HDTV Services On Freeview (Update) »
« PHP Email Address Validation
PHP Contact Form With Simple Spam Filtering

Posted on Sunday 25 February 2007

Here is some code to handle a simple contact form and email it to someone. This is another piece of code that has grown at of various sources, the is_dodgy function and usage came from a contact form plugin for wordpress which can be downloaded from http://chip.cuccio.us/projects/contact-form-ii/. You'll need to download XPertMailer from http://xpertmailer.sourceforge.net/ and put the files in the same directory as your contact code. XPertMailer handles the actual mailing, the php mail() function isn't very good and is open to all sorts of abuse by spammers if the coder has been slack.

You may also want to include my email validation code in with this script to check the incoming email address is valid.

I'll be posting up another version of this script with akismet filtering for the spam soon.

Show Plain Text Version
PHP:
  1. <?php
  2.  
  3. function is_dodgy($input) {
  4.         $is_malicious = false;
  5.         $bad_inputs = array("<", ">", "&lt;", "&gt", "mime-version", "content-type", "cc:", "bcc:", "to:", "<a href", "</a>", "http://", "[/URL]", "[URL=");
  6.         foreach($bad_inputs as $bad_input) {
  7.                 if(strpos(strtolower($input), strtolower($bad_input)) !== false) {
  8.                         $is_malicious = true; break;
  9.                 }
  10.         }
  11.         return $is_malicious;
  12. }
  13.  
  14. if (isset($_POST['send']))
  15. {
  16.     $error_mesage = "";
  17.  
  18.     $to = "youremail@address.com";
  19.     $from = "";
  20.     $subject = "";
  21.     $message = "";
  22.  
  23.     if (isset($_POST['from']))
  24.     {
  25.         $from = stripslashes(trim($_POST['from']));
  26.     }
  27.  
  28.     if (isset($_POST['subject']))
  29.     {
  30.         $subject = stripslashes(trim($_POST['subject']));
  31.     }
  32.  
  33.     if (isset($_POST['message']))
  34.     {
  35.         $message = stripslashes(trim($_POST['message']));
  36.     }
  37.  
  38.     if ($from == "")
  39.     {
  40.         $error_message .= "Please enter your e-mail address<br>";
  41.     }
  42.  
  43.     if ($subject == "")
  44.     {
  45.         $error_message .= "Please enter a subject<br>";
  46.     }
  47.  
  48.     if ($message == "")
  49.     {
  50.         $error_message .= "Please enter a message<br>";
  51.     }
  52.  
  53.     $dodgy = false;
  54.  
  55.     if (is_dodgy($from) || is_dodgy($subject))
  56.     {
  57.         $dodgy = true;
  58.     }
  59.     else if (stristr($from, "\r") || stristr($from, "\n") || stristr($subject, "\r") || stristr($subject, "\n"))
  60.     {
  61.         $dodgy = true;
  62.     }
  63.  
  64.     if ($dodgy)
  65.     {
  66.         $error_message = "I'm sorry but you've passed illegal content, please try again";
  67.     }
  68.  
  69.     if ($error_message == "")
  70.     {
  71.         require_once "smtp.php";
  72.  
  73.         // turn off errors
  74.         error_reporting(false);
  75.  
  76.         // 0 -> no time limit
  77.         set_time_limit(0);
  78.  
  79.         $mail = new SMTP;
  80.         if ($mail->From($from))
  81.         {
  82.             $mail->AddTo($to);
  83.             $mail->Text($message);
  84.             $sent = $mail->Send($subject);
  85.  
  86.             if ($sent)
  87.             {
  88.                 echo "Thank you for your message, we will attempt to contact you shortly";
  89.             }
  90.             else
  91.             {
  92.                 echo "Thank you for your message, however there was an error whilst sending the e-mail. Please try again later";
  93.             }
  94.         }
  95.         else
  96.         {
  97.             $error_message .= "Your email address appears to be invalid<br>";
  98.         }
  99.     }
  100. }
  101.  
  102. if (!isset($_POST['send']) || (isset($_POST['send']) && $error_message))
  103. {
  104. ?>
  105.  
  106. <p>Please contact us using the form below, please include contact details so we can contact you back:</p>
  107.  
  108. <?php
  109.  
  110. if ($error_message != "") echo "<p style=\"color: #ff0000\">" . $error_message . "</p>";
  111.  
  112. ?>
  113.  
  114. <form id="contact" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
  115.     <input type="hidden" name="send" value="1">
  116. <table border="0" cellspacing="4" cellpadding="0">
  117.     <tr><td>E-mail :</td><td><input class="contact_input" type="text" name="from" size="20" maxlength="255" value="<?php echo htmlspecialchars($from) ?>"></td></tr>
  118.     <tr><td>Subject :</td><td><input class="contact_input" type="text" name="subject" size="20" maxlength="255" value="<?php echo htmlspecialchars($subject) ?>"></td></tr>
  119.     <tr><td valign="top">Message :</td><td><textarea class="contact_input" rows="8" cols="50" name="message"><?php echo htmlspecialchars($message) ?></textarea></td></tr>
  120.     <tr><td></td><td align="left"><input type="submit" value="Send Message"> <input type="reset" value="Reset Form"></td></tr>
  121. </table>
  122. </form>
  123.  
  124. <?php } ?>


No comments have been added to this post yet.

Leave a comment

(required)

(required)


Information for comment users
Line and paragraph breaks are implemented automatically. Your e-mail address is never displayed. Please consider what you're posting.

Use the buttons below to customise your comment.


RSS feed for comments on this post | TrackBack URI