Another PHP Contact Form Issue


#1

Hi

We recently switched to Dreamhost as a host but have been having problems with our PHP Contact Form because of Dreamhost’s anti-spam measures. A friend wrote this for me several years ago and doesn’t have time to help me update it. I know nothing about PHP and although Dreamhost have tried to be helpful, they are not helpful when you have no clue what you are looking at.

[code]<?php
// -------------------------------------------------- FUNCTIONS/SETUP
// Do not edit the code below this line.

// Security filter for incoming data.
function filter($data) {
$data = strip_tags($data);
$data = strtr($data, array(’\n’ => ‘’, ‘\r’ => ‘’));
$data = trim($data);
if (!get_magic_quotes_gpc()) {
$data = addslashes($data);
}
return $data;
}

// Shows an asterisk next to required fields.
function asterisk($data) {
if ($data) {
echo ‘*’;
}
}

$showform = true;
$errormsg = false;
$flagged = false;

// -------------------------------------------------- PROCESSING
// If the form has been submitted and the IP isn’t banned, process it…
if (isset($_POST[‘submit’]) AND $_POST[‘submit’] == ‘submit’ AND !in_array($_SERVER[‘REMOTE_ADDR’], $banned_ips)) {

// If the banned words file exists, check for banned words and flag the message if it has any.
if (is_file(‘bannedwords.txt’)) {
$banned = file(‘bannedwords.txt’);
foreach ($banned as $word) {
$word = ‘/’ . trim($word) . ‘/i’;
if (preg_match($word, $_POST[‘name’]) OR preg_match($word, $_POST[‘email’]) OR preg_match($word, $_POST[‘url’]) OR preg_match($word, $_POST[‘message’])) {
$flagged = true;
break;
}
}
}

// If the message is flagged as spam (containing a banned word), kick it out!
if ($flagged) {
echo ‘

Your message was flagged as spam and has been discarded.

’;
$showform = false;

// Or, carry on…
} else {

  // Start the email body.
  $body = $subject . "\n\n";

  // Check for name; add it to the body of the email if it exists.
  if ($require_name AND empty($_POST['name'])) {
     $errormsg[] = 'Your name is required.';
  } elseif (!empty($_POST['name'])) {
     $name = filter($_POST['name']);
     $body .= "From: $name\n";
  }

  // Check for email address; add it to the body of the email if it exists.
  if ($require_email AND empty($_POST['email'])) {
     $errormsg[] = 'Your email address is required.';
  } elseif (!empty($_POST['email'])) {
     $email = filter($_POST['email']);
     $body .= "Email: $email\n";
  }

  // Check for URL; add it to the body of the email if it exists.
  if ($require_url AND empty($_POST['url'])) {
     $errormsg[] = 'Your URL is required.';
  } elseif (!empty($_POST['url'])) {
     if ($url == 'http://') {
        $url = '';            
     } else {
        $url = filter($_POST['url']);
        $body .= "URL: $url\n";
     }
  }

  // Add the sender's IP address to the body of the email.
  $body .= "IP Address: " . $_SERVER['REMOTE_ADDR'] . "\n\n";

  // Check for message; add it to the body of the email if it exists.
  if (empty($_POST['message'])) {
     $errormsg[] = 'A message is required.';
  } else {
     $message = filter($_POST['message']);
     $body .= "$message\n\n";
  }      

  // Check the CAPTCHA (if it's enabled).
  if ($captcha_on AND is_file('captcha.php') AND empty($_POST['captcha'])) {
     $errormsg[] = 'The image code is required.';
  } elseif ($captcha_on AND is_file('captcha.php') AND strtoupper($_POST['captcha']) != $_SESSION['captcha']) {
     $errormsg[] = 'You did not enter the correct image code.  Please try again.';
  }

  // If everything is OK, complete the body of the email and send it!
  if (!$errormsg) {
     $body = stripslashes($body);
     $body = wordwrap($body, 70);
     $headers = 'From: ' . $name . ' <' . $email . '>' . "\r\n";
     $send = @mail($to, $subject, $body, $headers);

