How do I strip Name and Email Address requirements from a php 'send comment' form?

Participant ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

My pre-apologies for not being well-versed in php, but I am trying to put together a simple Comment box for users to "drop me a line".  I know this might seem strange, but for this particular purpose I don't want to require a Name and Email Address form field. How do I remove it from the following simple php so that the feedback comes through to my email?

 

Must be an easy thing, right?

 

Thanks,

 

Dave

 

 

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "example@example.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$first_name = $_REQUEST['first_name'] ;
$msg =
"First Name: " . $first_name . "\r\n" .
"Email: " . $email_address . "\r\n" .
"Comments: " . $comments ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($first_name) || empty($email_address)) {
header( "Location: $error_page" );
}

/*
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($first_name) || isInjected($comments) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

mail( "$webmaster_email", "Feedback Form Results", $msg );

header( "Location: $thankyou_page" );
}
?>

Views

708

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 2 Correct answers

LEGEND , Dec 29, 2020 Dec 29, 2020

 

All you need is the below:

 

<?php
$webmaster_email = "example@example.com";
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
// Sanitize data from comments form field using filter_var
$comments = filter_var($_POST['comments'], FILTER_SANITIZE_STRING);
$msg = "Comments: " . $comments ;
if (empty($comments)){
header( "Location: $error_page" );
}
else {
mail( "$webmaster_email", "Feedback Form Results", $msg );
header( "Location: $thankyo
...

Likes

Translate

Translate
LEGEND , Dec 29, 2020 Dec 29, 2020

elseif (empty($comments) {
header( "Location: $error_page" );
}

 

Your edited script is missing a bracket (empty($comments)) {

header( "Location: $error_page" );
}

 

You dont really need all that heavy checking as there is no email field any longer, just a simple 'comments' field, which can be sanitized by using the inbuilt php filter_var function.

 

 

 

Likes

Translate

Translate
LEGEND ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

 

All you need is the below:

 

<?php
$webmaster_email = "example@example.com";
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
// Sanitize data from comments form field using filter_var
$comments = filter_var($_POST['comments'], FILTER_SANITIZE_STRING);
$msg = "Comments: " . $comments ;
if (empty($comments)){
header( "Location: $error_page" );
}
else {
mail( "$webmaster_email", "Feedback Form Results", $msg );
header( "Location: $thankyou_page" );
}
?>

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

You know the old saying... read the instructions?  That's what code comments are for.

 

// This next bit loads the form field data into variables. If you add a form field, you will need to add it here.
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$first_name = $_REQUEST['first_name'] ;
$msg =
"First Name: " . $first_name . "\r\n" .
"Email: " . $email_address . "\r\n" .
"Comments: " . $comments ;

 

// If the form fields are empty, redirect to the error page. If you add a form field, you should add it here.
elseif (empty($comments) {
header( "Location: $error_page" );
}

// If email injection is detected, redirect to the error page. If you add a form field, you should add it here.
elseif ( isInjected($comments) ) {
header( "Location: $error_page" );
}

 

Nancy O'Shea, Adobe Product User & Community Professional
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

elseif (empty($comments) {
header( "Location: $error_page" );
}

 

Your edited script is missing a bracket (empty($comments)) {

header( "Location: $error_page" );
}

 

You dont really need all that heavy checking as there is no email field any longer, just a simple 'comments' field, which can be sanitized by using the inbuilt php filter_var function.

 

 

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jan 06, 2021 Jan 06, 2021

Copy link to clipboard

Copied

Ha, I know. I read the instructions and tried a few ways to no avail. I really do want to get a better understanding of all this. I  should probably start at the beginning, though.

 

Thanks, Nancy!

 

Dave

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

Part II of your question was about thwarting malicious bots.

 

I urge you to use Google's re-Captcha ver 3.  You'll need an unique ID and secret key from Google Console.  But the good news is it's free for up to 1 million assessments/month.

https://www.google.com/recaptcha/about/

 

Nancy O'Shea, Adobe Product User & Community Professional
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jan 06, 2021 Jan 06, 2021

Copy link to clipboard

Copied

Thanks so much! I will look into that, Nancy. As it turned out, my server (GoDaddy) was wrong in saying it had to be my php, that the reason my comment form wasn't working had to be my code. It wasn't. They had to add a note to my DNS comment so that Outlook didn't see my form submissions as spam. After that I found my old php page that I put together from your blog still worked perfectly well. So thanks for that, as well!

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jan 06, 2021 Jan 06, 2021

Copy link to clipboard

Copied

LATEST

"They had to add a note to my DNS comment so that Outlook didn't see my form submissions as spam."

Yes, as previously mentioned in your other discussion, email authentication is essential now.

 

"Another factor could be bounced emails for lack of proper authentication -- Sender Policy Frameworks (SPF) or DomainKeys (DKIM)  -- not to be confused with SMTP authentication which is completely different.

https://en.wikipedia.org/wiki/Email_authentication"

 

Glad you got it sorted.

 

Nancy O'Shea, Adobe Product User & Community Professional
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines