Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,254
Total Threads: 80,792
Total Posts: 566,471
There are 1337 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     Design and Development     Programming     PHP and MySQL :

Building a secure contact form

Thread title: Building a secure contact form
Closed Thread  
Page 1 of 4 1 2 3 4 >
    Thread tools Search this thread Display Modes  
05-24-2008, 01:24 AM
#1
mason.sklut is offline mason.sklut
mason.sklut's Avatar
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
 
Posts: 73
iTrader: 0 / 0%
 

mason.sklut is on a distinguished road

  Old  Building a secure contact form

This has been bugging me for a while now.... There are lots of ways to do this, but what's the most logical way to go about making an anti-spammer contact form? Please provide code snippets if you wish.

Thanks,
Mason

05-24-2008, 01:35 AM
#2
JulesR is offline JulesR
Status: Member
Join date: Apr 2008
Location:
Expertise:
Software:
 
Posts: 129
iTrader: 0 / 0%
 

JulesR is on a distinguished road

  Old

Well, I'd provide code snippets but wouldn't that essentially be giving you a free secure contact form?

In my opinion the 3 most important things to consider:

1. Confirm the users e-mail address COMPLETELY. The purpose of a contact form is to be able to respond to the person trying to get in touch with you. It's simply not enough to check the format of their e-mail address, so actually check that the domain they're using exists and has MX entries for it so it's capable of receiving mail. If using PHP the checkdnsrr function is ideal for this.

2. Anti-bot features are, unfortunately, essential to any contact form these days. Usually a simple CAPTCHA implementation is enough to thwart most scripts with relatively minimal inconvenience to legitimate users. Use CAPTCHA where possible. PHP+GD make this a breeze.

3. Something a staggering amount of people don't consider is anti-flood controls, much like those you'd find on a forum. Consider that in the worst possible scenario an "annoying" user may use your contact page to send you a flood of e-mail. Implement checks to ensure that they haven't already submitted you a message within the last few minutes. This is easily accomplished using sessions.

Apart from the other basic content checks, these would be my priority.

05-24-2008, 02:31 AM
#3
mason.sklut is offline mason.sklut
mason.sklut's Avatar
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
 
Posts: 73
iTrader: 0 / 0%
 

mason.sklut is on a distinguished road

  Old

Thanks for those tips. I'll use 'em for sure.

05-24-2008, 01:18 PM
#4
creativejen is offline creativejen
Status: Paladin
Join date: Jul 2006
Location: Sheffield, UK
Expertise: design, front-end markup
Software: Photoshop
 
Posts: 2,353
iTrader: 25 / 96%
 

creativejen is an unknown quantity at this point

Send a message via MSN to creativejen

  Old

Simple way is like this;

PHP Code:
<?php

if($email == "") {

echo 
"You must enter your email!";

} else {

mail();

}

?>
But you add as many error check as you like. Expanding on the above..

PHP Code:
<?php

if($name == "") {

echo 
"Give me your name dammit!";

}

if(
$subject == "") {

echo 
"Enter a subject!";

}

if(
$email == "") {

echo 
"You must enter your email!";

} else {

if(
$comments == ""){

echo 
"Comments - Empty!";

} else {

mail();

}

?>

05-24-2008, 02:50 PM
#5
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,894
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

05-24-2008, 02:56 PM
#6
mason.sklut is offline mason.sklut
mason.sklut's Avatar
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
 
Posts: 73
iTrader: 0 / 0%
 

mason.sklut is on a distinguished road

  Old

Thanks guys. I've got my contact form up and running. Security can really be a pain in the tush sometimes

05-24-2008, 04:40 PM
#7
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,894
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

Sometimes?

05-24-2008, 04:46 PM
#8
mason.sklut is offline mason.sklut
mason.sklut's Avatar
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
 
Posts: 73
iTrader: 0 / 0%
 

mason.sklut is on a distinguished road

  Old

Originally Posted by Village Idiot View Post
Sometimes?
OK, always. My bad.

05-24-2008, 05:01 PM
#9
BlaineSch is offline BlaineSch
BlaineSch's Avatar
Status: Member
Join date: Mar 2005
Location: Trapped in my own little world
Expertise: Web Applications
Software: Notepad++
 
Posts: 385
iTrader: 0 / 0%
 

BlaineSch is on a distinguished road

Send a message via AIM to BlaineSch Send a message via MSN to BlaineSch Send a message via Yahoo to BlaineSch Send a message via Skype™ to BlaineSch

  Old

If you just check to see if they mailed you in the last few minutes and they were "adding" something to the last email then you have a problem they cant re-email you and they might go elsewhere for work.

I would do simply checks making sure email is valid format, take the ip, and add it to the database

On one of my old sites I had in the admin panel a place setup so I can check the emails and reply/delete them.

If they already had sent an "email" to the database just add it to it with a separator and new time in there.

05-24-2008, 09:03 PM
#10
mason.sklut is offline mason.sklut
mason.sklut's Avatar
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
 
Posts: 73
iTrader: 0 / 0%
 

mason.sklut is on a distinguished road

  Old

This is the code I used for the contact form....Any comments?
Code:
<?php

// Pick up the form data and assign it to variables

	$name = $_POST['name'];
	$email = $_POST['email'];
	$topic = $_POST['url'];
	$comments = $_POST['comments'];

// Build the email 

	$to = 'mason@masonsklut.com';
	$subject = "New message: $topic";
	$message = "$name said: $comments";
	$headers = "E-mail: $email";

// Send the mail using PHPs mail() function

	mail($to, $subject, $message, $headers);

// Redirect

	header('Location: http://masonsklut.com/test/success.html');

// Mail header removal

	function remove_headers($string) { 
	  $headers = array(
	    "/to\:/i",
	    "/from\:/i",
	    "/bcc\:/i",
	    "/cc\:/i",
	    "/Content\-Transfer\-Encoding\:/i",
	    "/Content\-Type\:/i",
	    "/Mime\-Version\:/i" 
	  ); 
	  $string = preg_replace($headers, '', $string);
	  return strip_tags($string);
	} 

// Pick up the cleaned form data

	$name = remove_headers($_POST['name']);
	$email = remove_headers($_POST['email']);
	$topic = remove_headers($_POST['url']);
	$comments = remove_headers($_POST['comment']);
		
?>

Closed Thread  
Page 1 of 4 1 2 3 4 >


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed