Php script for contact form

[psandy]

Hi,

I want to add a contact form to my web site designed in Dreamweaver and hosted on x10 hosting. I need help in making the form functional.

thanks.

[cybrax]

If in doubt Google about!
You are not the first newbie looking for help so many of your questions have been answered allready.

Just cut and paste the script below into a webpage called contact.php, and add your own email and website details.

PHP Code:

<?php


// OPTIONS - PLEASE CONFIGURE THESE BEFORE USE!

$yourEmail = "somebody@gmail.com"; // the email address you wish to receive these mails through
$yourWebsite = "mysite"; // the name of your website
$maxPoints = 4; // max points a person can hit before it refuses to submit - recommend 4


function isBot() {
    $bots = array("Indy", "Blaiz", "Java", "libwww-perl", "Python", "OutfoxBot", "User-Agent", "PycURL", "AlphaServer", "T8Abot", "Syntryx", "WinHttp", "WebBandit", "nicebot", "autoemailspider","Atomic_Email_Hunter/4.0","ContactBot/0.2","ContentSmartz");
    $isBot = false;
    
    foreach ($bots as $bot)
    if (strpos($_SERVER['HTTP_USER_AGENT'], $bot) !== false)
        $isBot = true;

    if (empty($_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ")
        $isBot = true;
    
    return $isBot;
}

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $error_msg = NULL;

    if (isBot())
        exit("bots not allowed.</p>");// dumping bot into random generated email page would nice addition

    function clean($data) {
        $data = trim(stripslashes(strip_tags($data)));
        return $data;
    }
    
    // lets check a few things - not enough to trigger an error on their own, but worth assigning a spam score.. 
    // score quickly adds up therefore allowing genuine users with 'accidental' score through but cutting out real spam :)
    $points = (int)0;
    
    $badwords = array("adult", "beastial", "bestial", "blowjob", "clit", "cum", "cunilingus", "cunillingus", "cunnilingus", "cunt", "ejaculate", "fag", "felatio", "fellatio", "****", "fuk", "fuks", "gangbang", "gangbanged", "gangbangs", "hotsex", "hardcode", "jism", "jiz", "orgasim", "orgasims", "orgasm", "orgasms", "phonesex", "phuk", "phuq", "porn", "pussies", "pussy", "spunk", "xxx", "viagra", "phentermine", "tramadol", "adipex", "advai", "alprazolam", "ambien", "ambian", "amoxicillin", "antivert", "blackjack", "backgammon", "texas", "holdem", "poker", "carisoprodol", "ciara", "ciprofloxacin", "debt", "dating", "porn", "link=", "voyeur");
    $exploits = array("content-type", "bcc:", "cc:", "document.cookie", "onclick", "onload", "javascript");

    foreach ($badwords as $word)
        if (strpos($_POST['comments'], $word) !== false)
            $points += 2;
    
    foreach ($exploits as $exploit)
        if (strpos($_POST['comments'], $exploit) !== false)
            $points += 2;
    
    if (strpos($_POST['comments'], "http://") === true || strpos($_POST['comments'], "www.") === true)
        $points += 2;
    if (isset($_POST['nojs']))
        $points += 1;
    if (preg_match("/(<.*>)/i", $_POST['comments']))
        $points += 2;
    if (strlen($_POST['name']) < 3)
        $points += 1;
    if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500))
        $points += 2;
    // end score assignments

    if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comments'])) {
        $error_msg .= "Name, e-mail and comments are required fields. \n";
    } elseif (strlen($_POST['name']) > 35) {
        $error_msg .= "The name field is limited at 35 characters. Your first name or nickname will do! \n";
    } elseif (!ereg("^[A-Za-z' -]*$", $_POST['name'])) {
        $error_msg .= "The name field must not contain special characters. \n";
    } elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($_POST['email']))) {
        $error_msg .= "That is not a valid e-mail address. \n";
    } elseif (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url']))
        $error_msg .= "Invalid website url.";
    
    if ($error_msg == NULL && $points <= $maxPoints) {
        $subject = "website contact";

        $message = "You received this e-mail message through your website: \n\n";
        foreach ($_POST as $key => $val) {
            $message .= ucwords($key) . ": $val \r\n";
        }
        $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
        $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
        
        
        
        $message .= 'Points: '.$points;

        if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
            $headers   = "From: $yourEmail \r\n";
            $headers  .= "Reply-To: {$_POST['email']}";
        } else {
            $headers   = "From: $yourWebsite <$yourEmail> \r\n";
            $headers  .= "Reply-To: {$_POST['email']}";
        }

        if (mail($yourEmail,$subject,$message,$headers)) {
            echo ' <p  style="font-size:36px"align="center">Your mail was successfully sent</p>';
            flood();
            
            
            
        } else {
            echo '<p  style="font-size:36px; color:master_town3.php?town=FF0000" align="center"> ERROR: Mail NOT Sent </p>';
            flood();
        }
    }
}
function get_data($var) {
    if (isset($_POST[$var]))
        echo htmlspecialchars($_POST[$var]);
}
if ($error_msg != NULL) {
    echo '<p><strong style="color: red;font-size:36px; ">ERROR: spam filter tripped</strong><br />';
    flood();
    echo nl2br($error_msg) . "</p>";
}
?>
<form action="contact.php" method="post">
<noscript><p><input type="hidden" name="nojs" id="nojs" /> </p></noscript>
       
        <table width="85%" border="0" align="center" cellpadding="0" cellspacing="0">
          <tr>
            <td class="sidebar_box"><label for="name">Name:</label> </td>
            <td class="sidebar_box" colspan="2">
            <input name="name" type="text" id="name" value="<?php get_data("name"); ?> name" size="50" /></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td class="sidebar_box" ><label for="email">E-mail:</label> </td>
            <td class="sidebar_box" colspan="2"><input name="email" type="text" id="email" value="<?php get_data("email"); ?> email address" size="50" /></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td colspan="2">&nbsp;</td>
          </tr>
          
          <tr>
            <td>&nbsp;</td>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td class="sidebar_box"><label for="location">Location*:</label></td>
            <td class="sidebar_box" colspan="2"><input name="location" type="text" id="location" value="<?php get_data("location"); ?> Location (optional)" size="50" /></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td class="sidebar_box"><label for="comments">Message:</label></td>
            <td class="sidebar_box"colspan="2"><textarea name="comments" cols="45" rows="5" id="comments"><?php get_data("comments"); ?> Add your message in here.
            </textarea></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td class="sidebar_box">* optional </td>
            <td class="sidebar_box" ><div align="center">
              <input type="submit" name="submit" id="submit" value="Send Message" />
            </div></td>
            <td class="sidebar_box">
              <div align="left">
                <input type="reset" name="Reset" value="Clear Form"  onclick="a_contact.php"/>
              </div></td>
          </tr>
        </table>


</form>

[descalzo]

One interesting trick to stop spam is to include a text input called "message" (or any common field name. Rename your real field to "my_message" or something similar).

Set the display attribute to "none". ie
<input type="text" name="message" value="" style="display: none;">


Check to see if the field is filled out. Since a human cannot see the field, it is a probably a bot that filled out the form if the field is not blank.