security to email contact form, how???

May 11th, 2008, 7:06 am

Hey guys.

I need help adding a security code to my email contact page. I've had the conact us form active for 3-4 days now and ive been recieving 'junk' so I want to add the security code where uses type in the code in the contact form.

I'm not very experianced in coding and they person who normally does it wont be back for about another week or so, so if there is a simple way of implementing it on the site i would really appreciate it.

The current contact page can be seen at here and i just want to add the security code on there towards the bottom of the form, so if possible please send me the code or tell me where i can get it from.

thanks heaps in advanced.

May 11th, 2008, 3:32 pm

I'll give you the code I use... Sent you a PM

May 12th, 2008, 4:44 am

please if any1 can help... not sure what ive done wrong but ive followed the instructions of this page http://www.white-hat-web-design.co.uk/a ... aptcha.php and i cant get it to work... if you look at the source code on http://www.swiftproductions.com.au/mailer2.htm (just a temp page to show you guys the code) this is the page it normally goes to http://www.swiftproductions.com.au/mailer.php after you click the submit button but as you can see it wont even ask for the security code... please help!!!

sorry forgot to mention that im talking about the contact us page on my site

May 12th, 2008, 2:35 pm

I use that code for myself... how come does it not work for you?

Is PHP enabled on your hosting account? If so, is GD extension on on it?

Try this... (If it's all on the same page...)

Line number On/Off

Code: Select all

1. <?php
2. session_start();
3.  
4. // remember to set permissions for this script! If not, you
5. // may not get the email.....
6.  
7. $to = 'YOUR_EMAIL_ADDRESS';  //Your Email ADDRESS!!!!!!!!!!!!!!
8. $subj = 'Swiftproductions Contact Form';
9. $cr = "\n";
10.  
11. $name = $_POST['name'];
12. $company = $_POST['company'];
13. $telephone = $_POST['telephone'];
14. $email = $_POST['email'];
15. $messagebox = $_POST['messagebox'];
16. $web = $_POST['web'];
17. $graphic = $_POST['graphic'];
18. $print = $_POST['print'];
19. $updates = $_POST['updates'];
20. $general = $_POST['general'];
21. $seo = $_POST['seo'];
22.  
23.  
24. if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
25. $body .= 'Name: ' . $name . $cr . 'Company: ' . $company . $cr . 'Telephone: ' . $telephone . $cr;
26. $body .= $body . 'email: ' . $email . $cr . 'Message Box: ' . $messagebox . $cr . $cr;
27. $body .= $body . 'Web: ' . $web . $cr . 'Graphic: ' . $graphic . $cr . 'Print: ' . $print . $cr;
28. $body .= $body . 'Updates: ' . $updates . $cr . 'General: ' . $general . $cr . 'seo: ' . $seo;
29.  
30. mail($to, $subj, $body);
31. unset($_SESSION['security_code']);
32. } else {
33.   die('<p>The security image was wrong... please go back and try again.</p>'."\n");
34. }
35. ?>
36.  
37. <script type="text/javascript">
38. gradualFader.init() //activate gradual fader
39. </script>

May 12th, 2008, 2:59 pm

what page do I put that on?? the mailer.php or the contact_us.htm - nad yes php is active

May 12th, 2008, 3:07 pm

Try it on the mailer.php... don't really know the action of your form... what is the action of your form?

What I mean is...

Line number On/Off

Code: Select all

1. <form action="mailer.php" method="post">

Is that how your <form...> thing looks like? If so, yes, put that code in the mailer.php

May 13th, 2008, 5:40 am

hey bogey.

mate its still not working. have a look at this page http://www.swiftproductions.com.au/codes.htm and you can see all 3 source codes and see if ive done anything wrong. that page contains all source codes for contact_us.htm , mailer.php and capturesecurityimage.php.

thanks for your help mate. i really appreciate it

May 13th, 2008, 8:20 am

What is the address that's getting spammed. When you list it, just list upto and including the at sign (eg. bob@).

I tested the form on your site some. But I included my name so you would see it was me.

Are you sure it is not BOTS harvesting addresses on your pages?

May 13th, 2008, 8:40 am

PHP4 & 5 are available on his host.

