Simple Contact Form (UPDATED)

[Eric]

This is an update of my Simple Contact Form script that I posted here which is very old and has many vulnerabilities.

(all functions pulled from my Domain Name Portfolio script )

Current Version: 1.0.7 (July 25, 2008)

Changelog:
1.0.7
-Removed option for HTML email
-Script now uses a config file 'sc_config.php' in 'sc_includes'
-There are other changes, but I can't recall everything.
-Cleaned up code and HTML

1.0.6
-Replaced current captcha with a whole new class and fonts
-Added a captcha image refresh
-Added new email headers
-Cleaned up code

1.0.5
-New constant, USE_HTML - if set to false, HTML won't be used for email.
-Added a new font "Acens.ttf" and removed one.
-New function to determine if the server has GD and freetype support.
-JS validation added to contact form (just checks if fields are empty atm)
-Overall code cleanup.

1.0.4
-New constant, USE_CAPTCHA - if set to false, CAPTCHA won't be used.
-Overall code cleanup.

1.0.3
-New constant, SPAM_NUM_LINKS, for the is_spam function.
-Added CAPTCHA (requires GD2 w/FreeType)

1.0.2
-Improved functions + the new 'is_spam' function
-New email headers (taken from phpBB's emailer class, and modified a tad)

1.0.1
-Functions file, with several functions to properly 'sanitize' input.
-Better error handling, and email validation regex
-Licensed under the GNU GPL

Attached (or you can download here: http://code.google.com/p/simple-contact-form/ ). Let me know if you have any problems.

 

[unknownz]

Thansk for making this one, i was using your previous one on a couple of my sites, i will update them right now!

Thanks

 

[Eric]

Cool, and no problem I may expand on it further sometime.

 

[ThaiN]

blah its for vbulletin right? i did it on phpBB hahah but errors

 

[Eric]

Nope...what makes you say that?

 

[navjotjsingh]

There should also be a option for custom subject line...like subject to be input from the user. It would be more useful in that way. And regarding that if one forgets from where did the message came..we can use the text message from sitename in the message text itself.

So it provides user of adding his own subject line also.

 

[PoorDoggie]

if (!defined('IN_SC'))
{
    die();
}

Lovely! Thanks a lot!

No, joking aside, its a very comprehensive and well written script. A little OTT in some places maybe, but I will definitely steal some bits from it for my own contact form if I may!

 

[Tree]

I always take parts of SV's code. But whenever I do, I put

//Thanks to Eric Sizemore (SecondVersion) from NamePros.com

Above it. SV is in more site's code than he knows :p

 

[Eric]

:o

 

[PoorDoggie]

hmm... for you SV, I will put it in <!-- --> comments! As then any wannabe script kiddie who views my source code will see your legacy! :lol:


Tom

 

[blackwizard]

Thanks for the Script, SecondVersion. I will use it in my new Fan Site after it is completed.

 

[Eric]

Updated again

 

[blackwizard]

hey SV, Im going to use that for two of my sites.. Thanks a lot man!

Keep Rockin!

 

[Tree]

Random CAPTCHA would be amazing.

 

[Dan]

audit.php

<?php
 function audit() {
  session_start();
  $digit = $_SESSION['digit'];
  $userdigit = $_POST['captcha']; 
  session_destroy();   
  
  if (($digit == $userdigit) && ($digit > 1)) {
    return true;
  } else {
    return false;
  }
 
}
?>

button.php

<?php

$image = imagecreate(120, 30);

$white    = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
$gray    = imagecolorallocate($image, 0xC0, 0xC0, 0xC0);
$darkgray = imagecolorallocate($image, 0x50, 0x50, 0x50);

srand((double)microtime()*1000000);

for ($i = 0; $i < 10; $i++) {
	$x1 = rand(0,120);
	$y1 = rand(0,30);
	$x2 = rand(0,120);
	$y2 = rand(0,30);
	imageline($image, $x1, $y1, $x2, $y2 , $gray);
}

for ($i = 0; $i < 5; $i++) {
	$cnum[$i] = rand(0,9);
}


for ($i = 0; $i < 5; $i++) {
	$fnt = rand(3,5);
	$x = $x + rand(12 , 20);
	$y = rand(7 , 12); 
	imagestring($image, $fnt, $x, $y, $cnum[$i] , $darkgray); 
}

$digit = "$cnum[0]$cnum[1]$cnum[2]$cnum[3]$cnum[4]";

session_start();
$_SESSION['digit'] = $digit;

header('Content-type: image/png');
imagepng($image);
imagedestroy($image);
  
?>

Add this to your form:

<!-- This isn't setup to match your email script as I don't feel like looking at how you do it right now. -->
<img width="120" height="30" src="button.php" /><br />
<input id="captcha" name="captcha" type="text" value="" /> <label for="captcha">Verification</label>

To test if it's right

<?php
include('audit.php');
if (audit()) {
  // It's right.
} else {
  // It's wrong.
}
?>

edit: Also, add session_start(); to index.php or the main page. [If it's not there.]

 

[Eric]

CAPTCHA added, see first post.

 

[Joey]

I'm getting an error. The script is working fine (I'm getting the eMail), but when the form is submitted, I get the following error:

Warning: Missing argument 2 for is_spam() in /home/zamblo/public_html/contact/includes/functions.php on line 110

Feel free to test yourself at http://www.zamblo.com/contact_us.php.

- Joey

 

[B33R]

Edit functions.php, find this section

function is_spam($value, $numlinks)
{
    preg_match_all('#(<a href|\[url|http:\/\/)#i', $value, $matches, PREG_PATTERN_ORDER);

    if (count($matches[0]) > SPAM_NUM_LINKS)
    {
        return true;
    }
    return false;
}

and remove this part:

, $numlinks

Be sure to remove the comma and space before $numlinks too. That should fix it.

 

[Joey]

Seems that your solution fixed the problem. Thanks!

 

[thepurplecow]

Thanks, looks good, but I'm having some problems.

See:
http://www.biospherical.net/contact1.html (try sending a message).

It may be a simple problem, I don't know.

Any ideas??