Email Validation

[john1991]

Hi all,

I have a web contact form users can fill in i.e name, email, contact so on.

At the bottom I have a simple security question that they must answer.

the form is working fine, but the no matter what answer you give in the security question field it still send, i need to somehow validate this.

i.e 2 + 2 = 4 , form is sent

here is the source: Thank you for any help and suggestions.


<?php

// process the email
if (array_key_exists('submit', $_POST)) {
ini_set("sendmail_from", "info@mail.co.uk");

$to = 'info@mail.co.uk';
$subject = 'Feedback from website.';

// list expected fields
$expected = array('name', 'email', 'tel', 'service', 'feedback', 'left', 'right', 'answer');
// set required fields
$required = array('name', 'email', 'tel', 'left', 'right', 'answer');
// create empty array for any missing fields
$missing = array();

// process the $_POST variables
foreach ($_POST as $key => $value) {
// assign to temporary variable and strip whitespace if not an array
$temp = is_array($value) ? $value : trim($value);
// if empty and required, add to $missing array
if (empty($temp) && in_array($key, $required)) {
array_push($missing, $key);
}
// otherwise, assign to a variable of the same name as $key
elseif (in_array($key, $expected)) {
${$key} = $temp;
}
}

// validate the email address
if (!empty($email)) {

// regex to ensure no illegal characters in email address
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';

// reject the email address if it doesn't match
if (!preg_match($checkEmail, $email)) {
array_push($missing, 'name', 'email', 'tel', 'service', 'left', 'right', 'answer');
}
}

// go ahead only if all required fields OK
if (empty($missing)) {

// build the message
$message = "Name: $name\n\n";
$message .= "Email: $email\n\n";
$message .= "Contact No.: $tel\n\n";
$message .= "Service: $service\n\n";
$message .= "Message: $feedback\n\n";
$message .= "Leftq: $left\n\n";
$message .= "Rightq: $right\n\n";
$message .= "Security: $answer\n\n";


// send email
$message = 'Name: ' . $_REQUEST['name'] . "\n\n" .
'Email: ' . $_REQUEST['email'] . "\n\n" .
'Contact No.: ' . $_REQUEST['tel'] . "\n\n" .
'Service: ' . $_REQUEST['service'] . "\n\n" .
'Message: ' . $_REQUEST['feedback'];

$email = $_REQUEST['email'];
$headers = 'From: ' . $email . "\r\n" .
'Reply-To: ' . $email . "\r\n" .
'X-Mailer: PHP/' . phpversion();

mail ($to, $subject, $message, $headers, "-finfo@mail.co.uk");

// limit line length to 70 characters

//$message = wordwrap($message, 250);
$message = wordwrap($message, 250);

// send it
$sendmail_from = mail($to, $subject, $message);
if ($sendmail_from) {
// $missing is no longer needed if the email is sent, so unset it
unset($missing);
}
}
}
?>

<?php
if ($_POST && isset($missing)) {
?>
<p class="main_warning">Please complete all mandatory fields (*) indicated and answer the security question. Your message has not been sent.</p>
<?php
}
elseif ($_POST && !$sendmail_from) {
?>
<p class="main_warning">Sorry, there was a problem sending your message. Please try later.</p>
<?php
}
elseif ($_POST && $sendmail_from) {
?>
<span class="confmsg"><h2>Thank you for your enquiry. We will reply to you as soon as possible.</h2></span>

<?php } ?>

<?php
$add_left = rand(1, 4);
$add_right = rand(1, 4);
?>

<form id="contact" name="contact" method="post" action="">

<?php
if (isset($missing) && in_array('name', $missing)) { ?>
<span class="warning">Enter your name.</span>
<?php } ?>

<label><abbr title="Enter your name."><font color="#EF4222"><sup>*</sup></font>Name:</abbr>
<input type="text" name="name" id="name" maxlength="35" />
</label>

<?php
if (isset($missing) && in_array('email', $missing)) { ?>
<span class="warning">Enter your email address.</span>
<?php } ?>

<label><abbr title="Enter your email address."><font color="#EF4222"><sup>*</sup></font>Email:</abbr>
<input type="text" name="email" id="email" maxlength="40"/>
</label>

<?php
if (isset($missing) && in_array('tel', $missing)) { ?>
<span class="warning">Enter your contact no.</span>
<?php } ?>

<label><abbr title="Enter your contact telephone no."><font color="#EF4222"><sup>*</sup></font>Tel.:</abbr>
<input type="text" name="tel" id="tel" maxlength="25" /></label>


<label>

<abbr title="What type of service do you require?">Service</abbr>

<select name="service" id="service" size="1">
<option selected="selected">Please select</option>

<option>None</option>
<option>I request a brochure</option>
</select>

</label>


<label><abbr title="Enter your message.">Message:</abbr></label>

<textarea name="feedback" id="message" cols="0" rows="3"></textarea>

<input type="hidden" value="<?php echo $add_left; ?>" name="left" />
<input type="hidden" value="<?php echo $add_right; ?>" name="right" />

<?php
if (isset($missing) && in_array('answer', $missing)) { ?>
<span class="warning">Please answer the security question.</span>
<?php } ?>


<label class="securityq" /><?php echo $add_left; ?> + <?php echo $add_right; ?> = </label>

<label>
<input type="text" name="answer" id="security" maxlength="1" /></label>

<?php
if($_POST['left'] + $_POST['right'] == $_POST['answer']){

}
?>

<input name="submit" type="submit" class="submit" id="send" title="Send" value="" src="img/send.png" />

<input name="reset" type="reset" class="reset" id="reset" title="Reset" value="" src="img/reset.png" />

</form>


[Nile]

Before:

Code:

if (empty($missing)) {

Add

Code:

if($_POST['left'] + $_POST['right'] != $_POST['answer']){
  $missing [] = "Bot verification invalid.";
}

And then get rid of:

Code:

<?php
if($_POST['left'] + $_POST['right'] == $_POST['answer']){

}
?>

At the end of the script.

[john1991]

Resolved, Thank you for your help.

[Nile]

No problem! Glad to help.