I am looking for a means of implementing a "Contact Us" routine/page that I can apply to my site that is purely a HTML website only.
I am assuming this will need to be a PHP process to send emails from a Contact Us form, but I am unsure how to do it.
Since you're pure HTML now, I'm assuming you're trying to keep this simple?
Use a service.
As you said you were interested in looking into PHP, you could do this with one script (say, for example, Contact.php). In your Contact.php file you would put a simple HTML form with room for name, email address, short message, etc. This form can just submit the form data to the same page, process the data, and send out an email with PHP's mail() function. Doing it this way avoids the need to display your email address to the world.
Something simple like the following should get you started, although you are going to want to check any and all user input before mailing it to yourself!
<html>
<body>
<?php
// if the form was filled out and submitted, mail it
if ( isset($_REQUEST['subButton']) )
{
$email = $_REQUEST['email'] ;
$subject = "Contact Us request from site";
$message = $_REQUEST['message'] ;
mail( "secretEmailAddress#email.com", "Subject: $subject", $message, "From: $email" );
header("location: contact.html");
}
else
{
echo "<form method='post' action='Contact.php'>
Email: <input name='email' type='text'/><br/>
Message:<br/>
<textarea name='message' rows='10' cols='30'>
</textarea><br/>
<input type='submit' name='subButton' value='Contact Us'/>
</form>";
}
?>
</body>
</html>
The easiest way is to just use a mailto: link.
Contact Us
Mailto links are very insecure. expect to get spam up the wazoo.
Instead use javascript to simply mask it.
Put this where you want the link to be setup
var mailE1 = "contact";
var mailE2 = "yoursite.com";
var linktext = "Email Us";
document.write("" + linktext + "")
Related
I'm trying to send a message to the email a user provides in the contact form. The problem is the message never gets sent, but I always arrive at a blank page where my php code is located. Nothing warns me of any error in my code. Can anyone explain why this is happening and offer a solution to the problem?
<form action="site.php" method="POST">
<input
type="text"
class="form"
name="email"
placeholder="Your email address"
/>
<button class="submit" type="submit">Join Waitlist</button>
</form>
<?php
if (isset($_POST["submit"]))
{
$mailTo = $_POST["email"];
$mailFrom = "Dumele";
$message = "https://docs.google.com/forms/d/1lpj2XnKW4HT_qHFfGwpUxcvzPmK2USZ0MGSDP0XCqfg/edit";
$subject = "Welcome to Dumele";
$txt = "Thank you for your interest in Dumele. We're glad to have
you join our network and mission to enhance the technological
innovation of our African diaspora. Below is a link to a survey
we would like you to answer so we can better assist you.\n\n".message;
$headers = "From: ".mailFrom;
(mail($mailTo, $subject, $txt, $headers));
header("Location: index.php?mailsend");
}
?>
First of all make sure you enabled error reporting. You can check another Stackoverflow question and it's answers here about it.
As I see in your code you have syntax errors. You didn't place $ sign before variable names. For example you typed $headers = "From: ".mailFrom; instead of $headers = "From: ".$mailFrom; Let's fix it:
<?php
if (isset($_POST["submit"]))
{
$mailTo = $_POST["email"];
$mailFrom = "Dumele";
$message = "https://docs.google.com/forms/d/1lpj2XnKW4HT_qHFfGwpUxcvzPmK2USZ0MGSDP0XCqfg/edit";
$subject = "Welcome to Dumele";
$txt = "Thank you for your interest in Dumele. We're glad to have
you join our network and mission to enhance the technological
innovation of our African diaspora. Below is a link to a survey
we would like you to answer so we can better assist you.\n\n".$message;
$headers = "From: ".$mailFrom;
(mail($mailTo, $subject, $txt, $headers));
header("Location: index.php?mailsend");
}
Now with the mail() function of PHP; some servers disables mail() function for security purposes. If so; you can use SMTP to securely send your emails. To use SMTP in PHP of course you need additional processes but some free software packages and libraries like PHPMailer or SwiftMailer can help you about it.
