Please tell me how to fix my contact us form.. http://www.startanursingagency.com/contactus.php it doesnt work..
See in your code <form action="" Code (markup): Form action is the code file that is activated when you hit submit! This is file that utilises the sendmail function and mails you the content of the form filled! In your case, however, there is no such file, so for natural reasons, the form isn't working! Abhishek
Hi, I have attached a php file with this post. Download it and replace the whole "form" html with the content in this file. Don't change anything except your email. Replace $youremail = "your email here"; with an email ID of yours like: $youremail = "ss@ss.com"; Do NOT remove the quotation mark or the semicolon. Then fill in the form and check your email in about a minute. When you use action="" this means that the form is being submitted to the same page instead of an external script. With PHP this is an advantage as one need not have too many files. They can use the same page instead. The script I have attached uses the same method. For more advanced scripts of "form to email" go to hotscripts.com or search the web for "free form to email script using php". Bye
I Hope that JEET provided you a nice code for simple contact us form. I would suggest you to learn something about email header injection attacks and the ways to prevent your script from being used by spammers to send thousands of emails using your script. Personally I use the following script in my websites. I can't remember where I downloaded it. I have changed some parts of the code to make it simple for you. <?php // Configuration Part $admin = "example@example.com"; // Your email address to receive spam bot alert $domain = "example.com"; // Your domain name without WWW // Don't change anything below // First, make sure the form was posted from a browser. // For basic web-forms, we don't care about anything // other than requests from a browser: function logBadRequest() { @mail($admin,"Spammer Bot Attempt",$_SERVER['REMOTE_ADDR'],"From: Alert <alert@$domain>\r\n"); } if(!isset($_SERVER['HTTP_USER_AGENT'])){ die("Forbidden - You are not authorized to view this page"); exit(); } // Make sure the form was indeed POST'ed: // (requires your html form to use: action="post") if($_SERVER['REQUEST_METHOD'] != "POST"){ die("Forbidden - You are not authorized to view this page"); exit(); } // Host names from where the form is authorized // to be posted from: $authHosts = array($domain); // Where have we been posted from? $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER'])); // Test to see if the $fromArray used www to get here. $wwwUsed = strpos($fromArray['host'], "www."); // Make sure the form was posted from an approved host name. if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){ logBadRequest(); header("HTTP/1.1 403 Forbidden"); exit(); } // Attempt to defend against header injections: $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "Bcc:", "Cc:", "To:"); // Loop through each POST'ed value and test if it contains // one of the $badStrings: foreach($_POST as $k => $v){ foreach($badStrings as $v2){ if(strpos(strtolower($v), strtolower($v2)) !== false){ logBadRequest(); header("HTTP/1.1 403 Forbidden"); exit(); } } } // Made it past spammer test, free up some memory // and continue rest of script: unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); ?> PHP: If you have a form that use POST method in any of your pages, then you simply include this file at the top of your script to prevent attacks from spammers. ex. include("block_spam.php"); Hope this helps.
Hi Vishwa, The script keeps returning a blank page to me instead of processing the form. I think it dies because of something. Although I am actually filling the form and not sending REQUEST. (When I copied it from here, everything got copied in one single line instead of seperate lines and I seperated the lines before adding it to a test form.) Can you attach the original copy in text or php format please? Thanks
Sorry that I forgot to define the $admin,$domain variables inside the logBadRequest function. But it is not the reason for your problem. The script will return blank page (status code 403 - forbidden) on the following conditions. 1) the form get posted from an unauthorized host. Note: Some firewall softwares at the client end may strip off the referrer url for privacy purpose which results in blank referrer at the server side. In this situation, the script cannot find the valid referrer page from where the form get posted and results in comparison of empty host with approved hosts list. As they are not the same, the script categorize the attempt as spam one and die with 403 status code even though the request is genuine. 2) Bad strings in the form input text like Jeet, here is the file as you requested. Please PM me if you have any trouble in setting up the script.