Contact form submitting regardless of Recaptcha - php

Hi I'm trying to install Google Recaptcha onto my contact form. Recaptcha is displaying fine but at the moment the form will submit even if Captcha not attempted.
I've posted the code below, would appreciate any help :)
<?php
/* =====================================================
* change this to the email you want the form to send to
* ===================================================== */
$email_to = ";
$email_subject = "Contact Form submitted";
if(isset($_POST['email']))
{
function return_error($error)
{
echo $error;
die();
}
// check for empty required fields
if (!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['message'])
)
{
return_error('Please fill in all required fields.');
}
// form field values
$name = $_POST['name']; // required
$email = $_POST['email']; // required
$contact_number = $_POST['contact_number']; // not required
$message = $_POST['message']; // required
$enquiry = $_POST['enquiry'];
// form validation
$error_message = "";
// name
$name_exp = "/^[a-z0-9 .\-]+$/i";
if (!preg_match($name_exp,$name))
{
$this_error = 'Please enter a valid name.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if (!preg_match($email_exp,$email))
{
$this_error = 'Please enter a valid email address.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
// if there are validation errors
if(strlen($error_message) > 0)
{
return_error($error_message);
}
// prepare email message
$email_message = "Form details below.\n\n";
function clean_string($string)
{
$bad = array("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "", $string);
}
$email_message .= "Enquiry Type: ".clean_string($enquiry)."\n";
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Contact number: ".clean_string($contact_number)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
// create email headers
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
//var_dump($email_to); var_dump($email_subject); var_dump($email_message); var_dump($headers);
if (mail($email_to, $email_subject, $email_message, $headers))
{
echo 'Form submitted successfully.';
}
else
{
echo 'An error occured. Please try again later.';
die();
}
}
else
{
echo 'Please fill in all required fields.';
die();
}
?>
<?php
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = "";
//get verified response data
$param = "https://www.google.com/recaptcha/api/siteverify?secret=".$privatekey."&response=".$_POST['g-recaptcha-response'];
$verifyResponse = file_get_contents($param);
$responseData = json_decode($verifyResponse);
if($responseData->success){
// success
echo "success";
}else{
// failure
echo "failure";
}
}else{
// user didn't enter reCAPTCHA
echo "The reCAPTCHA wasn't entered correctly. Go back and try it again.";
}
?>

Walk through the code carefully, both the outermost if blocks i.e. if(isset($_POST['email'])){ ... and if(isset($_POST['g-recaptcha-response'])... will work independently. You need to place if(isset($_POST['email'])){ ... block inside if(isset($_POST['g-recaptcha-response'])... block, like this:
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = "YOUR_PRIVATE_KEY";
//get verified response data
$param = "https://www.google.com/recaptcha/api/siteverify?secret=".$privatekey."&response=".$_POST['g-recaptcha-response'];
$verifyResponse = file_get_contents($param);
$responseData = json_decode($verifyResponse);
if($responseData->success){
// success
$email_to = '';
$email_subject = "Contact Form submitted";
if(isset($_POST['email'])){
function return_error($error){
echo $error;
die();
}
// check for empty required fields
if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['message'])){
return_error('Please fill in all required fields.');
}
// form field values
$name = $_POST['name']; // required
$email = $_POST['email']; // required
$contact_number = $_POST['contact_number']; // not required
$message = $_POST['message']; // required
$enquiry = $_POST['enquiry'];
// form validation
$error_message = "";
// name
$name_exp = "/^[a-z0-9 .\-]+$/i";
if (!preg_match($name_exp,$name)){
$this_error = 'Please enter a valid name.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if (!preg_match($email_exp,$email)){
$this_error = 'Please enter a valid email address.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
// if there are validation errors
if(strlen($error_message) > 0){
return_error($error_message);
}
// prepare email message
$email_message = "Form details below.\n\n";
function clean_string($string){
$bad = array("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "", $string);
}
$email_message .= "Enquiry Type: ".clean_string($enquiry)."\n";
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Contact number: ".clean_string($contact_number)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
// create email headers
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
//var_dump($email_to); var_dump($email_subject); var_dump($email_message); var_dump($headers);
if (mail($email_to, $email_subject, $email_message, $headers)){
echo 'Form submitted successfully.';
}else{
echo 'An error occured. Please try again later.';
die();
}
}else{
echo 'Please fill in all required fields.';
die();
}
}else{
// failure
echo "reCAPTCHA failure";
}
}else{
// user didn't enter reCAPTCHA
echo "The reCAPTCHA wasn't entered correctly. Go back and try it again.";
}

Related

Email showing Array instead of image

I have a contact from that allows users to add an attachment but the email I receive shows Array where the image id should be.
Form details below.
First Name: gffffffffffffffffffffffffffffffffffffffffffffff
Last Name: williams
Email: jessie747williams#gmail.com
Subject: hello
Image: Array (HERE) shousd show the image like apple.jpg
Comments: fd
//Settings
$max_allowed_file_size = 100; // size in KB
$allowed_extensions = array("jpg", "jpeg", "gif", "bmp");
//Validations
if($size_of_uploaded_file > $max_allowed_file_size )
{
$errors .= "\n Size of file should be less than $max_allowed_file_size";
}
//------ Validate the file extension -----
$allowed_ext = false;
for($i=0; $i<sizeof($allowed_extensions); $i++)
{
if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file) == 0)
{
$allowed_ext = true;
}
}
if(!$allowed_ext)
{
$errors .= "\n The uploaded file is not supported file type. ".
" Only the following file types are supported: ".implode(',',$allowed_extensions);
}
if(!empty($_FILES['uploaded_file']))
{
$path = "uploads/";
$path = $path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
header("Location: https://www.website.com/thank-you-image/");
} else{
echo "There was an error uploading the file, please try again!";
}
}
?>
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "xxx#gmail.com";
$email_subject = "Add my image to xxx";
header("Location: https://www.website.com/thank-you-image/");
function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.</br></br>";
echo $error."</br></br>";
echo "Please go back and fix these errors.</br></br>";
die();
}
// validation expected data exists
if(!isset($_POST['first_name']) ||
!isset($_POST['last_name']) ||
!isset($_POST['subject']) ||
!isset($_POST['email']) ||
!isset($_FILES['uploaded_file']) ||
!isset($_POST['comments'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$email_from = $_POST['email']; // required
$subject = $_POST['subject']; // required
$uploaded_file = $_FILES['uploaded_file']; // required
$comments = $_POST['comments']; // required
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.</br>';
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(!preg_match($string_exp,$first_name)) {
$error_message .= 'The First Name you entered does not appear to be valid.</br>';
}
if(!preg_match($string_exp,$last_name)) {
$error_message .= 'The Last Name you entered does not appear to be valid.</br>';
}
if(!preg_match($string_exp,$subject)) {
$error_message .= 'The Subject you entered does not appear to be valid.</br>';
}
if(strlen($comments) < 2) {
$error_message .= 'The Comments you entered do not appear to be valid.</br>';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "First Name: ".clean_string($first_name)."\n";
$email_message .= "Last Name: ".clean_string($last_name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Subject: ".clean_string($subject)."\n";
$email_message .= "Image: ".clean_string($uploaded_file)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
?>
<!-- include your own success html here -->
Thank you for contacting us. We will be in touch with you very soon.
So change
"Image: ".clean_string($uploaded_file)."\n";
to
"Image: ".clean_string($uploaded_file['name'])."\n";
Update:
Also, add <script> and </script> to your $bad variable in clean_string() function.
$bad = array("content-type","bcc:","to:","cc:","href","<script>","</script>");
Although email service providers strip Javascript code, but just an extra security measure.
Simply change:
$uploaded_file = $_FILES['uploaded_file'];
to
$uploaded_file = $_FILES['uploaded_file']['name'];

Why is my auto respond code not working?

