I have a contact form script I like and have used in several places. It's simple and I understand what it does and I can add and require as many fields as I want easily - so inevitably it's been hit by the spammers.
I don't really want a captcha adding on to the page. What I would like to do is to add a honeypot type trap - so there is a text field hidden by CSS and if it gets filled in (such as by a bot filling in all fields) it rejects the submission.
The code works fine until the introduction of the section
Code: Select all
<?php
}
}else if (empty($COMMENT2)) {
?>
<p>Thanks for your message</a></p>
I've tried several variations on empty functions, but each time all I get is the blank white page, so something is breaking it but not so that it will hint why.
I've also tried with a second $nothanks type of thing earlier in the script, looking for any character in the field but same result.
Can anyone offer the correct syntax to make it work?
Thanks.
Code: Select all
<?php
$to='My Name <web@mysite.co.uk>';
$messageSubject=$_POST['NAME']." : ".$_POST['REF'];
$confirmationSubject="My Name: ".$_POST['REF'];
$confirmationBody="Thank you for your email.\n\nI aim to reply to you within 24 hours.\n\nPlease see below for a copy of the information you supplied.\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n";
$REF='';
$NAME='';
$EMAIL='';
$MESSAGE='';
$displayForm=true;
if ($_POST){
$REF=stripslashes($_POST['REF']);
$NAME=stripslashes($_POST['NAME']);
$EMAIL=stripslashes($_POST['EMAIL']);
$MESSAGE=stripslashes($_POST['MESSAGE']);
foreach ($_POST as $Field=>$Value)
$MsgBody .= "$Field: $Value\n\n";
$valid=eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$EMAIL);
$nothanks=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$MESSAGE);
if ($EMAIL && $MESSAGE && $valid && !$nothanks){
if (mail($to,$messageSubject,$MsgBody,'From: '.$EMAIL."\r\n")
&& mail($EMAIL,$confirmationSubject,$confirmationBody.$MsgBody,'From: '.$to."\r\n")){
$displayForm=false;
?>
<p>Thank you - your message was successfully sent.
A copy has also been sent to your email address</p>
<br />
<br />
</p>
<?php
echo '<p>','<em>'.htmlspecialchars($REF).'</em>','</p>';
echo '<p>','<em>'.htmlspecialchars($NAME).'</em>','</p>';
echo '<p>','<em>'.htmlspecialchars($EMAIL).'</em>','</p>';
echo '<p>','<em>'.htmlspecialchars($MESSAGE).'</em>','</p>';
}else{
?>
<p>
Sorry, something went wrong when the server tried to send your message<br />
<br />
This is usually due to a server error, and is probably not your fault<br />
<br />
Please try again in a few minutes, or drop me an email at <a href="mailto:mail@mysite.co.uk">mailto:mail@mysite</a></p>
<?php
}
}else if ($nothanks){
?>
<p><strong>
Your message contained email headers within the message body.<br />
<br />
This seems to be a spam attempt and the message has not been sent.</strong></p>
<p>If you believe this to be an error, then please drop me an email at <a href="mailto:web@mysite.co.uk">web@mysite.co.uk</a></p>
//Here's the section with a problem
<?php
}
}else if (empty($COMMENT2)) {
?>
<p>Thanks for your message</a></p>
//End problem section
<?php
}
}else{
?>
<p><strong>
Sorry, your message could not be sent<br />
<br />
</strong>You must include both a valid email address and a message</p><?php
}
}
if ($displayForm){
?>
<form action="contact.php" method="post">
// Form HTML goes here
// Includes 'hidden' text box, as below
<tr>
<td>
<div align="left">
<label for="COMMENT2">Comment 2</label>
<br />
<input type="text" name="COMMENT2" class="textboxh" />
</div></td></tr>
// End form HTML
</form>
<?php
}
?>