Help/suggestions with a contact form, please!
Anonymous# March 18, 2014 at 8:32 am
*I’m posting this again as it didn’t post the first time.
I am trying to add a contact form to my site and have some questions about adapting it.
The form was downloaded from is the one with the anti-spam mechanism here, and the downloaded form same. It seems a bit of a security issue having the php email address right in the header. I adapted the form to how I want it to look for the most part, but I don’t know what the best approach is at this point to get it to function and be secure. I also want to make sure spam bots cannot pick up any email addresses in the form.
Here are a couple of screen grabs ( screen grab 1, screen grab 2) of what I am seeing on my editor and preview. This does not appear once the page is on the server. I notice in the very beginning of the code on the unedited page that begins with “<?PHP” that there are areas to enter the email address and thank you page. Entering an email address directly like this seems to be an invite for spammers. I also notice it says “For better security. Get a random string from this link: http://tinyurl.com/randstr” What is a random string and what does it do?
The files that came with the form are as follows:
In the main folder named “contact form”:
In a sub folder named “include”:
In a sub folder named “scripts”:
Best Regards.# March 18, 2014 at 12:24 pm
Here are a couple of screen grabs ( screen grab 1, screen grab 2) of what I am seeing on my editor and preview.
Do you have PHP installed on your computer?
I notice in the very beginning of the code on the unedited page that begins with “<?PHP” that there are areas to enter the email address and thank you page. Entering an email address directly like this seems to be an invite for spammers.
I don’t think you understand what PHP is. PHP is run on your webserver. It is not a webpage: it makes a webpage. The PHP source code never appears on the website, only the output. In short, yes; the email address in your PHP source code is not accessible to spammers.
I also notice it says “For better security. Get a random string from this link: http://tinyurl.com/randstr” What is a random string and what does it do?
I could not say without seeing the code. It would appear to be a way for the script to authenticate the form submission, though it would be more effective if the “random string” was always different (using the same one each time kinda defeats the purpose).
Since you say you’ve modified the script since you downloaded it, you should post the actual code you are using if you need further help with it. You can use an online service (make a gist, for example), as it is difficult to post/read large amounts of code here on the forum.Anonymous# March 18, 2014 at 10:01 pm
Thanks for replying.
No, I don’t understand PHP in depth. I’ve only used it sparingly in the past and have now had to learn (or attempt to learn) CSS and PHP in depth because the old way of coding just doesn’t do what I need. I do realize now though, upon reflection, that PHP is not viewable server side with page source view.
My biggest problem is learning something new. When I look at a lot of this code I git a skeered and beads o’ sweat begin to form on my bald noggin’. Then I runs on over to this here forum askin’ fer help befur I even gives ‘er a try. I’ve fiddled with it a bit more (the code I mean. I’m too old to fiddle with “it” anymore) and have produced this. (and the crowd goes wild!) The JS is called from the server, but the style sheet is still in the head tag.
I don’t understand what “PHP installed on my computer” means. My server now apparently supports PHP after a battle with my host company. I’ll still switch to another host after the new site is ready, but I digress.
The PHP code I was referring to is in this screen grab. It is at the very top of the contact form but obviously isn’t seen once it is on the server.
It appears, based on older CF’s I’ve done in the past, that this one only requires my email address to be entered into the PHP script in the head tag. I’m apprehensive about testing it however for security reasons until I know it’s safe. I’m still in the dark as to what a “random string” is/does for this and how it provides additional security. It’s mentioned in the grab above.
I would put this in codepen, but have found I can’t get things I put into codepen (with one exception) to work.
The anti-spam mechanism on the updated form above changes the question on refresh which indicates at least some of the code is working. I’m sure it all is, I’m just not understanding it enough to know.
Would posting the PHP and/or modified contact form with codepen be of help to you? I doubt it will be a working form, but the PHP should be viewable.
Best Regards.# March 18, 2014 at 10:14 pm
Or xampp (cross-platform).
Oh yeah… and listen to @traq. You need XAMPP. The reason for this is so that you can mess around with PHP on YOUR machine, without having it live on your site/remote server. That way, you can make sure it’s legit and fairly secure before you make it truly live.
Basically, the idea is that you have a ‘virtual server’ for testing. When you set up XAMPP, you basically trick your computer into thinking that a certain directory/foler is a remote server. For all intents and purposes, it behaves exactly like one, complete with Apache, MySQL and PHP.
This is the preferred way to mess around with server-side technologies locally. By the way, XAMPP, LAMP, WAMP and MAMP are all ostensibly the same. LAMP is for Linux, WAMP is for Windows, MAMP is for Mac and XAMPP is cross-platform… hence the X.# March 18, 2014 at 10:53 pm
No, I don’t understand PHP in depth.