     // If the message sends OK, success!
     if ($send) {
        echo '<p>Thank you!  Your message has been sent.</p>';           

     // Or, a failure message.  Boo.
     } else {
        echo '<p>Sorry, an internal error has occured and your message was not sent.  Please try again later.</p>';
     }         

     // Either way, don't show the form again, but show a link back to it!
     $showform = false;
     echo '<p><a href="' . $_SERVER['PHP_SELF'] . '">&laquo; Back to the Form</a></p>';
  }

}

// If the IP is banned, hide the form and show a banned message.
} elseif (in_array($_SERVER[‘REMOTE_ADDR’], $banned_ips)) {
echo ‘

Sorry, your IP address (’ . $_SERVER[‘REMOTE_ADDR’] . ‘) has been banned from using the contact form.

’;
$showform = false;
}

// -------------------------------------------------- THE CONTACT FORM
// Show the contact form…

if ($showform) {

// Set default values.
$name_value = ‘’;
$email_value = ‘’;
$url_value = ‘http://’;
$message_value = ‘’;
if (isset($_POST[‘name’])) {
$name_value = filter($_POST[‘name’]);
}
if (isset($_POST[‘email’])) {
$email_value = filter($_POST[‘email’]);
}
if (isset($_POST[‘message’])) {
$message_value = filter($_POST[‘message’]);
}
?>

Please fill out the form below to contact Hardin Poultry. Please complete the entire form. We guarantee to respond to your message within 48 hours.

<?php // If there is an existing error message, show it! if ($errormsg) { echo '

'; foreach ($errormsg as $msg) { echo 'Error: ' . $msg . '
'; } echo '

'; } ?>

Name:

Email Address:

Your Message:
<?php echo $message_value; ?>

<?php // Show the CAPTCHA if it's enabled. if ($captcha_on AND is_file('captcha.php')) { ?>
  <p>
  <img src="captcha.php" width="75" height="20" alt="CAPTCHA Image" class="captcha" />
  </p>

  <p>
  <label>*Enter The Image Code Shown Above:<br />
  <input type="text" name="captcha" size="30" class="form" />
  </label>
  </p>
  <?php

}
?>

[/code]

Any help is much appreciated. I understand what to do in principle but not what to actually change!


#2

what is the trouble you are having?
does this send to an email address that is using the same domain name?

is this it: http://hardinpoultry.com/form.php


#3

We are not receiving forms from gmail, hotmail, yahoo etc email addresses. The form is set up to send from their own email address. It was explained to me that we had to set the form up to send from our domain name email (like web@hardinpoultry.com) and have a reply to with their email.

So we receive forms from people with an unusual domain email, but not gmail, hotmail etc. We received your contact form fine.


#4

I see. So the problem is sporadic and sometimes you do not get the messages from people. Other times you do. Depending on what email they send. Is that correct?

Just sent another test email using a gmail address.

If it is indeed the case that emails are getting filtered out based on the FROM email, I wonder if the form could be tweaked a little so that the senders address is in the message body rather than as the return address.

That might be a quick easy fix…you just would have to be mindful of that when replying (you would have to reply to the address in the text of the message, rather than just clicking “reply” )
[hr]
It looks like the email is already inserted into the body of the message, so you might just need to change line 104:

change to:

//comment out the original line for future reference      
//$headers = 'From: ' . $name . ' <' . $email . '>' . "\r\n";
//add the new line 
$headers = 'From: Website <web@hardinpoultry.com>' . "\r\n"; 

If that works like I am thinking, it will just send the email from yourself…allowing the form to bypass whatever filters are blocking the gmail and yahoo addresses.

Not a perfect solution, but possible quick-fix. Be sure to test several time.


#5

That’s exactly what is happening, sierracircle. We didn’t get your second test in our email.

I will try your fix and see if it works and report back. :slight_smile: