Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

PHP Contact Form

instagatainstagata
edited January 2006 in Vanilla 1.0 Help
Hey people, happy new year and all that jizazz fo real. Anyone got a nifty little web based contact form that just sends an email to an address you specify in the code itself, that they might wanna kinda send to me to use? Thanks :D
«1

Comments

  • MinisweeperMinisweeper New
    instagata!! Dude you could write that so easily! Just make yourself a simple html form to post the things to a php script and shove them into a mail() function!
  • instagatainstagata
    edited January 2006
    minesweeper!!! I just got told the same thing, however, I have never written php in my life and since this is my 3rd last web job ever I cbf learning it.
  • MinisweeperMinisweeper New
    fair play. I just wrote you out a bit of php to do it 3 times then clicked back or some other stupid button which wiped it so i'm gonna give up and go to bed.
    Make yourself a html form for a start. I'm sure some other kind bean round here will help you out with the php much better than i could have anyway. Check out http://uk.php.net/manual/en/ref.mail.php for reference just incase you get bored :P
  • nick1prestanick1presta
    You will want to watch out for mail injections and people specifying other headers.
  • MarkMark Vanilla Staff
    edited January 2006
    http://www.google.ca/search?hl=en&q=php+mailer+script&btnG=Google+Search&meta=
  • instagatainstagata
    Thanks Mark
  • c-unitc-unit
    That's like something I actually know how to do :o.
  • instagatainstagata
    wanna make me one then
  • KosmoKosmo
    What a weird conversation, everyone comes here to brass with their skills "how they could write is in so fast that it ripples the time space continum and shatters the fractual hypothesis of the universe and human mind THANK GOD ISAAC ASIMOV" but no one actually did anything, well, except Mark who posted a link.

    Well, here is my take on the subject that I did some time ago, but as you might have guessed, it's not about the script or how easy or hard it is to write, it is about knowing how things work to make it secure and safe to use on a public site.

    Use it with caution.

    <?php $name = $_POST["name"]; $email = $_POST["email"]; $subject = $_POST["subject"]; $message = $_POST["message"]; $iprotocol = $_SERVER['REMOTE_ADDR']; $useragent = $_SERVER["HTTP_USER_AGENT"]; $mymail = "email@domain.com"; $mail = (" $subject - sitename --------------------------------------------------------------------- Name: $name \n Email: $email \n Message: $message \n\n User Information. --------------------------------------------------------------------- \n IP Address: $iprotocol \n User-Agent: $useragent \n "); mail( $mymail, "$subject - sitename", $mail, "From: $email" ); ?>
  • BergamotBergamot
    edited January 2006
    Just because something is simple conceptually doesn't mean it's not boring or time consuming.

    For the record, I have no idea how to send emails in PHP.
  • KosmoKosmo
    Well, essentially, what I figured out, the catch to mail something in PHP is the mail(); function, other than that, it is basically variables.

    Like you can see that only things that are not variables are the mail(); function presented below, and the global variables pulled from the server (sent by the html form and the server itself.)

    And because of this, it has me believing that it is insecure to use this, too easy to crack open and mess around I believe.

    mail( $mymail, "$subject - sitename", $mail, "From: $email" );
  • c-unitc-unit
    I'll try my hand at making one after school.
  • nick1prestanick1presta
    What a weird conversation, everyone comes here to brass with their skills "how they could write is in so fast that it ripples the time space continum and shatters the fractual hypothesis of the universe and human mind THANK GOD ISAAC ASIMOV" but no one actually did anything, well, except Mark who posted a link.
    I offered advice - to watch out for mail injections and other headers - you should be able to figure it out yourself.
    You won't learn anything is someone does it for you. You need to make a mistake or 50 to learn.
  • KosmoKosmo
    I offered advice - to watch out for mail injections and other headers - you should be able to figure it out yourself.
    You won't learn anything is someone does it for you. You need to make a mistake or 50 to learn.

    True not always.
  • instagatainstagata
    Hey guy's and girls I am looking for someone to help me out here, this is the last web job I am ever going to do which is why I dont want to learn it. After this I am out of web development. This industry though it has given me the occasionaly joy over the last 6 years and I have achieved lots of goals it's just not for me. So anyone that has one thats prewritten and feels ok with me using it, I would feel most appreciative.
  • KosmoKosmo
    If someone could comment on the validity of the script I posted (possible security issues and performance) you are free to use my script. I'm using it in one small site and haven't had a problem. But it only has been in use for couple of months so I don't know if it will be a security issue.
  • nick1prestanick1presta
    Sure, post it.
  • MinisweeperMinisweeper New
    It's up there, nick.
  • nick1prestanick1presta
    Oh, that! Well, that really isn't secure. You need to htmlentities(), trim() and isset()/empty() every form field, check for "\\r\\n", "\\r", "\\n", "MIME-Version:". Use boundaries, proper encoding, etc. You will also want error handling. What if they don't fill out anything in your form? Is it going to email the blank form anyways? What if they don't enter a correctly formed email (You should use regex to check)? http://ca3.php.net/function.mail http://securephp.damonkohler.com/index.php/Email_Injection
  • lechlech
    HTML email is a sin :)
This discussion has been closed.