Add reCAPTCHA V2 - php

it is already 1 week that I am trying to add a reCAPTCHA V2 module on my static website. (I bought the html5 template since I do not have any experience with web-dev).
That's my html part:
<form action="include/sendmail.php" method="post">
<div class="field">
<label class="required" for="sc_contact_form_username">Name</label>
<input type="text" name="username" id="sc_contact_form_username" />
</div>
<div class="field">
<label class="required" for="sc_contact_form_email">Email</label>
<input type="text" name="email" id="sc_contact_form_email" />
</div>
<div class="field message">
<label class="required" for="sc_contact_form_message">Your Message</label>
<textarea name="message" id="sc_contact_form_message"></textarea>
</div>
<div class="g-recaptcha" data-theme="dark" data-sitekey="MYKEY"></div>
<div class="button"> <a class="enter" href="#"><span>Submit</span></a> </div>
</form>
<div class="result sc_infobox"></div>
So far so good...the difficult part for me it's the PHP, how do I modify the current PHP to add the validation and make it more secure?
<?php
global $_REQUEST;
$response = array('error'=>'');
$user_name = substr($_REQUEST['user_name'], 0, 20);
$user_email = substr($_REQUEST['user_email'], 0, 40);
$user_msg = $_REQUEST['user_msg'];
$contact_email = 'your_mail#mail.com';
if (trim($contact_email)!='') {
$subj = 'Message from ShiftCV HTML';
$msg = "Name: $user_name
E-mail: $user_email
Message: $user_msg";
$head = "Content-Type: text/plain; charset=\"utf-8\"\n"
. "X-Mailer: PHP/" . phpversion() . "\n"
. "Reply-To: $user_email\n"
. "To: $contact_email\n"
. "From: $user_email\n";
if (!#mail($contact_email, $subj, $msg, $head)) {
$response['error'] = 'Error send message!';
}
} else
$response['error'] = 'Error send message!';
echo json_encode($response);
die();
?>


I would suggest you have a look at this composser that you can add to your application to make the required calls and validate the reCaptcha reponse: https://github.com/google/recaptcha

Related

My Email code is not working when i am replacing

When i am replacing the email with my email id, it shows "?ok" and if i am leaving it default it shows "Your emails was Sent Successfully"
i guess there is something wrong with php code, when i edit it shows "?ok", and when i reset it back it agains shows "?ok" until i don't upload the original file which i edited (it has same code, just not opened or edited)
Here is my Php code:
<?php
// Replace this with your own email address
$siteOwnersEmail = 'user#website.com';
if($_POST) {
$name = trim(stripslashes($_POST['contactName']));
$email = trim(stripslashes($_POST['contactEmail']));
$subject = trim(stripslashes($_POST['contactSubject']));
$contact_message = trim(stripslashes($_POST['contactMessage']));
// Check Name
if (strlen($name) < 2) {
$error['name'] = "Please enter your name.";
}
// Check Email
if (!preg_match('/^[a-z0-9&\'\.\-_\+]+#[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)) {
$error['email'] = "Please enter a valid email address.";
}
// Check Message
if (strlen($contact_message) < 15) {
$error['message'] = "Please enter your message. It should have at least 15 characters.";
}
// Subject
if ($subject == '') { $subject = "Contact Form Submission"; }
// Set Message
$message .= "Email from: " . $name . "<br />";
$message .= "Email address: " . $email . "<br />";
$message .= "Message: <br />";
$message .= $contact_message;
$message .= "<br /> ----- <br /> This email was sent from your site's contact form. <br />";
// Set From: header
$from = $name . " <" . $email . ">";
// Email Headers
$headers = "From: " . $from . "\r\n";
$headers .= "Reply-To: ". $email . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (!$error) {
ini_set("sendmail_from", $siteOwnersEmail); // for windows server
$mail = mail($siteOwnersEmail, $subject, $message, $headers);
if ($mail) { echo "OK"; }
else { echo "Something went wrong. Please try again."; }
} # end if - no validation error
else {
$response = (isset($error['name'])) ? $error['name'] . "<br /> \n" : null;
$response .= (isset($error['email'])) ? $error['email'] . "<br /> \n" : null;
$response .= (isset($error['message'])) ? $error['message'] . "<br />" : null;
echo $response;
} # end if - there was a validation error
}
?>
HTML CODE:
<div class="contact-primary">
<h3 class="h6">Send Us A Message</h3>
<form name="contactForm" id="contactForm" method="post" action="" novalidate="novalidate">
<fieldset>
<div class="form-field">
<input name="contactName" type="text" id="contactName" placeholder="Your Name" value="" minlength="2" required="" aria-required="true" class="full-width">
</div>
<div class="form-field">
<input name="contactEmail" type="email" id="contactEmail" placeholder="Your Email" value="" required="" aria-required="true" class="full-width">
</div>
<div class="form-field">
<input name="contactSubject" type="text" id="contactSubject" placeholder="Subject" value="" class="full-width">
</div>
<div class="form-field">
<textarea name="contactMessage" id="contactMessage" placeholder="Write us a summary for your business and what we can do to help" rows="10" cols="50" required="" aria-required="true" class="full-width"></textarea>
</div>
<div class="form-field">
<button class="full-width btn--primary">Submit</button>
<div class="submit-loader">
<div class="text-loader">Sending...</div>
<div class="s-loader">
<div class="bounce1"></div>
<div class="bounce2"></div>
<div class="bounce3"></div>
</div>
</div>
</div>
</fieldset>
</form>
<!-- contact-warning -->
<div class="message-warning">
Something went wrong. Please try again.
</div>
<!-- contact-success -->
<div class="message-success">
Your message was sent, thank you!<br>
</div>
</div> <!-- end contact-primary -->
Please suggest what are the changes i need to do to make work.
you can check here how error shows https://freesoft64.com/test.html

Unable to send email in PHP through Html Form

I design and developed one website in which I have one contact form. I wanted to send inquiry email through contact form. But I am getting following error in console. I tried on local system as well as on server.
Access to XMLHttpRequest at 'file:///E:/clients/website/contact.php' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
Here is my HTML Code :
<form id="contactform" action="contact.php" name="contactform" method="post" class="form-validation" autocomplete="off">
<div class="row">
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12">
<div class="single-input">
<input type="text" placeholder="First Name*" name="Fname" id="Fname">
</div> <!-- /.single-input -->
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12">
<div class="single-input">
<input type="text" placeholder="Last Name*" name="Lname" id="Lname">
</div> <!-- /.single-input -->
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<div class="single-input">
<input type="email" placeholder="Your Email*" name="email" id="email">
</div> <!-- /.single-input -->
</div>
</div> <!-- /.row -->
<div class="single-input">
<input type="text" placeholder="Subject" name="sub" id="subject">
</div> <!-- /.single-input -->
<textarea placeholder="Write Message" name="message" id="message"></textarea>
<button type="submit" value="SEND" id="submit" class="tran3s p-color-bg">Send Message</button>
</form>
Here is contact.php
<?php
if(!$_POST) exit;
// Email address verification, do not edit.
function isEmail($email) {
return(preg_match("/^[-_.[:alnum:]]+#((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(com|coop|cr|cs)$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i",$email));
}
if (!defined("PHP_EOL")) define("PHP_EOL", "\r\n");
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
if(get_magic_quotes_gpc()) {
$message = stripslashes($message);
}
$address = "sales#abc.com";
$e_subject = 'You\'ve been contacted by ' . $Fname . '.';
$e_body = "You have been contacted by $Fname with regards to $subject, their additional message is as follows." . PHP_EOL . PHP_EOL;
$e_content = "\"$message\"" . PHP_EOL . PHP_EOL;
$e_reply = "You can contact $Fname via email, $email";
$msg = wordwrap( $e_body . $e_content . $e_reply, 70 );
$headers = "From: $email" . PHP_EOL;
$headers .= "Reply-To: $email" . PHP_EOL;
$headers .= "MIME-Version: 1.0" . PHP_EOL;
$headers .= "Content-type: text/plain; charset=utf-8" . PHP_EOL;
$headers .= "Content-Transfer-Encoding: quoted-printable" . PHP_EOL;
if(mail($address, $e_subject, $msg, $headers)) {
// Email has sent successfully, echo a success page.
echo "<fieldset>";
echo "<div id='success_page'>";
echo "<h1>Email Sent Successfully.</h1>";
echo "<p>Thank you <strong>$Fname</strong>, your message has been submitted to us.</p>";
echo "</div>";
echo "</fieldset>";
} else {
echo 'ERROR!';
}

XMLHttpRequest does not support file scheme.
You could try this:
Solution 1: Use http/https instead of local file.
I would never use the file protocol for server-side files, if you need to test your .php files locally, it's better to use a localhost (like XAMPP) and test your code.
Solution 2 (don't skip the solution 1): Try this if solution 1 didn't work, but please don't use the file protocol (otherwise it won't work anyway).
Try to add the following header to the HTTP response:
Access-Control-Allow-Origin: *
The header above will allow your scripts to read the response regardless of the origin.
Note: Don't use Access-Control-Allow-Origin: * on your production code, otherwise you're exposing your website to security vulnerabilities.

My contact form is not sending any emails [duplicate]

This question already has answers here:
PHP mail function doesn't complete sending of e-mail
(31 answers)
Closed 5 years ago.
I was working on my own vCard/resume website.
But I am having some trouble with my .php file and contact form.
I tried to debug it but I had no success.
Here is my form in html
<!-- form -->
<form name="contactForm" id="contactForm" method="post" action="inc/sendEmail.php">
<fieldset>
<div class="form-field">
<input name="contactName" type="text" id="contactName" placeholder="Name" value="" minlength="2" required>
</div>
<div class="form-field">
<input name="contactEmail" type="email" id="contactEmail" placeholder="Email" value="" required>
</div>
<div class="form-field">
<input name="contactSubject" type="text" id="contactSubject" placeholder="Subject" value="">
</div>
<div class="form-field">
<textarea name="contactMessage" id="contactMessage" placeholder="Message" rows="10" cols="50" required></textarea>
</div>
<div class="form-field">
<button class="submitform">Submit</button>
<div id="submit-loader">
<div class="text-loader">
Sending...
</div>
<div class="s-loader">
<div class="bounce1">
</div>
<div class="bounce2">
</div>
<div class="bounce3">
</div>
</div>
</div>
</div>
</fieldset>
</form>
<!-- Form End -->
And my php file
<?php
// Replace this with your own email address
$siteOwnersEmail = 'someone#example.com';
if($_POST) {
$name = trim(stripslashes($_POST['contactName']));
$email = trim(stripslashes($_POST['contactEmail']));
$subject = trim(stripslashes($_POST['contactSubject']));
$contact_message = trim(stripslashes($_POST['contactMessage']));
// Check Name
if (strlen($name) < 2) {
$error['name'] = "Please enter your name.";
}
// Check Email
if (!preg_match('/^[a-z0-9&\'\.\-_\+]+#[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)) {
$error['email'] = "Please enter a valid email address.";
}
// Check Message
if (strlen($contact_message) < 15) {
$error['message'] = "Please enter your message. It should have at least 15 characters.";
}
// Subject
if ($subject == '') { $subject = "Contact Form Submission"; }
// Set Message
$message .= "Email from: " . $name . "<br />";
$message .= "Email address: " . $email . "<br />";
$message .= "Message: <br />";
$message .= $contact_message;
$message .= "<br /> ----- <br /> This email was sent from your site's contact form. <br />";
// Set From: header
$from = $name . " <" . $email . ">";
// Email Headers
$headers = "From: " . $from . "\r\n";
$headers .= "Reply-To: ". $email . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (!$error) {
ini_set("sendmail_from", $siteOwnersEmail); // for windows server
$mail = mail($siteOwnersEmail, $subject, $message, $headers);
if ($mail) { echo "OK"; }
else { echo "Something went wrong. Please try again."; }
} # end if - no validation error
else {
$response = (isset($error['name'])) ? $error['name'] . "<br /> \n" : null;
$response .= (isset($error['email'])) ? $error['email'] . "<br /> \n" : null;
$response .= (isset($error['message'])) ? $error['message'] . "<br />" : null;
echo $response;
} # end if - there was a validation error
}
?>
Can someone tell me what I am doing wrong here, because it isn't sending any emails.

Please try this
<?php
$message ="";
if(isset($_POST)){
mail(to,subject,message,headers,parameters);
}
?>

You have to declare type of button type="submit" OR type="button"
in this case work with form so you have to add type="submit"
and check user click button or direct access of file you can check !empty($_POST) with if
// Change in your HTML
<button class="submitform">Submit</button>
// to
<button type="submit" class="submitform">Submit</button>
//Change in your PHP
if($_POST)
// to
if(!empty($_POST))

PHP - Mail script (Select element)

I have been working on a website recently from a website template (Puremedia). The template originally had a working contact form. It consisted of "First name", "last name", "Email" and "Subject". And then of course the message. I have now replaced the "Last name" text-box with a dropdown menu. I have done so by using the html select tags. Now my question is how I would change the php scripting so that instead of sending the message (Contact form) to One predefined email. It can send it to two different email adresses. How I would like it to be implemented would be using the dropdown menu. So for example the dropdown menu would be someling along these lines: "Choose Receiver" , "Mail 1" , "Mail 2".
And then also adding a checkbox below the message field that will send a copy to the persons own email address. - Here is my contact form code:
<form name="contactForm" id="contactForm" method="post" action="">
<fieldset>
<div class="row">
<div class="six columns mob-whole">
<label for="contactFname">First Name <span class="required">*</span></label>
<input name="contactFname" type="text" id="contactFname" placeholder="First Name" value="" />
</div>
<div class="six columns mob-whole">
<select name="mailacc">
<option value="1">Send til (Vælg venligst)</option>
<option value="2">Direktør</option>
<option value="3">Bogholder</option>
</select>
</div>
</div>
<div class="row">
<div class="six columns mob-whole">
<label for="contactEmail">Email <span class="required">*</span></label>
<input name="contactEmail" type="text" id="contactEmail" placeholder="Email" value="" />
</div>
<div class="six columns mob-whole">
<label for="contactSubject">Subject</label>
<input name="contactSubject" type="text" id="contactSubject" placeholder="Subject" value="" />
</div>
</div>
<div class="row">
<div class="twelve columns">
<label for="contactMessage">Message <span class="required">*</span></label>
<textarea name="contactMessage" id="contactMessage" placeholder="Your Message" rows="10" cols="50" ></textarea>
</div>
</div>
<div>
<button class="submit full-width">Send Message</button>
<div id="image-loader">
<img src="images/loader.gif" alt="" />
</div>
</div>
</fieldset>
</form> <!-- /contactForm -->
<!-- message box -->
<div id="message-warning"></div>
<div id="message-success">
<i class="fa fa-check"></i>Your message was sent, thank you!<br />
</div>
</div> <!-- /contact-form -->
The PHP part:
<?php
// Replace this with your own email address
$siteOwnersEmail = 'mail#domain.com';
if($_POST) {
$fname = trim(stripslashes($_POST['contactFname']));
$lname = trim(stripslashes($_POST['contactLname']));
$email = trim(stripslashes($_POST['contactEmail']));
$subject = trim(stripslashes($_POST['contactSubject']));
$contact_message = trim(stripslashes($_POST['contactMessage']));
// Check First Name
if (strlen($fname) < 2) {
$error['fname'] = "Please enter your first name.";
}
// Check Last Name
if (strlen($lname) < 2) {
$error['lname'] = "Please enter your last name.";
}
// Check Email
if (!preg_match('/^[a-z0-9&\'\.\-_\+]+#[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)) {
$error['email'] = "Please enter a valid email address.";
}
// Check Message
if (strlen($contact_message) < 15) {
$error['message'] = "Please enter your message. It should have at least 15 characters.";
}
// Subject
if ($subject == '') { $subject = "Contact Form Submission"; }
// Set Name
$name = $fname . " " . $lname;
// Set Message
$message .= "Email from: " . $name . "<br />";
$message .= "Email address: " . $email . "<br />";
$message .= "Message: <br />";
$message .= $contact_message;
$message .= "<br /> ----- <br /> This email was sent from your site's contact form. <br />";
// Set From: header
$from = $name . " <" . $email . ">";
// Email Headers
$headers = "From: " . $from . "\r\n";
$headers .= "Reply-To: ". $email . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (!$error) {
ini_set("sendmail_from", $siteOwnersEmail); // for windows server
$mail = mail($siteOwnersEmail, $subject, $message, $headers);
if ($mail) { echo "OK"; }
else { echo "Something went wrong. Please try again."; }
} # end if - no validation error
else {
$response = (isset($error['fname'])) ? $error['fname'] . "<br /> \n" : null;
$response .= (isset($error['lname'])) ? $error['lname'] . "<br /> \n" : null;
$response .= (isset($error['email'])) ? $error['email'] . "<br /> \n" : null;
$response .= (isset($error['message'])) ? $error['message'] . "<br />" : null;
echo $response;
} # end if - there was a validation error
}
?>

Unable to replace form with message on submission

I've created an HTML5 form, which incorporates reCAPTCHA, and I've also written a PHP script that sends an email when the form is submitted. At the moment, the script redirects the user to an error or thankyou page, but I'm trying to adjust it to dynamically replace the form within a message within the same page.
I've tried the following script, but it displays the message as soon as the page loads, before any user interaction.
PHP/HTML:
<?php
if ($_POST) {
// Load reCAPTCHA library
include_once ("autoload.php");
$name = Trim(stripslashes($_POST['name']));
$email = Trim(stripslashes($_POST['email']));
$message = Trim(stripslashes($_POST['message']));
$emailFrom = $email;
$emailTo = "my#email.com";
$subject = "Contact Request";
// Prepare email body text
$body = "<strong>Name:</strong> $name <br /> <strong>Email:</strong> $email <br /> <strong>Message:</strong> $message";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "From: $name <$emailFrom>" . "\r\n";
$secret = 'XXX';
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'],$_SERVER['REMOTE_ADDR']);
echo 'Your message was submitted!';
} else {
?>
<div class="contact-form">
<form role="form" method="post" action="index.php">
<label for="name"><span>Name</span><input type="text" class="input-field" name="name" required data-errormessage-value-missing="Please enter your name." /></label>
<label for="email"><span>Email</span><input type="email" class="input-field" name="email" required data-errormessage-value-missing="Please enter your email address." /></label>
<label for="message"><span>Message</span><textarea name="message" class="textarea-field" required data-errormessage-value-missing="Please enter your message."></textarea></label>
<label><span> </span><div id="recaptcha"><div class="g-recaptcha" data-sitekey="6LcBawsTAAAAAKBPfGs1jApXNRLvR2MIPng0Fxol"></div></div></label>
<label><span> </span><input type="submit" value="" class="submit-button" /></label>
</form>
</div>
<?php
}
?>
I'm new to PHP, so I'm not sure if it's a syntax or semantics issue. Any help would be greatly appreciated!

Here's one way of doing it.
Check to see if the form has been submitted with if(isset($_POST['submit'])). You can also use if($_SERVER['REQUEST_METHOD'] == 'POST') to see if the form has been submitted.
Then we check if the email has been successfully sent, and if it has we set the $success_message variable.
We then check to see if the $success_message variable is set, and if it isn't, we show the form.
Also, note that I added name="submit" to the submit button element. This is how we're checking to see if the form has been submitted.
I also changed stripslashes() to strip_tags() to prevent any malicious code from getting through.
<?php
// Load reCAPTCHA library
include_once ("autoload.php");
if(isset($_POST['submit'])) {
$name = trim(strip_tags($_POST['name']));
$email = trim(strip_tags($_POST['email']));
$message = trim(strip_tags($_POST['message']));
$emailFrom = $email;
$emailTo = "my#email.com";
$subject = "Contact Request";
// Prepare email body text
$body = "<strong>Name:</strong> $name <br /> <strong>Email:</strong> $email <br /> <strong>Message:</strong> $message";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "From: $name <$emailFrom>" . "\r\n";
$secret = 'XXX';
$lang = 'en';
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'],$_SERVER['REMOTE_ADDR']);
// EDIT: repositioned recaptcha from OP's PasteBin script, as requested and adjusted messaging
// changed $success var to $message and added error message
// Original if statement, which redirected the user
if($resp->isSuccess()){
// send the email
if(mail($emailFrom, $subject, $body, $headers)) {
// set the success message
$success_message = 'The form was sent! Yay!';
} else {
// error message
$error_message = 'Could not send email';
}
} else {
$error_message = 'Prove you are a human!';
}
}
?>
<div>
<!-- quick and dirty way to print messages -->
<?php if(isset($success_message)) { echo $success_message; } ?>
<?php if(isset($error_message)) { echo $error_message; } ?>
</div>
<?php if(!isset($success_message)): ?>
<div class="contact-form">
<form role="form" method="post" action="index.php">
<label for="name"><span>Name</span><input type="text" class="input-field" name="name" required data-errormessage-value-missing="Please enter your name." /></label>
<label for="email"><span>Email</span><input type="email" class="input-field" name="email" required data-errormessage-value-missing="Please enter your email address." /></label>
<label for="message"><span>Message</span><textarea name="message" class="textarea-field" required data-errormessage-value-missing="Please enter your message."></textarea></label>
<div class="g-recaptcha" data-sitekey="6LcBawsTAAAAAKBPfGs1jApXNRLvR2MIPng0Fxol"></div>
<script type="text/javascript"
src="https://www.google.com/recaptcha/api.js?hl=<?php echo $lang; ?>">
</script>
<label><span> </span><input type="submit" name="submit" value="" class="submit-button" /></label>
</form>
</div>
<?php endif; ?>

Categories