Menu
hey guys, this issue is killin’ me. i need another set of eyes. i grabbed a standard php contact form script with captcha and made a few adjustments. i added an email array and dropdown to select a department(chooses an addy within the array) i’ve also echoed the results as opposed to shooting over to a ‘thank you’ page. my problem is my form will send regardless of my department choice, and i’ll get a ‘message sent’ and ‘invalid department’ error and the form stays filled in once sent. can anybody help me out?
test here:
[url]http://getrapidcharge.com/rcsite/contact.php
HANDLER
[code=php]<?php
session_start();
$errors = ”;
$name = ”;
$visitor_email = ”;
$visitor_telephone = ”;
$visitor_subject = ”;
$visitor_hear = ”;
$user_message = ”;
$your_email = ”;
$department = ”;
$contactAry = array(
‘Sales’ => ‘[email protected]’,
‘Advertising’ => ‘[email protected]’,
);
if(isset($_POST[‘submit’]))
{
$name = $_POST[‘name’];
$visitor_email = $_POST[’email’];
$visitor_telephone = $_POST[‘telephone’];
$visitor_subject = $_POST[‘subject’];
$visitor_hear = $_POST[‘hear’];
$user_message = $_POST[‘message’];
$your_email = $_POST[‘department’];
///————Do Validations————-
if(!array_key_exists($_POST[‘department’], $contactAry))
{
$invaliddept = ”;
$invaliddept .= “<p class=’fail’ align=’center’>Invalid department</p>”;
}
else
{
$your_email = $contactAry[$_POST[‘department’]];
}
if(empty($name)||empty($visitor_email))
{
$errors .= “n<p class=’captcha-miss’ align=’center’>Please Fill out Required Fields.</p>”;
}
if(IsInjected($visitor_email))
{
$errors .= “n Bad email entry!”;
}
if(empty($_SESSION[‘6_letters_code’] ) ||
strcasecmp($_SESSION[‘6_letters_code’], $_POST[‘6_letters_code’]) != 0)
{
//Note: the captcha code is compared case insensitively.
//if you want case sensitive match, update the check above to
// strcmp()
$errors .= “n <p class=’captcha-miss’ align=’center’>The captcha code does not match!</p>”;
}
if(empty($errors))
{
//send the email
$to = $your_email;
$subject=”Form Submission From Contact Page”;
$from = $your_email;
$ip = isset($_SERVER[‘REMOTE_ADDR’]) ? $_SERVER[‘REMOTE_ADDR’] : ”;
$body = “$name submitted the contact form for $department:n”.
“Name: $namen”.
“Email: $visitor_email n”.
“Telephone: $visitor_telephone nn”.
“How did you hear about us? $visitor_hear nn”.
“Subject: $visitor_subject nn”.
“Message: n “.
“$user_messagen”.
“IP: $ipn”;
$headers = “From: $from rn”;
$headers .= “Reply-To: $visitor_email rn”;
mail($to, $subject, $body,$headers);
$success = ”;
$success .= “<p class=’success’ align=’center’>Your message sent!</p>”;
}
}
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array(‘(n+)’,
‘(r+)’,
‘(t+)’,
‘(%0A+)’,
‘(%0D+)’,
‘(%08+)’,
‘(%09+)’
);
$inject = join(‘|’, $injections);
$inject = “/$inject/i”;
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
FORM
[code=php]<?php echo $success; ?>
<?php echo $invaliddept; ?>
<?php
if(!empty($errors)){
echo “<p class=’err’>”.nl2br($errors).”</p>”;
}
?>
<div id=’contact_form_errorloc’ class=’err’></div>
<form method=”POST” name=”contact_form”
action=”<?php echo htmlentities($_SERVER[‘PHP_SELF’]); ?>”>
<p>
<label for=’department’><strong>Department</strong></label><br>
<select name=”department” id=”department”>
<option>Select Department…</option>
<?php
foreach($contactAry as $department => $your_email)
{
echo “<option value=’$department’>$department</option>n”;
}
?>
</select>
</p>
<p>
<label for=’name’><strong>Name</strong></label><br>
<input type=”text” name=”name” value='<?php echo htmlentities($name) ?>’ class=”contact_input shadow”>
</p>
<p>
<label for=’email’><strong>Email</strong></label><br>
<input type=”text” name=”email” value='<?php echo htmlentities($visitor_email) ?>’ class=”contact_input shadow”>
</p>
<p>
<label for=’telephone’><strong>Telephone</strong></label><br>
<input type=”text” name=”telephone” value='<?php echo htmlentities($visitor_telephone) ?>’ class=”contact_input shadow”>
</p>
<p>
<label for=’hear’><strong>How did you hear about us?</strong></label><br>
<input type=”text” name=”hear” value='<?php echo htmlentities($visitor_hear) ?>’ class=”contact_input shadow”>
</p>
<p>
<label for=’subject’><strong>Subject</strong></label><br>
<input type=”text” name=”subject” value='<?php echo htmlentities($visitor_subject) ?>’ class=”contact_input shadow”>
</p>
<p>
<label for=’message’><strong>Message</strong></label> <br>
<textarea name=”message” rows=8 cols=35 style=”border:none;width:310px;” class=”shadow”><?php echo htmlentities($user_message) ?></textarea>
</p>
<p>
<img src=”script/captcha_code_file.php?rand=<?php echo rand(); ?>” id=’captchaimg’ ><br />
<label for=’message’>Enter the code above here:</label><br>
<input id=”6_letters_code” name=”6_letters_code” type=”text” style=”border:none;” class=”shadow”><br />
<small>Can’t read the image? click <a href=’javascript: refreshCaptcha();’>here</a> to refresh</small>
</p>
<input type=”submit” value=”Submit” name=’submit’ class=”rapidcharge-contact-btn”>
</form>
<script>
var frmvalidator = new Validator(“contact_form”);
//remove the following two lines if you like error message box popups
frmvalidator.EnableOnPageErrorDisplaySingleBox();
frmvalidator.EnableMsgsTogether();
frmvalidator.addValidation(“department”,”req”,”You forgot to choose a department!”);
frmvalidator.addValidation(“name”,”req”,”You forgot to enter your name!”);
frmvalidator.addValidation(“email”,”req”,”You forgot to enter your email!”);
frmvalidator.addValidation(“subject”,”req”,”You forgot to enter a subject!”);
frmvalidator.addValidation(“hear”,”req”,”How did you hear about us?”);
frmvalidator.addValidation(“message”,”req”,”No message? hrmph!”);
</script>
<script>
function refreshCaptcha()
{
var img = document.images[‘captchaimg’];
img.src = img.src.substring(0,img.src.lastIndexOf(“?”))+”?rand=”+Math.random()*1000;
}
</script>