Help/suggestions with a contact form, please!

[Anonymous]

Greetings,

*I’m posting this again as it didn’t post the first time.

I am trying to add a contact form to my site and have some questions about adapting it.

The form was downloaded from is the one with the anti-spam mechanism here, and the downloaded form same. It seems a bit of a security issue having the php email address right in the header. I adapted the form to how I want it to look for the most part, but I don’t know what the best approach is at this point to get it to function and be secure. I also want to make sure spam bots cannot pick up any email addresses in the form.

Here are a couple of screen grabs ( screen grab 1, screen grab 2) of what I am seeing on my editor and preview. This does not appear once the page is on the server. I notice in the very beginning of the code on the unedited page that begins with “<?PHP” that there are areas to enter the email address and thank you page. Entering an email address directly like this seems to be an invite for spammers. I also notice it says “For better security. Get a random string from this link: http://tinyurl.com/randstr” What is a random string and what does it do?

The files that came with the form are as follows:

In the main folder named “contact form”:
contact.css
contactform.php
thank-you.php

In a sub folder named “include”:

class.phpmailer.php
fgcontactform.php
simple-captcha.php

In a sub folder named “scripts”:
gen_validatorv31.js

Best Regards.

[__]

Here are a couple of screen grabs ( screen grab 1, screen grab 2) of what I am seeing on my editor and preview.

Do you have PHP installed on your computer?

I notice in the very beginning of the code on the unedited page that begins with “<?PHP” that there are areas to enter the email address and thank you page. Entering an email address directly like this seems to be an invite for spammers.

I don’t think you understand what PHP is. PHP is run on your webserver. It is not a webpage: it makes a webpage. The PHP source code never appears on the website, only the output. In short, yes; the email address in your PHP source code is not accessible to spammers.

I also notice it says “For better security. Get a random string from this link: http://tinyurl.com/randstr” What is a random string and what does it do?

I could not say without seeing the code. It would appear to be a way for the script to authenticate the form submission, though it would be more effective if the “random string” was always different (using the same one each time kinda defeats the purpose).

Since you say you’ve modified the script since you downloaded it, you should post the actual code you are using if you need further help with it. You can use an online service (make a gist, for example), as it is difficult to post/read large amounts of code here on the forum.

[__]

Or xampp (cross-platform).

[Anonymous]

Greetings traq,

Thanks for replying.

No, I don’t understand PHP in depth. I’ve only used it sparingly in the past and have now had to learn (or attempt to learn) CSS and PHP in depth because the old way of coding just doesn’t do what I need. I do realize now though, upon reflection, that PHP is not viewable server side with page source view.

My biggest problem is learning something new. When I look at a lot of this code I git a skeered and beads o’ sweat begin to form on my bald noggin’. Then I runs on over to this here forum askin’ fer help befur I even gives ‘er a try. I’ve fiddled with it a bit more (the code I mean. I’m too old to fiddle with “it” anymore) and have produced this. (and the crowd goes wild!) The JS is called from the server, but the style sheet is still in the head tag.

I don’t understand what “PHP installed on my computer” means. My server now apparently supports PHP after a battle with my host company. I’ll still switch to another host after the new site is ready, but I digress.

The PHP code I was referring to is in this screen grab. It is at the very top of the contact form but obviously isn’t seen once it is on the server.

It appears, based on older CF’s I’ve done in the past, that this one only requires my email address to be entered into the PHP script in the head tag. I’m apprehensive about testing it however for security reasons until I know it’s safe. I’m still in the dark as to what a “random string” is/does for this and how it provides additional security. It’s mentioned in the grab above.

I would put this in codepen, but have found I can’t get things I put into codepen (with one exception) to work.

The anti-spam mechanism on the updated form above changes the question on refresh which indicates at least some of the code is working. I’m sure it all is, I’m just not understanding it enough to know.

Would posting the PHP and/or modified contact form with codepen be of help to you? I doubt it will be a working form, but the PHP should be viewable.

Best Regards.

[Anonymous]

@shaneisme

Thank you.

[nixnerd]

See if you can get this book.

It has a VERY easy to follow chapter on processing forms with PHP.

[nixnerd]

Or xampp (cross-platform).

Oh yeah… and listen to @traq. You need XAMPP. The reason for this is so that you can mess around with PHP on YOUR machine, without having it live on your site/remote server. That way, you can make sure it’s legit and fairly secure before you make it truly live.

Basically, the idea is that you have a ‘virtual server’ for testing. When you set up XAMPP, you basically trick your computer into thinking that a certain directory/foler is a remote server. For all intents and purposes, it behaves exactly like one, complete with Apache, MySQL and PHP.

This is the preferred way to mess around with server-side technologies locally. By the way, XAMPP, LAMP, WAMP and MAMP are all ostensibly the same. LAMP is for Linux, WAMP is for Windows, MAMP is for Mac and XAMPP is cross-platform… hence the X.

[__]

No, I don’t understand PHP in depth.

The key concept (that relates to your current questions) is that it’s a server-side language. Once you add a .php extension to your webpage, it is no longer a webpage, but a script that is executed on your server and sends its output (which is (hopefully) a webpage) to the user’s browser. At this point, it is a “normal” webpage; but the code you are writing is definitely not.

This is also the reason that you need a server that supports PHP in order to run/test PHP scripts. Browsers don’t parse it (and, therefore, neither will codepen).

