I am trying to make a contact form in Blogger. The default contact form widget exists and works like a charm, but it only provides 3 fields. Name, email and message.
I needed more fields added.
Adding more fields to the widget is impossible, since there are specific tags that the widget accepts, that correspond to the three fields "data:contactFormNameMsg" for the name, "data:contactFormEmailMsg" for the email and "data:contactFormMessageMsg" for the message.
So, the solution was to create my own form. I did not want to use the action=mailto because I don't want windows jumping up, Outlook or Mail starting and tabs getting opened. So, I had to use .php to control the sending of the form.
I wrote my .php code.
So, since Blogger does not provide the option to host your .php file, I had to look elsewhere for hosting.
I googled it. And I was directed to the use of Google Drive as the best option to host a .php file for Blogger. So I tried it. I tried the steps described here (and everywhere else on the web), but as this page says (and it must be a new addition, because all other unofficial -and most probably outdated-sites claim to be able to host their .php files on Google Drive)
"Google Drive does not support web resources that make use of server-side scripting languages like PHP."
I tried Dropbox. But, as answered here, "Dropbox doesn't support server-side execution of your PHP scripts" either. All these must be new, because every blogger suggests Dropbox and Google Drive as the best options for hosting .php files.
Then, I tried 000webhost. It worked. My .php script ran and I received the form in my email, BUT (big big BUT) on clicking the button that triggered the action and the .php, the user is also redirected to the first page of 000webhost.
I tried hosting it on another free web hosting service, but the same thing happened. The moment the user clicked the "Send" button on my form, they were redirected to the first page of the free webhosting service.
I thought of adding the php code inline html (?php) ---code--- (/php) but I did not know how to refer to it.
So, I have two questions:
How could I refer to an inline part of php code, in my html code? Remember, we are on Blogger, that little is allowed. I want to refer to the php code from the "form action=" part.
Why does the "Send" button redirects the user to the front page of the free webhosting service? Is it the "Free webhosting service"'s way of advertising itself? I mean, is it implemented in the service? Is there something wrong with my code?
My php code is this:
<?php
$errors = '';
$myemail = 'mymail#mymail.com';
if(empty($_POST['name']) ||
empty($_POST['email']) ||
empty($_POST['message']))
{
$errors .= "\n Error: all fields are required";
}
$name = $_POST['name'];
$email_address = $_POST['email'];
$message = $_POST['message'];
if (!preg_match(
"/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i",
$email_address))
{
$errors .= "\n Error: Invalid email address";
}
if( empty($errors))
{
$to = $myemail;
$email_subject = "Contact form submission: $name";
$email_body = "You have received a new message. ".
" Here are the details:\n Name: $name \n Email: $email_address \n Message \n $message";
$headers = "From: $myemail\n";
$headers .= "Reply-To: $email_address";
mail($to,$email_subject,$email_body,$headers);
}
?>
And the HTML part where I call the .php file is this:
<form action='http://myusername.mywebhost.com/contact-form-handler.php' method='POST' name='contact-form'>
So, that's all. If anybody has encountered a similar problem or has needed to use a .php form handler in Blogger RECENTLY, you will be of great help.
Thank you very very much in advance!
What you can do is send the form via AJAX to whatever host you want - the user won't be redirected there. Here is some example code, you can customize it further
$("#theform").submit(function(e) {
e.preventDefault();
$.post('http://example.com/contact.php', $('#theform').serialize());
}
serialize is used to collect the data from inputs and POST it to the given url.
AJAX Serialize Documentation
Related
I have a form and this bit of code to send it:
if($feedback != $errorMessage){
$emailTo = 'me#mywebsite.com';
$emailFrom = 'submissions#mywebsite.com';
$subject = 'Submission';
$body = filter_var("$contactName made a submission.
Contact Information:
Contact Name:\t$contactName
blah:\t$blah
Address:\t$address
Telephone:\t$telephone
Mobile:\t$mobile
E-mail Address:\t$userEmail
Website:\t$website
Vacancy Information:
field1:\t$field1
field2 Benefits:\t$field2
field3:\t$field3
field4:\t$field4
field5:\t$field5
field6:\t$field6
field7:\t$field7
field8:\t$field8
field9:\t$field9", FILTER_SANITIZE_STRING);
mail($emailTo, $subject, $body, "From: ".$emailFrom);
}
From what I understand from reading other threads this should be enough. I tried emailing just a single dot on a line in one of the textareas and it did turn it into 2 dots. Just running one function on it seems far too simple though.
Is this secure enough? I've read things online that seem inconsistent like that I don't even have to sanitize the body. The email body is the only thing that takes user input here.
Thanks.
Not entirely sure what you mean by secure here. Your script is just sending an email. The content of the fields will be what the user filled in. It could be link to virus, crap, spam or real content. Not easy to say, really. Not much to do with it either.
