Thanks to numerous inquiries from Kirupa user joshcaple on my last Thread, I have revised the contact form considerably. The revisions involve having default text set into the form on load, instead of static labels for each field. This raised a challenge in numerous areas. The conditional for validating the form had to be revised, and a couple of built-in methods and properties of flash’s text Object had to be used to clear the form onFocus and re-instate default text onKillFocus. Since there is a decent amount of scripting, I am just going to upload the source files for you to pick apart and/or use on your site. Feel free to post questions and comments, maybe we’ll both learn something.
Yeah, I have heard that, and it does check to make sure that the server completes the PHP. It could probably be easily swapped into this code. What I like about this is just how straight forward everything is (to me at least). I was able to use it in multiple scenarios already, and transition to more elaborate “Thanks” and “Error” screens with ease.
This has a couple of problems that I would like to point out. First, it does not check the input. So anything that someone puts in here is going to be sent out. This is a big problem for a couple of reasons.
You are allowing the content from the form to set the email headers. someone could insert additional CC or BCC addresses and use your form to send emails to others (spam from your server)
See this great article about the subject: http://www.securephpwiki.com/index.php/Email_Injection
Many, if not most email servers will look to see if the “From” address really exists on the machine that is sending the mail. So when you attempt to send an email that purports to come from joe@hotmail.com, but is being sent from yourdomain.com, it will fail pretty much anytime there is a spam filter in place on the server.
[quote=djheru;2329416]This has a couple of problems that I would like to point out. First, it does not check the input. So anything that someone puts in here is going to be sent out. This is a big problem for a couple of reasons.
You are allowing the content from the form to set the email headers. someone could insert additional CC or BCC addresses and use your form to send emails to others (spam from your server)
See this great article about the subject: http://www.securephpwiki.com/index.php/Email_Injection
Many, if not most email servers will look to see if the “From” address really exists on the machine that is sending the mail. So when you attempt to send an email that purports to come from joe@hotmail.com, but is being sent from yourdomain.com, it will fail pretty much anytime there is a spam filter in place on the server.
<?php
//The code below only executes if the variable that we are using
//to keep track of when the form was submitted has be 'set' or initialized
if(isset($_POST["submitted"]))
{
//These characters are not allowed, they are special characters that might be used by hackers or spammers
$badCharacters = ARRAY("
", "\r", "<");
//The "POST" variable is like a container that stores all of the information sent from the form
//This function strips out any bad characters that if finds
$POST = str_replace($badCharacters, "", $_POST);
//This pulls the information out of the POST container variable and stores it in individual variables
extract($_POST);
//This gibberish is called a "regular expression", and is actually a very complicated
//pattern matching method that ensures that the email address submitted via the form is of a valid format
if(eregi("^[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+(\.[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.([a-z]{2,})$", $emailtext))
{
//This checks to make sure that if they do submit a phone number, the phone number is of the proper format
if(preg_match('/^[\(]?(\d{0,3})[\)]?[\s]?[\-]?(\d{3})[\s]?[\-]?(\d{4})[\s]?[x]?(\d*)$/', $phonetext))
{
//Since the phone number is optional, if they leave it blank, we will put in a note to that effect
if($phonetext == ''){ $phonetext = "None Provided"; }
//The lines below take the information that is submitted in the form and compose it into an email
$subject = "Email contact request from the site!";
$content = "<h1>Email Contact Request</h1>";
$content .= "<p>You have received a contact request from the website.</p>";
//the date function outputs the current date and time in a format that you designate.
//The "F j, Y, g:i a" below creates a timestamp like "April 12, 2008, 12:18 pm"
$content .= "<p>Date: ".date("F j, Y, g:i a")."<br />";
$content .= "Name: ".$nametext."<br />";
$content .= "Email: ".$emailtext."<br />";
$content .= "Phone: ".$phonetext."<br />";
$content .= "Message: ".$messagetext."</p>";
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//This, of course, is where the email is sent
$recipient = "YourEmailHere@gmail.com";
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//this line defines the "end of line" character, which is used when sending the email headers
$eol="
";
//headers are bits of information that are used by email servers
$headers = "From: Website_User".$eol;
$headers .= "Reply-To: ".$emailtext.$eol;
$headers .= "MIME-Version: 1.0".$eol;
$headers .= "Content-type: text/html".$eol;
$headers .= "Message-ID: <".time()."-".$emailtext.">".$eol; //These two to help
$headers .= "X-Mailer: PHP v".phpversion().$eol; // to avoid spam-filters
//mail is a built in php function that sends email.
