mail form validation (advice needed)

Discussion in 'PHP' started by nita, Jun 23, 2007.

0
  1. #1
    Hi
    I have small recomendation form, which is expected to collect name, e-mail, message, than sent e-mail and also update mysql database.
    What is done ?
    - when fields are empty - ok
    - email validation - ok

    what i want to do is to make sure that no one can use
    my form to spam, and also i will not get spam too.

    and to applay basic formating of e-mail and mysql input.

    and last most important issue is my so called captcha.
    As you will see in the script form is called serval times (if error). So when my form is displayed again, captcha image is not changing, is not refreshing each time form is called, but $thevalue is refreshing, and then $yourcode (re-type) is not equal to $thevalue1.

    i need some advice on this topic ... please

    thanks a lot in advance

    nita

    my code so far ..

    
// PHP_SELF safely! 
$php_self = basename(htmlentities($_SERVER['PHP_SELF'])); 

//captcha
$im = ImageCreate(60, 20);  //create image 
$white = ImageColorAllocate($im, 0,0, 0); 
$black = ImageColorAllocate($im, 120, 200, 68); 
$md5 = md5(microtime() * mktime()); 
$string = substr($md5,0,5); 
$verification = $string; 
$thevalue= $string; 
ImageFill($im, 0, 0, $black); 
ImageString($im, 4, 10, 3, $thevalue, $white); 
Imagejpeg($im, "inc/verify.jpeg"); 
ImageDestroy($im); 
//this is recommendation form 
$form .= " 
    <table width='100%'  border='0' cellspacing='0' cellpadding='10'> 
    <tr> 
    <td> 

    <form action='".$php_self."' method='post'> 
    <table width='444' align='left' class='info4'> 
    <tr> 
    <td valign='top' align='right'><b>Name:</b></td> 
    <td valign='top'> 
    <input name='name' size='30'> 
    </td> 
    </tr> 
    <tr> 
    <td valign='top' align='right'><b>E-mail:</b></td> 
    <td valign='top'> 
    <input name='email' size='30'> 
    </td> 
    </tr> 
    <tr> 
    <td valign='top' align='right'><b>Recomendation:</b></td> 
    <td valign='top'> 
    <textarea name='message' rows='10' cols='30'></textarea> 
    </td> 
    </tr> 
    <tr> 
    <td> 
    <img src='inc/verify.jpeg' border='0'> 
    <input type='hidden' value='".$thevalue."' name='thevalue1'> 
    </td> 
    <td> 
    <input type='text' name='yourcode' size='5' maxlength='5'> 
    </td> 
    </tr> 
    <td valign='top' align='right'></td> 
    <td valign='top' align='left'> 
    <input class='button1' type='submit' value='Send' name='submitreco'> 
    <input class='button1' type='reset' value='Reset' name='reset'> 
    </td> 

    </tr> 
    </table> 
    </form> 
    </td> 
    </tr> 
    </table><br>"; 


if (isset($_POST['submitreco'])) {


	$yourcode=$_POST['yourcode'];
	$thevalue1=$aaa@bbb.com";
	$name = $_POST['name'];
	$email = $_POST['email'];
	$message = $_POST['message'];
	
	// check if any of the fields are empty
	if ($name=="" or $message=="" or $email=="") {
	echo "Please fill up all fields !";
	echo($form);
	}
	else
	{
	$messagehtml = str_replace("\r", '', $message);
	$thanks = "
	<span class='info2'>
	Thank you !. Your recomendation has sucessfuly been sent!<br>
	<br></span>";
	$subject = "New Movie Recomendation from '$name'";
	$headers = "From: kris@nita-on-line.com";

	$messagetoemail = "Hi Kris. You recived a new movie recomendation.
	Name: $name
	E-mail: $email
	Recomendation: $messagehtml
	";
   	
	function check_email($email) {  
	
	// check that there's one @ symbol, and that the lengths are right  
		if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) 
		{    
	   	return false;
		}  
	
	// Split it into sections to make life easier  
		$email_array = explode("@", $email);  
		$local_array = explode(".", $email_array[0]);  
		for ($i = 0; $i < sizeof($local_array); $i++)
		{     
			if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) 
			{      
			return false;    
			}  
		}    
		
		if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
		{ 
	// Check if domain is IP. If not, it should be valid domain name    
		$domain_array = explode(".", $email_array[1]);    
			if (sizeof($domain_array) < 2) 
			{        
			return false; // Not enough parts to domain    
			}    
			for ($i = 0; $i < sizeof($domain_array); $i++) 
			{      
			if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) 
				{
				return false;      
				}    
			}  
		}  
	return true;
	}
	
	if (check_email($email)) 
		{
		if($yourcode == $thevalue1){ 
            echo "$thanks"; 
			mail($myemail, $subject, $messagetoemail, $headers);
			}
			
			else
			{
			
            echo "<span class='info2'>
			You verification code is not right. Please go back and try again.
			</span>"; 
            echo($form); 
        	} 	
   		}
   		else
		
		{
		echo "Make sure that you fill in your e-mail corectly !";
		echo($form);
		
		 
		}
	}
}
	
else{ 
   	echo($form); 
	}
    PHP:
     
    nita, Jun 23, 2007 IP
  2. DeViAnThans3

    DeViAnThans3 Peon

    Messages:
    785
    Likes Received:
    83
    Best Answers:
    0
    Trophy Points:
    0
    #2
    About your captcha image not refreshing: That has to do with the browser. The browser stores the image on the local pc, and doesn't refreshes it all time. The best thing to come around this is, make sure the browser doesn't stores the page, and so also doesn't stores the image.
    You can do so by making sure the pragma header is set to no-cache. This can be done in your HTML.
    ADD BETWEEN <head> and </head>:
    <META HTTP-EQUIV="pragma" CONTENT="no-cache">
    Code (markup):
    You could also use the PHP function header for this, however the HTML method described above should also do the job.
    header("Cache-Control: no-cache, must-revalidate");
    PHP:
    Each time the page refreshes (by example when an error occurs), the browser re-downloads the captcha image. That way, you make sure the most updated version is shown.

    Hope this helps. Let us know whether or not it works.
     
    DeViAnThans3, Jun 24, 2007 IP