I have a contact form that sends me the information that has been submitted. The problem is that it doesn't send an email to the client to confirm the submission. The complete code is listed below. If anyone can tell me what I am missing or what I should change, it would be greatly appreciated.
<?php
if(isset($_POST['Email_Address'])) {
include 'freecontactformsettings.php';
function died($error) {
echo "Sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['Full_Name']) ||
!isset($_POST['Email_Address']) ||
!isset($_POST['Telephone_Number']) ||
!isset($_POST['Your_Message']) ||
!isset($_POST['AntiSpam'])
) {
died('Sorry, there appears to be a problem with your form submission.');
}
$full_name = $_POST['Full_Name']; // required
$email_from = $_POST['Email_Address']; // required
$telephone = $_POST['Telephone_Number']; // not required
$comments = $_POST['Your_Message']; // required
$antispam = $_POST['AntiSpam']; // required
if (isset($_POST['newsletter'])) {
$newsletter = "yes";
} else {
$newsletter = "no";
}
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(preg_match($email_exp,$email_from)==0) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
if(strlen($full_name) < 2) {
$error_message .= 'Your Name does not appear to be valid.<br />';
}
if(strlen($comments) < 2) {
$error_message .= 'The Comments you entered do not appear to be valid.<br />';
}
if($antispam <> $antispam_answer) {
$error_message .= 'The Anti-Spam answer you entered is not correct.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\r\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:");
return str_replace($bad,"",$string);
}
$email_message .= "Full Name: ".clean_string($full_name)."\r\n";
$email_message .= "Email: ".clean_string($email_from)."\r\n";
$email_message .= "Telephone: ".clean_string($telephone)."\r\n";
$email_message .= "Message: ".clean_string($comments)."\r\n";
$email_message .= "Newsletter: ".clean_string($newsletter)."\r\n";
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
header("Location: $thankyou");
?>
<script>location.replace('<?php echo $thankyou;?>')</script>
if ($email->send()){
$autoemail = new PHPMailer();
$autoemail->From = "noreply#altfuels.com";
$autoemail->FromName = "Alt Fuels";
$autoemail->AddAddress($email_from->Email Address, $full_name->Full Name);
$autoemail->Subject = "Autorepsonse: We received your submission";
$autoemail->Body = "We received your submission. We will contact you soon ...";
$autoemail->Send();
}
<?php
}
die();
?>
(*note: I changed some of the newsletter code print a "no" answer to my email.)
Looks like you are referencing $thankyou which is undefined, unless it was defined in freecontactformsettings.php which you have not listed.

PHP contact form - making a field not mandatory

How can I make "email" field not mandatory? Even if someone is not filling the field, the form should submit.
In the below code, the "email" field is mandatory.
I tried to add if !isset email field so that the $email_from will get the word "empty", but it didn't work for me.
<?php
if(isset($_POST['name'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "aaaaa#aaaaa.com";
$email_subject = "Messeage from your site";
function died($error) {
?>
<?php
die();
}
// validation expected data exists
if(!isset($_POST['name']) ||
//!isset($_POST['email']) || /* i tried to comment this line, but didnt work. */
!isset($_POST['telephone']))
{
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "First Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
// create email headers
$headers = 'מאת: '.$email_from."\r\n".
'חזור ל: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
?>
<?php
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=thank_you.html">';
exit;
?>
<?php
}
?>
if(!isset($_POST['name']) ||
!isset($_POST['telephone'])){
if(isset($_POST['email'])){
//all code for email inside here
}
}
this should do trick, while $_POST['email'] is empty it should´t bother you anymore.
The preg_match on $email_form makes it required.
If you first check if $email_form is set, and than perform the preg_match it must work.
Like this:
if(!empty($_POST['email'])){
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br/>';
}
} else {
$email_from = '';
}
I did , and it work:
if(!empty($_POST['email'])){
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
}
check if email is valid or not using FILTER_VALIDATE_EMAIL in php5
if(isset($_POST['email']))
{
$email = $_POST['email'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo $email." E-mail is not valid.";
}
else
{
echo $email." E-mail is valid.";
}
}

