Very new to PHP please help. (Thanks Jason.)

**robin9000** · 02-09-2009, 04:58 AM

I really don't know PHP so please don't judge me for posting this question:
I cant' get my contact for to email me.

I have gotten this off another website and just trying to make it work but don't know how to.

It is a contact form so that I can have people email me.
It's really basic but I don't know how to make it work.

here is the link for the HTML page.

http://www.robinsden.110mb.com/home/contact.html

and below is the code for the php, it is in the same directory as the contact.html file.

Thanks.

<?php
/* PHP Form Mailer - phpFormMailer v2.2, last updated 23rd Jan 2008 - check back often for updates!
(easy to use and more secure than many cgi form mailers) FREE from:
www.TheDemoSite.co.uk
Should work fine on most Unix/Linux platforms
for a Windows version see: asp.thedemosite.co.uk
*/

// ------- three variables you MUST change below -------------------------------------------------------
$replyemail="robinsden@live.ca";//change to your email address
$valid_ref1="http://www.robinsden.110mb.com/contact.html";// chamge "Your--domain" to your domain
$valid_ref2="http://www.robinsden.110mb.com/contact.html";// chamge "Your--domain" to your domain
// -------- No changes required below here -------------------------------------------------------------
// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"></script>";
exit;
}

$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"></script>";
exit;
}

//check user input for possible header injection attempts!
function is_forbidden($str,$check_all_patterns = true)
{
$patterns[0] = 'content-type:';
$patterns[1] = 'mime-version';
$patterns[2] = 'multipart/mixed';
$patterns[3] = 'Content-Transfer-Encoding';
$patterns[4] = 'to:';
$patterns[5] = 'cc:';
$patterns[6] = 'bcc:';
$forbidden = 0;
for ($i=0; $i<count($patterns); $i++)
{
$forbidden = eregi($patterns[$i], strtolower($str));
if ($forbidden) break;
}
//check for line breaks if checking all patterns
if ($check_all_patterns AND !$forbidden) $forbidden = preg_match("/(%0a|%0d|\\n+|\\r+)/i", $str);
if ($forbidden)
{
echo "<font color=red><center><h3>STOP! Message not sent.</font></h3><br><b>
The text you entered is forbidden, it includes one or more of the following:
<br><textarea rows=9 cols=25>";
foreach ($patterns as $key => $value) echo $value."\n";
echo "\\n\n\\r</textarea><br>Click back on your browser, remove the above characters and try again.
</b><br><br><br><br>Thankfully protected by phpFormMailer freely available from:
<a href=\"http://thedemosite.co.uk/phpformmailer/\">http://thedemosite.co.uk/phpformmailer/</a>";
exit();
}
else return $str;
}

$name = is_forbidden($_POST["name"]);
$email = is_forbidden($_POST["email"]);
$thesubject = is_forbidden($_POST["thesubject"]);
$themessage = is_forbidden($_POST["themessage"], false);

$success_sent_msg='<p align="center"><strong> </strong></p>
<p align="center"><strong>Your message has been successfully sent to us<br>
</strong> and we will reply as soon as possible.</p>
<p align="center">A copy of your query has been sent to you.</p>
<p align="center">Thank you for contacting us.</p>';

$replymessage = "Hi $name

Thank you for your email.

We will endeavour to reply to you shortly.

Please DO NOT reply to this email.

Below is a copy of the message you submitted:
--------------------------------------------------
Subject: $thesubject
Query:
$themessage
--------------------------------------------------

Thank you";

$themessage = "name: $name \nQuery: $themessage";
mail("$replyemail",
"$thesubject",
"$themessage",
"From: $email\nReply-To: $email");
mail("$email",
"Receipt: $thesubject",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;
/*
PHP Form Mailer - phpFormMailer (easy to use and more secure than many cgi form mailers)
FREE from:

www.TheDemoSite.co.uk */
?>

**JasonDFR** · 02-09-2009, 08:54 AM

Here is one of mine. If you have any questions, let me know.

Fill in the CONFIGURATION part. Save it to a file and put it in your public web directory.

Feedback appreciated. If someone can improve this, please post your improvements so I can use them too.

