59 replies to this topic

[lloyd_borrett]

I have added a new snippet to the Snippet Library!

Snippet name: GeneralEnquiry
Author: lloyd_borrett
Version: 1.0 (Final)
More info: View this snippet
Description:
Produces a General Enquiry form and emails the form input to the nominated email address. Allows for verification of the user's email address, checks for required fields, plus has some security measures to prevent the form from being used by spammers.

Please feel free to comment on this snippet, suggest improvements, or simply praise my work!

[This is an automatically created message]

[lloyd_borrett]

G'day,

With this GeneralEnquiry snippet I've finally taken the myriad of variations of the ContactMe snippet I've been creating as I've built various web sites and brought the ideas together in one place.

The most recent changes are the use of checkboxes and select fields instead of just plain input fields.

Plus I've tried to address the potential abuse of forms like this by spammers. Now I just have to flow those preventative measures back to earlier versions, plus some other form handling snippets.

The original ContactMe snippet had the provision to display initial values. I found the code to handle that actually got in the road of usability once the error checking and required field validation was introduced, so I dropped it.

Best Regards, Lloyd.

[Hans]

Hi Lloyd, thank but I get this errormessage:
Parse error: parse error, unexpected T_VARIABLE in /home/xxxxxxxx/public_html/etorc3/index.php(565) : eval()'d code on line 89
Did I something wrong here?
Hans

[lloyd_borrett]

Updated Snippet Message

I have updated this snippet in the Snippet Library!

[This is an automatically created message]

Fixed a typo.

Edited by lloyd_borrett, 19 December 2005 - 11:17 PM.

[lloyd_borrett]

Sorry Hans, A last second typo snuck in. It's fixed now.

You can also see the snippet in action live at http://www.thetrust.com.au/general-enquiry.htm.

Best Regards, Lloyd.

[lloyd_borrett]

Updated Snippet Message

I have updated this snippet in the Snippet Library!

[This is an automatically created message]

Added the demo URL.

Edited by lloyd_borrett, 19 December 2005 - 11:16 PM.

[lloyd_borrett]

Updated Snippet Message

I have updated this snippet in the Snippet Library!

[This is an automatically created message]

[French Frog]

I am impressed, I typed qdqsdfd@sdfvsdf.com in the email field and it was not accepted as a valid email address !
How do you do such a thing ?

[lloyd_borrett]

That email check isn't down to me. It was in the original ContactMe snippet.

It looks up to check that the domain name actually exists.

There are many ways to extend the ability to check email addesses.

One is to use regular expressions to determine if the email address actually conforms to what is allowed in an email address. Problem is, I haven't found a regular expression that actually properly checks all possibilities. Most of them make assumptions that may be valid in most circumstances, but not all. They all seem to not fully implement the standard.

2006-01-19 UPDATE: I've now found a function I'm happy with to validate email addresses against the RFC822 standard. It's included in the EnergyAgreement snippet.

The next way is to actually try and validate the email address given. After all, an address that conforms may quite possibily be an email address that doesn't exist.

This snippet checks that the domain name exists. But still, that's not really enough. for example the domain name borrett.id.au exists, but the email address ted@borrett.id.au doesn't exist.

So the next move would be to verify that the actual email address exist for that domain name. Problem is, not all mail servers support the mechanisms available to do that.

So in the end, the level of checking done is very much a compromise.

I've created many variations of the ContactMe snippet previously. The reason I submitted this one is because it does try to address the problem of such contact forms being used by spammers. And I think with the given rise on insertion type attacks, it's about time we all addressed this on our web sites.

Best Regards, Lloyd.

Edited by lloyd_borrett, 19 January 2006 - 10:37 AM.

[cathode]

Lloyd,
I'm getting an error trying to use this. Since I suspect that it may be a server config issue, I don't want to cause too much alarm yet. This is on a windows server, which I am not very familiar with.

The error seems to be happening at the point where it checks the email address.

The error:
PHP Fatal error: Call to undefined function: checkdnsrr() in c:\webppliance\conf\domains\username\Inetpub\wwwroot\index.php(576) : eval()'d code on line 295

 if (!checkdnsrr($mailDomain, "MX")) {
 	 // this is not a valid email domain!
 	 $error_email = 1;
 	 $error = 1;
  }
	}

I suppose I'd like to try to remove that portion of the snippet... think that wold be easy without breaking anything else?

thanks

[mikef]

cathode, on Jan 7 2006, 10:38 PM, said:

Lloyd,
I'm getting an error trying to use this. Since I suspect that it may be a server config issue, I don't want to cause too much alarm yet. This is on a windows server, which I am not very familiar with.