Sanitizing is much more important once databases are in use.
Hoping some of you out there are great with php!
Basically the guy who made this is MIA so I can't ask him what I need to do to fix the problem we are having.
Background:
We are a locksmith company that uses a custom web app to inform our locksmiths on the road when they have a new job. This web app also does a few extra things like providing gps location, time taken at the job and the ability to have save signature from the client upon work completion.
Problem:
The app works by picking up an email sent from our account management application called E3, the email (example: http://cl.ly/image/2E433O330T0N) is read by this web app, parsed into both an email and a web page and sent to the locksmith to view his new job. When the locksmith arrives at the web page on his phone (example: http://cl.ly/image/0P1I0R0h0O3K), he can see the job details including the Name, address and contact details for the client. The problem is though, because Job Notes isn't assigned a heading in the original email the code has to work out where Job Notes is located, this is the part that has the problem as the web app is no longer showing the data in Job Notes. Job Notes is important because it tells the locksmith what he needs to fix. This worked previously but has now just stopped working and we aren't sure why.
How the data is transferred to the web app is very interesting, instead of having a database to store data to, it is put in the address bar and then the webpage interprets the code and formats it into the page.
For example, this is how the current link looks (data taken out, replaced with xxxxxxx):
http://www.xxxxxxx.com/apps/xxxxxx/on-my-way?client=xxxxxx&company=xxxxxx&mobile=xxxxxxx&phone=xxxxxxx&contact=xxxxxxxx&addressData=Array&addressIndex=3&streetAddress=xxxxxxxxx&addressLocality=xxxxxxxx&postcode=xxxxxxx&city=xxxxxxx&clientEmail=&jobDate=11/22/2012&jobTime=1:30:00%20PM&jobID=xxxxxx&jobAMPM=PM&adminEmail=xxxxxxx&noreplyEmail=xxxxxxxxxx&companyPhone=xxxxxxxx&staffEmail=xxxxxxxx&staffName=xxxxxxx&staffPhone=xxxxxxxx
Previously, when working, this link had a jobNotes field added:
http://www.xxxxxxxx.com/apps/xxxxxxxx/on-my-way?client=xxxxxxxx&company=xxxxxxxx&mobile=xxxxxxxx&phone=&contact=xxxxxxxx&addressData=Array&addressIndex=4&streetAddress=xxxxxxxx&addressLocality=xxxxxxxx&postcode=xxxxxxxx&city=xxxxxxxx&clientEmail=xxxxxxxx&jobNotes=Quote%20on%20installing%20new%20keying%20system%0A%0AAlso%20would%20like%20a%20Quote%20on%20Install%20CCTV%0A%0ASub%20Total%3A%202%2C236.36%0AGST%3A%20223.64%0ATotal%3A%202%2C460.00%0A%0AMISC&*jobDate=11/19/2012*&jobTime=2:00:00%20PM&jobID=xxxxxxxx&jobAMPM=PM&adminEmail=xxxxxxxx&noreplyEmail=xxxxxxxx&companyPhone=xxxxxxxx&staffEmail=xxxxxxxx&staffName=xxxxxxxx&staffPhone=xxxxxxxx
The code:
This is an extract from e3-parser.php, the main file that translates the data from the e3 email to the web app.
// Job notes
if ($this->clientEmail) {
// REMOVED NOW THAT EMAIL IS BEING PUT ON THIRD LINE OF ADDRESS
// // If customer email present grab everything after it save it as job notes
// preg_match("/$this->clientEmail[^-]+/",$e3Output,$matches);
// $result = implode("",$matches);
// $notes = trim(str_replace($this->clientEmail,'',$result));
// $this->jobNotes = rawurlencode($notes);
// } else {
// Fall back to grabbing everything after the time
preg_match("/AM[^-]+/",$e3Output,$matchesAM);
preg_match("/PM[^-]+/",$e3Output,$matchesPM);
$resultAM = implode("",$matchesAM);
$resultPM = implode("",$matchesPM);
$notes = trim(str_replace('AM','',$resultAM) . str_replace('PM','',$resultPM));
$this->jobNotes = rawurlencode($notes);
}
Question here is, does it successfully grab the data listed after the Required Time field? (example email that it's reading from: http://cl.ly/image/2E433O330T0N)
Here is the code that places the parsed data into the web page:
// Create job link
$url = $e3->create_job_url('http://www.prvgroup.com.au/apps/jobbook/on-my-way?');
$linkName = "View job details";
$href = '<a class="btn btn-small" href="' . $url . '&staffEmail=' . $staff- >staffEmail . '&staffName=' . $staff->staffName . '&staffPhone=' . $staff->staffPhone . '">' . $linkName . '</a>';
This is sent to the locksmith via email informing him of his new job on the clickable link "View job details". The link is impregnated with the data needed. However from the looks of it the data for jobNotes isn't there. My backups of this code display the exact same thing here when the code was displaying jobNotes so I'm not exactly sure how it is putting that field in.
