search

kllevin / citychiropractor

1 stars 0 forks source link

Apply validation and submission for Contact form #54

Closed chris-pearce closed 6 years ago

chris-pearce commented 8 years ago

From Dreamhost:

Hi, Scott!

According to our records, you've been using our FormMail system. If you've forgotten, FormMail is a script that allows your site's visitors to send you email via a web form.

Remember? This guy right here? http://formmail.dreamhost.com/

Sadly, the author of FormMail has not updated this script in many years and the number of DreamHost users taking advantage of this feature has dwindled.

As a result, we will be disabling and removing FormMail on Monday, February 15th.

That's the bad news.

The good news is that you can download and install FormMail on your own, continuing to use the very same (free!) script in a different location. The original script, last updated in 2009, is available as a free download from here: http://www.scriptarchive.com/formmail.html

Too much work for you? Check out Formspree! It's a remotely-hosted free tool that accomplishes the exact same thing and is ridiculously easy to configure: https://formspree.io/

We apologize for the inconvenience, but you've got time to make changes if needed - more than a month, in fact!

If you've got any questions or concerns about this change, please don't hesitate to contact our technical support team via the "Support" section of your DreamHost control panel at any time.

Thanks!

chris-pearce commented 8 years ago

@kllevin a past PHP implementation (5 years ago) of submitting a form via PHP and the contents being emailed to the recipient:

The form in the view:

<h2>Make An Enquiry</h2>
<div class="message">
    <div id="alert"></div>
</div>
<form action="sendmail.php" method="post" id="enquiry-form">
    <fieldset>
        <p><em>All fields are required</em></p>
        <div>
            <label for="name">Name</label>
            <input type="text" name="name" id="name" maxlength="100" class="txt-input" />
        </div>
        <div>
            <label for="email">Email Address</label>
            <input type="text" name="email" id="email" maxlength="100" class="txt-input" />
        </div>
        <div>
            <label for="phone">Phone Number</label>
            <input type="text" name="phone" id="phone" maxlength="100" class="txt-input" />
        </div>
        <div class="hide-fully">
            <label for="last">Don't fill this in</label>
            <input type="text" name="last" id="last" class="txt-input" />
        </div>
        <div>
            <label for="message">Your Enquiry</label>
            <textarea name="message" id="message" rows="5" cols="20"></textarea>
        </div>
        <input type="image" src="images/template/btn-submit.png" alt="Send" />
    </fieldset>
</form>

The PHP:

<?php
// Who you want to recieve the emails from the form. (Hint: generally you.)
$sendto = 'queenofheartsfuncasino@bigpond.com';

// The subject you'll see in your inbox
$subject = 'Queen of Hearts Enquiry form submission';

// Message for the user when he/she doesn't fill in the form correctly.
$errormessage = 'Oops! There seems to have been a problem. May we suggest...';

// Message for the user when he/she fills in the form correctly.
$thanks = "<p>Thanks for your enquiry. We will endeavour to reply to all enquiries within 72 hours. Should you require a response before this time, please contact our office during business hours.</p>";

// Message for the bot when it fills in in at all.
$honeypot = "You filled in the honeypot! If you're human, try again!";

// Various messages displayed when the fields are empty.
$emptyname =  'Entering your name';
$emptyemail = 'Entering your email address';
$emptyphone = 'Entering your phone number';
$emptymessage = 'Entering your enquiry';

// Various messages displayed when the fields are incorrectly formatted.
$alertname =  'Entering your name using only the standard alphabet?';
$alertemail = 'Entering your email in this format: <i>name@example.com</i>';
$alertmessage = "Making sure you aren't using any parenthesis or other escaping characters in the message? Most URLS are fine though!";

// --------------------------- Thats it! don't mess with below unless you are really smart! ---------------------------------

//Setting used variables.
$alert = '';
$pass = 0;

// Sanitizing the data, kind of done via error messages first. Twice is better!
function clean_var($variable) {
    $variable = strip_tags(stripslashes(trim(rtrim($variable))));
  return $variable;
}

//The first if for honeypot.
if ( empty($_REQUEST['last']) ) {

    // A bunch of if's for all the fields and the error messages.
    if ( empty($_REQUEST['name']) ) {
        $pass = 1;
        $alert .= "<li>" . $emptyname . "</li>";
    } elseif ( ereg( "[][{}()*+?.\\^$|]", $_REQUEST['name'] ) ) {
        $pass = 1;
        $alert .= "<li>" . $alertname . "</li>";
    }
    if ( empty($_REQUEST['email']) ) {
        $pass = 1;
        $alert .= "<li>" . $emptyemail . "</li>";
    } elseif ( !eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $_REQUEST['email']) ) {
        $pass = 1;
        $alert .= "<li>" . $alertemail . "</li>";
    }
    if ( empty($_REQUEST['phone']) ) {
        $pass = 1;
        $alert .= "<li>" . $emptyphone . "</li>";
    } 
    if ( empty($_REQUEST['message']) ) {
        $pass = 1;
        $alert .= "<li>" . $emptymessage . "</li>";
    } elseif ( ereg( "[][{}()*+?\\^$|]", $_REQUEST['message'] ) ) {
        $pass = 1;
        $alert .= "<li>" . $alertmessage . "</li>";
    }

    //If the user err'd, print the error messages.
    if ( $pass==1 ) {

        //This first line is for ajax/javascript, comment it or delete it if this isn't your cup o' tea.
    echo "<script>$(\".message\").hide().show();</script>";
    echo "<p>" . $errormessage . "</p>";
    echo "<ul>";
    echo $alert;
    echo "</ul>";

    // If the user didn't err and there is in fact a message, time to email it.
    } elseif (isset($_REQUEST['message'])) {

        //Construct the message.
        $message = "From: " . clean_var($_REQUEST['name']) . "\n";
        $message .= "Email: " . clean_var($_REQUEST['email']) . "\n";
        $message .= "Phone: " . clean_var($_REQUEST['phone']) . "\n";
        $message .= "Message: \n" . clean_var($_REQUEST['message']);
        $header = 'From:'. clean_var($_REQUEST['email']);

//Mail the message - for production
        mail($sendto, $subject, $message, $header);
//This is for javascript, 
        echo "<script>$(\".message\").hide().show(); $(':input').clearForm()</script>";
        echo $thanks;

        die();

    }

//If honeypot is filled, trigger the message that bot likely won't see.
} else {
    echo "<script>$(\".message\").hide().show();</script>";
    echo $honeypot;
}
?>