PHP Question

rkahn144 · 05-28-2007, 10:15 AM

Hey folks -

I have a contact form setup at www.mydomain.com/contact.html .

After someone enters there info, /mail.php processes it and they are then returned to my homepage.

An issue I am having is that people (or bots) are going to /mail.php directly which causes me to have a blank contact form sent to me.

Is there a way to restrict individuals from going directly to /mail.php or to prevent the blank contact forms from being sent to me?

Any suggestions will be appreciated. Thanks!

monaco · 05-28-2007, 10:20 AM

You could use mod_rewrite to check the referrer and handle it at the httpd level

OR

You could use PHP's $_SERVER['HTTP_REFERER'] property to just not submit the form.

Dan · 05-28-2007, 10:33 AM

You could check if there is anything in the message variable. Post the code of mail.php and someone can edit it for you.

monaco · 05-28-2007, 10:39 AM

Originally Posted by Dan

You could check if there is anything in the message variable. Post the code of mail.php and someone can edit it for you.

He mentioned bots might be doing it. I proposed my solution because it could help him avoid getting spammed when the spam crawler bots decide to shove it full of advertisements.
????: NamePros.com http://www.namepros.com/programming/332883-php-question.html

But yea, post the code, all of the techniques mentioned are simple < 2 minute edits.

Wildhoney · 05-28-2007, 10:56 AM

Alternatively you could use an image verification such as Captcha. This will typically prevent bots from bypassing the form without entering the correct code. It need not be anything complex as the only sites that have to worry about their complexity would be such sites like Gmail, who would be a prime target for people trying to decipher their verification image.

Barrucadu · 05-28-2007, 10:59 AM

You could just use this:

PHP Code:

 
//Put this immediatly after the <?php tag

if(!isset($_POST['variable_name']) || empty($_POST['variable_name'])){

     header('Location: http://www.domain.com/page.php');

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
}

rkahn144 · 05-28-2007, 11:35 AM

Mikor or anybody else...if you could mod this and make the code that you add in bold so I can see it, that would be appreciated.

<?
????: NamePros.com http://www.namepros.com/showthread.php?t=332883
$company_name = $_REQUEST['company_name'] ;
$first_name = $_REQUEST['first_name'] ;
$last_name = $_REQUEST['last_name'] ;
$title = $_REQUEST['title'] ;
$address = $_REQUEST['address'] ;
$city = $_REQUEST['city'] ;
$state = $_REQUEST['state'] ;
$zip = $_REQUEST['zip'] ;
$phone = $_REQUEST['phone'] ;
$email = $_REQUEST['email'] ;
$hearaboutus = $_REQUEST['hearaboutus'] ;
$number_of_employee = $_REQUEST['number_of_employee'] ;
$industry = $_REQUEST['industry'] ;
$description = $_REQUEST['description'] ;
mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description");
?>
<script>

</script>
<?php
exit;?>

Barrucadu · 05-28-2007, 11:41 AM

PHP Code:

  <?php

//The script will ONLY send the email if all the values are sent, and none of them are empty

 
if(isset($_REQUEST['company_name'])&&!empty($_REQUEST['company_name'])&&

isset($_REQUEST['first_name'])&&!empty($_REQUEST['first_name'])&&

isset($_REQUEST['last_name'])&&!empty($_REQUEST['last_name'])&&

isset($_REQUEST['title'])&&!empty($_REQUEST['title'])&&

isset($_REQUEST['address'])&&!empty($_REQUEST['address'])&&

isset($_REQUEST['city'])&&!empty($_REQUEST['city'])&&

isset($_REQUEST['state'])&&!empty($_REQUEST['state'])&&

isset($_REQUEST['zip'])&&!empty($_REQUEST['zip'])&&

isset($_REQUEST['phone'])&&!empty($_REQUEST['phone'])&&

isset($_REQUEST['email'])&&!empty($_REQUEST['email'])&&

isset($_REQUEST['hearaboutus'])&&!empty($_REQUEST['hearaboutus'])&&

isset($_REQUEST['number_of_employee'])&&!empty($_REQUEST['number_of_employee'])&&

isset($_REQUEST['industry'])&&!empty($_REQUEST['industry'])&&

isset($_REQUEST['description'])&&!empty($_REQUEST['description'])){

     $company_name = $_REQUEST['company_name'];

