>
                <input name="email" id="email" type="text" class="formbox" 
                <?php if (isset($missing)) {
                  echo 'value="'.htmlentities($_POST['email']).'"';} ?>
                />
            </p>
           <p>
                <label for="subject"><span class="style4">*</span><em> Your Subject:</em> 
                <?php
                if (isset($missing) && in_array('subject', $missing)) { ?>
                <span class="warning"><em>Please Enter Your Subject !! </em></span>
                <?php } ?>
                </label>
                <input name="subject" id="subject" type="text" class="formbox" 
                <?php if (isset($missing)) {
                  echo 'value="'.htmlentities($_POST['subject']).'"';} ?>
                />
            </p>
           <p>
                <label for="message"><span class="style4">*</span><em> Your Message :</em> 
                <?php
                if (isset($missing) && in_array('message', $missing)) { ?>
                <span class="warning"><em>Please Enter Your Message !! </em></span>
                <?php } ?>
                </label>
                <textarea name="message" id="message" cols="60" rows="8"><?php 
                if (isset($missing)) {
                  echo htmlentities($_POST['message']);
                  } ?></textarea>
            </p>
           <p>
                  <?php $captcha = new CaptchaImage(150,50,5,'FFFFFF','FF0000','999999');?></p>
           <p>
                  <label for="code"><span class="style4">*</span><em> Type Security Code :</em>
                  <?php
                if (isset($missing) && in_array('code', $missing)) { ?>
                  <span class="warning"><em>Please Enter Security Code!! </em></span>
                  <?php } ?>
                  </label>
                <input name="code" id="code" type="text" class="formbox"
                 <?php if (isset($missing)) {
                  echo 'value="'.htmlentities($_POST['code']).'"';} ?>
                />
           <p>
                <input name="send" id="send" type="submit" value="Send Message" class="button" />
           </p>
        </form>
</div>
</div>
 
</body>
</html>
thank you kindly i hope

Re: contact form help

Posted: Fri Aug 29, 2008 10:56 pm
by califdon
What part of that code did you expect to disable the sending of the email?

There's a lot of code there that doesn't make any sense to me. Could it be that you just copied several different scripts and just combined them? That won't work. There has to be clear logic throughout a script.

Re: contact form help

Posted: Sat Aug 30, 2008 8:34 am
by utdfederation
what you on about several different scripts then put them together?

i downloaded this script from easykiss123.com all i am trying to do is add the captcha.

Re: contact form help

Posted: Sat Aug 30, 2008 11:46 am
by califdon
utdfederation wrote:what you on about several different scripts then put them together?

i downloaded this script from easykiss123.com all i am trying to do is add the captcha.
Then it seems to me your best help can be obtained from that site.