This is looking for a form value with the name "submit":
if (isset($_POST["submit"]))
But there's no form element in the HTML with that name. So this will always be false. Give your submit button that name:
<button class="submit" type="submit" name="submit">Join Waitlist</button>
It shouldn't necessarily need a value, it would just default to an empty string. But it needs a name in order for the browser to send anything at all with that key.
As an aside, your mail server may reject the message since this is not really an email address:
$mailFrom = "Dumele";
For completeness... It looks like your PHP variables are also syntactically incorrect. Variable names need to begin with a $. For example, this:
$headers = "From: ".mailFrom;
Should be this:
$headers = "From: ".$mailFrom;
The same error would need to be corrected anywhere you're mis-using variable names.
Use value attribute in button tag. You are testing
if(isset($_post['submit']))
But what is submit? You should use value attribute and give a value submit i.e. Submit
I'm so sorry to post this question when there are so many existing questions already on here, but I'm really struggling with my PHP form handling and feel like I am going around in circles. I'd really appreciate some straight answers if possible.
I have an index.php file with a form in it <form id="contact-form" class="form" method="post" action="form.php"> and a form.php file that takes the form entries and sends an email. I have a redirect from form.php back to index.php#contactanchor after the email has been sent. That's all working ok.
//Send the email!
if (!$nameErr && !$emailErr && !$phoneErr && !$commentsErr) {
$email_body = "Name: $name\n Email: $email\n Phone: $phone\n Message: $comments\n";
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $email \r\n";
if (mail($to,$email_subject,$email_body,$headers)) {
$result = "Thank you for your enquiry.";
} else {
$result = "Submission error. Please check your details.";
}
}
header('Location: index.php#contactanchor');
I'm trying to get a message to appear in a div on index.php depending on whether the email was sent properly.
<div class="formresponse">
<p class="paragraph">I would like the response to show up here</p>
</div>
The message is in a variable $result in form.php.
(1) Firstly, do I need to add <?php session_start(); ?> to the top of index.php?
(2) How do I get the div in index.php to reflect the text from the $result variable?
I (lightly) appreciate the differences between server and client-side operations and realise that I need to use some Javascript or AJAX, but I'm at a loss as to where to put code and what code to use. I'd really appreciate some help... I've read through so many questions and answers today that my head is battered and I could really do with some coddling :-(
This question already has answers here:
Making email field required in php [closed]
(4 answers)
Closed 8 years ago.
I have this existing code and I am wondering how to make the name and email field required?
<?php
if(isset($_POST['submit'])){
$to = "xxx#email.com"; // this is your Email address
$from = $_POST['gift_email']; // this is the sender's Email address
$first_name = $_POST['gift_name'];
$subject = "Free Gift Request";
$msg = "A free gift has been requested from the following:"."\n";
$msg .= "Name: ".$_POST["gift_name"]."\n";
$msg .= "E-Mail: ".$_POST["gift_email"];
$headers = "From:" . $from;
mail($to,$subject,$msg,$headers);
//echo "Mail Sent. Thank you " . $first_name . ", we will contact you shortly.";
header('Location:free_program_thankyou.php');
}
?>
For form
<input type="text" name="gift_email" required>
<input type="text" name="gift_name" required>
For Php
if(empty($_POST['gift_email']))
{
echo 'This field is required';
}else {
//Do what you want to do here
}
A two basic ways to do this:-
Within the php program check each required form field has been filled in send a new page with an error message back if it is not. Be sure to return the contents of any fields already filled in or your users will wish a plague of boils on your person.
Validate in javascript. Have a function triggered by the "onsubmit" condition which checks for all required forms fields are filled and highlights any that are not. see here
In practice a robust web site will do both. This seems like duplication however the javascript function is much more responsive and user friendly, BUT, the php server side validation cannot be gamed by turning JS off or spoofing responses.