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
     $first_name = $_REQUEST['first_name'];

     $last_name = $_REQUEST['last_name'];

     $title = $_REQUEST['title'];

     $address = $_REQUEST['address'];

     $city = $_REQUEST['city'];

     $state = $_REQUEST['state'];

     $zip = $_REQUEST['zip'];

     $phone = $_REQUEST['phone'];

     $email = $_REQUEST['email'];

     $hearaboutus = $_REQUEST['hearaboutus'];

     $number_of_employee = $_REQUEST['number_of_employee'];

     $industry = $_REQUEST['industry'];

     $description = $_REQUEST['description'];

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
     mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description");

}

 
header('Location: home.php');

?>

rkahn144 · 05-28-2007, 01:14 PM

Mikor - thanks for the post.

The fields that we require in the HTML contact form are:
company_name
first_name
last_name
address
city
state
phone
email

Is there a way that the php form that you posted could be modded for this?

Barrucadu · 05-28-2007, 03:04 PM

Done

PHP Code:

  <?php 

//The script will ONLY send the email if all the values are sent, and none of them are empty 

 
if(isset($_REQUEST['company_name'])&&!empty($_REQUEST['company_name'])&& 

isset($_REQUEST['first_name'])&&!empty($_REQUEST['first_name'])&& 

isset($_REQUEST['last_name'])&&!empty($_REQUEST['last_name'])&& 

isset($_REQUEST['address'])&&!empty($_REQUEST['address'])&& 

isset($_REQUEST['city'])&&!empty($_REQUEST['city'])&& 

isset($_REQUEST['state'])&&!empty($_REQUEST['state'])&& 

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
isset($_REQUEST['phone'])&&!empty($_REQUEST['phone'])&& 

isset($_REQUEST['email'])&&!empty($_REQUEST['email'])){ 

     $company_name = $_REQUEST['company_name']; 

     $first_name = $_REQUEST['first_name']; 

     $last_name = $_REQUEST['last_name']; 

     $title = $_REQUEST['title']; 

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
     $address = $_REQUEST['address']; 

     $city = $_REQUEST['city']; 

     $state = $_REQUEST['state']; 

     $zip = $_REQUEST['zip']; 

     $phone = $_REQUEST['phone']; 

     $email = $_REQUEST['email']; 

     $hearaboutus = $_REQUEST['hearaboutus']; 

     $number_of_employee = $_REQUEST['number_of_employee']; 

     $industry = $_REQUEST['industry']; 

     $description = $_REQUEST['description']; 

     mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description"); 

} 

 
header('Location: home.php'); 

?>

Eric · 05-28-2007, 03:32 PM

1.) Do not use $_REQUEST, use the proper $_POST or $_GET
2.) Here's another way:

PHP Code:

  <?php

 
// Array of field name => required (true or false)

$fields = array(

    'company_name'       => true,

    'first_name'         => true,

    'last_name'          => true,

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
    'address'            => true,

    'city'               => true,

    'state'              => true,

    'phone'              => true,

    'email'              => true,

    'zip'                => false,

    'country'            => false,

    'hearaboutus'        => false,

    'number_of_employee' => false,

    'industry'           => false,

    'description'        => false

);

 
$empty = array();

 
foreach ($fields AS $field => $required)

{

    if (($required) AND (!isset($_POST[$field]) OR empty($_POST[$field]))

    {

        $empty[$field] = 1;

    }

}

 
//The script will ONLY send the email if all the values are sent, and none of them are empty 

if(count($empty) == 0)

{

    foreach ($fields AS $field => $required)

????: NamePros.com http://www.namepros.com/showthread.php?t=332883
    {

        $$field = trim(stripslashes(strip_tags($_POST[$field])));

    }

 
    mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description");

