I have designed the comments box for getting comments. Instead of using captcha plugins, i have prepared custom captcha with 5 digit number. When I submit the details, still I getting error page. I have checked various sites in Google but could not find the correct answer.
comments.html - Comment box for comments
captcha.php - Custom captcha with 5 digit code
submit.php - for processing the code
error.html - error page for wrong entry
thank.html - Page on submitting successful
I am unable to sort-out where the mistake is. Kindly help me in this regards.
The sources codes of comments.html and submit.php is given below.
=========COMMENTS.HTML==============
<form action="submit.php" method="post">
Name: <input type="text" name="name" /> <br>
Email: <input type="text" name="email" /> <br>
Comments: <textarea name="coments" /> <br>
Enter Captcha <img src="captcha.php"><input type="text" name="vercode" /> <br>
<input type="submit" name='submit' onclick="show_confirm()" value="SUBMIT" />
</form>
=============SUBMIT.PHP=================
<?php
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')
{
//This page should not be accessed directly. Need to submit the form.
header('Location: error.html');
exit;
}
$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];
if(empty($name) || empty($email)||empty($comments))
{
header('Location:error.html');
exit;
}
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST[email]))
{
header('Location:error.html');
exit;
}
$email_from = 'info#xxxxx.com';
$email_subject = "CONTACT FORM";
$email_body="============================\n".
"FULL NAME: $name\n".
"EMAIL-ID: $email\n".
"COMMENTS: $comments\n".
$to = "info2#xxxxx.com";
$headers = "From: $email_from \r\n";
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank.html');
?>
You need
session_start()
at the very top of your submit.php, that starts or resume your session so that you can access $_SESSION
You should check if the form was submitted first, then process the code. Example:
if(isset($_POST['submit'])) { // process stuff }
You didn't show what specific error you get, so I'm just going to link you to this simple PHP-GD captcha that I have used previously in some projects and works like a charm. Is really simple and easy to implement.
Simple PHP-GD captcha image
It looks like it may have something to do with your regex verification always returning false.
You may want to test if the rule you set is correct. Also, I have read on php.net that eregi() is now obsolete in 5.3.0, so maybe use preg_match() with PCRE_CASELESS flag instead ?
Related
im using this contact form below. When I was running it on my local machine it was working. But on my server if the form fails it does the right thing and goes to fail.php but when all the fields are filled it goes to send_contact2.php after clicking send instead of success.php
This is the send_contact2.php
if (empty($_POST['name'])
|| empty($_POST['number'])
|| empty($_POST['email'])
|| empty($_POST['messagearea'])
){
header('Location: fail.php');
}
else {
$name = $_POST['name'];
$number = $_POST['number'];
$email = $_POST['email'];
$messagearea = $_POST['messagearea'];
$to = 'example#gmail.com';
$subject = "Website Message: Contact form";
$message = '$messagearea';
$headers = "From: WebsiteMessage";
mail($to, $subject, $message, $headers);
header("Location: success.php");
}
?>
This is my form
<form name="form1" method="post" action="send_contact2.php">
<input name="name" type="text" placeholder="Your Name"/> <br/>
<input name="email" type="email" placeholder="Your Email"/> <br/>
<input name="number" type="tel" placeholder="Your Number"/> <br />
<textarea name="messagearea" cols="" rows="" id="messagearea" placeholder="Your Message"/></textarea> <br/>
<input name="sumbit" type="submit" value="SEND" id="button2" />
</form>
I have this setting in my cPanel
Any help would be greatly appreciated
if the page stay on send_contact2.php it is because, header("Location: success.php") do not redirect. read this post, it could help. Php header location redirect not working
In my opinion PHP must be outputing some text (char, error or warning?) or you have used a char before <?php in your send_contact2.php file. That's why header is not working. Remember that header() must be called before any actual output is sent.