Redirecting error messages

How do I redirect the error messages from my html_form_send.php back to my email.php page. Here is what I got, I have my form email.php:
email.php
<form name = 'htmlform' action = '$template/html_form_send.php'
method = 'post' class = 'form-horizontal well' >
My email.php links to my html_form_send.php which has the following code:
html_form_send.php
<?php
if(isset($_POST['email'])) {
// CHANGE THE TWO LINES BELOW
$email_to = "my email";
$email_subject = "my subject";
function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found \
with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error . "<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if (!isset($_POST['name']) || !isset($_POST['email']) ||
!isset($_POST['telephone']) || !isset($_POST['password'])) {
died('We are sorry, but there appears to be a problem \
with the form you submitted.');
// and instead redirect the user to your error page
header("Location: http://hurstblog.co.uk/contact-error");
}
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$password = $_POST['password']; // required
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if (!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not \
appear to be valid.<br />';
}
$string_exp = "/^[A-Za-z .'-]+$/";
if (!preg_match($string_exp,$name)) {
$error_message .= 'The First Name you entered does not \
appear to be valid.<br />';
}
if (strlen($telephone) < 2) {
$error_message .= 'The telephone you entered do not \
appear to be valid.<br />';
}
if (strlen($password) < 2) {
$error_message .= 'The password you entered do not \
appear to be valid.<br />';
}
if (strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: " . clean_string($name) . "\n";
$email_message .= "Email: " . clean_string($email_from) . "\n";
$email_message .= "Telephone: " . clean_string($telephone) . "\n";
$email_message .= "Password: " . clean_string($password) . "\n";
// create email headers
$headers = 'From: ' . $email_from . "\r\n".
'Reply-To: ' . $email_from . "\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
if (mail($email_to, $email_subject, $email_message, $headers)) {
header("Location: http://domain.net");
}
}
die();
?>
My question is how can I redirect the error?
html_form_send.php
// validation expected data exists
if(!isset($_POST['name'])){
header("location: email.php?error=name");
}
if(!isset($_POST['email'])){
header("location: email.php?error=email");
}
if(!isset($_POST['telephone'])){
header("location: email.php?error=telephone");
}
if(!isset($_POST['password'])){
header("location: email.php?error=password");
}
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$password = $_POST['password']; // required
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
header("location: email.php?error=invalid_email");
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(!preg_match($string_exp,$name)) {
header("location: email.php?error=invalid_firstname");
}
if(strlen($telephone) < 2) {
header("location: email.php?error=invalid_telephone");
}
if(strlen($password) < 2) {
header("location: email.php?error=invalid_password");
}
The $_GET['error'] will contain the error ID, so in your email.php, you should put the error messages.
$error_message = "";
if($_GET['error']=='invalid_email'){
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
if($_GET['error']=='invalid_firstname'){
$error_message .= 'The First Name you entered does not appear to be valid.<br />';
}
//etc
if(strlen($error_message) > 0) {
echo($error_message);
}
What I always do is get the error code or assign the text for the error on the validating page to a session variable, and then just echo out that session variable on the page where you want the user to see the variable. Don't forget to include session_start(); at the beginning of each page though!

Sending email two multiple recipients but different body using PHP [duplicate]

This question already has answers here:
How to do email form with multiple recipients and different body?
(3 answers)
Closed 9 years ago.
I have one contact form, when user submit all value will send(email) to admin.But now i want to do when user submit admin will receive the email and user also will receive an email but with different body.
here my previous code :
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "admin#gmail.com";
$email_subject = "Lifemailer Sales Enquiry";
$email_to_user= "Name: ".clean_string($name)."\n";
function died($error) {
// your error code can go here
$URL = "error.html";
header("Location: $URL");
die();
}
// validation expected data exists
if(!isset($_POST['name']) ||
!isset($_POST['contact']) ||
!isset($_POST['email']) ||
!isset($_POST['email_sub']) ||
!isset($_POST['remarks'])) {
died('We are sorry, but there appears to be a problem with the form your
submitted.');
}
$name = $_POST['name']; // not required
$contact = $_POST['contact']; // required
$email = $_POST['email']; // required
$email_sub = $_POST['email_sub']; // required
$remarks = $_POST['remarks']; // required
$error_message = "";
$string_exp = "^[a-z .'-]+$";
if(!eregi($string_exp,$name)) {
$error_message .= 'The Name you entered does not appear to be valid.<br />';
}
$string_exp = "^[0-9 .-]+$";
if(!eregi($string_exp,$contact)) {
$error_message .= 'The Contact Number you entered does not appear to be valid.
<br />';
}
$email_exp = "^[A-Z0-9._%-]+#[A-Z0-9.-]+\.[A-Z]{2,4}$";
if(!eregi($email_exp,$email)) {
$error_message .= 'The Email Address you entered does not appear to be valid.
<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Contact Number: ".clean_string($contact)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Email Subject : ".clean_string($email_sub)."\n";
$email_message .= "Remarks/Enquiry : ".clean_string($remarks)."\n";
// create email headers
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
$URL = "thank-you.html";
header("Location: $URL");
?>
Thank you for contacting us. We will be in touch with you very soon.
<?
}
?>
In the same way you can send a second mail with different subject, email_to, email_message after sending it to admin.
just concatenate
$email_to = ' admin#gmail.com ' . ',' ;
$email_to . = ' admin#gmail.com ' ;

Categories