}

 
header('Location: home.php');

exit;

 
?>

05-28-2007, 10:15 AM	THREAD STARTER #1 (permalink)
rkahn144 NamePros Member Join Date: Feb 2006 Posts: 97	PHP Question Hey folks - I have a contact form setup at www.mydomain.com/contact.html . After someone enters there info, /mail.php processes it and they are then returned to my homepage. An issue I am having is that people (or bots) are going to /mail.php directly which causes me to have a blank contact form sent to me. Is there a way to restrict individuals from going directly to /mail.php or to prevent the blank contact forms from being sent to me? Any suggestions will be appreciated. Thanks!

05-28-2007, 10:20 AM	#2 (permalink)
monaco NamePros Regular Join Date: Jul 2005 Location: Tucson, AZ Posts: 689	You could use mod_rewrite to check the referrer and handle it at the httpd level OR You could use PHP's $_SERVER['HTTP_REFERER'] property to just not submit the form. __________________ My Website \| My Blog

05-28-2007, 10:59 AM	#6 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	You could just use this: PHP Code: `//Put this immediatly after the <?php tag if(!isset($_POST['variable_name']) \|\| empty($_POST['variable_name'])){ header('Location: http://www.domain.com/page.php'); ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 }` __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

05-28-2007, 11:41 AM	#8 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	PHP Code: <?php //The script will ONLY send the email if all the values are sent, and none of them are empty if(isset($_REQUEST['company_name'])&&!empty($_REQUEST['company_name'])&& isset($_REQUEST['first_name'])&&!empty($_REQUEST['first_name'])&& isset($_REQUEST['last_name'])&&!empty($_REQUEST['last_name'])&& isset($_REQUEST['title'])&&!empty($_REQUEST['title'])&& isset($_REQUEST['address'])&&!empty($_REQUEST['address'])&& isset($_REQUEST['city'])&&!empty($_REQUEST['city'])&& isset($_REQUEST['state'])&&!empty($_REQUEST['state'])&& isset($_REQUEST['zip'])&&!empty($_REQUEST['zip'])&& isset($_REQUEST['phone'])&&!empty($_REQUEST['phone'])&& isset($_REQUEST['email'])&&!empty($_REQUEST['email'])&& isset($_REQUEST['hearaboutus'])&&!empty($_REQUEST['hearaboutus'])&& isset($_REQUEST['number_of_employee'])&&!empty($_REQUEST['number_of_employee'])&& isset($_REQUEST['industry'])&&!empty($_REQUEST['industry'])&& isset($_REQUEST['description'])&&!empty($_REQUEST['description'])){ $company_name = $_REQUEST['company_name']; ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 $first_name = $_REQUEST['first_name']; $last_name = $_REQUEST['last_name']; $title = $_REQUEST['title']; $address = $_REQUEST['address']; $city = $_REQUEST['city']; $state = $_REQUEST['state']; $zip = $_REQUEST['zip']; $phone = $_REQUEST['phone']; $email = $_REQUEST['email']; $hearaboutus = $_REQUEST['hearaboutus']; $number_of_employee = $_REQUEST['number_of_employee']; $industry = $_REQUEST['industry']; $description = $_REQUEST['description']; ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description"); } header('Location: home.php'); ?> __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

05-28-2007, 03:04 PM	#10 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	Done PHP Code: <?php //The script will ONLY send the email if all the values are sent, and none of them are empty if(isset($_REQUEST['company_name'])&&!empty($_REQUEST['company_name'])&& isset($_REQUEST['first_name'])&&!empty($_REQUEST['first_name'])&& isset($_REQUEST['last_name'])&&!empty($_REQUEST['last_name'])&& isset($_REQUEST['address'])&&!empty($_REQUEST['address'])&& isset($_REQUEST['city'])&&!empty($_REQUEST['city'])&& isset($_REQUEST['state'])&&!empty($_REQUEST['state'])&& ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 isset($_REQUEST['phone'])&&!empty($_REQUEST['phone'])&& isset($_REQUEST['email'])&&!empty($_REQUEST['email'])){ $company_name = $_REQUEST['company_name']; $first_name = $_REQUEST['first_name']; $last_name = $_REQUEST['last_name']; $title = $_REQUEST['title']; ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 $address = $_REQUEST['address']; $city = $_REQUEST['city']; $state = $_REQUEST['state']; $zip = $_REQUEST['zip']; $phone = $_REQUEST['phone']; $email = $_REQUEST['email']; $hearaboutus = $_REQUEST['hearaboutus']; $number_of_employee = $_REQUEST['number_of_employee']; $industry = $_REQUEST['industry']; $description = $_REQUEST['description']; mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description"); } header('Location: home.php'); ?> __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

