treehouse : what would you like to learn today?
Web Design Web Development iOS Development

Forums

Illustration by Nick Sirotich

PHP Response Form

  • kelpie
    Permalink to comment #
    Hi,

    I wonder if anyone can help me with this.
    I am a novice when it comes to PHP and I'm currently finding that the response form I'm using sends responses to my spam box instead of my inbox.
    I would really appreciate any advice on how to correct this problem. The PHP code is pasted below.
    Thanks very much in advance...
    Ian.

    <?php



    // User settings
    $to = \"ian1618@googlemail.com\";
    $subject = \"SimpleModal Contact Form\";

    // Include extra form fields and/or submitter data?
    // false = do not include
    $extra = array(
    	\"form_subject\"	=> true,
    	\"form_cc\"		=> true,
    	\"ip\"				=> true,
    	\"user_agent\"	=> true
    );

    // Process
    $action = isset($_POST[\"action\"]) ? $_POST[\"action\"] : \"\";
    if (empty($action)) {
    	// Send back the contact form HTML
    	$output = \"<div style='display:none'>
    	<div class='contact-top'></div>
    	<div class='contact-content'>
    		<h1 class='contact-title'>Send us a message:</h1>
    		<div class='contact-loading' style='display:none'></div>
    		<div class='contact-message' style='display:none'></div>
    		<form action='#' style='display:none'>
    			<label for='contact-name'>*Name:</label>
    			<input type='text' id='contact-name' class='contact-input' name='name' tabindex='1001' />
    			<label for='contact-email'>*Email:</label>
    			<input type='text' id='contact-email' class='contact-input' name='email' tabindex='1002' />\";

    	if ($extra[\"form_subject\"]) {
    		$output .= \"
    			<label for='contact-subject'>Subject:</label>
    			<input type='text' id='contact-subject' class='contact-input' name='subject' value='' tabindex='1003' />\";
    	}

    	$output .= \"
    			<label for='contact-message'>*Message:</label>
    			<textarea id='contact-message' class='contact-input' name='message' cols='40' rows='4' tabindex='1004'></textarea>
    			<br/>\";

    	if ($extra[\"form_cc\"]) {
    		$output .= \"
    			<label>&nbsp;</label>
    			<input type='checkbox' id='contact-cc' name='cc' value='1' tabindex='1005' /> <span class='contact-cc'>Send me a copy</span>
    			<br/>\";
    	}

    	$output .= \"
    			<label>&nbsp;</label>
    			<button type='submit' class='contact-send contact-button' tabindex='1006'>Send</button>
    			<button type='submit' class='contact-cancel contact-button simplemodal-close' tabindex='1007'>Cancel</button>
    			<br/>
    			<input type='hidden' name='token' value='\" . smcf_token($to) . \"'/>
    		</form>
    	</div>
    	<div class='contact-bottom'><a href='http://www.ericmmartin.com/projects/simplemodal/'>Powered by SimpleModal</a></div>
    </div>\";

    	echo $output;
    }
    else if ($action == \"send\") {
    	// Send the email
    	$name = isset($_POST[\"name\"]) ? $_POST[\"name\"] : \"\";
    	$email = isset($_POST[\"email\"]) ? $_POST[\"email\"] : \"\";
    	$subject = isset($_POST[\"subject\"]) ? $_POST[\"subject\"] : $subject;
    	$message = isset($_POST[\"message\"]) ? $_POST[\"message\"] : \"\";
    	$cc = isset($_POST[\"cc\"]) ? $_POST[\"cc\"] : \"\";
    	$token = isset($_POST[\"token\"]) ? $_POST[\"token\"] : \"\";

    	// make sure the token matches
    	if ($token === smcf_token($to)) {
    		smcf_send($name, $email, $subject, $message, $cc);
    		echo \"Your message was successfully sent.\";
    	}
    	else {
    		echo \"Unfortunately, your message could not be verified.\";
    	}
    }

    function smcf_token($s) {
    	return md5(\"smcf-\" . $s . date(\"WY\"));
    }

    // Validate and send email
    function smcf_send($name, $email, $subject, $message, $cc) {
    	global $to, $extra;

