Not signed in (Sign In)

Categories

Vanilla 1.1.5 is a product of Lussumo. More Information: Documentation, Community Support.

Help keep Vanilla free:
Welcome Guest!
Want to take part in these discussions? If you have an account, sign in now.
If you don't have an account, apply for one now.

Random: PHP Contact Form

Bottom of Page

1 to 27 of 27

  1.  
    •  
      CommentAuthorinstagata
    • CommentTimeJan 12th 2006
     # 1
    Hey people, happy new year and all that jizazz fo real.

    Anyone got a nifty little web based contact form that just sends an email to an address you specify in the code itself, that they might wanna kinda send to me to use?

    Thanks :D
  2.  # 2
    instagata!! Dude you could write that so easily! Just make yourself a simple html form to post the things to a php script and shove them into a mail() function!
    •  
      CommentAuthorinstagata
    • CommentTimeJan 12th 2006 edited
     # 3
    minesweeper!!! I just got told the same thing,

    however, I have never written php in my life and since this is my 3rd last web job ever I cbf learning it.
  4.  # 4
    fair play. I just wrote you out a bit of php to do it 3 times then clicked back or some other stupid button which wiped it so i'm gonna give up and go to bed.
    Make yourself a html form for a start. I'm sure some other kind bean round here will help you out with the php much better than i could have anyway. Check out http://uk.php.net/manual/en/ref.mail.php for reference just incase you get bored :P
  5.  # 5
    You will want to watch out for mail injections and people specifying other headers.
    •  
      CommentAuthorMark
    • CommentTimeJan 12th 2006 edited
     # 6
    •  
      CommentAuthorinstagata
    • CommentTimeJan 12th 2006
     # 7
    Thanks Mark
    •  
      CommentAuthorc-unit
    • CommentTimeJan 12th 2006
     # 8
    That's like something I actually know how to do :o.
    •  
      CommentAuthorinstagata
    • CommentTimeJan 13th 2006
     # 9
    wanna make me one then
    •  
      CommentAuthorKosmo
    • CommentTimeJan 13th 2006
     # 10
    What a weird conversation, everyone comes here to brass with their skills "how they could write is in so fast that it ripples the time space continum and shatters the fractual hypothesis of the universe and human mind THANK GOD ISAAC ASIMOV" but no one actually did anything, well, except Mark who posted a link.

    Well, here is my take on the subject that I did some time ago, but as you might have guessed, it's not about the script or how easy or hard it is to write, it is about knowing how things work to make it secure and safe to use on a public site.

    Use it with caution.


    <?php
    $name = $_POST["name"];
    $email = $_POST["email"];
    $subject = $_POST["subject"];
    $message = $_POST["message"];
    $iprotocol = $_SERVER['REMOTE_ADDR'];
    $useragent = $_SERVER["HTTP_USER_AGENT"];

    $mymail = "email@domain.com";

    $mail = ("
    $subject - sitename
    ---------------------------------------------------------------------
    Name: $name \n
    Email: $email \n
    Message: $message \n\n
    User Information.
    --------------------------------------------------------------------- \n
    IP Address: $iprotocol \n
    User-Agent: $useragent \n
    ");
    mail( $mymail, "$subject - sitename",
    $mail, "From: $email" );
    ?>
    •  
      CommentAuthorBergamot
    • CommentTimeJan 13th 2006 edited
     # 11
    Just because something is simple conceptually doesn't mean it's not boring or time consuming.

    For the record, I have no idea how to send emails in PHP.
    •  
      CommentAuthorKosmo
    • CommentTimeJan 13th 2006
     # 12
    Well, essentially, what I figured out, the catch to mail something in PHP is the mail(); function, other than that, it is basically variables.

    Like you can see that only things that are not variables are the mail(); function presented below, and the global variables pulled from the server (sent by the html form and the server itself.)

    And because of this, it has me believing that it is insecure to use this, too easy to crack open and mess around I believe.


    mail( $mymail, "$subject - sitename",
    $mail, "From: $email" );
    •  
      CommentAuthorc-unit
    • CommentTimeJan 13th 2006
     # 13
    I'll try my hand at making one after school.
  14.  # 14
    What a weird conversation, everyone comes here to brass with their skills "how they could write is in so fast that it ripples the time space continum and shatters the fractual hypothesis of the universe and human mind THANK GOD ISAAC ASIMOV" but no one actually did anything, well, except Mark who posted a link.


    I offered advice - to watch out for mail injections and other headers - you should be able to figure it out yourself.
    You won't learn anything is someone does it for you. You need to make a mistake or 50 to learn.
    •  
      CommentAuthorKosmo
    • CommentTimeJan 13th 2006
     # 15
    I offered advice - to watch out for mail injections and other headers - you should be able to figure it out yourself.
    You won't learn anything is someone does it for you. You need to make a mistake or 50 to learn.

    True not always.
    •  
      CommentAuthorinstagata
    • CommentTimeJan 14th 2006
     # 16
    Hey guy's and girls I am looking for someone to help me out here, this is the last web job I am ever going to do which is why I dont want to learn it. After this I am out of web development. This industry though it has given me the occasionaly joy over the last 6 years and I have achieved lots of goals it's just not for me.

    So anyone that has one thats prewritten and feels ok with me using it, I would feel most appreciative.
    •  
      CommentAuthorKosmo
    • CommentTimeJan 14th 2006
     # 17
    If someone could comment on the validity of the script I posted (possible security issues and performance) you are free to use my script.

    I'm using it in one small site and haven't had a problem. But it only has been in use for couple of months so I don't know if it will be a security issue.
  18.  # 18
    Sure, post it.
  19.  # 19
    It's up there, nick.
  20.  # 20
    Oh, that!

    Well, that really isn't secure. You need to htmlentities(), trim() and isset()/empty() every form field, check for "\\r\\n", "\\r", "\\n", "MIME-Version:". Use boundaries, proper encoding, etc.

    You will also want error handling. What if they don't fill out anything in your form? Is it going to email the blank form anyways? What if they don't enter a correctly formed email (You should use regex to check)?


    http://ca3.php.net/function.mail
    http://securephp.damonkohler.com/index.php/Email_Injection
    •  
      CommentAuthorlech
    • CommentTimeJan 14th 2006
     # 21
    HTML email is a sin :)
    •  
      CommentAuthor3stripe
    • CommentTimeJan 15th 2006
     # 22
    Slightly off topic but this is pretty sweet: http://ql.aonic.net/
  23.  # 23
    Indeed.
    •  
      CommentAuthorinstagata
    • CommentTimeJan 15th 2006
     # 24
    so nick1presta do you have any way of helping me take kosmos form and making it more secure then?
    •  
      CommentAuthorc-unit
    • CommentTimeJan 15th 2006 edited
     # 25
    This is a really powerful validation tutorial -

    http://www.zend.com/zend/spotlight/ev12apr.php
  26.  # 26
    I just finished making another email form for myself.

    You can see some of the techniques I used if you want (IM or whisper me).
    •  
      CommentAuthorinstagata
    • CommentTimeJan 15th 2006
     # 27
    Its ok, its all good now, mate of mine had one that he had written previously and was exactly what I was after, thus allowing me to negate the hassle of learning another shitty language that I won't ever use ever again.

    Big Thanks though to Kosmo for trying to come through for me with actual code, which is what I was after.

    My final web job is coming to a close \m/!@#!@#!@#!@#!@#!@#!#!@#

1 to 27 of 27

  1.  
Add your comments
    Username Password
  • Format comments as
 
Back to Discussions Top of Page