I don’t understand what “PHP installed on my computer” means.

xampp/wampserver/whatever are very beginner-oriented packages and are pretty easy to install and use. Your php scripts will go in the web root directory, and you’ll run them by visiting http://localhost/whatever_you_named_your_script.php in your browser. Simples.

XAMPP … complete with Apache, MySQL and PHP.

…and the extra “p” is for perl, though it ought to be for python. Ah well; you can’t win them all.

My server now apparently supports PHP after a battle with my host company. I’ll still switch to another host after the new site is ready, but I digress.

If it was “a battle”, check what version of PHP you ended up with. (Ask them; or use the phpinfo(); function.)

• 5.5+ is best.
• 5.4 is pretty darn good.
• If it is anything less than 5.3.x, you should seriously consider switching hosts (and before you try to get anything to work, not after).
• If it’s less than 5.2.x, there’s really nothing to consider: leave now.

It appears, based on older CF’s I’ve done in the past, that this one only requires my email address to be entered into the PHP script in the head tag.

I’m not sure what you mean by “head tag”…? I assume you’re talking about the call to $formproc->AddRecipient() method (which there doesn’t seem to be anything wrong with, but, as I said above, we’d need to see the actual code).

Would posting the PHP and/or modified contact form with codepen be of help to you?

It would be much more helpful to use a service like pastebin or make a gist on github. The modified version is what we would need to see; you can post a link here when you are ready.

[Anonymous]

Greetings traq,

Thank you for all the information. I will phone my host company today and inquire.

Here’s a pastebin. I hope I did it correctly.

The instructions from the site I downloaded it from are straightforward as to what to do to get the form to function. My concern is, and the main reason for this thread, is to be sure the form is secure. I don’t want a bunch of trolls or spammers having a field day with it.

Best Regards.

[Anonymous]

Greetings Joe_Temp,

Thank you for all the info. It is a big pain having to transfer some things to the server before they will function. I will download xampp that traq and you recommend. I appreciate the recommendations.

I will definitely order the book today.

Best Regards.

[nixnerd]

I will phone my host company today and inquire.

You’re British aren’t you?

[Anonymous]

You’re British aren’t you?

No, I’m an American who now lives most of the time in Europe. I moved here eight years ago. I’m frequently in N. Ireland however and would love to have a house there. I have friends there and was there November last.

[Anonymous]

Greetings Joe_Temp,

I’m curious why you asked if I were British. Sorry I didn’t ask in my last message. Was in a bit of a rush and forgot to put it in.

Best Regards.

[nixnerd]

Oh, ok. I knew it was somewhere ‘across the pond.’ The reason I know that is you said “I will PHONE.” Americans with no time spent in Europe say “I will CALL.”

Please don’t be offended. I’m OBSESSED with little linguistic/cultural nuances like that. I do it all the time to people that I meet. I immediately know generally what state they’re from here in the US.

Here are some examples:

If you say “Hella,” you’re DEFINITELY from the West Coast, probably California. This is really common is Sacramento and Nor Cal. Seattle is also a possibility.

If you say “Not for nothin’,” you’re from the tri-state area, most likely New York or New Jersey. You may now live in Florida but you’re from the North East.

If you refer to every soda as “Coke,” you’re from Texas.

If you absolutely love Dr. Pepper, there’s a good chance you’re from Texas.

If you say “wicked awesome,” you’re obviously from New England.

If you reference green chile, you’re probably from Colorado or New Mexico.

If you wear Costa Sunglasses, you’re from Florida or Georgia.

If you wear Danner Boots, you either have deep pockets or you’re from Portland.

If you love Spam and Eggs, you’re probably from Hawaii or are a descendant of Pacific Islanders.

Etc.

I could go on and on and on but being in sales for so long has taught me to be really observant so I can relate to people and/or mirror what they do.

A simple example is… I always ask someone how they are doing. This serves two purposes. It allows me to control the conversation by asking first and it allows me an opportunity to relate to them.

Even though saying “I am well” is grammatically correct, I will ALWAYS say what they say. If they say “I’m good,” I’ll say that I’m good. I especially do this in a sales situation. The reason for this is simple: It makes me more relate-able because I’m just like them… or so they think. People think these things don’t matter and that’s why they never close. If someone says “I’m good” and you say that you are “well,” this can be received as somewhat condescending. They will subconsciously see you as thinking you’re more educated than they are and will always be standoffish.

All of us freelancers are in sales whether we know it or not. The sooner you realize that, the sooner you can better market yourself. Everyone has a different sales approach but it’s worthwhile to give these things some thought.

[nixnerd]

I’m going to throw this out to help people:

The next time you quote someone a price for a job… it doesn’t matter if it’s hourly or a flat rate, do two things. #1 Go 25% higher than you normally do. A. You’re worth it. B. People aren’t NEARLY as concerned with price as you think. They’re concerned with awesomeness. Do great work and they don’t really care. #2 Quote the price and SHUT UP! Literally say the number and don’t say anything else. Let them wallow in the silence. In this situation the first person to talk loses. Don’t try to justify the price, don’t waver, don’t say a thing. Just be silent. You will close a lot more jobs with this simple technique.

There’s a lot more that goes into setting up a proper sale but this technique alone is going to add more money to your bank account.

[Author]

Posts