php form

Levi

Moderator
Staff member
I've written a php file for a form I've added to my site which (finally) works (woo hoo :D)

Code:
<?php$to = "my email address";$subject = "Contact from the website";$name = $_REQUEST['name'] ;$reference = $_REQUEST['reference'] ;$telephone = $_REQUEST['telephone'] ;$email = $_REQUEST['email'] ;$message = $_REQUEST['message'] ;$ip = $_SERVER['REMOTE_ADDR'];$message = "Submitted From: $ip \nName: $name \nReference: $reference \nTelephone: $telephone \nE-mail: $email \nComments: $message";mail($to, $subject, $message);header( "Location: /test/success.html" );?>
The contact form is here (albeit unfinished and it isn't validated) but my current host is being crap (yes I will be moving) as their php isn't sending again (good job my synology nas has web server with php built in :up:).

Can anyone tell me how I would get the senders email address in the 'sender box' in outlook rather than my 'email address' as it currently is.

Also can I send a copy to the person filling in the form but have it slightly different to the one sent to me - maybe by using a 1 and 2 number on the mail and message bits as my understanding of php means they're just a 'link' to the relevent parts

thanks in advance :)
 
I think its something like

$email = $_POST['email'];
((you have a form field labeled email))

$headers = "From:$email";

then include $headers in this bit

mail($to, $subject, $message, $headers);

something like that... no idea on the copying in I'm afraid
 
cool, I'll have a play around with those and see how I get on, ta very muchly
 
tried your approach Andy and it worked a treat. Also played around and have now got it sending to me and the sender.
Still need to tweak a little as its not perfect and then its a case of getting it out of the automatic junk filters in outlook and hotmail, god damned over zealous spam filters from MS!!!
 
Nice one Levi!

I don't use php very much but should really get around to working on a decent contact form myself at some point!
 
I'll take a look at yours a bit later Harry, quick glance seems like it may be good if I can figure it all out :)
 
Ok had another look and although I understand what its trying to do (that bits pretty self explanatory), I have no idea how to get it to work with my site especially when it appears to have the form built into the code.

I think I may just go back to the simplest approach - form that sends to me and a message on the site saying thanks for the email as atleast I know whats happening there :)
 
if you can explain a simple way for me to adapt your links to my contact form (link) then I'm all for using a more secure approach, its just that trying to get it all to work with mine is little above my level of knowledge when it comes to the code.
 
I'll give it ago when I get a few minutes, it will need styling to match my site though so hopefully the css will pass over.
 
Hay Levi, just a quickly I see you were using the request array, sorry security mindset coming in, but if the information is coming from a form use the post array other wise the request array will allow get data to populate the form.

Now if I was a competitor and I was thinking of ways of making your life difficult and I was going to harass you ass, I could set up say 100 comments on other sites that don't filter html from their comment scripts all with get data and you would be inundated with useless emails, taking you time to go through them 1 by 1, if I put a loop up then well, post it but also check to make sure that the post array is coming from your site. Cookie it and test for the cookie for example, as the referrer can also be spoofed.

If the cookie is not set don't load the captcha as captcha's can take up server resources, again if I was going to harass your ass knowing your using captcha's, I could ping your server find out your servers response time, then set up hundreds of loops to tie up your server and wella...just some ideas TBH.

Also bare in mind I don't know 1 captcha that's not breakable all you need is time and then well my loop of fake emails becomes a serious pain, you then don't answer emails, they go to my client, well if I was to do it they would. :)

But by requesting data from only post and making sure it is only coming from your site, if it does, then load the captcha well the amount of my time needed would not be worth my effort TBH.

Just something to bare in mind.
Jaz :)
 
Jaz - thats just gone completely over my head :)

I've got to sort out the scripting on it, after the previous posts I decided that its basically crap and needs redoing, just got to figure it all out now :)
 
Right basically just change all the $_REQUEST arrays to $_POST arrays as the $_REQUEST array will allow data to be got from the url via the $_GET array.

So if I put in my address bar something like ~

yoursite.co.uk/[email protected]&message=just a bunch of rubbish

Your form would still send you a email.

Now if I was to put up a load of fake links, or to create a script to loop through say 1000 times you will just get a 1000 emails of nothing but crap. Taking you time to go through them.

Now if you change it to $_POST then a form has to be submitted for the email to be sent to you which makes it harder for me to spam you if I was a competitor.

If you then set a cookie on the form page, and then test for it on the send email page, both pages should e different, you know if the form came from your site or not.

So the form was submitted and a cookie was set ~
<?php setcookie("Monkey", "The monkey slapped the cow");?>

Then on the send email page ~
<?php if(isset($_COOKIE['Monkey']) && $_COOKIE['Monkey']=="The monkey slapped the cow"){?> //test to see if the cookie is set and it equals what you set it to
Send the email and set a thank you/confirmation message.
<?php }else{?> //else it doesn't so display the form again with a disclaimer
The form was not sent form your site, or they don't have cookies turned on, so 99.999999999% of the time will be bogus so set a error message saying sorry cookies must be turned on for you to email me, here's my phone number or address for you to write or phone me instead, then display the contact form again.
<?php }?>

That way it will be harder for you to be spammed by your competitors.

Hope that explains it if not let me know.

Jaz

Key:
Red ~ PHP
Orange ~ PHP comments
 
Back
Top