Need some help with a contact form

[slipondajimmy]

Hey everyone.

I am working on a site and I need to get a contact form working. It sounds dumb but I have it on the page, but what do I need to do to get it to work. Its done in dreamweaver

</style>
<form name="form1" method="post" action="">
<table width="450" border="0">
<tr>
<td width="73">Name</td>
<td width="367"><label>
<input name="name" type="text" id="name">
</label></td>
</tr>
<tr>
<td>Email</td>
<td><label>
<input name="email" type="text" id="email">
</label></td>
</tr>
<tr>
<td>Comment</td>
<td><label>
<textarea name="comment" id="comment"></textarea>
</label></td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="Submit" type="submit" class="button" value="Send">
<input name="Submit2" type="reset" class="button" value="Clear">
</label></td>
</tr>
</table>
</form>

 

[Albino]

you need to use a language like php or javascript to get it to grab the variables

 

[slipondajimmy]

any ideas on a easy way to get it done?

 

[unknowngiver]

hm first of all do you have PHP on your server?
add me on msn i will help u make 1 in php [[email protected]]

 

[slipondajimmy]

I have PHP on my server. I found a script I can use and it will send mail... but no subject or message. And it sends from my server and not a email I specify. Maybe there is something missing

<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php

/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$name = $HTTTP_POST_VARS ['name'];
$email = $HTTP_POST_VARS['email'];
$comment = $HTTP_POST_VARS['comment'];


/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}

/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>

 

[jerometan]

This setting in phpini needs to be changed - sendmail_from
Changing it changes what address appears in the from address.

You need to have a form in order to send mail.
If you don't want to, edit :

$name = $HTTTP_POST_VARS ['name'];
$email = $HTTP_POST_VARS['email'];
$comment = $HTTP_POST_VARS['comment'];

to

$subject = " - Subject - ";
$email = " - To Email - ";
$message = " - To Message - ";

Edit the content inside.

 

[slipondajimmy]

I think I have been working on this to much tonight . I need to give it a rest and try again tommorow.

I just need this http://www.kitcar.ws/test.html (just a test) To function.

Like I said I can get it to send, but with no message and with a server email.

So if anyone can help it would be great

 

[jerometan]

Sorry, missing out on the form posted.

Heres a fix :

<form name="form1" method="post" action="">
<table width="450" border="0">
<tr>
<td width="73">Name</td>
<td width="367"><label>
<input name="name" type="text" id="name">
</label></td>
</tr>
<tr>
<td>Email</td>
<td><label>
<input name="email" type="text" id="email">
</label></td>
</tr>
<tr>
<td>Subject</td>
<td><label>
<input name="subject" type="text" id="subject">
</label></td>
</tr>
<tr>
<td>Message</td>
<td><label>
<textarea name="message" id="message"></textarea>
</label></td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="Submit" type="submit" class="button" value="Send">
<input name="Submit2" type="reset" class="button" value="Clear">
</label></td>
</tr>
</table>
</form>

For the PHP Code :

/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$name = $HTTP_POST_VARS ['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$subject = $HTTP_POST_VARS['subject'];


/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}

/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>

 

[slipondajimmy]

Now im getting this

Method Not Allowed
The requested method POST is not allowed for the URL XXX/XXX.

 

[Kate]

Now im getting this

Method Not Allowed
The requested method POST is not allowed for the URL XXX/XXX.

Maybe you should rename the ext from .html to .php

Also, if you are using third-party code make sure you understand the risk of E-mail injection:
http://www.securephpwiki.com/index.php/Email_Injection

 

[Matthew.]

jerometan, HTTP_POST_VARS? That was depreciated for $_POST autoglobal in php 4.1.

Also as has been said, that code is open to header injections.

 

[slipondajimmy]

Thanks for everyones help. So does anyone have any idea of a simple script I can use. IM putting a site together as a favor to someone and dont really want to spend any money on it.

This should have been simple and done by now..hhaha

 

[Matthew.]

This is my adapted version slipondajimmy, use it if you wish.

<?php
define('_sendto', '[email protected]');

if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
 	foreach($_POST as $key => $value)
	{
 		$_POST[$key] = addslashes(stripslashes($value));
	}
	
	
 	if( !strlen($_POST['e_name']) > 0 )
 	{
 	 	$error[] = 'No name given';
 	}
 	
 	if( !strlen($_POST['e_from']) > 0 )
 	{
 	 	$error[] = 'You did not supply your email';
 	}
 	else
 	{

		if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $_POST['e_from'])) 
		{
		 	$error[] = 'The email given was invalid!';
		}
	}
 	
 	if( !strlen($_POST['e_message']) > 0 )
 	{
 	 	$error[] = 'The message was left blank';
 	}
 	
 	if( count( $error ) > 0 )
 	{
 	 	foreach($error as $value)
 	 	{
 	 	 	echo $value . '<br />';
 	 	}
 	}
 	else
 	{
 	 	$pattern = "/(content-type|bcc:|cc:)/i";
		
		if (preg_match($pattern, $_POST['e_name']) || preg_match($pattern, $_POST['e_from']) || preg_match($pattern, $_POST['e_message'])) 
		{
		 	die('No injections please');
		}
		else
		{
		 
	 	 	if(mail(_sendto, 'Message from contact form', $_POST['e_message'], "From: <{$_POST['e_from']}> {$_POST['e_from']}\r\n
			  																	Reply-To: {$_POST['e_from']}"))
	 	 	{
	 	 	 	echo 'The message was sent!';
	 	 	}
	 	 	else
	 	 	{
	 	 	 	trigger_error('The email could not be sent!', E_USER_WARNING);
	 	 	}
	 	}
 	}
}
else
{
 	?>
 	<form action="?" method="post">
 	Name: 	<input type="text" name="e_name" value="" /><br />
 	Email: 	<input type="text" name="e_from" value="" /><br />
 	Message:<textarea name="e_message"></textarea>
 			<input type="submit" name="submit" value="Send" />
 	</form>
 	
 	<?php
}
?>

Untested, should work.

 

[slipondajimmy]

thanks a bunch. Im still getting this though. I must be missing something

Method Not Allowed
The requested method POST is not allowed for the URL

 

[Matthew.]

I have only ever known that message to appear as sdsinc said when your exstension is .html or .htm

Unless you have created a handler so php will parse in html files (not advised) your file extension must be .php

 

[jerometan]

jerometan, HTTP_POST_VARS? That was depreciated for $_POST autoglobal in php 4.1.

Also as has been said, that code is open to header injections.

I know the code is not secure, and HTTP_POST_VARS shouldnt be used.

However, he asked for his contact form to be fixed with functionality.

So I didn't make much changes to the script (how do i know what PHP version he has).

Rename the file (the one Matthew provided) to *.php.

 

[slipondajimmy]

Thanks everyone. Its working fine now