Simple Contact Form (UPDATED)

[Eric]

This is an update of my Simple Contact Form script that I posted here which is very old and has many vulnerabilities.

(all functions pulled from my Domain Name Portfolio script )

Current Version: 1.0.7 (July 25, 2008)

Changelog:
1.0.7
-Removed option for HTML email
-Script now uses a config file 'sc_config.php' in 'sc_includes'
-There are other changes, but I can't recall everything.
-Cleaned up code and HTML

1.0.6
-Replaced current captcha with a whole new class and fonts
-Added a captcha image refresh
-Added new email headers
-Cleaned up code

1.0.5
-New constant, USE_HTML - if set to false, HTML won't be used for email.
-Added a new font "Acens.ttf" and removed one.
-New function to determine if the server has GD and freetype support.
-JS validation added to contact form (just checks if fields are empty atm)
-Overall code cleanup.

1.0.4
-New constant, USE_CAPTCHA - if set to false, CAPTCHA won't be used.
-Overall code cleanup.

1.0.3
-New constant, SPAM_NUM_LINKS, for the is_spam function.
-Added CAPTCHA (requires GD2 w/FreeType)

1.0.2
-Improved functions + the new 'is_spam' function
-New email headers (taken from phpBB's emailer class, and modified a tad)

1.0.1
-Functions file, with several functions to properly 'sanitize' input.
-Better error handling, and email validation regex
-Licensed under the GNU GPL

Attached (or you can download here: http://code.google.com/p/simple-contact-form/ ). Let me know if you have any problems.

 

[unknownz]

Thansk for making this one, i was using your previous one on a couple of my sites, i will update them right now!

Thanks

 

[Eric]

Cool, and no problem I may expand on it further sometime.

 

[ThaiN]

blah its for vbulletin right? i did it on phpBB hahah but errors

 

[Eric]

Nope...what makes you say that?

 

[navjotjsingh]

There should also be a option for custom subject line...like subject to be input from the user. It would be more useful in that way. And regarding that if one forgets from where did the message came..we can use the text message from sitename in the message text itself.

So it provides user of adding his own subject line also.

 

[PoorDoggie]

if (!defined('IN_SC'))
{
    die();
}

Lovely! Thanks a lot!

No, joking aside, its a very comprehensive and well written script. A little OTT in some places maybe, but I will definitely steal some bits from it for my own contact form if I may!

 

[Tree]

I always take parts of SV's code. But whenever I do, I put

//Thanks to Eric Sizemore (SecondVersion) from NamePros.com

Above it. SV is in more site's code than he knows :p

 

[Eric]

:o

 

[PoorDoggie]

hmm... for you SV, I will put it in <!-- --> comments! As then any wannabe script kiddie who views my source code will see your legacy! :lol:


Tom

 

[blackwizard]

Thanks for the Script, SecondVersion. I will use it in my new Fan Site after it is completed.

 

[Eric]

Updated again

 

[blackwizard]

hey SV, Im going to use that for two of my sites.. Thanks a lot man!

Keep Rockin!

 

[Tree]

Random CAPTCHA would be amazing.

 

[Dan]

audit.php

<?php
 function audit() {
  session_start();
  $digit = $_SESSION['digit'];
  $userdigit = $_POST['captcha']; 
  session_destroy();   
  
  if (($digit == $userdigit) && ($digit > 1)) {
    return true;
  } else {
    return false;
  }
 
}
?>

button.php

<?php

$image = imagecreate(120, 30);

$white    = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
$gray    = imagecolorallocate($image, 0xC0, 0xC0, 0xC0);
$darkgray = imagecolorallocate($image, 0x50, 0x50, 0x50);

srand((double)microtime()*1000000);

for ($i = 0; $i < 10; $i++) {
	$x1 = rand(0,120);
	$y1 = rand(0,30);
	$x2 = rand(0,120);
	$y2 = rand(0,30);
	imageline($image, $x1, $y1, $x2, $y2 , $gray);
}

for ($i = 0; $i < 5; $i++) {
	$cnum[$i] = rand(0,9);
}


for ($i = 0; $i < 5; $i++) {
	$fnt = rand(3,5);
	$x = $x + rand(12 , 20);
	$y = rand(7 , 12); 
	imagestring($image, $fnt, $x, $y, $cnum[$i] , $darkgray); 
}

$digit = "$cnum[0]$cnum[1]$cnum[2]$cnum[3]$cnum[4]";

session_start();
$_SESSION['digit'] = $digit;

header('Content-type: image/png');
imagepng($image);
imagedestroy($image);
  
?>

Add this to your form:

<!-- This isn't setup to match your email script as I don't feel like looking at how you do it right now. -->
<img width="120" height="30" src="button.php" /><br />
<input id="captcha" name="captcha" type="text" value="" /> <label for="captcha">Verification</label>

To test if it's right

<?php
include('audit.php');
if (audit()) {
  // It's right.
} else {
  // It's wrong.
}
?>

edit: Also, add session_start(); to index.php or the main page. [If it's not there.]

