1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to make a contact form?

Discussion in 'HTML & Website Design' started by jimsmith, Aug 26, 2006.

  1. #1
    How hard is it to make your own contact form?
    I can get a free form made really easily online, but I'm wondering how it goes making your own.
    Anyone have any experience?
     
    jimsmith, Aug 26, 2006 IP
  2. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #2
    I would have sent you one working contact form by email seconds ago - but you have either no email or email contact disabled. PM is too ineffient.

    contact form is very simple and you may find one at hotscripts.com
     
    hans, Aug 26, 2006 IP
    jimsmith likes this.
  3. jimsmith

    jimsmith Peon

    Messages:
    629
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #3
    sweet man thanks a lot
     
    jimsmith, Aug 26, 2006 IP
  4. amitpatel_3001

    amitpatel_3001 Results Follow Patience

    Messages:
    14,074
    Likes Received:
    1,178
    Best Answers:
    0
    Trophy Points:
    430
    #4
    Hope i too get one :)
     
    amitpatel_3001, Aug 26, 2006 IP
  5. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #5
    to make things easy
    herebelow the code - gives you
    1. the forum you insert into a HTML page
    2. the PHP file that processes the form and sends it to your email address

    --------------

    ------>> this below form : insert into a HTML page

    <form name=contactme action=contactme.php method=post>
    <div align="center">
    <table>
    <tr>
    <td align=right>Your Name:</td>
    <td width="15">&nbsp;</td>
    <td><input size=45 maxlength=45 type=text name=name
    style="font-family: Courier New; font-size: 10pt"></td></tr>
    <tr>
    <td align=right>Your Email Address:</td>
    <td>&nbsp;</td>
    <td><input size=45 maxlength=45 type=text name=from
    style="font-family: Courier New; font-size: 10pt"></td></tr>
    <tr>
    <td align=right>eMail Subject:</td>
    <td>&nbsp;</td>
    <td><input size=45 maxlength=90 type=text name=subject
    style="font-family: Courier New; font-size: 10pt"></td></tr>
    <tr>
    <td valign=top align=right>Contents:</td>
    <td>&nbsp;</td>
    <td><textarea name=body rows=12 cols=60
    style="font-family: Courier New; font-size: 10pt"></textarea></td></tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type=submit value=" Submit " name=submit style="font-size: 10pt; font-family: Tahoma"></td></tr>
    </table>
    </div>
    </form>



    ------------ below PHP code:
    save in same folder the below code to a file called in our example contactme.php
    the name MUST be identical as in the form itself !!!!
    if you save into OTHER folder - then adapt the path of "action=contactme.php" above


    <?php
    $body="
    $name ($from) sent you an online message:

    Comments:
    ========
    $body";

    $success = mail("YOUR recipient email @ your_site dot com","$subject","$from","$body");

    ?>


    <html>

    <head>
    </head>

    <body>
    .
    .
    .
    Thank you for your message
    .
    .
    .
    </body>
    </html>
     
    hans, Aug 26, 2006 IP
  6. AdamSee

    AdamSee Well-Known Member

    Messages:
    422
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    135
    #6
    Don't use that PHP! There's no error checking, or validation and it's wide open to being used as a platform for huge spam farms.
     
    AdamSee, Aug 26, 2006 IP
  7. kk5st

    kk5st Prominent Member

    Messages:
    3,497
    Likes Received:
    376
    Best Answers:
    29
    Trophy Points:
    335
    #7
    kk5st, Aug 26, 2006 IP
  8. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #8
    giving a full detailed working example of a better PHP contact-form might be helpful if you know any better.
    welcome to share your expertise.
     
    hans, Aug 26, 2006 IP
  9. abcdefGARY

    abcdefGARY Well-Known Member

    Messages:
    665
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    110
    #9
    like hans said, there's a lot of contact forms on hotscripts.com
     
    abcdefGARY, Aug 27, 2006 IP
  10. kk5st

    kk5st Prominent Member

    Messages:
    3,497
    Likes Received:
    376
    Best Answers:
    29
    Trophy Points:
    335
    #10
    I'm sorry to say my ken of the rfcs 822, 2822 and 2821 is too poor to fully understand all the security issues. For that reason, I wouldn't be able to recommend a script, but I can sure as hell spot one that has done nothing to secure against email injection exploits.

    cheers,

    gary
     
    kk5st, Aug 27, 2006 IP
  11. RRWH

    RRWH Active Member

    Messages:
    821
    Likes Received:
    49
    Best Answers:
    0
    Trophy Points:
    70
    #11
    I wrote one a couple of years ago, it has been deployed on 100's of sites and to my knowledge, it has never been exploited by spammers (and my logs indicate that they have tried).

    The example above is very bad and could be exploited in so many ways. Do not use it ever! It would take about 30 seconds to set up an XSS exploit that would be capable of spewing out spam by the bucketload.

    An example this bad is far worse than no example at all - because of it's serious flaws.
     
