Site ‘Contact’ Form Does Not Work…

@MarkyBigBoiAug 29.2013

I’m new to all this and I’m pulling my hair out trying to figure out why my contact form on my web site wont work…

When I fill in my forms required info and send, all I get is a blank page with ‘http://www.pinkpigdesign.co.uk/php/mail_form.php‘ in the URL. Forwarding email address is working perfectly.

Both codes are direct from templates.

My php code:

[code=php] $yourEmail = “[email protected]”; $yourWebsite = “www.pinkpigdesin.co.uk”; $thanksPage = ‘thankyou.html’; $maxPoints = 4; $error_msg = null; $result = null;

function isBot() { $bots = array(“Indy”, “Blaiz”, “Java”, “libwww-perl”, “Python”, “OutfoxBot”, “User-Agent”, “PycURL”, “AlphaServer”, “T8Abot”, “Syntryx”, “WinHttp”, “WebBandit”, “nicebot”);

$isBot = false; foreach ($bots as $bot) if (strpos($_SERVER[‘HTTP_USER_AGENT’], $bot) !== false) $isBot = true;

if (empty($_SERVER[‘HTTP_USER_AGENT’]) || $_SERVER[‘HTTP_USER_AGENT’] == ” “) $isBot = true;

exit(“Bots not allowed.</p>”); }

foreach ($badwords as $word) if (strpos($_POST[‘comments’], $word) !== false) $points += 2;

foreach ($exploits as $exploit) if (strpos($_POST[‘comments’], $exploit) !== false) $points += 2;

if (strpos($_POST[‘comments’], “http://”) !== false || strpos($_POST[‘comments’], “www.”) !== false) $points += 2; if (isset($_POST[‘nojs’])) $points += 1; if (preg_match(“/(<.*>)/i”, $_POST[‘comments’])) $points += 2; if (strlen($_POST[‘name’]) < 3) $points += 1; if (strlen($_POST[‘comments’]) < 15 || strlen($_POST[‘comments’] > 1500)) $points += 2;

foreach ($_POST as $key => $value) $_POST[$key] = trim($value);

if (empty($_POST[‘name’]) || empty($_POST[’email’]) || empty($_POST[‘comments’])) { $error_msg .= “Name, e-mail and comments are required fields. n”; } elseif (strlen($_POST[‘name’]) > 15) { $error_msg .= “The name field is limited at 15 characters. Your first name or nickname will do! n”; } elseif (!preg_match(“/^[a-zA-Z-‘s]*$/”, stripslashes($_POST[‘name’]))) { $error_msg .= “The name field must not contain special characters. n”; } elseif (!preg_match(‘/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+’ . ‘(.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i’, strtolower($_POST[’email’]))) { $error_msg .= “That is not a valid e-mail address. n”; } elseif (!empty($_POST[‘url’]) && !preg_match(‘/^(http|https)://(([A-Z0-9][A-Z0-9_-]*)(.[A-Z0-9][A-Z0-9_-]*)+)(:(d+))?/?/i’, $_POST[‘url’])) $error_msg .= “Invalid website url.”;

if ($error_msg == NULL && $points <= $maxPoints) { $subject = “Automatic Form Email”;

$message = “You received this e-mail message through your website: nn”; foreach ($_POST as $key => $val) { $message .= ucwords($key) . “: ” . clean($val) . “rn”; } $message .= ‘IP: ‘.$_SERVER[‘REMOTE_ADDR’].”rn”; $message .= ‘Browser: ‘.$_SERVER[‘HTTP_USER_AGENT’].”rn”; $message .= ‘Points: ‘.$points;

if (strstr($_SERVER[‘SERVER_SOFTWARE’], “Win”)) { $headers = “From: $yourEmail rn”; $headers .= “Reply-To: {$_POST[’email’]}”; } else { $headers = “From: $yourWebsite <$yourEmail> rn”; $headers .= “Reply-To: {$_POST[’email’]}”; }

if (mail($yourEmail,$subject,$message,$headers)) { if (!empty($thanksPage)) { header(“Location: $thanksPage”); exit; } else { $result = ‘Your mail was successfully sent.’; } } else { $error_msg = ‘Your mail could not be sent this time.’; } } else { if (empty($error_msg)) $error_msg = ‘Your mail looks too much like spam, and could not be sent this time. [‘.$points.’]’; } } function get_data($var) { if (isset($_POST[$var])) echo htmlspecialchars($_POST[$var]); } [/code]

My html code:

[code=html] <form class=”required-form” action=”php/mail_form.php” method=”POST”> <ol class=”forms”>

<li><label for=”first_name”><em class=”required”>*</em> First Name</label> <input type=”text” name=”first_name” id=”first_name” class=”required”></li>

<li><label for=”last_name”><em class=”required”>*</em> Last Name</label> <input type=”text” name=”last_name” id=”last_name” class=”required”></li>

<li><label for=”telephone”>Telephone</label> <input type=”text” name=”telephone” id=”telephone”></li>

<li><label for=”email”><em class=”required”>*</em> Email</label> <input type=”text” name=”email” id=”email” class=”required”></li>

<li><label for=”message”><em class=”required”>*</em> Message</label> <textarea name=”message” id=”message” class=”required” cols=”45″ rows=”5″></textarea></li>

<li class=”buttons submit”><button type=”submit”>Submit</button></li>

</ol> [/code]

I probably can’t see the error for looking so I hope someone can shed some light on this problem… Cheers! ?

to post a comment

PHP

2 Comments(s) _↴

@NogDogAug 29.2013 — #You have an extra "}" right before your function declaration. (This assumes the only thing missing from the PHP code you pasted here is the opening "<?php" tag?)

PS: if the editor you use does not catch syntax errors like that, from the command line you can do the following to check for such:

<i>
 </i>php -l name_of_file.php

@rootAug 29.2013 — #Only other critical remarks I can make are that your $_POST array has not been sanitized in to a safe array for later use in the script.

It is VERY bad practice to store back in to the $_POST array any type of alteration or sanitizing procedure. It has been documented in security papers that the POST array can change should a hacker attempt a double post within milliseconds of pushing good data then bad data.

Example of something to consider...

[code=php]function sanitize($s){return stripslashes(htmlentities(trim($s)));}
 
 if( !isset( $_POST['submit'] ) ) die("Not on form today!");
 
  // create a whitelist array using keys for the inputs accepted and empty values ready to store sanitized inputs
  $safe_POST = array("name"=>"","comments"=>"","email"=>"","url"=>"","nojs"=>"");
 
  // now clean house
  foreach( $safe_POST as $key=>$v) $safe_POST[$key] = sanitize( $_POST[$key] );
 
  $yourEmail = "[email protected]"; 
  $yourWebsite = "www.pinkpigdesin.co.uk"; 
  $thanksPage = 'thankyou.html'; 
  $maxPoints = 4; 
  $error_msg = null;
  $result = null;
 
  function isBot() {
   $bots = array("Indy", "Blaiz", "Java", "libwww-perl", "Python", "OutfoxBot", "User-Agent", "PycURL", "AlphaServer", "T8Abot", "Syntryx", "WinHttp", "WebBandit", "nicebot");
   $isBot = false;
   $isbot = (empty($_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ") ? true : $isBot;
   foreach ($bots as $bot)
   $isBot = strpos($_SERVER['HTTP_USER_AGENT'], $bot)>0 ? true : $isbot;
  return $isBot;
  }
  // run a bot test
  if( isBot() ) die("Bots not allowed.");
 
 
  foreach ($badwords as $word)
   $points += (strpos($safe_POST['comments'], $word)>0 ? 2 : 0;
 
  foreach ($exploits as $exploit)
   $points += (strpos($safe_POST['comments'], $exploit)>0 ? 2 : 0;
 
  $points += (strpos($safe_POST['comments'], "http://") !== false || strpos($safe_POST['comments'], "www.") !== false)>0 ? 2 : 0;
  $points += (isset($safe_POST['nojs']))? 1 : 0;
  $points += (preg_match("/(<.*>)/i", $safe_POST['comments']))? 2 : 0;
  $points += (strlen($safe_POST['name']) < 3)? 1 : 0;
  $points += (strlen($safe_POST['comments']) < 15 || strlen($safe_POST['comments'] > 1500))? 2 : 0;
 
 ........
 [/code]

Remember that strpos returns a NUMERIC value which if nothing is found it is zero, you may want to consider using a regular expression to find any bad words, etc.

Good policy to check if the script is being called because of a form post, if a form post is made, the submit button will be a variable available to test and you can chose to test and run script or not.

Also in #PHP _↴

includes statement wont load up 1 file..Updating Variables How to add extra subscribe options when open RSS feed in browser?

Success!

Help @MarkyBigBoi spread the word by sharing this article on Twitter...

Tweet This

Site ‘Contact’ Form Does Not Work…

2 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Site ‘Contact’ Form Does Not Work…

2 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

2 Comments(s) _↴

Also in #PHP _↴