PDA

View Full Version : Contact Form with PHP bug


cocoonfx
01-06-2008, 11:05 PM
Hello


I have been using the following form on my sites and i have noticed a bug and i can not work out how to fix it. I have a contact form and if none of the fields are field the validation in the PHP works as if the data is filled in. i.e if the form is blank it sends the information anyhow to the administrator email.

Please find HTML/JAVA code below:


<form id="form1" name="phpformmailer" method="post" action="contact.php">
<label for="name">Your Name </label>
<input type="text" name="name" id="name"/>
<label for="email">Email Address </label>
<input type="text" name="email" id="email" />
<label for="email2">Please comfirm your email Address </label>
<input type="text" name="email2" id="email2" />
<label for="thesubject">Subject</label>
<input type="text" name="thesubject" id="thesubject" />
<label for="themessage">Message</label>
<div align="center">
<textarea name="themessage" cols="30" rows="5" id="themessage" themessage="themessage"></textarea>
<br>
<script language="JavaScript"><!--
function validateForm()

{
var okSoFar=true
with (document.phpformmailer)
{
var foundAt = email.value.indexOf("@",0)
if (foundAt < 1 && okSoFar)
{
okSoFar = false
alert ("Please enter a valid email address.")
email.focus()
}
var e1 = email.value
var e2 = email2.value
if (!(e1==e2) && okSoFar)
{
okSoFar = false
alert ("Email addresses you entered do not match. Please re-enter.")
email.focus()
}
if (thesubject.value=="" && okSoFar)
{
okSoFar=false
alert("Please enter the subject.")
thesubject.focus()
}
if (themessage.value=="" && okSoFar)
{
okSoFar=false
alert("Please enter the details for your enquiry.")
themessage.focus()
}
if (okSoFar==true) submit();
}
}
// --></script>
</div>
<label for="Submit"></label>
<input type="submit" name="Submit" value="Send" id="Submit" ONCLICK="javascript:validateForm()">
</form>

-----------------------

Then the PHP code


<?php

$valid_ref1="http://www.name.co.uk/contact.html";
$valid_ref2="http://www.name.co.uk/contact.html";
$replyemail="infon@domain.co.uk";
function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
$patterns[4] = '/\r/';
$patterns[5] = '/\n/';
$patterns[6] = '/%0a/';
$patterns[7] = '/%0d/';
}
//NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0.
return preg_replace($patterns, "", strtolower($value));
}

$name = clean_input_4email($_POST["name"]);
$email = clean_input_4email($_POST["email"]);
$thesubject = clean_input_4email($_POST["thesubject"]);
$themessage = clean_input_4email($_POST["themessage"], false);

$error_msg='ERROR - not sent. Try again.';

$success_sent_msg='<p align="center"><strong>&nbsp;</strong></p>
<p align="center"><strong>Your message has been successfully sent to us<br>
</strong> and we will reply as soon as possible.</p>
<p align="center">A copy of your query has been sent to you.</p>
<p align="center">Thank you for contacting us.</p>
<p align="center">Please <a href="http://www.nicholl-ramsay.co.uk">click here</a> to return</p>';

$replymessage = "Hello $name

Thank you for your email.

I will endeavour to reply to you shortly.


Please DO NOT reply to this email.

Below is a copy of the message you submitted:
--------------------------------------------------
Subject: $thesubject
Query:
$themessage
--------------------------------------------------
Please visit again http://www..co.uk

Kind Regards
Test;

// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"><!--\n ";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}

$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"><!--\n alert(\"$error_msg\");\n";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}
$themessage = "name: $name \nQuery: $themessage";
mail("$replyemail",
"$thesubject",
"$themessage",
"From: $email\nReply-To: $email");
mail("$email",
"Receipt: $thesubject",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;
?>


---------------------

I am completely stumped how to stop the validation working if the form is blank. Can anyone assist?

Kind regards
Cocoonfx

davidj
01-06-2008, 11:23 PM
your missing a closing quote after

Kind Regards
Test;

davidj
01-06-2008, 11:25 PM
you need to wrap the script (php) in an IF statement checking that the fields have been filled

this will validate and will only send the mail if the right fields have been key'd and the form submited

cocoonfx
01-09-2008, 12:36 AM
Hello


I thought this part of the code was to validate that the fields are entered. I tried entering the if statement as if it where a normal form ie

<?PHP

if($name && $email && thesubject && themessage){

Then the rest of the code;

}else{
header("/contact.html");
exit;
}
?>

I then get a t-bar error and the code validation code doesn't work. I will have another play tomorrow as its late.

Can you advise if i got the logic right?

davidj
01-09-2008, 06:51 AM
it looks right

cocoonfx
01-09-2008, 07:48 AM
Very strange i add the if statement again as like last night and now it works.

Thank you!