    RRWH, Aug 28, 2006 IP
  12. falcondriver

    falcondriver Well-Known Member

    Messages:
    963
    Likes Received:
    47
    Best Answers:
    0
    Trophy Points:
    145
    #12
    the problem is that you can simply add "fakesender@yahoo.com \r\n bcc:sendmespam@yahoo.com" into your sender field and your form will fire 2 emails out. "\r\n" adds another line to the email header and bcc:sendmespam@yahoo.com is your spam target. to fix that, you should check the string for a valid email at least:
    
    function isMail($emailaddress) 	{
    return(eregi("^[^@[:space:]]+@([[:alnum:]-]+.)+[[:alnum:]][[:alnum:]][[:alnum:]]?$", $emailaddress));
    }
    //usage
    if(!isMail($sender)) {
      echo "invalid mail address!";
    }
    
    PHP:
    returns true for valid addresses or false if the email is invalid (or if there is more than just a email-address in string).

    also check the subject line for any line breaks, you can add this bcc header there as well.
     
    falcondriver, Aug 28, 2006 IP
  13. eXe

    eXe Notable Member

    Messages:
    4,643
    Likes Received:
    248
    Best Answers:
    0
    Trophy Points:
    285
  14. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #14
    is there a particular reason why you dont want to share your contact form with us HERE in DP forum ??
    may be your form is exactly what we all are waiting for - a better working more secure form.

    btw
    i use the one posted since more than a year and a few other sites as well
    it never has been exploited so far.
    the risk for getting killed by a car out in the streets or poisend by bad food was far greater concern to me than email spam that might eventually one day come or never occur.
    my site has been abused by hackers and I have learned to act on intrusion - my host as well cares.
     
    hans, Aug 28, 2006 IP
  15. RRWH

    RRWH Active Member

    Messages:
    821
    Likes Received:
    49
    Best Answers:
    0
    Trophy Points:
    70
    #15
    I am glad your host understands such things.

    Sure, you can d/l mine www.rrwh.com/scripts.php
     
    RRWH, Aug 28, 2006 IP
  16. Pammer

    Pammer Notable Member

    Messages:
    3,417
    Likes Received:
    397
    Best Answers:
    0
    Trophy Points:
    260
    #16
    thanks hans ;) for share contact form code...
     
    Pammer, Aug 28, 2006 IP
  17. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #17
    RRWH
    thanks for sharing your download link

    btw

    i have tried the methods described above to add

    \r\n bcc:sendmespam-@-yahoo.com

    to a test senders address
    and see that just by definition of the field size in the simple form it is insufficient space defined to add even one more email address - unless of course both sender and spam-recipient would be very short

    hence for the time being i prefer to keep simple things simple and focus on quality instead. a host also has tools to prevent OUT-going spam since all is going thru the hosts local host-mailsystem. I enjoy the worlds largest host and am quiet happy since 2 years.

    the hackers i had once a while ago used other - far more professional - methods to do their jobs. that was serious security stuff and i spent some 2 weeks full time to study and solve the security issue.
    since then my host has installed a 2nd security monitoring system just for my site (and may be others as well ) to monitor live all attempts of site intrusion. successful teamwork so far.

    falcondriver

    I haven't figured out how to add the lines you posted. it seems they are NOT for the form and PHP posted on this page and need further changes of variables. i am - like so many -. NO coder at all - just a user of the web for successufl web publishing.
    the regex looks good and may make sense - may be you could further explain HOW to exactly use the lines with the form code posted HERE in this thread to make a simple contact for secure.
     
    hans, Aug 28, 2006 IP
  18. falcondriver

    falcondriver Well-Known Member

    Messages:
    963
    Likes Received:
    47
    Best Answers:
    0
    Trophy Points:
    145
    #18
    noooo, you got it all wrong!
    its only your browser who limits the input field. there are plenty of programs out there who read the available fields from a webpage and let the spammer fill in every value they want, without a limit (except your verify the input in your sender script via php).
    and you dont insert "\r\n" into this value, this is just how you write breaks in php (like "line 1\r\nline2"). if you want to insert multiple lines into a plain input field just write the lines seperated with a "return key" in a editor like notepad, press ctrl+a and ctrl+c and paste it into the input field via ctrl+v, thats all!

    like i said, this was just an easy function to check for an correct email adress. you can find what you need is at http://www.php.net/manual/en/function.mail.php (scroll down to the user comment "rsjaffe at gmail dot com 23-May-2006 08:23 Here's my way of detecting an attempt to hijack my mail form.").

    and you SHOULD always secure your mailfields. some people tried t use my form for spam maybe 20x in the last 12 months, and i only know it because i get an extra email with the used mailheader every time someone uses my form. how would you know that your form is abused it with your plain mail($myemail, $senderfield, $subject, $text) function?
     
    falcondriver, Aug 29, 2006 IP
  19. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #19
    thanks
    I am looking into it
    since my host supports php4 only and no php5 as the sample you referred to, i have to stick to common scripts for 4 up only
     
    hans, Aug 29, 2006 IP
  20. alterego85

    alterego85 Peon

    Messages:
    114
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #20
    or even easier, make the form using the wizard that can be found in most of cpanel. after it's done, copy the form link, insert the link into an inline frame of the page you intend to put the form in, and wallaaa, there you have it.

    That's what I did anyway.
     
    alterego85, Aug 29, 2006 IP