The error seems to be happening at the point where it checks the email address.

The error:
PHP Fatal error: Call to undefined function: checkdnsrr() in c:\webppliance\conf\domains\username\Inetpub\wwwroot\index.php(576) : eval()'d code on line 295

 if (!checkdnsrr($mailDomain, "MX")) {
 	 // this is not a valid email domain!
 	 $error_email = 1;
 	 $error = 1;
  }
	}

I suppose I'd like to try to remove that portion of the snippet... think that wold be easy without breaking anything else?

thanks

A quick check on google reveals that function is not supported on Windows implementations of PHP

You should be able to delete that part of code, but you've selected one line too many - there should be only one closing '}'

[lloyd_borrett]

G'day Cathode,

That test is where the domain name of the email address is checked for validity. It was a part of the original ContactMe snippet.

If that function isn't available on Windows Servers you could easily leave that section of code out. You'll still have the full functionality of the GeneralEnquiry snippet, plus protection against email spam injection. It's just that the validation of the given email address won't be so thorough.

Best Regards, Lloyd.

[cathode]

lloyd_borrett, on Jan 7 2006, 08:26 PM, said:

G'day Cathode,

That test is where the domain name of the email address is checked for validity. It was a part of the original ContactMe snippet.

If that function isn't available on Windows Servers you could easily leave that section of code out. You'll still have the full functionality of the GeneralEnquiry snippet, plus protection against email spam injection. It's just that the validation of the given email address won't be so thorough.

Best Regards, Lloyd.

I'll give it a try. I appreciate the reply

[cathode]

Well, I think it's a problem with this windows server, I got this php warning:

Quote

PHP Warning: mail() [function.mail]: Failed to connect to mailserver at "" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in c:\webppliance\conf\domains\username\Inetpub\wwwroot\index.php(576) : eval()'d code on line 357 PHP Warning: Cannot modify header information - headers already sent in c:\webppliance\conf\domains\username\Inetpub\wwwroot\index.php on line 404

That's most likely beyond my skill to fix. I've tried several scripts and they all have failed - now it's tme to contact the host and see if they can point me to a solution!

[lloyd_borrett]

G'day Cathode,

I'm not an expert in that stuff myself. The error implies to me that the server isn't supporting the PHP mail function, or that the SMTP email settings haven't been properly configured to enable the mail function to work.

There may be others here that can better advise you, but I suspect its something you're going to have to take up with your hosting provider and/or the system admin guys running the Windows Server.

As most of the form handling scripts use the PHP mail function, that would explain why none of them are working for you.

Best Regards, Lloyd.

Edited by lloyd_borrett, 08 January 2006 - 06:26 AM.

[LePrince]

Perhaps it will clarify things if you would create a snippet that contains only the following:

$address_to = "recipient@hisdomain.com";
$subject = "testsubject";
$message = "can you read this?";
      $headers = "MIME-Version: 1.0\r\n";
      $headers .= "Content-type: text; charset=iso-8859-1\r\n";
      $headers .= "From: Testmailer@etomite.com\r\n";
      $headers .= "X-Priority: 1\r\n";
      $headers .= "X-Mailer: Etomite PHP mailer\r\n";
mail ($address_to, $subject, $message, $headers);

I think this is the most simple mailfunction you can write. If it fails, I would expect a misconfiguration at the server's side given a correct recipient address.

Hope that gives you something to start with.

[allirish]

I am having a problem. The emails I am receiving via the form are coming in without the sender's email address in the message header. I am only getting a "-" as the "from". The body of the message has all the detail however.

[lloyd_borrett]

G'day,

Have you changed something?

The code is pretty straight forward.

Name and email are placed into the message
  $content_text = "NAME:\r\n".$name."\r\n\r\n";
  $content_text .= "EMAIL:\r\n".$email."\r\n\r\n";

Name and email are combined to give sender
  $sender = $name.' <'.$email.'>';
  
From part of header is prepared.
  $headers .= "From: ".$sender."\r\n";

So if the name and email address are getting into the message, they should also be getting into the header unless some of that code has been changed, or something else is messing up the $headers string.

Best Regards, Lloyd.

[allirish]

Hi There.
Haven't changed the code except for removing the need for a Company Name. Is it normal for all the header info to print in the message body? Don't know what else to look for because the mail comes in fine with the subject line and all, just that problem with the "-" where the sender email should be?
Henry

[lloyd_borrett]

Can you post your version of the snippet here, or email it to me. Then I can check it out for you.

Best Regards, Lloyd