PHP Code:


<?php



if ( isset($_POST['contact_submitted']) ) {



    // CONFIGURATION



    $yourName = ''; // Your Name



    $sendTo = ''; // Where to send email



    $subject = 'Your Contact Form'; // Subject of the email you will receive



    $from = 'From: Your Website <webmaster@yourwebsite.com>' . "\n"; // Enter your website name and website email



    $possibleReferers = array('http://www.yourwebsite.com/contactform.php'); // Enter the full URL of this script



    // END CONFIGURATION



    $errors = array();



    if ( preg_match('/^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$/', $_POST['email']) ) {

        $email = trim(substr($_POST['email'],0,60));

    } else {

        $errors[] =  '<p>Please enter a valid email address.</p>';

    }



    $name = !empty($_POST['name']) ? strip_tags(ucwords(trim(substr($_POST['name'],0,56)))) : 'Not Provided';



    $rawMessage = !empty($_POST['message']) ? strip_tags(trim(substr($_POST['message'],0,1000))) : 'Not Provided';



    $validReferer = in_array($_SERVER['HTTP_REFERER'], $possibleReferers ) ? true : false;



    if (!$validReferer) {

        mail($to, 'Invalid Referer', 'INVALID ATTEMPT from: ' . $_SERVER['HTTP_REFERER'] , "From: $yourName <$sendTo>\n");

        exit;

    }



    if ( empty($errors) ) {



        $message = "From: $name\n\n";

        $message .= "Email: $email\n\n";

        $message .= "Message:\n\n";

        $message .= wordwrap($rawMessage, 60, "\n");



        if ( mail($sendTo, $subject, $message, $from) ) {

            $success = true;

        } else {

            $errors[] = '<p>Sorry, there is a problem sending your email. Please try again.</p>';

        }

    }

}

?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">



<head>



    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

    <meta http-equiv="content-language" content="en" />

    <meta name="description" content="" />

    <meta name="keywords" content="" />

    <meta name="author" content="" />



    <title>Contact Form</title>



    <link href="" rel="stylesheet" type="text/css" media="screen" />



    <style type="text/css">

        label { display: block; }

        .success { padding: .5em; background: #BFF8BF; border: 1px solid #008C00; padding: .5em; }

        .error { border: 1px solid #f00; }

    </style>



</head>



<body class="">



    <?php if ( isset($success) ) { ?>



        <div class="success">



            <p>Thanks for contacting me.</p>



        </div>



    <?php } else { ?>



    <form id="contact" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">



        <fieldset>



        <?php if ( isset($errors) ) { ?>

            <div class="error">

            <?php foreach ($errors as $error) {

                echo "$error";

            } ?>

            </div>

        <?php } ?>



        <label id="email_label" for="email">Email: (required)</label>

        <input id="email" class="text" type="text" name="email" maxlength="60" />

        <label for="name">Name:</label>

        <input id="name" class="text" type="text" name="name" maxlength="26" />

        <label for="message">Message:</label>

        <textarea id="message" name="message" rows="12" cols="50"></textarea>

        <input type="hidden" name="contact_submitted" value="1" />

        <input class="submit" type="submit" name="submit" value="Send" />



        </fieldset>



    </form> <!-- end contact -->



    <?php } ?>



</body>



</html>

Good Luck!

**robin9000** · 02-09-2009, 02:29 PM

Maybe I did not do something wrong, like I said I am very new to this. I have not ever done it before so I am going to ask what might seem like a stupied question:
are you sure it works?

I'd really like to know if what I have above if there is a way to make it work because it is suppose to be a secure form. It's suppose to be that robots can't find my email with it.

I just need to know how to make it work.
You'll see I have my email address already entered in. Maybe I did not do somthing right though.

**JasonDFR** · 02-09-2009, 02:34 PM

Ok. No problem, I understand. I didn't have time to look through it. Could you put it inside PHP tags in your post and put tabs throughout the code like I've done in my previous post? What you posted is really hard to read.

Thanks,

J

**robin9000** · 02-09-2009, 02:44 PM

I just tried to put it in between textarea tags because that's all I know and it did not work.
I very much appreshiate you helping me out. Thank you.

As for the html part you will find it clearly labled between my two content comments on my page.
It says on the page  and it says 

And I did try your out too but was not able to make it work for me but that could just be because I don't know what I am doing when it comes to playing with PHP.

php
/* PHP Form Mailer - phpFormMailer v2.2, last updated 23rd Jan 2008 - check back often for updates!
(easy to use and more secure than many cgi form mailers) FREE from:
www.TheDemoSite.co.uk
Should work fine on most Unix/Linux platforms
for a Windows version see: asp.thedemosite.co.uk
*/

// ------- three variables you MUST change below -------------------------------------------------------
$replyemail="robinsden@live.ca";//change to your email address
$valid_ref1="http://www.robinsden.110mb.com/contact.html";// chamge "Your--domain" to your domain
$valid_ref2="http://www.robinsden.110mb.com/contact.html";// chamge "Your--domain" to your domain
// -------- No changes required below here -------------------------------------------------------------
// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"></script>";
exit;
}