The key concept (that relates to your current questions) is that it’s a server-side language. Once you add a
.phpextension to your webpage, it is no longer a webpage, but a script that is executed on your server and sends its output (which is (hopefully) a webpage) to the user’s browser. At this point, it is a “normal” webpage; but the code you are writing is definitely not.
This is also the reason that you need a server that supports PHP in order to run/test PHP scripts. Browsers don’t parse it (and, therefore, neither will codepen).
I don’t understand what “PHP installed on my computer” means.
xampp/wampserver/whatever are very beginner-oriented packages and are pretty easy to install and use. Your php scripts will go in the web root directory, and you’ll run them by visiting
http://localhost/whatever_you_named_your_script.phpin your browser. Simples.
XAMPP … complete with Apache, MySQL and PHP.
…and the extra “p” is for perl, though it ought to be for python. Ah well; you can’t win them all.
My server now apparently supports PHP after a battle with my host company. I’ll still switch to another host after the new site is ready, but I digress.
If it was “a battle”, check what version of PHP you ended up with. (Ask them; or use the
- 5.5+ is best.
- 5.4 is pretty darn good.
- If it is anything less than 5.3.x, you should seriously consider switching hosts (and before you try to get anything to work, not after).
- If it’s less than 5.2.x, there’s really nothing to consider: leave now.
It appears, based on older CF’s I’ve done in the past, that this one only requires my email address to be entered into the PHP script in the head tag.
I’m not sure what you mean by “head tag”…? I assume you’re talking about the call to
$formproc->AddRecipient()method (which there doesn’t seem to be anything wrong with, but, as I said above, we’d need to see the actual code).
Would posting the PHP and/or modified contact form with codepen be of help to you?Anonymous# March 18, 2014 at 11:58 pm
Thank you for all the information. I will phone my host company today and inquire.
Here’s a pastebin. I hope I did it correctly.
The instructions from the site I downloaded it from are straightforward as to what to do to get the form to function. My concern is, and the main reason for this thread, is to be sure the form is secure. I don’t want a bunch of trolls or spammers having a field day with it.
Best Regards.Anonymous# March 19, 2014 at 12:04 am
Thank you for all the info. It is a big pain having to transfer some things to the server before they will function. I will download xampp that traq and you recommend. I appreciate the recommendations.
I will definitely order the book today.
Best Regards.Anonymous# March 19, 2014 at 12:09 am
You’re British aren’t you?
No, I’m an American who now lives most of the time in Europe. I moved here eight years ago. I’m frequently in N. Ireland however and would love to have a house there. I have friends there and was there November last.Anonymous# March 19, 2014 at 3:25 am
I’m curious why you asked if I were British. Sorry I didn’t ask in my last message. Was in a bit of a rush and forgot to put it in.
Best Regards.# March 19, 2014 at 10:13 am
Oh, ok. I knew it was somewhere ‘across the pond.’ The reason I know that is you said “I will PHONE.” Americans with no time spent in Europe say “I will CALL.”
Please don’t be offended. I’m OBSESSED with little linguistic/cultural nuances like that. I do it all the time to people that I meet. I immediately know generally what state they’re from here in the US.
Here are some examples:
If you say “Hella,” you’re DEFINITELY from the West Coast, probably California. This is really common is Sacramento and Nor Cal. Seattle is also a possibility.
If you say “Not for nothin’,” you’re from the tri-state area, most likely New York or New Jersey. You may now live in Florida but you’re from the North East.
If you refer to every soda as “Coke,” you’re from Texas.
If you absolutely love Dr. Pepper, there’s a good chance you’re from Texas.
If you say “wicked awesome,” you’re obviously from New England.
If you reference green chile, you’re probably from Colorado or New Mexico.
If you wear Costa Sunglasses, you’re from Florida or Georgia.
If you wear Danner Boots, you either have deep pockets or you’re from Portland.
If you love Spam and Eggs, you’re probably from Hawaii or are a descendant of Pacific Islanders.
I could go on and on and on but being in sales for so long has taught me to be really observant so I can relate to people and/or mirror what they do.
A simple example is… I always ask someone how they are doing. This serves two purposes. It allows me to control the conversation by asking first and it allows me an opportunity to relate to them.
Even though saying “I am well” is grammatically correct, I will ALWAYS say what they say. If they say “I’m good,” I’ll say that I’m good. I especially do this in a sales situation. The reason for this is simple: It makes me more relate-able because I’m just like them… or so they think. People think these things don’t matter and that’s why they never close. If someone says “I’m good” and you say that you are “well,” this can be received as somewhat condescending. They will subconsciously see you as thinking you’re more educated than they are and will always be standoffish.
All of us freelancers are in sales whether we know it or not. The sooner you realize that, the sooner you can better market yourself. Everyone has a different sales approach but it’s worthwhile to give these things some thought.
You must be logged in to reply to this topic.