I have this form by which a user sends me an email. I don't know if it is secured, or if issues with security appear only if sql is involved...
html:
<form id="form4" action="send_mic.php" name="form4" method="post" >
<textarea name="message4" cols="4" rows="4" id="message4" ></textarea><br />
<input type="text" id="name4" name="name4" value="" /><br />
<input type="text" id="email4" name="email4" value="" /><br />
<input type="submit" value="" id="submit" />
</form>
jquery:
<script type="text/javascript">
$(document).ready(function () {
$('#form4').ajaxForm({
beforeSubmit: validate
});
function validate(formData, jqForm, options) {
var name = $('input[name=name4]').fieldValue();
var email = $('input[name=email4]').fieldValue();
var message = $('textarea[name=message4]').fieldValue();
if (!name[0]) {
alert('Please enter a value for name');
return false;
}
if (!email[0]) {
alert('Please enter a value for email');
return false;
}
if (!message[0]) {
alert('Please enter a value for message');
return false;
}
else {
$("#content").fadeOut(1000, function () {
$(this).html("<img src='images/postauto3.png'/>").fadeIn(2000);
});
var message = $('textarea[name=message4]').val('');
var name = $('input[name=name4]').val('');
var email = $('input[name=email4]').val('');
}
}
});
</script>
php:
<?php
if($_POST){
$email = $_POST['email4'];
$name = $_POST ['name4'];
$message = $_POST ['message4'];
// response hash
$ajaxresponse = array('type'=>'', 'message4'=>'');
try {
// do some sort of data validations, very simple example below
$all_fields = array('name4', 'email4', 'message4');
foreach($all_fields as $field){
if(empty($_POST[$field])){
throw new Exception('Required field "'.ucfirst($field).'" missing input.');
}
}
// ok, if field validations are ok
// now Send Email, ect.
// let's assume everything is ok, setup successful response
$subject = "New Contact";
//get todays date
$todayis = date("l, F j, Y, g:i a") ;
$message = " $todayis \n
Attention: \n\n
Please see the message below: \n\n
Email Address: $email \n\n
Message: $message \n\n
";
$from = "From: $email\r\n";
//put your email address here
mail("contact#....ro", $subject, $message, $from);
//prep json response
$ajaxresponse['type'] = 'success';
$ajaxresponse['message'] = 'Thank You! Will be in touch soon';
} catch(Exception $e){
$ajaxresponse['type'] = 'error';
$ajaxresponse['message'] = $e->getMessage();
}
// now we are ready to turn this hash into JSON
print json_encode($ajaxresponse);
exit;
}
?>
So, are there any security problems when using forms to send emails? Is this ok?
Thanks!
In general, rule of the thumb should always be: NEVER trust user provided data. And no, your code is not bullet proof. Since you do not verify nor sanitize user input and you use mail() at the same time you are vulnerable. User can easily feed you with crafted value for email4 filed. Since you use form data directly, then email4 can be used to inject additional mail headers to your outgoing mail. It these headers would be BCC: or CC: or even TO: then then you would be simply acting as spam relay. For example if I post this
some#address.com
CC: spamvictim1#foo.com, spamvictim2#foo.com, spamvictim3#foo.com,
X-Spam-Owned: Whoa
as your email4 then your header would end looking like this:
To: some#address.com
CC: spamvictim1#foo.com, spamvictim2#foo.com, spamvictim3#foo.com,
X-Spam-Owned: Whoa
to post multiline data you simply glue texts with CRLFs.
To avoid security holes like this you should consider dropping mail() and use something more clever that would take care of something like this too (not that mail() is bad, but you need to know what you are doing as it is rather low than high level function). I suggest using PHPMailer or similar package. You should always verify user provided data (especially ensure that single-line fields, like subject are really single line - stripping CRLFs suffice). Add captcha as you are open to automated form submission.