OP here, managed to sort it in the end
Was a mail server issue, so if anyone in the future gets this problem check your php settings on your hosting and make sure it allows mail() and make sure you set up an email address where you're sending the email to on your server.
thanks to everyone that helped me debug
I put together a simple PHP email form for a website, but it keeps sending blank emails every so often. Most of the the fields are "required" and I was using a captcha system for a while, but the blank emails kept coming.
HTML markup:
<form action="mail_send.php" method="post">
<input name="name" type="text" required="required" size="40" />
<input name="email" type="text" required="required" size="40" />
<input name="company" type="text" size="40" />
<textarea name="message" cols="80" rows="7" required="required"></textarea>
<input type="submit" value="Submit" />
</form>
PHP:
$name = $_POST['name'];
$email = $_POST['email'];
$company = $_POST['company'];
$message = $_POST['message'];
$formcontent=" FROM:\n $name \n\n COMPANY:\n $company \n\n MESSAGE:\n $message";
$recipient = "email address";
$subject = "Subject";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo "<script>window.location = 'confirmation.php'</script>";
Everything works fine when I test it, I receive the emails from the form with no problems at all, but for some reason I keep getting blank emails often (possibly from robots).
Any ideas?
Thanks!
That could happen if your HTML form and PHP are inside the same file while you're not checking if any of those inputs are empty or not. And if not in the same file, not checking for emptyness, still applies.
You could be the victim of bots, or some joker visiting your site ever so often just to tick you off.
Or that the form's method's URL is being accessed directly by someone or something, which is what I feel may be the issue here, since you do have required for your inputs.
Check your access logs.
So, use a conditional !empty() against all your inputs.
http://php.net/manual/en/function.empty.php
I.e.:
Sidenote: || checks to see if one or any are empty.
if( !empty($_POST['name']) || !empty($_POST['email']) ){
$name = $_POST['name'];
$email = $_POST['email'];
// process mail
}
You can add the other ones in.
Or give your submit a name attribute:
<input name="submit" type="submit" value="Submit" />
Then check if the button is set and that the inputs are not empty:
if(isset(_POST['submit'])){
if(!empty($_POST['name']) || !empty($_POST['email']) ){
$name = $_POST['name'];
$email = $_POST['email'];
// process mail
}
}
You should also use filters, for the email input:
http://php.net/manual/en/function.filter-var.php
http://php.net/manual/en/filter.examples.validation.php
Plus, if you decide to use radios/checkboxes later on, use isset() against those.
Sidenote:
You could add a checkbox to your form to check if it was checked or not, and handle it with a conditional statement.
Footnotes:
"Most of the the fields are "required" and I was using a captcha system for a while, but the blank emails kept coming."
There isn't any captcha code in your question to support this.
N.B.:
The required attribute only works in HTML5 supported browsers. Therefore, if any of those bots or visitors to your site are using a browser that doesn't support HTML5, or technology that can bypass it, then that too could be another (contributing) factor.
You will want to do validation on your PHP.
http://www.w3schools.com/php/php_form_validation.asp
Basically you will want to do the following:
Security
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Validation
if (!empty($email)){
//your code to send email
}
You could make it a little more complex if you want to check more than one thing.
$fail_validation = FALSE;
if (empty($email)){
$fail_validation = TRUE;
}
if (empty($phone)){
$fail_validation = TRUE;
}
if ($fail_validation == FALSE){
//code to send mail goes here
}
Please note, this is very basic, and you may want to consider looking into some extra functions to secure the PHP. I would also suggest using a honeypot as an extra layer of security.
https://stackoverflow.com/a/22103646/2547075
<textarea name="message" cols="80" rows="7" required="required"></textarea>
should be
<textarea name="message" cols="80" rows="7" required></textarea>
Are you writing XHTML or HTML?
Validation on the server side is also recommended. See answers below on how to do it.
But for some reason you're getting blank emails, possibly from robots
pretty much answered your question. Robots can be pretty advanced and break certain Captcha'a as well to post blank post requests. You should check if the post requests are not empty.
The unbreakable captcha's are the ones you've written yourself (and not spread be-hound your website until it becomes popular) or the recently introduced one from Google. give it a try (once you've checked for empty values)
I am trying to get a simple two-field form to submit to an email address and then echo a "thanks for registering your interest" below the form (or instead of the form).
FYI, this is on a WordPress template file.
Here is the code, including the form:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
method="POST" autocomplete="on" id="register-form">
<input type="text" name="name" placeholder="Name"/>
<input type="email" name="email" placeholder="Email address"/>
<button type="submit" name="submit" class="button">Send
<img src="<?= get_image('icon-arrow-right-tiny.svg'); ?>"/></button>
</form>
<?php
if (isset($_POST['submit'])) {
// validate the email address first
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
// process the form only if the email is valid
if ($email) {
$to = 'info#example.com'; // where you want to send the mail
$from = 'info#mydomain.com';
$subject = 'Website Submission';
$message = 'Name: ' . $_POST['name'] . "\r\n\r\n";
$message .= 'Email Address: ' . $_POST['email'] . "\r\n\r\n";
$headers = "From: $from\r\nReply-to: $email";
$sent = mail($to, $subject, $message, $headers);
} ?>
<p style='color: #fff; font-size: 14px;'>Thank you for registering your interest.</p>
<?php
}
?>
At the present time, the form does get sent, and the page does echo "Thank you for registering your interest" underneath the form, however it does not seem to be returning us to the correct page when you click the submit button.
Any ideas?
Thank you for all of your contributions. I have worked out the problem, and will share here for anybody else who comes here to find the answer.
WordPress has something important reserved for the "name" parameter, and thus you can't use it in PHP-based forms. Changing the parameter name from "name" to something else resolved the issue.
Additionally, WordPress also has the following names reserved and you cannot use them in forms - "day" "month" and "year".
I have check your code i think you have use color code #fff i.e. for the message.
Please try to make black or any other color rest of code are working.
:)
Thank you for registering your interest.
You have to put a php code below your Thank you message.
header("location:$_SERVER["PHP_SELF"]);exit;
My issue: I'm trying to make this form both email the form data and redirect to download page using php script (i.e.: One click = 2 actions). I searched the boards and didn't really find anything similar to what I am trying to do. I had tried several options code wise, but it won't send the email at all. What am I doing wrong?
code:
form:
<form id="myform">
<form method="get" action="action/php">
<fieldset><center>
<h3>DOWNLOAD DVD</h3>
<p> Enter your full name and email and then press Download DVD. </p>
<p><br>
<label>Enter Your Name *</label>
<input type="text" name="name" pattern="[a-zA-Z ]{5,}" maxlength="30" />
</p>
<p>
<label>Enter Your Email *</label>
<input type="email" name="email" required />
</p>
<button type="submit" id="submit-myform"; class="submit" value="Submit" name="myform_submit">Download DVD</button>
<button type="reset">Reset</button>
</fieldset>
</form>
php:
<?PHP
if(isset($_POST['myform_submit']) && $_POST['myform_submit'] == "Submit"){
echo "http://www.website.com";
}else {
mail( "info#website.com", "Landing Page Download",
$name, "From: $email" );
}
?>
Again ... The download content comes up nicely. But the email will not send.
I think you've got your if statement mixed up. Currently it's saying if the form is submitted, then print a URL to the screen, otherwise send an email but from what you've said you want to redirect and send an email. Try this:
if(isset($_POST['myform_submit'])) {
$send = mail( "info#website.com", "Landing Page Download", $_POST['name'], "From: " . $_POST['email'] );
if($send) {
header("Location: http://www.website.com");
} else {
echo 'Error sending email!';
}
}
Problem number 2 is you have nested forms. Not sure why you're doing this, but it's against HTML spec and will probably cause your form data not to get sent as it should. Remove the outer form. Here's line 3 of the HTML3(old!) spec:
Note you are not allowed to nest FORM elements!
Problem number 3, you're setting your form method as GET and then trying to access POST variables. Problem 3.5, your action is action/php - thats not a filename (unless you have an index.php file inside a folder called php, inside a folder called action). Change all this to:
<form method="post" id="myform" action="action.php">
Note: header("Location: [url]") sends a redirect header to your browser, so you are redirected to the target URL. If you simply want to display the URL (like in your question) then continue to just echo it.
Trying to make my own contact form with php. Is there a better/cleaner way to approach this?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1 /DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact Form Practice</title>
</head>
<body>
<form method="POST" action="mailer.php">
Name:
<br>
<input type="text" name="name" size="19"><br>
<br>
Your Email Adress:
<br>
<input type="text" name="email" size="19"><br>
<br>
Message:
<br>
<textarea rows="9" name="message" cols="30"></textarea>
<br>
<br>
<input type="submit" value="Submit" name="submit">
</form>
</body>
</html>
----------------php---------------
<?php
if(isset($_POST['submit'])) {
$to = "mail#cheapramen.com";
$subject = "Contact";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$message = $_POST['message'];
$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message";
echo "Data has been submitted to $to!";
mail($to, $subject, $body);
} else {
echo "4! OH! 4!";
}
?>
The code seems correct, but I'd highly recommend adding in some data validation. You'll want to make sure all required fields are filled out with valid info. Also be sure to encode/strip any HTML, JS, etc for security/readability purposes.
Lastly, you should also consider using CAPTCHA to guard against spam. I've got an old site running code similar to this and used to get over 500 spam emails a day!
That's pretty much it, maybe on successful completion you can do a header() redirect to a confirmation page, but as far as processing the form what you have is pretty standard.
Also, you want to sanitize your data as a standard practice of accepting any user input.
You might want to look into implementing a CAPTCHA to prevent the bots from hammering your form as well.
PHP Captcha
One thing you definitely want to do is make the data a bit safer to send in the email. I would at least run the htmlentities and strip_tags on the input data but you should definitely look in to doing further validation.
Also instead of isset($_POST["SUBMIT"]) I would maybe do something like...
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// body code here
}
I would HIGHLY recommend looking up some information about PHP mail() hijacking and making sure you are not going to leave your script vulnerable to such an attack. Also what everyone else suggested is very good to do as well.
In the question, you had 2 separate files processing the form. The problem is if you get a validation error, you are left with little choice but the awful "Please click you back button" solution.
Consider this template PHP file that will handle it all on one page, provide for data validation, errors, re-submitting, and the whole 9 yards.
<?php
// Read input variables from _POST
$FormAction = (isset($_POST['FormAction']) ? $_POST['FormAction'] : '');
$FirstName = trim(isset($_POST['FirstName']) ? $_POST['FirstName'] : '');
...
// Define script variables
$Errors = array();
// Process input if data was posted.
switch($FormAction)
{
case 'Process':
// validation code
if(empty($FirstName) or strlen($FirstName) > 20)
$Errors[] = "First name is required.";
...
if(count($Errors) > 0)
break;
// Here we have valid data.. Do whatever...
// Now, redirect somewhere.
header('Location: http://www.next.com/whatever');
exit;
}
?>
<html>
<body>
<?php if(count($Errors)) { ?>
<div class="Error">
<?php foreach($Error as $Error) { ?>
<div><?php echo htmlspecialchars($Error); ?></div>
<?php } ?>
</div>
<?php } ?>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER['REQUES_URI'], ENT_QUOTES); ?>" />
<input type="hidden" name="FormAction" value="Process" />
First Name:
<input type="text" name="FirstName" value="<?php echo htmlspecialchars($FirstName, ENT_QUOTES); ?>" />
...
<input type="submit" />
</form>
</body>
</html>