May 13th, 2008, 8:59 am

what do you mean bots?? the address is danny@swiftproductions.com.au thats my email address. The emails that im recieving look like this,

Name: voethbhzyh
Company: your company:
Telephone: contact : (Field Mandatory)
email: bocbnf@elgjch.com
Message Box: Nj2JcY <a href=\"http://iiljftokiymz.com/\">iiljftokiymz</a>, vtwyfbuzpxlw, [link=http://jasnvmtxwwcv.com/]jasnvmtxwwcv[/link], http://cnirzpzzmddb.com/

Web:
Graphic:
Print:
Updates:
General:
seo:


I'm recieving heaps and heaps of them. Do you know what im doing that is wrong?

May 13th, 2008, 10:16 am

What is the output of this?

[code]
<?php
phpinfo();
?>

May 13th, 2008, 5:47 pm

radnor wrote:

What is the output of this?

Line number On/Off

Code: Select all

1.  
2. <?php
3. phpinfo();
4. ?>

If he is receiving those emails, than yes, PHP is enabled. If PHP was disabled, he would not be receiving any mails...

@CircleOfLinks

Did you try sending yourself test messages? Not saying that the script doesn't work... looks like it does and works correctly...

Check if you have monofont.ttf in the same directory that your CaptchaSecurityImages.php is located in.

Try the following...

Line number On/Off

Code: Select all

1. <?php
2. session_start();
3. if(isset($_POST['submit']))
4. {
5. // remember to set permissions for this script! If not, you
6. // may not get the email.....
7.  
8. $to = "danny@swiftproductions.com.au"; //Your Email ADDRESS!!!!!!!!!!!!!!
9. $subj = 'Swiftproductions Contact Form';
10. $cr = "\n";
11.  
12. $name = $_POST['name'];
13. $company = $_POST['company'];
14. $telephone = $_POST['telephone'];
15. $email = $_POST['email'];
16. $messagebox = $_POST['messagebox'];
17. $web = $_POST['web'];
18. $graphic = $_POST['graphic'];
19. $print = $_POST['print'];
20. $updates = $_POST['updates'];
21. $general = $_POST['general'];
22. $seo = $_POST['seo'];
23.  
24.  
25. if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
26. $body .= 'Name: ' . $name . $cr . 'Company: ' . $company . $cr . 'Telephone: ' . $telephone . $cr;
27. $body .= $body . 'email: ' . $email . $cr . 'Message Box: ' . $messagebox . $cr . $cr;
28. $body .= $body . 'Web: ' . $web . $cr . 'Graphic: ' . $graphic . $cr . 'Print: ' . $print . $cr;
29. $body .= $body . 'Updates: ' . $updates . $cr . 'General: ' . $general . $cr . 'seo: ' . $seo;
30.  
31. mail($to, $subj, $body);
32. unset($_SESSION['security_code']);
33. } else {
34. die('<p>The security image was wrong... please go back and try again.</p>'."\n");
35. }
36. }
37. ?>
38. <script type="text/javascript">
39. gradualFader.init() //activate gradual fader
40. </script>

If that doesn't work try the following script... It's a bit different and one page (Except the captchasecurityimage.php) but it still does the same thing...

