|
|
|
|
Thread title: Building a secure contact form |
|
|
|
|
|
Thread tools
Search this thread
Display Modes
|
|
05-24-2008, 05:01 PM
|
#1
|
Status: Member
Join date: Mar 2005
Location: Trapped in my own little world
Expertise: Web Applications
Software: Notepad++
Posts: 385
|
If you just check to see if they mailed you in the last few minutes and they were "adding" something to the last email then you have a problem they cant re-email you and they might go elsewhere for work.
I would do simply checks making sure email is valid format, take the ip, and add it to the database
On one of my old sites I had in the admin panel a place setup so I can check the emails and reply/delete them.
If they already had sent an "email" to the database just add it to it with a separator and new time in there.
|
|
05-24-2008, 09:03 PM
|
#2
|
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
Posts: 73
|
This is the code I used for the contact form....Any comments?
Code:
<?php
// Pick up the form data and assign it to variables
$name = $_POST['name'];
$email = $_POST['email'];
$topic = $_POST['url'];
$comments = $_POST['comments'];
// Build the email
$to = 'mason@masonsklut.com';
$subject = "New message: $topic";
$message = "$name said: $comments";
$headers = "E-mail: $email";
// Send the mail using PHPs mail() function
mail($to, $subject, $message, $headers);
// Redirect
header('Location: http://masonsklut.com/test/success.html');
// Mail header removal
function remove_headers($string) {
$headers = array(
"/to\:/i",
"/from\:/i",
"/bcc\:/i",
"/cc\:/i",
"/Content\-Transfer\-Encoding\:/i",
"/Content\-Type\:/i",
"/Mime\-Version\:/i"
);
$string = preg_replace($headers, '', $string);
return strip_tags($string);
}
// Pick up the cleaned form data
$name = remove_headers($_POST['name']);
$email = remove_headers($_POST['email']);
$topic = remove_headers($_POST['url']);
$comments = remove_headers($_POST['comment']);
?>
|
|
05-24-2008, 09:29 PM
|
#3
|
Status: Paladin
Join date: Jul 2006
Location: Sheffield, UK
Expertise: design, front-end markup
Software: Photoshop
Posts: 2,353
|
It's ok, but you'll get spam.
|
|
05-24-2008, 10:50 PM
|
#4
|
Status: Member
Join date: Apr 2008
Location:
Expertise:
Software:
Posts: 129
|
Originally Posted by enigma
It's ok, but you'll get spam.
|
Hardly a constructive comment. Please elaborate for the author.
ncmason: Whilst your form will work with the code you've provided, you seem to have completely ignored all aspects of security we've mentioned. You have no field checking, no flood control, no anti-bot measures. Did we waste our time advising you?
|
|
05-25-2008, 12:24 AM
|
#5
|
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
Posts: 73
|
Well, I did a lot of research on contact forms and I saw that most spammers get around by manipulating headers. I like the advice, it's just there's lots of info out there, and I wanted to know as much as possible. I'll post the new code when I have time.
Thanks,
Mason
|
|
05-25-2008, 01:14 AM
|
#6
|
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
Posts: 73
|
Here's the link to the new and improved secured contact form:
http://masonsklut.com/contact
I have two questions now:
1. How can I make it so it goes to a "success" page only after valid completion of the form?
2. How can I make the email only send when all the forms have been filled out? Right now, it sends even with empty fields.
|
|
05-25-2008, 01:23 AM
|
#7
|
Status: R'tard
Join date: Jan 2007
Location: USA
Expertise:
Software:
Posts: 2,959
|
I had a custom one built for my site, McAurie. It can be seen here: http://mcaurie.com/contact/. (Please note the site hasn't launched.) To eliminate spam we have the custom captcha in place and there is a block only allowing 1 message per five minutes from an IP address. Also, you must supply a valid email address, not just "EMAIL" or something of the sort.
|
|
05-25-2008, 01:28 AM
|
#8
|
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
Posts: 73
|
@Vizon. I've seen some of your client sites once before. You guys do great work!
|
|
05-25-2008, 05:51 AM
|
#9
|
Status: R'tard
Join date: Jan 2007
Location: USA
Expertise:
Software:
Posts: 2,959
|
Thanks so much ncmason, working on finishing the main site. Portfolio page and network should be done shortly.
|
|
05-25-2008, 02:43 PM
|
#10
|
Status: Junior Member
Join date: Mar 2007
Location: North Carolina
Expertise: Photography
Software:
Posts: 73
|
How do you change the font face in PHP?
|
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|