View Full Version : Problem with PHP Form Script

07-04-2008, 06:11 PM

I have a form setup which works fine but it requires that all fields are complete before you submit.

I want all fields to be required apart from the email address, could anyone have a look at the script and tell me how it needs to be modified to take out the email field from being required.


the script

$after = "thanks.html";
$oops = "oops.html";

if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");
} else {
$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javas cript|alert)/i";
$profanity = "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus |cunillingus|cunnilingus|cunt|ejaculate|fag|felati o|fellatio|****|fuk|fuks|gangbang|gangbanged|gangb angs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|or gasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|p orn|pussies|pussy|spunk|xxx)/i";
$spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazol am|ambien|ambian|amoxicillin|antivert|blackjack|ba ckgammon|texas|holdem|poker|carisoprodol|ciara|cip rofloxacin|debt|dating|porn)/i";
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<p>Known spam bots are not allowed.</p>");
foreach ($_POST as $key => $value) {
$value = trim($value);

if (empty($value)) {
exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>");
} elseif (preg_match($exploits, $value)) {
exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>");
} elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
exit("<p>That kind of language is not allowed through our form.</p>");

$_POST[$key] = stripslashes(strip_tags($value));

if (!ereg("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,6})$",strtolower($_POST['email']))) {
exit("<p>That e-mail address is not valid, please use another.</p>");

$recipient = "07932234312@text.aql.com, jasonhutchinson32@btinternet.com";
$subject = "Web Site Enquiry";

$message .= "Name: {$_POST['name']} \n";
$message .= "Email: {$_POST['email']} \n";
$message .= "Contact: {$_POST['contact']} \n";
$message .= "Address: {$_POST['address']} \n";
$message .= "Postcode: {$_POST['postcode']} \n";
$message .= "Vehicle: {$_POST['vehicle']} \n";
$message .= "Damage: {$_POST['damage']} \n";

$headers .= "Reply-To: <{$_POST['email']}>";

if (mail($recipient,$subject,$message,$headers)) {
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$after\">";
} else {
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$oops\">";

07-05-2008, 07:33 AM
if (empty($value)) {
exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>");
} elseif (preg_match($exploits, $value))

thats your problem.

i think you would have to list all the values to be required ie etc instead. if ($_POST['vehicle']=' '), but maybe there is a way of making an exclusion, :???:

07-05-2008, 09:24 AM
yeah Id spotted the code block I actually tried removing this and the adding form validation via a dw behaviour this worked but every time the submit button was clicked even though the validator appeared the form was sent. This woulldnt be too much of a problem usually but everytime this form is sent a text message is also sent and I dont want to pay for blank messages.

07-05-2008, 09:27 AM
where's David j when you need him he'll be oot on the toon with it being the weekend I bet

07-05-2008, 10:50 AM
this binge drinking malarky is like a retarded dwarf

it isnt big and it isnt clever!

just blew chunks

be with you once i pull myself together

07-05-2008, 03:45 PM
aye I'd appreciate it mate