Sendmail Validation

[john0611]

Hi

I am trying to sort out some php validation on my contact form.

At the moment when I click send without any fields entered, the form prompts with unfilled mandatory fields (*), but I still receive the email with empty fields? I don’t know what’s missing.

I am also trying to setup a security question where users have to answer in order to send the form. i.e 6+2 = ?

If I fill the form it sends ok, but the security question is not working yet.

If anyone can point me in the right direction would be great. Thank you.

Code:

<?php

// process the email
if (array_key_exists('submit', $_POST)) {
  ini_set("sendmail_from", "info@website.com");

$to = 'info@info@website.com';
$subject = 'Feedback from website!';
// send email 
$message = 	'Name: ' . $_REQUEST['name'] . "\n\n" . 
			'Email: ' . $_REQUEST['email'] . "\n\n" . 
			'Contact No.: ' . $_REQUEST['tel'] . "\n\n" . 
			'Branding: ' . $_REQUEST['branding'] . "\n\n" . 
			'Print Design: ' . $_REQUEST['print'] . "\n\n" . 
			'Website Design: ' . $_REQUEST['web'] . "\n\n" . 
			'Message: ' . $_REQUEST['feedback'];

$email = $_REQUEST['email'];
$headers = 'From: ' . $email . "\r\n" .
'Reply-To: ' . $email . "\r\n" .
'X-Mailer: PHP/' . phpversion();

mail ($to, $subject, $message, $headers, "-finfo@info@website.com");
  
  // list expected fields
  $expected = array('name', 'email', 'tel', 'branding', 'print', 'web', 'feedback', 'security');
  // set required fields
  $required = array('name', 'email', 'tel', 'security');
  // create empty array for any missing fields
  $missing = array();
  
  // process the $_POST variables
  foreach ($_POST as $key => $value) {
    // assign to temporary variable and strip whitespace if not an array
    $temp = is_array($value) ? $value : trim($value);
	// if empty and required, add to $missing array
	if (empty($temp) && in_array($key, $required)) {
	  array_push($missing, $key);
	  }
	// otherwise, assign to a variable of the same name as $key
	elseif (in_array($key, $expected)) {
	  ${$key} = $temp;
	  }
	}

	// validate the email address
	if (!empty($email)) {

	// regex to ensure no illegal characters in email address
	$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';

	// reject the email address if it doesn't match
	if (!preg_match($checkEmail, $email)) {
	array_push($missing, 'name', 'email', 'tel', 'security');
	}
	}
 
  // go ahead only if all required fields OK
  if (empty($missing)) {
    // build the message
    $message = "Name: $name\n\n";
    $message .= "Email: $email\n\n";
	$message .= "Contact No.: $tel\n\n";
	$message .= "Branding: $branding\n\n";
	$message .= "Print Design: $print\n\n";
	$message .= "Website Design: $web\n\n";
	$message .= "Message: $feedback\n\n";


    // limit line length to 70 characters

    //$message = wordwrap($message, 250);
    $message = wordwrap($message, 250);
  
    // send it  
    $sendmail_from = mail($to, $subject, $message);
	if ($sendmail_from) {
	  // $missing is no longer needed if the email is sent, so unset it
	  unset($missing);
	  }
    }
  }
?>
    <?php
		if ($_POST && isset($missing)) {
?>
    <p class="main_warning">Please complete the missing item(s) indicated. Your message has not been sent.</p>
    <?php
		  }
		elseif ($_POST && !$sendmail_from) {
?>
    <p class="main_warning">Sorry, there was a problem sending your message. Please try later.</p>
    <?php
		  }
		elseif ($_POST && $sendmail_from) {
?>
    <span class="confmsg"><h2>Thank you for your enquiry. We will reply to you as soon as possible.</h2></span>

<?php } ?>

<form id="contact" name="contact" method="post" action="">

      <?php
	if (isset($missing) && in_array('name', $missing)) { ?>
      <span class="warning">Enter your name.</span>
      <?php } ?>

      <label>
        <input type="text" name="name" id="name" value="*Enter your name." maxlength="35" 
      </label>

      <?php
	if (isset($missing) && in_array('email', $missing)) { ?>
      <span class="warning">Enter your email address.</span>
      <?php } ?>

      <label>
        <input type="text" name="email" id="email" value="*Enter your email address." maxlength="40"
   </label>

      <?php
	if (isset($missing) && in_array('tel', $missing)) { ?>
      <span class="warning">Enter your contact telephone number.</span>
      <?php } ?>

      <label>
        <input type="text" name="tel" id="tel" value="*Enter your contact telephone number." maxlength="25" </label>


<label class="branding">
  <input type="checkbox" name="branding" id="branding" </label>

<label class="print">
  <input type="checkbox" name="print" id="print" </label>

<label class="web">
  <input type="checkbox" name="web" id="web" </label>


  	 <textarea name="feedback" id="message" cols="0" rows="3" onMouseOver="Tip('Enter your message.')" onMouseOut="UnTip()">Enter your message.</textarea>

      <?php
	if (isset($missing) && in_array('security', $missing)) { ?>
      <span class="warning">Please answer the security question.</span>
      <?php } ?>


<label class="securityq">6 + 2 =</label>

      <label>
        <input type="text" name="security" id="security" value="*Please answer the security question." maxlength="25" </label>

        <input type="submit" name="submit" id="send" class="submit" value="Send" title="Send" />

        <input type="reset" name="reset" id="reset" class="reset" value="Reset" title="Reset" />

    </form>

[Nile]

The problem is happening because you're sending the mail before PHP get's the chance to validate the fields.

[john0611]

Hi Nile,

Thanks for pointing that out, I just didn’t see the problem. Fixed and now validates ok.

I need to try and somehow pregmatch the security questions answer of 8 is only entered in order to send the mail?

[Nile]

Yes - security questions... My favorite.
What I would do is somewhere in the first lines of you're code have:

PHP Code:

<?php
$add_right = rand(0, 5);
$add_left = rand(0, 5);
?>

Then in the form, have:

Code:

<input type="hidden" value="<?php echo $add_right; ?>" name="right" />
<input type="hidden" value="<?php echo $add_left; ?>" name="left" />

And also display:

Code:

Security question:
What is: <?php echo $add_right; ?> + <?php echo $add_left; ?> = ?

Then send the hidden inputs along with the forum - and you should understand from there.

[john0611]

Ha yes,

But how do I get php to check that the user has entered the right answer to the question before it sends?

I have managed to send the hidden fields along with the security answer but I’m not sue how to get php to check the answer?

[bluewalrus]

I think he was saying..

PHP Code:

 What is: <?php echo $add_right; ?> + <?php echo $add_left; ?> = <input type="text" name="not_bot" />?

then

PHP Code:

if ($_POST['not_bot'] == ($_POST['right'] + $_POST['left'])) { 

//process page, value was correct 

} else {

//incorrect value, either incorrect math, bot, or....

} 


[Nile]

Kind of, here:

Code:

<input type="hidden" value="<?php echo $add_right; ?>" name="right" />
<input type="hidden" value="<?php echo $add_left; ?>" name="left" />
Security question:
<?php echo $add_right; ?> + <?php echo $add_left; ?> = <input type="text" name="answer" />

Then

PHP Code:

if($_POST['right'] + $_POST['left'] == $_POST['answer']){

} 


[john0611]

You guys are awesome, thanks for all your help

I have to trial and error it all

[Nile]

Glad to help you! Your welcome!

It seems your topic is solved... Please set the status to resolved.. To do this:
Go to your first post ->
Edit your first post ->
Click "Go Advanced" ->
Then in the drop down next to the title, select "RESOLVED"