You could add a captcha to prevent spam.
You could protect against email injections by using:
filter_var($email, FILTER_VALIDATE_EMAIL)
I think this form is safe, mean that no one can really h#ck your website throught this form.
But you need to add somethings for better result:
1. You should also check the post variable in php server side, mean that you should check if email / name / message is valid of not
2. You should add some captcha to prevent spam
You can additionally wrap your server side code with
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
/* special ajax here */
die($content);
}
This will ensure the ajax request is coming on the server.
And please mind your ID that you are using in one of your jQuery selector in your question.
Even if you are not working with database, there could be security problems in email sending. Of course you can't be hacked by this form, but the problems will occure when the user will input something like this in EMail field:
email-address1#example.com // there is a new line here
CC:email-address2#example.com,email-addresses3#example.com,.............................email-addressesn#example.com
so the best you can do is sanitizing all the input fields for mail function, to prevent such spam delivery. And as #WebnetMobile.com has already sad, never trust user inputs
I don't see a security issue in there, since you are not modifying anything on your server side. Might be an issue with spam though. Add some captcha to it. The rest looks ok.
You should add captcha , client side and server side validation in form
I am trying to figure out the best way to send an automated email to a customer when we update our database with "frames in" i'm thinking javascript & php but don't really know how to implement as a nobo!?
My HTML Form showing checkbox that needs to fire email (only partially shown due to length)
<form action="<?php echo $editFormAction; ?>" name="form" method="POST">
<input name="frame_in" type="checkbox" id="long_tiny" value="yes" <?php if (!(strcmp($row_Recordset1['frame_in'],"yes"))) {echo "checked=\"checked\"";} ?> />
<input type="hidden" name="MM_update" value="form">
</form>
The php mail script (Not sure if completely correct)
$mailTo = $row_customer['email'];
$subject = 'Your Frames Now in!!';
$cName = $row_Recordset2['cName'];
$jobRef = $row_Recordset2['customer_ref'];
$ourRef = $row_Recordset2['our_ref'];
$jobTotal = $row_recordset2['amount'];
mail($mailTo, $subject,
$cName your job Ref: $jobref is now in
<br>
<h2>Details:</h2>
<p>Our ref: $ourRef<br>
Customer Ref: $jobref<br>
Job total: $jobtotal</p>
);
I really don't know how to tie it all together I'm guessing there would need to be error handling as not every customer has an email (But the error doesn't need to be shown)
$mailTo = $row_customer['email'];
$subject = 'Your Frames Now in!!';
$cName = $row_Recordset2['cName'];
$jobRef = $row_Recordset2['customer_ref'];
$ourRef = $row_Recordset2['our_ref'];
$jobTotal = $row_recordset2['amount'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$message = "$cName your job Ref: $jobref is now in
<br>
<h2>Details:</h2>
<p>Our ref: $ourRef<br>
Customer Ref: $jobref<br>
Job total: $jobtotal</p>";
if($_POST['frame_in'] == "yes") {
mail($mailTo, $subject,$message, $headers);
}
This is a very broad question. What you need to do is:
Process the form in $editFormAction
If $_POST['frame_in'] is set, do the following:
Get all customers
Send an email to the ones with an e-mail address
Publish a warning on your site for logged-in users (or in general...) that do not have an email address registered.
No aditional javascript needed.
Where exactly are you stuck?
You could try a database trigger that sends an email. The database itself would be sending out the e-mail, and would not involve php at all. This would also be more inclusive, as it would send an email regardless or who/what changes the field, including changes from PhpMyAdmin, or other webpages/scripts.
http://dev.mysql.com/doc/refman/5.0/en/triggers.html
http://forums.mysql.com/read.php?99,33635,33635#msg-33635
This may be limited depending on your hosting environment. If you are using shared hosting, odds are you cannot utilize triggers for security reasons.