    	// Filter and validate fields
    	$name = smcf_filter($name);
    	$subject = smcf_filter($subject);
    	$email = smcf_filter($email);
    	if (!smcf_validate_email($email)) {
    		$subject .= \" - invalid email\";
    		$message .= \"\n\nBad email: $email\";
    		$email = $to;
    		$cc = 0; // do not CC \"sender\"
    	}

    	// Add additional info to the message
    	if ($extra[\"ip\"]) {
    		$message .= \"\n\nIP: \" . $_SERVER[\"REMOTE_ADDR\"];
    	}
    	if ($extra[\"user_agent\"]) {
    		$message .= \"\n\nUSER AGENT: \" . $_SERVER[\"HTTP_USER_AGENT\"];
    	}

    	// Set and wordwrap message body
    	$body = \"From: $name\n\n\";
    	$body .= \"Message: $message\";
    	$body = wordwrap($body, 70);

    	// Build header
    	$headers = \"From: $email\n\";
    	if ($cc == 1) {
    		$headers .= \"Cc: $email\n\";
    	}
    	$headers .= \"X-Mailer: PHP/SimpleModalContactForm\";

    	// UTF-8
    	if (function_exists('mb_encode_mimeheader')) {
    		$subject = mb_encode_mimeheader($subject, \"UTF-8\", \"B\", \"\n\");
    	}
    	else {
    		// you need to enable mb_encode_mimeheader or risk 
    		// getting emails that are not UTF-8 encoded
    	}
    	$headers .= \"MIME-Version: 1.0\n\";
    	$headers .= \"Content-type: text/plain; charset=utf-8\n\";
    	$headers .= \"Content-Transfer-Encoding: quoted-printable\n\";

    	// Send email
    	@mail($to, $subject, $body, $headers) or 
    		die(\"Unfortunately, a server issue prevented delivery of your message.\");
    }

    // Remove any un-safe values to prevent email injection
    function smcf_filter($value) {
    	$pattern = array(\"/\n/\",\"/\r/\",\"/content-type:/i\",\"/to:/i\", \"/from:/i\", \"/cc:/i\");
    	$value = preg_replace($pattern, \"\", $value);
    	return $value;
    }

    // Validate email address format in case client-side validation \"fails\"
    function smcf_validate_email($email) {
    	$at = strrpos($email, \"@\");

    	// Make sure the at (@) sybmol exists and  
    	// it is not the first or last character
    	if ($at && ($at < 1 || ($at + 1) == strlen($email)))
    		return false;

    	// Make sure there aren't multiple periods together
    	if (preg_match(\"/(\.{2,})/\", $email))
    		return false;

    	// Break up the local and domain portions
    	$local = substr($email, 0, $at);
    	$domain = substr($email, $at + 1);


    	// Check lengths
    	$locLen = strlen($local);
    	$domLen = strlen($domain);
    	if ($locLen < 1 || $locLen > 64 || $domLen < 4 || $domLen > 255)
    		return false;

    	// Make sure local and domain don't start with or end with a period
    	if (preg_match(\"/(^\.|\.$)/\", $local) || preg_match(\"/(^\.|\.$)/\", $domain))
    		return false;

    	// Check for quoted-string addresses
    	// Since almost anything is allowed in a quoted-string address,
    	// we're just going to let them go through
    	if (!preg_match('/^\"(.+)\"$/', $local)) {
    		// It's a dot-string address...check for valid characters
    		if (!preg_match('/^[-a-zA-Z0-9!#$%*\/?|^{}`~&\'+=_\.]*$/', $local))
    			return false;
    	}

    	// Make sure domain contains only valid characters and at least one period
    	if (!preg_match(\"/^[-a-zA-Z0-9\.]*$/\", $domain) || !strpos($domain, \".\"))
    		return false;	

    	return true;
    }

    exit;

    ?>
  • Robskiwarrior
    Permalink to comment #
    hit the "this is not spam" button? lol
  • kelpie
    Permalink to comment #
    Not sure that my client would appreciate having to constantly go to their spam box to check for messages from their web form and always have to mark them as "not spam".
  • apostrophe
    Permalink to comment #
    You only have to do it once.
  • davesgonebananas
    Permalink to comment #
    As these guys said, if your email client is marking it as spam you can configure not to do that. Usually this is by clicking on "This is not spam" or similar. Alternatively you can add the sending email address to your address book.

    For a list of client specific suggestions you might find http://www.catster.com/faq_email.php helpful.

    Best regards
    Dave
Add a Comment