Simple Contact Form (UPDATED)

[Eric]

This is an update of my Simple Contact Form script that I posted here which is very old and has many vulnerabilities.

(all functions pulled from my Domain Name Portfolio script )

Current Version: 1.0.7 (July 25, 2008)

Changelog:
1.0.7
-Removed option for HTML email
-Script now uses a config file 'sc_config.php' in 'sc_includes'
-There are other changes, but I can't recall everything.
-Cleaned up code and HTML

1.0.6
-Replaced current captcha with a whole new class and fonts
-Added a captcha image refresh
-Added new email headers
-Cleaned up code

1.0.5
-New constant, USE_HTML - if set to false, HTML won't be used for email.
-Added a new font "Acens.ttf" and removed one.
-New function to determine if the server has GD and freetype support.
-JS validation added to contact form (just checks if fields are empty atm)
-Overall code cleanup.

1.0.4
-New constant, USE_CAPTCHA - if set to false, CAPTCHA won't be used.
-Overall code cleanup.

1.0.3
-New constant, SPAM_NUM_LINKS, for the is_spam function.
-Added CAPTCHA (requires GD2 w/FreeType)

1.0.2
-Improved functions + the new 'is_spam' function
-New email headers (taken from phpBB's emailer class, and modified a tad)

1.0.1
-Functions file, with several functions to properly 'sanitize' input.
-Better error handling, and email validation regex
-Licensed under the GNU GPL

Attached (or you can download here: http://code.google.com/p/simple-contact-form/ ). Let me know if you have any problems.

 

[IAmAllanShore]

Note your url location on that one:
http://www.biospherical.net/%3C?php%20echo%20$_SERVER['PHP_SELF'];%20?%3E
I don't know .php , but I know I fixed all my problems with the script by chmod'ing everything correctly...
Best,
-Allan :gl:

 

[B33R]

Try renaming the file to .php rather than .html.

Also remove all this stuff from the top

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

	<title>BioSpherical | Contact</title>
	<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
	<meta name="author" content="TPC - BioSpherical" />
	<meta name="copyright"	content="Copyright 2006 BioSpherical" />	
	<meta name="keywords" content="" />
	<meta name="description" content="" />	
	<meta http-equiv="imagetoolbar" content="no" />

	<link href="bc-stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<html>
<body>
<script>

and also the </script> tag from the bottom. If you want all those head tags in the file, there's already a place in the php file to put it, go to line 51 and you'll see it.

In the end, with the head tags you included, your file should look something like this - making sure it's called contact.php rather than .html -

<?php

/***************************************************************************
*
*   Author   : Eric Sizemore ( [url]www.secondversion.com[/url] )
*   Package  : SV's Simple Contact
*   Version  : 1.0.3
*   Copyright: (C) 2005-2006 Eric Sizemore
*   Site     : [url]www.secondversion.com[/url]
*   Email    : [email][email protected][/email]
*   File     : contact.php
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
*   This program is distributed in the hope that it will be useful,
*   but WITHOUT ANY WARRANTY; without even the implied warranty of
*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*   GNU General Public License for more details.
*
***************************************************************************/

session_start();

// ####################### Define Important Constants #######################
define('IN_SC', true);

// The email address form submissions will be sent to
define('EMAIL', '[email protected]');

// Your site/domain name
define('SITE_NAME', 'YourSite.com');

// The subject of the form submissions
define('SUBJECT', 'Message from ' . SITE_NAME);

// This must be numeric, see [url]www.php.net/wordwrap[/url]
define('MSG_WORD_WRAP', 75);

// Used for the is_spam function
// The number of links the message must contain to be flagged as spam
define('SPAM_NUM_LINKS', 3);

// ############################### Functions ################################
require_once('includes/functions.php');

// ################################## HTML ##################################
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

	<title>BioSpherical | Contact</title>
	<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
	<meta name="author" content="TPC - BioSpherical" />
	<meta name="copyright"	content="Copyright 2006 BioSpherical" />	
	<meta name="keywords" content="" />
	<meta name="description" content="" />	
	<meta http-equiv="imagetoolbar" content="no" />

	<link href="bc-stylesheet.css" rel="stylesheet" type="text/css" />
</head>

<body>

<h2>Contact</h2>
<p>Please use the following form to contact us. We will respond as soon as possible.</p>
<p>Fields marked by * are required.</p>
<br />
<?php

// ############################ Main Script Start ###########################
if (isset($_POST['submit']) AND $_POST['submit'] != '')
{
    $name = sanitize($_POST['sender_name']);
    $email = sanitize($_POST['sender_email']);
    $message = wordwrap(sanitize($_POST['sender_message'], false), MSG_WORD_WRAP);
    $message = str_replace("\n", '<br>', $message);
    $captcha = sanitize($_POST['captcha']);
    $ip = get_ip();

    if (empty($name) OR empty($email) OR empty($message) OR is_email_injection($name))
    {
        echo 'One or more required fields left blank. Please try again.';
    }
    else if (!is_valid_email($email) OR is_email_injection($email))
    {
        echo 'E-mail is invalid. Please try again.';
    }
    else if (is_spam($message))
    {
        echo 'Sorry, but your message seemed a bit like spam.';
    }
    else if (md5($captcha) != $_SESSION['sc_captcha_code'])
    {
        echo 'The code you entered does not match the code in the image, please try again.';
    }
    else
    {
        $headers = 'From: ' . $name . ' <' . $email . '>' . "\n";
        $headers .= 'Message-ID: <' . md5(uniqid(time())) . '@' . $_SERVER['HTTP_HOST'] . '>' . "\n";
        $headers .= 'MIME-Version: 1.0' . "\n";
        $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
        $headers .= 'Content-transfer-encoding: 8bit' . "\n";
        $headers .= 'Date: ' . date('r', time()) . "\n";
        $headers .= 'X-Priority: 3' . "\n";
        $headers .= 'X-MSMail-Priority: Normal' . "\n";
        $headers .= 'X-Mailer: PHP/' . PHP_VERSION . "\n";
        $headers .= 'X-MimeOLE: Produced By SVs SimpContact v1.0.3' . "\n";

        $send = mail(EMAIL, SUBJECT, "
<html>
<head>
<title>Email from $name</title>
</head>

<body>

<table align=\"center\" cellpadding=\"2\" cellspacing=\"1\">
<tr>
  <td colspan=\"2\">Someone from " . SITE_NAME . " has sent you a message, it is below.</td>
</tr>
<tr>
  <td><b>Sender's name:</b></td>
  <td>$name</td>
</tr>
<tr>
  <td><b>Sender's Email:</b></td>
  <td>$email</td>
</tr>
<tr>
  <td><b>Sender's IP:</b></td>
  <td>$ip</td>
</tr>
<tr>
  <td valign=\"top\"><b>Message:</b></td>
  <td>$message</td>
</tr>
</table>

</body>
</html>
", $headers);

        if ($send)
        {
            echo 'Thank you, ' . $name . ', for contacting us. We will respond asap.';
        }
        else
        {
            echo 'Seems to have been a problem sending the email. Please try again.';
        }
    }
}
else
{
?>
<table cellpadding="2" cellspacing="2">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="display: inline;">
<tr>
  <td><strong>Name:*</strong></td>
  <td><input type="text" name="sender_name"></td>
</tr>
<tr>
  <td><strong>E-mail:*</strong></td>
  <td><input type="text" name="sender_email"></td>
</tr>
<tr>
  <td valign="top"><strong>Message:*</strong></td>
  <td><textarea name="sender_message" rows="5" cols="50"></textarea></td>
</tr>
<tr>
  <td> </td>
  <td><img src="captcha.php" border="0" width="252" height="81" alt="CAPTCHA Image" title="CAPTCHA Image"></td>
</tr>
<tr>
  <td><strong>Code:*</strong> (above)</td>
  <td><input type="text" name="captcha" maxlength="5"></td>
</tr>
<tr>
  <td> </td>
  <td><input type="submit" name="submit" value="Submit" style="float: right;"></td>
</tr>
</form>
</table>
<?php
}
?>
<br />
<p>Powered by <a href="http://www.secondversion.com">SVs Simple Contact v1.0.3</a></p>

</body>
</html>

 

[thepurplecow]

Thanks a lot B33R, it seems to work now!! (http://www.biospherical.net/contact.php)

Just to check, there's no way to use the form in a .html file?

Also, off topic, is there any way (using any web language) to use the html of one page in another, but with a simple command?? For example, on line of code takes the html from a specified page??! (I'm probably sounding stupid, but I don't know anything more than basic PHP - HTML and similar languages are the only ones I have a sort-of grasp on!!).

 

[IAmAllanShore]

iframe the entire thing into a .html file?

That should work, no?

-Allan

 

[thepurplecow]

Thank you Allan!...don't know why I didn't think of that!!

 

[Barrucadu]

If you are using PHP, you can do this:

<?php include 'file.html'; ?>

 

[thepurplecow]

Sorry about thsi, but I have another problem. For other reasons, I've decided to change all the pages in my site to .php, not .html as they were before. But now something has happened to my contact page. Before, I used an iframe for the contact form, but as its now .php, I don't need to do this.

See:
http://www.biospherical.net/contact.php

You'll see:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/biospher/public_html/contact.php:8) in /home/biospher/public_html/contact.php on line 33

Anyone know what the problem is?

Thanks in advance!!

 

[B33R]

session_start(); has to be the very first code on the page, after <?php

If you've just used a php include to include the contact form on another page, you need to move the session_start(); code out of contact.php, and to the top of the other file instead.

 

[thepurplecow]

I'm not using a php include, I'm using the full code for the contact form on that page (http://www.biospherical.net/contact.php). Any ideas anyone?

 

[B33R]

I'm not using a php include, I'm using the full code for the contact form on that page (http://www.biospherical.net/contact.php). Any ideas anyone?

Same thing, move the session_start(); to the top of the php file, after the <?php

 

[deu12000]

I tried downloading this, but the download doesn't seem to work.

 

[Flaepru]

It is a nice script... When I was beginner, I always had problems with PHP formularys =P
Anyways, does this formulary accepts HTML formatation?

 

[Eric]

I'm not sure what's going on with attachments.. can't seem to find it on my HD either.. I'll see what I can come up with.

@Flaepru - it strips all HTML from input, if that's what you're asking.

 

[B33R]

I'm not sure what's going on with attachments.. can't seem to find it on my HD either.. I'll see what I can come up with.

I found a copy on my computer - download here.

I made the quick fix that I mentioned in post #21 too. :tu:

 

[tonypony]

Can you send a zip of yr Simple Contact Form as it won't download.

Thks

[email protected]

 

[fried-chicken]

does anyone know how to make this script run with a validation images, to stop robots sending endless email?

 

[IAmAllanShore]

http://www.namepros.com/code/202512-simple-contact-form-updated.html?highlight=captcha

It does... see the "captcha" part of the code - it requires the user to match the disguised text.

-Allan

 

[Eric]

Updated to 1.0.4, see the 1st post.

Note: hasn't been tested, been quite busy but threw a release together If you have any problems, just post here.


-Eric

 

[vivsin]

this image verification thing is not a good idea.

previous version of script was better.

please post older version if somebody have that

 

[Eric]

this image verification thing is not a good idea.

:?

EDIT:
Updated to 1.0.5, see first post.