Need a simple PHP contact form ? you've come to the right thread :D...

Step # 1 :: The form [contact.html]


<form action="send.php" method="post"> // we will create the file "send.php" afterwards

E-mail: <input type="text" name="email" size="20"> // the email text field

<br>

Inquiry: <textarea name="inquiry" rows="3" cols="17"></textarea> // the inquiry text area

<br>

<input type="submit" value="Submit"> // the submittz0rs :D </form>


Next Step # 2 :: The mainframe :) [send.php]



<?
$email=$_POST['email']; // response to the text name email

$inquiry=$_POST['inquiry']; // response to the text area inquiry

$to="foo@bar.com"; // Put your e-mail here

$message="You've just received an inquiry from $email.
They said:\n$inquiry\n\n"; // body text for e-mail

if(mail($to,"Inquiry From Your Site ",$message,"From: $email\n")) // subject

{
echo "
<head>
<link rel='stylesheet' type='text/css' href='../css.css'>
</head>thanks for submitting the stuff, have a cheery day"; // Page that comes up after submission


} else {
echo "if you got an issue. i can't afford a tissue."; } // comes up if something goes wrong
?>



and thats it, if you get an error, just tell me, im sure there is one cuz i had to write this up in like 5 minutes :D

Nice to begin with :)

But I would not recommend using this for production. For sure, someone would try to flood you... ;)

why's that ?

Originally posted by ZYV
Nice to begin with :)

But I would not recommend using this for production. For sure, someone would try to flood you... ;)

Do you mean because he left his email there, and maybe people will copy/paste without changing it?

I think he means because there is no timer set on how many emails a person could send, someone could just keep refreshing the submitted page and resubmit the data which sends another email over and over and will flood your inbox with useless emails. You should add some way to make like only 1 email per an hour using either cookies or a database with their ip and a timer.

Yeah, that's exactly what I meant to say.

dah, well if that happens...just give that flooder a beating, and viola.

:evil:

Originally posted by ZYV
Yeah, that's exactly what I meant to say. ZYV, since I am learning php, I would like to ask how you would fix this issue (of no limit on resubmitting)? Besides, the other members could benefit.

Chris

not to budge in, but im pretty sure i can do it by saving the ip of the person into a text file and blocking them from using it again...of course this can be a problem because they wouldnt be able to resubmit an application unless their ip is static.

Revenant, you can continue like that, but don't complain when you find 30000 messages in your mailbox then :)

Chris, just do something like that:

<?php

$email=$_POST['email']; // response to the text name email
$inquiry=$_POST['inquiry']; // response to the text area inquiry
$to="foo@bar.com"; // Put your e-mail here
$message="You've just received an inquiry from $email. They said:\n$inquiry\n\n"; // body text for e-mail

if(
(!isset($_COOKIE['foo_bar']))
&&
mail($to,"Inquiry From Your Site ",$message,"From: $email\n") ) {

setcookie ("foo_bar", "true", time() + 3600);

echo "<head><link rel='stylesheet' type='text/css' href='../css.css'></head>thanks for submitting the stuff, have a cheery day"; // Page that comes up after submission


} else {
echo "if you got an issue. i can't afford a tissue.";
} // comes up if something goes wrong
?>


That should work with short-circuit evaluation enabled, other wise just add a nested if (cookie) { ... } . That's much better than nothing but logging the IP would be better (although a little harder, as you will need to store IPs in the DB or plaintext file)...

Sure is complicated, I'll be working on a script to ban ip's from submitting again...So far, it will be a big file. I'll post it as an attachment when I'm done...Just got to finish all my other projects :eek:

i dont think u would want to totally ban their ip from ever submitting again, instead save a timestamp in the mysql database when they submit and whenever they try to submit again, compare timestamps and if its within 1 hour of the original timestamp do not allow them to send but if its after allow them to send. That removes the "1 time send only" problems that may arise.

Doh, i forgot to mention, the ban'll be temporary.

Thanks ! I hope this works, I've been searching for a contact form script because of spam bots..

I used to use simple cgi contact forms written in perl on my web pages... wouldn't those pose the same risk as described above? Unfortunately spam and such has gotten to be a much bigger problem than it was years ago.

At www.bartlett-family.net/contact I simply use the FormMail script from Matt's Script Archive.

Chris

not bad maybe ill add on to it

Heres a modified php code for anyone that wants it, it uses mysql to store the ip and the time and will make sure they can only send once per hour but not from when they sent it but like once at 7:30 and then again at 8:04 but cant send again until 9:00


<?php

/*

Execute this into your sql database for script to work.

CREATE TABLE `contact_time` (
`ip` VARCHAR( 15 ) ,
`hour` TINYINT( 2 )
);


*/



// Connect and select the database
$dbhost = "localhost";
$dbuser = "username";
$dbpass = "password";
$dbname = "database";
$db = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Error could not connect to mysql");
mysql_select_db($dbname,$db) or die ("Error - Couldnt Select Database");

// Setup up the variables from the form
$email=$_POST['email'];
$inquiry=$_POST['inquiry'];
$to="you@domain.com"; // Your Email here

$message="You've just received an inquiry from $email.
They said:\n$inquiry\n\n"; // Text of the email

$ip = getenv("REMOTE_ADDR");

$query = "SELECT hour FROM contact_time WHERE ip='$ip'";
$end = mysql_fetch_row(mysql_query($query,$db));

$current = date(G);

if($end[0] <> $current) {

$query = "DELETE FROM `contact_time` WHERE `ip` = '$ip'";
mysql_query($query);
$query = "INSERT INTO `contact_time` ( `ip` , `hour` ) VALUES ('$ip', '$current')";
mysql_query($query);

mail($to,"Inquiry From Your Site ",$message,"From: $email\n")

echo "
<head>
<link rel='stylesheet' type='text/css' href='../css.css'>
</head>
thanks for submitting the stuff, have a cheery day"; // Page that comes up after submission

} else {
echo "if you got an issue. i can't afford a tissue.";
} // comes up if something goes wrong

?>


I know the MySQL coding is messy but I havent used it in a while and was too tired to look it up :p only wanted to spend like 5min on this.

i was workn on a flatfile, but thisll do :D :D

I would use the cookie method and ban them from submitting for five minutes. Why five minutes? Well, because if a potential customer has sent me an inquiry but forgot to add something, he can then go back and add it five minutes later. Maybe even letting the user know "For secutiry purposes, this website can only allow you to submit an inquiry every x minutes."

Just trying to find out what's best for the user.

don't use cookies, if someone wanted to flood you with e-mails why would they use a web browser or something else that supports cookies, its just too slow to use a web browser and they would most likely make a script to do it because it can hit the page faster, and it is easier to to make a script that does not support cookies anyways

the best way is to just block the ip for a few minutes, it doesn't have to be too long, just long enough so that its not worth trying to flood you with e-mails

wao.. very useful thread! :) Will test it out soon!