05-28-2007, 10:33 AM	#3 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,796	You could check if there is anything in the message variable. Post the code of mail.php and someone can edit it for you.

05-28-2007, 10:56 AM	#5 (permalink)
Wildhoney NamePros Member Join Date: Sep 2006 Posts: 78	Alternatively you could use an image verification such as Captcha. This will typically prevent bots from bypassing the form without entering the correct code. It need not be anything complex as the only sites that have to worry about their complexity would be such sites like Gmail, who would be a prime target for people trying to decipher their verification image.

05-28-2007, 11:35 AM	THREAD STARTER #7 (permalink)
rkahn144 NamePros Member Join Date: Feb 2006 Posts: 97	Mikor or anybody else...if you could mod this and make the code that you add in bold so I can see it, that would be appreciated. <? ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 $company_name = $_REQUEST['company_name'] ; $first_name = $_REQUEST['first_name'] ; $last_name = $_REQUEST['last_name'] ; $title = $_REQUEST['title'] ; $address = $_REQUEST['address'] ; $city = $_REQUEST['city'] ; $state = $_REQUEST['state'] ; $zip = $_REQUEST['zip'] ; $phone = $_REQUEST['phone'] ; $email = $_REQUEST['email'] ; $hearaboutus = $_REQUEST['hearaboutus'] ; $number_of_employee = $_REQUEST['number_of_employee'] ; $industry = $_REQUEST['industry'] ; $description = $_REQUEST['description'] ; mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description"); ?> <script> <!-- window.location= "/home.html" //--> </script> <?php exit;?>

05-28-2007, 01:14 PM	THREAD STARTER #9 (permalink)
rkahn144 NamePros Member Join Date: Feb 2006 Posts: 97	Mikor - thanks for the post. The fields that we require in the HTML contact form are: company_name first_name last_name address city state phone email Is there a way that the php form that you posted could be modded for this?

05-28-2007, 03:32 PM	#11 (permalink)
Eric Senior Member Join Date: Mar 2005 Posts: 4,948	1.) Do not use $_REQUEST, use the proper $_POST or $_GET 2.) Here's another way: PHP Code: <?php // Array of field name => required (true or false) $fields = array( 'company_name' => true, 'first_name' => true, 'last_name' => true, ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 'address' => true, 'city' => true, 'state' => true, 'phone' => true, 'email' => true, 'zip' => false, 'country' => false, 'hearaboutus' => false, 'number_of_employee' => false, 'industry' => false, 'description' => false ); $empty = array(); foreach ($fields AS $field => $required) { if (($required) AND (!isset($_POST[$field]) OR empty($_POST[$field])) { $empty[$field] = 1; } } //The script will ONLY send the email if all the values are sent, and none of them are empty if(count($empty) == 0) { foreach ($fields AS $field => $required) ????: NamePros.com http://www.namepros.com/showthread.php?t=332883 { $$field = trim(stripslashes(strip_tags($_POST[$field]))); } mail("NAME@NAME.com","Contact Request"," Contact name: $company_name\n First Name: $first_name\n Last Name: $last_name\n Title: $title\n Address: $address\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Phone: $phone\n Email: $email\n Hear about us: $hearaboutus\n Number of Employees: $number_of_employee\n Industry: $industry\n Comments: $description"); } header('Location: home.php'); exit; ?>

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)