If you got this far, well done! I hope I was clear enough with what the issue is but if you need anymore clarification, just ask!
Cheers,
Marc
After looking through your code you are only running the preg_match if there is a clientEmail. From the sample emails above it does not look like you are ever executing this code because there is no client email or it is not found using the preg_match. The specific location to look into is on line 113 of the e3-parser.php file. You will see this:
if($this->clientEmail)
{
//matching code here.
}
on line 109 and 110 you are looking for an email address and either not finding one or it is looking in the wrong location. At any rate, you should execute this code regardless of whether there is an email address or not. The notes must be set for later use, right now nothing is being set. Removing this if statement should resolve your issue.
I am a PHP newb so please bear with me for this rather simplistic question.
I have a PHP form setup like so >>
<?php
if($_POST){
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$comments = $_POST['comments'];
if($comments)
$error = "There was an error, please give us a call at ### ###-####.";
else{
if($name=="Name" || $email=="Email" || $message=="Message"){
$error = "All fields are required, please fill them out and try again.";
}else
$header = "From: $name <$email>";
$message = "Name: $name\n\nEmail: $email\n\nMessage: $message";
if(mail("email#domain.com", 'Form Submission', $message, $header))
$success = "Thanks for sending us your message, we'll get back to you shortly.";
else
$error = "There was an error, please give us a call at ### ###-####.";
}
if($error)
echo '<div class="msg error">'.$error.'</div>';
elseif($success)
echo '<div class="msg success">'.$success.'</div>';
}
?>
The basic idea is that the form has descriptive text pre-filled in each field but when you click on them they are cleared via Javascript. I want to prevent people from pressing send on the form without filling it out, hence the "if($name=="Name" || $email=="Email" || $message=="Message"){" bit. However while that message is working the form is still submitting. Why is this. Also please note that the "comments" field is in fact a honeypot. Thanks!
Because php is server-side. You need to look into javascript validation for what you want. To validate with php you HAVE to submit the form.
One tutorial but I recommend Jquery validation
"I want to prevent people from pressing send on the form without filling it out, hence the "if($name=="Name" || $email=="Email" || $message=="Message"){"
All you need to do is disable the submit button client side until the proper validation is met, then also validate server side. As #Iznogood said, that's why your gettin your error
Like lznogood said, PHP validates the form on the server, so you need to send the information to the server before PHP can process it.
If you want the form to be checked on the user side before sending it to the server you should use JavaScript to do that (jQuery is a great tool to use), and after checking it on the user side you can decide whether to send the form to the server or not.
Though this isn't an answer to your question, you might be interest in the new html5 feature placeholder. Read about it here. You can check to see which browsers it works in here (stupid internet explorer!). 5 years ago, I would put those "hints" as the value, which was a pain to validate. placeholder makes it sooooooo much easier. Your tag would look like:
<input type="text" name="email" placeholder="Enter Your Email Here" value="">
Note that value is empty. You can omit the value attribute, I left it in to show it's not needed here.
As far as an answer to your original question, everybody else is correct, javascript is the way to go.
I use a php code on my server to send messages to my clients. The programming tool I use (Game Maker) allows me to send messages via php by executing a shell so that the link appears in a browser.
Example is here ...
with all the other stuff added. So in effect, the message I'm sending and all the stuff I'm sending are seen in the browser. I use the php get method. everything works perfectly now, except that it may not be secured. Someone suggested php post method, but when I replaced get in my php cod on my server to post, and pasted the same thing in the browser, my code didn't work. It's hard to explain, but here's the php code on my server:
<?php
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers
// might be in order
// The input form has an hidden field called email. Most spambot will
// fall for the trap and try filling it. And if ever their lord and master checks the bot logs,
// why not make him think we're morons that misspelled 'smtp'?
if (!isset($_GET['email']))
die("Missing recipient address");
if ('' != $_GET['email'])
{
// A bot, are you?
sleep(2);
die('DNS error: cannot resolve smpt.gmail.com');
// Yes, this IS security through obscurity, but it's only an added layer which comes almost for free.
}
$newline = $_GET['message'];
$newline = str_replace("[N]","\n","$newline");
$newline = str_replace("[n]","\n","$newline");
// Add some last-ditch info
$newline .= <<<DIAGNOSTIC_INFO
---
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT]
DIAGNOSTIC_INFO;
mail('info#site.com','missing Password Report',$newline,"From: ".$_GET['from']);
header( 'Location: http://site.com/report.html' ) ;
?>
I then call this php code on my site. so that in the end, the whole thing ends up in the browser address bar. I hope this makes sense. How do I make things more secured by using post so that at least the sent information cannot be seen in users history and all that.
If you replace to POST in your form you need to replace the request to POST too:
<?php
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers
// might be in order
// The input form has an hidden field called email. Most spambot will
// fall for the trap and try filling it. And if ever their lord and master checks the bot logs,
// why not make him think we're morons that misspelled 'smtp'?
if (!isset($_POST['email']))
die("Missing recipient address");
if ('' != $_POST['email'])
{ // A bot, are you?
sleep(2);
die('DNS error: cannot resolve smpt.gmail.com');
// Yes, this IS security through obscurity, but it's only an added layer which comes almost for free.
}
$newline = $_POST['message'];
$newline = str_replace("[N]","\n","$newline");
$newline = str_replace("[n]","\n","$newline");
// Add some last-ditch info
$newline .= <<<DIAGNOSTIC_INFO
---
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT]
DIAGNOSTIC_INFO;
mail('info#site.com','missing Password Report',$newline,"From: ".$_POST['from']);
header( 'Location: http://site.com/report.html' ) ;
?>
Unless you are sending it with real GET parameters like http://www.mysite.com/send.php?email=etc; in this case you do need to set it to GET to retrieve the variables.
So, basically, I'm creating a page where a user can visit, and enter in the following information:
1. Their First Name
2. Their Email
3. Recipient's Email
They then can send a pre-defined email, saying something like the following...
"Hello, {Recipient's email}. {First name} ({Email}) has just sent you a slurp! You can ignore this message, or slurp them back.
[Slurp Them Back] [Slurp Someone Else] [What's A Slurp?]"
The whole part about the Slurp is something that doesn't really matter, it's just the text from the pre-defined email. The text in {...} is taken from the fields on the page, and the text in [...] are just links.
Does anyone have any idea on how to do this? Even if you can't customize the email, and it would just be without the information from the site, help would be appreciated. Thanks.!
Here's an example of what I'm going for...
Example Layout
It's possible to do using the php mail function. You can take input for everything you specified, then use the example here. They show it in a basic and more advanced form.
Interestingly, the first chapter of Head First PHP describes almost exactly this scenario (except that the recipient is fixed). If you want to learn more about PHP you can look into the book; otherwise, their code is online at http://www.headfirstlabs.com/books/hfphp/ (actual code link: http://www.headfirstlabs.com/books/hfphp/code/HeadFirstPHPMySQL_code_ch01.zip)
Sending an email by itself can be done by using the mail() command
mail('to.address#host.com', 'subject', 'message', 'From: from.address#host.com');
The whole code would look something like this:
HTML:
<form action="slurping.php" method="post">
Your name: <input type="text" name="name" /><br />
Your email: <input type="text" name="email" /><br />
Recipient: <input type="text" name="recipient" /><br />
<input type="submit" />
</form>
PHP (slurp.php):
// order of parameters is: to, subject, message body, additional headers
mail(
$_POST['recipient'],
'You just got slurped',
'You\'ve been slurped by '.$_POST['name'].'. Slurp him/her back by visiting http://slurp.com/',
"From: {$_POST['email']}\r\n"
);
This will send out an email like it's coming from the senders email address to the recipient.
There's a lot missing there, though. What you normally want to include is:
Validation of input on the client side (javascript)
Validation of input on the serverside
Clear out and handle right encodings etc
If you want to do it properly however, so that a greater percentage of your users actually receive the email, you should use a 3rd party library to send out emails. I recommend PHP Mailer or Swift Mailer.
Those libraries provide an easy mechanism for you to include HTML in your emails, attachments, allow for easily connecting to SMTP servers and handle all escaping and encoding issues for you.
On top of that they encapsulate everything within an Object oriented approach, so if that's your cup of tea, you'll be happy. Se their websites for more info.
It's pretty funny, I wrote a blog post about the very issue of email deliverability (getting through spam filters) etc: http://arnorhs.com/2011/02/21/delivering-email-with-php/ - It might be helpful to you.
Cheers
On submit you can send a predefine email in php
following is the code sample
assumed that you will have a html page and following is the sample html code
Send Slurp
Enter Your Name:
Enter Your Email:
Enter Recipient's Email:
following is the php code in "="send_email.php"
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$your_name = $_POST['your_name'];
$your_email = $_POST['your_email'];
$recipients_email= $_POST['recipient_email'];
$email_subject = 'My Slurp';
$email_body = "Hello, $recipients_email. $your_name ($your_email) has just sent you a slurp! You can ignore this message, or slurp them back.
[Slurp Them Back] [Slurp Someone Else] [What's A Slurp?]";
echo $email_body;
// Send Email
mail($recipients_email, $email_subject, $email_body);
}
?>