$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"></script>";
exit;
}

//check user input for possible header injection attempts!
function is_forbidden($str,$check_all_patterns = true)
{
$patterns[0] = 'content-type:';
$patterns[1] = 'mime-version';
$patterns[2] = 'multipart/mixed';
$patterns[3] = 'Content-Transfer-Encoding';
$patterns[4] = 'to:';
$patterns[5] = 'cc:';
$patterns[6] = 'bcc:';
$forbidden = 0;
for ($i=0; $i<count($patterns); $i++)
{
$forbidden = eregi($patterns[$i], strtolower($str));
if ($forbidden) break;
}
//check for line breaks if checking all patterns
if ($check_all_patterns AND !$forbidden) $forbidden = preg_match("/(%0a|%0d|\\n+|\\r+)/i", $str);
if ($forbidden)
{
echo "<font color=red><center><h3>STOP! Message not sent.</font></h3><br><b>
The text you entered is forbidden, it includes one or more of the following:
<br><textarea rows=9 cols=25>";
foreach ($patterns as $key => $value) echo $value."\n";
echo "\\n\n\\r</textarea><br>Click back on your browser, remove the above characters and try again.
</b><br><br><br><br>Thankfully protected by phpFormMailer freely available from:
<a href=\"http://thedemosite.co.uk/phpformmailer/\">http://thedemosite.co.uk/phpformmailer/</a>";
exit();
}
else return $str;
}

$name = is_forbidden($_POST["name"]);
$email = is_forbidden($_POST["email"]);
$thesubject = is_forbidden($_POST["thesubject"]);
$themessage = is_forbidden($_POST["themessage"], false);

$success_sent_msg='<p align="center"><strong> </strong></p>
<p align="center"><strong>Your message has been successfully sent to us<br>
</strong> and we will reply as soon as possible.</p>
<p align="center">A copy of your query has been sent to you.</p>
<p align="center">Thank you for contacting us.</p>';

$replymessage = "Hi $name

Thank you for your email.

We will endeavour to reply to you shortly.

Please DO NOT reply to this email.

Below is a copy of the message you submitted:
--------------------------------------------------
Subject: $thesubject
Query:
$themessage
--------------------------------------------------

Thank you";

$themessage = "name: $name \nQuery: $themessage";
mail("$replyemail",
"$thesubject",
"$themessage",
"From: $email\nReply-To: $email");
mail("$email",
"Receipt: $thesubject",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;
/*
PHP Form Mailer - phpFormMailer (easy to use and more secure than many cgi form mailers)
FREE from:

www.TheDemoSite.co.uk */
?>

**JasonDFR** · 02-09-2009, 03:12 PM

Hey Robin,

All that php that you posted... Save it to a file called contact_process.php and put it in the same directory with your contact.html page.

I did this and it worked fine.

So I'm not sure what your problem is, because it is working great as is.

Personally I think that script is a mess. I'm not saying I am an expert because I am definitely not. When I started learning I used some scripts I found online like this, but I now prefer to use something similar to what I posted.

If you have any more problems, post the error message or something more specific than, "I can't get it to work."

Good Luck,

J

**JasonDFR** · 02-09-2009, 03:13 PM

Here is one of the emails it sent me:

Hi jason

Thank you for your email.

We will endeavour to reply to you shortly.

Please DO NOT reply to this email.

Below is a copy of the message you submitted:
--------------------------------------------------
Subject: lkdsqfjlm
Query:
sdlkqfjsdlkf
--------------------------------------------------

Thank you

and the other:

name: jason
Query: sdlkqfjsdlkf

**robin9000** · 02-09-2009, 03:58 PM

the error message I get is:

ERROR - not sent.

Check your 'valid_ref1' and 'valid_ref2' are correct within contact_process.php

my two files are in the same directory too.

**JasonDFR** · 02-09-2009, 04:05 PM

http://www.robinsden.110mb.com/home/contact.html is what you want those variables to be, I think. Maybe 110mb.com is set up different.

Put this at the top of contact_process.php and try your contact form.

PHP Code:


<?php



echo $_SERVER['HTTP_REFERER'];



?>

You should see a URL at the very top of the page when you try to submit your contact form. Use this URL for the 'valid_ref1 and 'valid_ref2 variables.

**robin9000** · 02-09-2009, 04:16 PM

Well I said I was new so I'll use that for an excuss.

What I did wrong was I forgot to give the full path. I actually had it located at www.robinsden.110mb.com/home/contact.html

Thanks so mcuh for hanging in there with me.

I got it to work I think but got this for a message:

http://www.robinsden.110mb.com/home/contact.html
Warning: mail() [function.mail]: Safety Restriction in effect. The mail() command is not allowed, contact the admin. in /www/110mb.com/r/o/b/i/n/s/d/e/robinsden/htdocs/home/contact_process.php on line 103

Warning: mail() [function.mail]: Safety Restriction in effect. The mail() command is not allowed, contact the admin. in /www/110mb.com/r/o/b/i/n/s/d/e/robinsden/htdocs/home/contact_process.php on line 107

Your message has been successfully sent to us
and we will reply as soon as possible.

A copy of your query has been sent to you.

Thank you for contacting us.