Line number On/Off

Code: Select all

1. <?php
2.   session_start();
3. ?>
4. <!-- This page is mail.php //-->
5. <?php
6.   if(empty($_POST['submit']))
7.   {
8. ?>
9. <form action="mail.php" method="post">
10. <div>
11. *Name: <input type="text" name="name" size="20" /><br />
12. Company: <input type="text" name="company" size="20" /><br />
13. *Telephone: <input type="text" name="telephone" size="20" /><br />
14. *E-Mail: <input type="text" name="email" size="20" /><br />
15. Send To: <select name="to">
16. <option value="">Select Option</option>
17. <option value="CustomerService">Customer Service</option>
18. <option value="CustomerSupport">Customer Support</option>
19. </select><br />
20. Subject: <input type="text" name="subject" size="20" /><br />
21. *Message:<br />
22. <textarea rows="10" cols="25" name="message"></textarea><br />
23. Choose an option:<br />
24. <input type="checkbox" name="WD" value="Web Design"> Web Design
25. <input type="checkbox" name="GD" value="Graphic Design"> Graphic Design
26. <input type="checkbox" name="WU" value="Web Updates"> Web Updates
27. <input type="checkbox" name="GE" value="General Enquiry"> General Enquiry<br />
28. <input type="checkbox" name="PW" value="Print Work"> Print Work
29. <input type="checkbox" name="H" value="Hosting"> Hosting
30. <input type="checkbox" name="SEO" value="SEO Work"> SEO Work<br />
31. Security Image:<br />
32. <img src="CaptchaSecurityImages.php?width=100&amp;height=40&amp;characters=5" alt="Security Code" />
33. <input id="sCode" name="security_code" type="text" size="33.5" /><br />
34. <input type="submit" name="submit" value="submit" class="submit" /> <input type="reset" name="reset" value="reset" class="submit" />
35. </div>
36. </form>
37. <p>* = Required Field</p>
38. <?php
39.   } else {
40.     //Stripping the submitted information from HTML
41.     $_POST = array_map('strip_tags', $_POST);
42.  
43.     //Setting the values
44.     $name = $_POST['name'];
45.     $company = $_POST['company'];
46.     $telephone = $_POST['telephone'];
47.     $email = $_POST['email'];
48.     $to = $_POST['to'];
49.     $subject = $_POST['subject'];
50.     $message = $_POST['message'];
51.     $wd = $_POST['WD'];
52.     $gd = $_POST['GD'];
53.     $wu = $_POST['WU'];
54.     $ge = $_POST['GE'];
55.     $pw = $_POST['PW'];
56.     $h = $_POST['H'];
57.     $seo = $_POST['SEO'];
58.  
59.     //Setting the variables
60.     $adminEmail = "danny@swiftproductions.com.au";  //The default email (YOURS)
61.     $mMax = '5000';   //Max characters for the message
62.     $sMax = '25';     //Max characters for the subject
63.     $nMax = '30';     //Max characters for the name
64.    
65.     //Validating the fields...
66.     if(empty($name)) //Checking if the name is filled in
67.     {
68.       $error[] = "<li>You forgot to fill in your name</li>\n";
69.     } elseif(!preg_match('$[a-z]{3,'. $nMax .'}$', $name)) {
70.       $error[] = "<li>Your name is too long, has to be no longer than $nMax characters</li>\n";
71.     }
72.  
73.     if(empty($email)) //Checking if the email is filled in
74.     {
75.       $error[] = "<li>You forgot to fill in your email</li>\n";
76.     } elseif(!preg_match('/[_a-z0-9-]+(.[_a-z0-9-]+)*@[_a-z0-9-]+(.[_a-z0-9-]+)*(.[_a-z]{2,3})$/', $email)) {
77.       $error[] = "<li>Your E-Mail is of incorrect format... it has to be in <strong>yourname@domain.tld</strong> format</li>\n";
78.     }
79.  
80.     if(empty($telephone)) //Checking if the phone is filled in
81.     {
82.       $error[] = "<li>You didn't put in your phone number</li>\n";
83.     } elseif(!preg_match_all('$.*[[0-9]{1,2}+[-]+[0-9]{1,3}]*.$',$telephone,$matched)) {
84.       $error[] = "<li>Your phone is of incorrect format... it has to be in <strong>###-####</strong> format</li>\n";
85.     }
86.  
87.     if(!empty($to))
88.     {
89.       if($to == 'CustomerService')
90.       {
91.         $to = "sales@swiftproductions.com.au";
92.       } elseif($to = 'CustomerSupport') {
93.         $to = "support@swiftproductions.com.au";
94.       } else {
95.         $to = $adminEmail;
96.       }
97.     } else {
98.       $to = $adminEmail;
99.     }
100.  
101.     if(empty($subject))
102.     {
103.       $subject = "Web Site Mailer";
104.     }
105.  
106.     if(empty($message))
107.     {
108.       $error[] = "<li>You didn't put in a message</li>\n";
109.     } elseif(strlen($message) > $mMax) {
110.       $error[] = "<li>You message is too long, has to be no longer than $mMax characters</li>\n";
111.     }
112.  
113.     if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) )
114.     {
115.       unset($_SESSION['security_code']);
116.     } else {
117.       $error[] = "<li>The security image doesn't match with what you put in</li>\n";
118.     }
119.  
120.     //Finding out which of the checkboxes were filled in
121.     if(isset($wd))
122.     {
123.       $chose .= $wd ."<br />\n";
124.     }
125.  
126.     if(isset($gd))
127.     {
128.       $chose .= $gd ."<br />\n";
129.     }
130.  
131.     if(isset($wu))
132.     {
133.       $chose .= $wu ."<br />\n";
134.     }
135.  
136.     if(isset($ge))
137.     {
138.       $chose .= $ge ."<br />\n";
139.     }
140.  
141.     if(isset($pw))
142.     {
143.       $chose .= $pw ."<br />\n";
144.     }
145.  
146.     if(isset($h))
147.     {
148.       $chose .= $h ."<br />\n";
149.     }
150.  
151.     if(isset($seo))
152.     {
153.       $chose .= $seo ."<br />\n";
154.     }
155.  
156.     $message = nl2br($message);
157.     $cnt = count($error);
158.     if($cnt > '0')
159.     {
160.       echo "You made $cnt errors in the form";
161.       echo "<ol>\n";
162.       foreach($error as $value)
163.       {
164.         echo $value;
165.       }
166.       echo "</ol>\n";
167.       echo "<a href=\"mail.php\">Try Again</a>\n";
168.     } else {
169.       $body .= "<strong>Name:</strong> $name<br />\n";
170.       $body .= "<strong>Company:</strong> $company<br />\n";
171.       $body .= "<strong>Telephone:</strong> $telephone<br />\n";
172.       $body .= "<strong>E-Mail:</strong> $email<br />\n";
173.       $body .= "<strong>Message:</strong> $message<br />\n";
174.       $body .= "<br />\n";
175.       $body .= "$name chose the following options:<br />\n";
176.       $body .= "<strong>$chose</strong>";
177.       //Contact subject
178.       $subject2 = $subject;
179.    
180.       //Details
181.       $message2 = $message;
182.  
183.       //Mail of sender
184.       $mail_from = $eMail;
185.  
186.       //From
187.       $header = "From: $name <$email>";
188.  
189.       //Enter your email address
190.       $to = $adminEmail;
191.  
192.       $send_contact = mail($to,$subject,$body,$header);
193.       if($send_contact)
194.       {
195.         echo '<p>We have successfully recieved your email</p>'."\n";
196.         echo "You submitted:<br />\n <p>$body</p>";
197.       } else {
198.         echo '<p>An error occured with the transaction. The message has not being sent</p>'."\n";
199.       }
200.     }
201.   }
202. ?>