 

[Eric]

CAPTCHA added, see first post.

 

[Joey]

I'm getting an error. The script is working fine (I'm getting the eMail), but when the form is submitted, I get the following error:

Warning: Missing argument 2 for is_spam() in /home/zamblo/public_html/contact/includes/functions.php on line 110

Feel free to test yourself at http://www.zamblo.com/contact_us.php.

- Joey

 

[B33R]

Edit functions.php, find this section

function is_spam($value, $numlinks)
{
    preg_match_all('#(<a href|\[url|http:\/\/)#i', $value, $matches, PREG_PATTERN_ORDER);

    if (count($matches[0]) > SPAM_NUM_LINKS)
    {
        return true;
    }
    return false;
}

and remove this part:

, $numlinks

Be sure to remove the comma and space before $numlinks too. That should fix it.

 

[Joey]

Seems that your solution fixed the problem. Thanks!

 

[thepurplecow]

Thanks, looks good, but I'm having some problems.

See:
http://www.biospherical.net/contact1.html (try sending a message).

It may be a simple problem, I don't know.

Any ideas??

 

[IAmAllanShore]

Note your url location on that one:
http://www.biospherical.net/%3C?php%20echo%20$_SERVER['PHP_SELF'];%20?%3E
I don't know .php , but I know I fixed all my problems with the script by chmod'ing everything correctly...
Best,
-Allan :gl:

 

[B33R]

Try renaming the file to .php rather than .html.

Also remove all this stuff from the top

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

	<title>BioSpherical | Contact</title>
	<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
	<meta name="author" content="TPC - BioSpherical" />
	<meta name="copyright"	content="Copyright 2006 BioSpherical" />	
	<meta name="keywords" content="" />
	<meta name="description" content="" />	
	<meta http-equiv="imagetoolbar" content="no" />

	<link href="bc-stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<html>
<body>
<script>

and also the </script> tag from the bottom. If you want all those head tags in the file, there's already a place in the php file to put it, go to line 51 and you'll see it.

In the end, with the head tags you included, your file should look something like this - making sure it's called contact.php rather than .html -

<?php

/***************************************************************************
*
*   Author   : Eric Sizemore ( [url]www.secondversion.com[/url] )
*   Package  : SV's Simple Contact
*   Version  : 1.0.3
*   Copyright: (C) 2005-2006 Eric Sizemore
*   Site     : [url]www.secondversion.com[/url]
*   Email    : [email][email protected][/email]
*   File     : contact.php
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
*   This program is distributed in the hope that it will be useful,
*   but WITHOUT ANY WARRANTY; without even the implied warranty of
*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*   GNU General Public License for more details.
*
***************************************************************************/

session_start();

// ####################### Define Important Constants #######################
define('IN_SC', true);

// The email address form submissions will be sent to
define('EMAIL', '[email protected]');

// Your site/domain name
define('SITE_NAME', 'YourSite.com');

// The subject of the form submissions
define('SUBJECT', 'Message from ' . SITE_NAME);

// This must be numeric, see [url]www.php.net/wordwrap[/url]
define('MSG_WORD_WRAP', 75);

// Used for the is_spam function
// The number of links the message must contain to be flagged as spam
define('SPAM_NUM_LINKS', 3);

// ############################### Functions ################################
require_once('includes/functions.php');

// ################################## HTML ##################################
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

	<title>BioSpherical | Contact</title>
	<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
	<meta name="author" content="TPC - BioSpherical" />
	<meta name="copyright"	content="Copyright 2006 BioSpherical" />	
	<meta name="keywords" content="" />
	<meta name="description" content="" />	
	<meta http-equiv="imagetoolbar" content="no" />

	<link href="bc-stylesheet.css" rel="stylesheet" type="text/css" />
</head>

<body>

<h2>Contact</h2>
<p>Please use the following form to contact us. We will respond as soon as possible.</p>
<p>Fields marked by * are required.</p>
<br />
<?php

// ############################ Main Script Start ###########################
if (isset($_POST['submit']) AND $_POST['submit'] != '')
{
    $name = sanitize($_POST['sender_name']);
    $email = sanitize($_POST['sender_email']);
    $message = wordwrap(sanitize($_POST['sender_message'], false), MSG_WORD_WRAP);
    $message = str_replace("\n", '<br>', $message);
    $captcha = sanitize($_POST['captcha']);
    $ip = get_ip();

    if (empty($name) OR empty($email) OR empty($message) OR is_email_injection($name))
    {
        echo 'One or more required fields left blank. Please try again.';
    }
    else if (!is_valid_email($email) OR is_email_injection($email))
    {
        echo 'E-mail is invalid. Please try again.';
    }
    else if (is_spam($message))
    {
        echo 'Sorry, but your message seemed a bit like spam.';
    }
    else if (md5($captcha) != $_SESSION['sc_captcha_code'])
    {
        echo 'The code you entered does not match the code in the image, please try again.';
    }
    else
    {
        $headers = 'From: ' . $name . ' <' . $email . '>' . "\n";
        $headers .= 'Message-ID: <' . md5(uniqid(time())) . '@' . $_SERVER['HTTP_HOST'] . '>' . "\n";
        $headers .= 'MIME-Version: 1.0' . "\n";
        $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
        $headers .= 'Content-transfer-encoding: 8bit' . "\n";
        $headers .= 'Date: ' . date('r', time()) . "\n";
        $headers .= 'X-Priority: 3' . "\n";
        $headers .= 'X-MSMail-Priority: Normal' . "\n";
        $headers .= 'X-Mailer: PHP/' . PHP_VERSION . "\n";
        $headers .= 'X-MimeOLE: Produced By SVs SimpContact v1.0.3' . "\n";

        $send = mail(EMAIL, SUBJECT, "
<html>
<head>
<title>Email from $name</title>
</head>

<body>

<table align=\"center\" cellpadding=\"2\" cellspacing=\"1\">
<tr>
  <td colspan=\"2\">Someone from " . SITE_NAME . " has sent you a message, it is below.</td>
</tr>
<tr>
  <td><b>Sender's name:</b></td>
  <td>$name</td>
</tr>
<tr>
  <td><b>Sender's Email:</b></td>
  <td>$email</td>
</tr>
<tr>
  <td><b>Sender's IP:</b></td>
  <td>$ip</td>
</tr>
<tr>
  <td valign=\"top\"><b>Message:</b></td>
  <td>$message</td>
</tr>
</table>

</body>
</html>
", $headers);

        if ($send)
        {
            echo 'Thank you, ' . $name . ', for contacting us. We will respond asap.';
        }
        else
        {
            echo 'Seems to have been a problem sending the email. Please try again.';
        }
    }
}
else
{
?>
<table cellpadding="2" cellspacing="2">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="display: inline;">
<tr>
  <td><strong>Name:*</strong></td>
  <td><input type="text" name="sender_name"></td>
</tr>
<tr>
  <td><strong>E-mail:*</strong></td>
  <td><input type="text" name="sender_email"></td>
</tr>
<tr>
  <td valign="top"><strong>Message:*</strong></td>
  <td><textarea name="sender_message" rows="5" cols="50"></textarea></td>
</tr>
<tr>
  <td> </td>
  <td><img src="captcha.php" border="0" width="252" height="81" alt="CAPTCHA Image" title="CAPTCHA Image"></td>
</tr>
<tr>
  <td><strong>Code:*</strong> (above)</td>
  <td><input type="text" name="captcha" maxlength="5"></td>
</tr>
<tr>
  <td> </td>
  <td><input type="submit" name="submit" value="Submit" style="float: right;"></td>
</tr>
</form>
</table>
<?php
}
?>
<br />
<p>Powered by <a href="http://www.secondversion.com">SVs Simple Contact v1.0.3</a></p>

</body>
</html>

 

[thepurplecow]

Thanks a lot B33R, it seems to work now!! (http://www.biospherical.net/contact.php)

Just to check, there's no way to use the form in a .html file?

Also, off topic, is there any way (using any web language) to use the html of one page in another, but with a simple command?? For example, on line of code takes the html from a specified page??! (I'm probably sounding stupid, but I don't know anything more than basic PHP - HTML and similar languages are the only ones I have a sort-of grasp on!!).

 

[IAmAllanShore]

iframe the entire thing into a .html file?

That should work, no?

-Allan

 

[thepurplecow]

Thank you Allan!...don't know why I didn't think of that!!