//if it sends the email successfully, it "returns" a value of true, which we can use to display a success or failure message to the user
$mailer=mail($recipient, $subject, $content, $headers);
if($mailer) //Means if the mail function returned a value of "true"
{
//this sends a "success" message back to the flash piece
echo "&responsetext=Email Sent Successfully!&responsecode=1";
}
else
{
//this, obviously, is the "not successful" message
echo "&responsetext=ERROR - Email not sent!";
}
}
else
{
//this error is triggered if the valid phone number checking regular expression fails
echo "&responsetext=Please Enter Valid Phone # - ex. 555-255-1212";
}
}
else
{
//this error is triggered when if the valid email checking regular expression fails
echo "&responsetext=Please Enter Valid Email Address!";
}
}
?>
Yeah, I have looked at your PHP… How simple would it be for me to use yours? I see that you have a phone # validation, which I can probably remove no problem. What revisions would I make so it would function along side my flash form?? I tried downloading Zend_Framework, but it requires a later version of PHP than my hosting service is equipped with.
Wow, I have looked at all of your PHP and your ActionScript, and it becomes more and more clear by the minute that I have no future in programming hahaha. I definitely have a designer’s education, and I avoid large amounts of scripting at all cost. Don’t bother trying to explain it to me, I most-likely won’t get it hahaha.
<?php
//The code below only executes if the variable that we are using
//to keep track of when the form was submitted has be 'set' or initialized
if(isset($_POST["submitted"]))
{
//These characters are not allowed, they are special characters that might be used by hackers or spammers
$badCharacters = ARRAY("
", "\r", "<");
//The "POST" variable is like a container that stores all of the information sent from the form
//This function strips out any bad characters that if finds
$POST = str_replace($badCharacters, "", $_POST);
//This pulls the information out of the POST container variable and stores it in individual variables
extract($_POST);
//This gibberish is called a "regular expression", and is actually a very complicated pattern matching method that ensures that the email address submitted via the form is of a valid format
if(eregi("^[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+(\.[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.([a-z]{2,})$", $email))
{
//The lines below take the information that is submitted in the form and compose it into an email
$subject = "Email contact request from the site!";
$content = "<h1>Email Contact Request</h1>";
$content .= "<p>You have received a contact request from the website.</p>";
//the date function outputs the current date and time in a format that you designate.
//The "F j, Y, g:i a" below creates a timestamp like "April 12, 2008, 12:18 pm"
$content .= "<p>Date: ".date("F j, Y, g:i a")."<br />";
$content .= "Name: ".$name."<br />";
$content .= "Email: ".$email."<br />";
$content .= "Company: ".$company."<br />";
$content .= "Message: ".$message."</p>";
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//This, of course, is where the email is sent
$recipient = "YourEmailHere@gmail.com";
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
//this line defines the "end of line" character, which is used when sending the email headers
$eol="
";
//headers are bits of information that are used by email servers
$headers = "From: Website_User".$eol;
$headers .= "Reply-To: ".$email.$eol;
$headers .= "MIME-Version: 1.0".$eol;
$headers .= "Content-type: text/html".$eol;
$headers .= "Message-ID: <".time()."-".$email.">".$eol; //These two to help
$headers .= "X-Mailer: PHP v".phpversion().$eol; // to avoid spam-filters
//mail is a built in php function that sends email.
//if it sends the email successfully, it "returns" a value of true, which we can use to display a success or failure message to the user
$mailer=mail($recipient, $subject, $content, $headers);
if($mailer) //Means if the mail function returned a value of "true"
{
//this sends a "success" message back to the flash piece
echo "&responsetext=Email Sent Successfully!&responsecode=1";
}
else
{
//this, obviously, is the "not successful" message
echo "&responsetext=ERROR - Email not sent!";
}
}
else
{
//this error is triggered when if the valid email checking regular expression fails
echo "&responsetext=Please Enter Valid Email Address!";
}
}
?>
If you are using sendAndLoad to POST your vars, you can create a dynamic text field to store the response that is coming from (if your loadVars object is called mylv and the dynamic text field instance is response_txt)
haha. Luckily, I don’t have to do MUCH programming, because any web design I do, I am usually supported by some sort of back-end programmer who knows their stuff (much like yourself). That’s always comforting. I have read into PHP and MySQL, but in practice they are difficult to grasp. I know alot more actionscript, but mostly for presentation and interactivity, and less for server-side stuff. Thanks again for your help, and I will try to revise my form and PHP with the info you gave me, and perhaps a version 3.0 is in the near future!