Make sure that CaptchaSecurityImages.php and monofont.ttf are in the same directory as this file... (I named it mail.php at this example... if you want to change it just change the action at the form...

Hope that this helped you out...

[EDIT] If you copy/paste from here it may give you the line numbers at the beginning... to get the whole thing correctly, quote me and copy the code like that... (I think you know what I mean by that )

[EDIT 2] A function was added to the "thing". Also, it's a bit different from the one I sent to you VIA PM.

May 13th, 2008, 9:36 pm

Thanks radnor and bogey, you guys have been very helpfull.

im only have one small problem. It works fine in I.E but as soon as you try it with FF it won't work. You can 'submit' the message without enterting a security code. Any one know why??

May 14th, 2008, 4:21 am

Bogey,

If you use FF, could you test it too, please. you will see 3 required fields fill something in for them and hit send. I just tried it with vista and ff & ie and it works. WITHOUT the security code, it should clear the form and redisplay the contact us page.

Thanks,

Radnor

I dont know if is a cache issue COL is having

May 14th, 2008, 7:51 am

radnor wrote:

Bogey,

If you use FF, could you test it too, please. you will see 3 required fields fill something in for them and hit send. I just tried it with vista and ff & ie and it works. WITHOUT the security code, it should clear the form and redisplay the contact us page.

Thanks,

Radnor

I dont know if is a cache issue COL is having

You want me to test his form?