• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 458
  • Last Modified:

COntact Form- Java Script

I have a contact form validator which is java script, i also have an extra validation on the submit button in that form, HOWEVER for some reason that I cannot figure out, the majority of the time, I get forms returned back to me with the proper information.. HOWEVER sometimes i receive BLANK FORMS and this is no good.. i need to see why these forms are allowed to return null values, when I have tried to validate the form twice. Any one can help me that would be GREAT!!

here the the java script from the contactformvalidator.js, if any one sees an error, please let me know, thank you in advance

function Form1_Validator(theForm)
{

  if (theForm.first_name.value == "")
  {
    alert("Please enter a value for the \"First Name\" field.");
    theForm.first_name.focus();
    return (false);
  }

  if (theForm.last_name.value == "")
  {
    alert("Please enter a value for the \"Last Name\" field.");
    theForm.last_name.focus();
    return (false);
  }

  if (theForm.phone.value == "")
  {
    alert("Please enter a value for the \"Phone\" field.");
    theForm.phone.focus();
    return (false);
  }

  if (theForm.email.value == "")
  {
    alert("Please enter a value for the \"Email\" field.");
    theForm.email.focus();
    return (false);
  }

  if (theForm.best_time_to_contact.value == "")
  {
    alert("Please enter a value for the \"Best Time To Contact\" field.");
    theForm.best_time_to_contact.focus();
    return (false);
  }


  if (theForm.address.value == "")
  {
    alert("Please enter a value for the \"Address\" field.");
    theForm.address.focus();
    return (false);
  }

  if (theForm.city.value == "")
  {
    alert("Please enter a value for the \"City\" field.");
    theForm.city.focus();
    return (false);
  }


  if (theForm.state.selectedIndex < 0)
  {
    alert("Please select one of the \"State\" options.");
    theForm.state.focus();
    return (false);
  }

  if (theForm.state.selectedIndex == 0)
  {
    alert("The first \"State\" option is not a valid selection.  Please choose one of the other options.");
    theForm.state.focus();
    return (false);
  }

  if (theForm.zip_code.value == "")
  {
    alert("Please enter a value for the \"Zip Code\" field.");
    theForm.zip_code.focus();
    return (false);
  }

  if (theForm.zip_code.value.length > 10)
  {
    alert("Invalid length in the \"Zip Code\" field.  Please re-enter.");
    theForm.zip_code.focus();
    return (false);
  }

  if (theForm.source.selectedIndex == 0)
  {
    alert("Please choose one of the options for how you heard about us.");
    theForm.source.focus();
    return (false);
  }

  return (true);
}
0
julianne26
Asked:
julianne26
  • 6
  • 6
3 Solutions
 
Dave BaldwinFixer of ProblemsCommented:
Blank forms can be spam that is posted directly to your action page.  That skips your validation script completely.  What kind of 'action page' do you have?
0
 
julianne26Author Commented:
this is the contact page the contact from.. is this what you meant by "action page"?

http://www.carlyleatthepalace.com/contact.html
0
 
Dave BaldwinFixer of ProblemsCommented:
Every form has a action attribute.  Yours is 'action="send_form.php" '.  Spammers operate by reading your page and sending info directly to your action page thus skipping the validation javascript.  That is why the action page needs to validate the info also to try to filter out obvious spam.  Spammers don't sit there and type something into your form, spam is almost all automated.
<form action="send_form.php" method="post" name="Form_1" id="Form_1"  onsubmit="return Form1_Validator(this)">

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
julianne26Author Commented:
Ok i am using send_form.php.. is there any code that i need to look for to delete in the php?
0
 
julianne26Author Commented:
Here is the PHP code for the send_form.php.. do you see any errors.. or where the spam might be??

<?
$from_name       = $HTTP_POST_VARS['first_name'];
            $from_email = $HTTP_POST_VARS['email'];
            $to_name       = "Carlyle at The Palace";
            $to_email       = "gschneider@carlyleonthegreen.net";
       $to_emailb       = "jkranitz@carlyleonthegreen.net";
            $to_emailc      = "skirschbaum@carlyleatthepalace.com";
            $to_emaild       = "julie@targetgroupmedia.com";


            $subject       = "Carlyle at The Palace Website Submission Form";

            $headers        = "MIME-Version: 1.0\r \n";
            $headers      .= "Content-type: text/html; charset=UTF-8\r \n";
            $headers      .= "From: \"".$from_name."\" <".$from_email.">\r \n";
            $headers      .= "Reply-To: \"".$from_name."\" <".$from_email.">\r \n";
            $headers      .= "X-Priority: 3\r \n";
            $headers      .= "X-MSMail-Priority: High\r \n";
            $headers      .= "X-Mailer: Just My Server";
            $date             = date('d.m.Y');
            
            
            $message = "<html><head><style type=text/css>body, table, td {font-family: verdana; font-size: 11px; color: #325169; padding: 5px;} </style></head>";
            $message .= "<body leftmargin=50px>";
            $message .= "<table><tr><td colspan=2 align=center><b>Carlyle at The Palace <br> Website Submission Form</b></td></tr>";
            $message .= "<tr><td align=left>First Name:</td><td align=left>".$HTTP_POST_VARS['first_name']."</td></tr>";
            $message .= "<tr><td align=left>Last Name:</td><td align=left>".$HTTP_POST_VARS['last_name']."</td></tr>";
            $message .= "<tr><td align=left>Phone:</td><td align=left>".$HTTP_POST_VARS['phone']."</td></tr>";
            $message .= "<tr><td align=left>Email:</td><td align=left>".$HTTP_POST_VARS['email']."</td></tr>";
            $message .= "<tr><td align=left>Best time to Contact:</td><td align=left>".$HTTP_POST_VARS['best_time_to_contact']."</td></tr>";
            $message .= "<tr><td align=left>Address:</td><td align=left>".$HTTP_POST_VARS['address']."</td></tr>";
            $message .= "<tr><td align=left>Address 2:</td><td align=left>".$HTTP_POST_VARS['address2']."</td></tr>";
            $message .= "<tr><td align=left>City:</td><td align=left>".$HTTP_POST_VARS['city']."</td></tr>";
            $message .= "<tr><td align=left>State:</td><td align=left>".$HTTP_POST_VARS['state']."</td></tr>";
            $message .= "<tr><td align=left>Zip Code:</td><td align=left>".$HTTP_POST_VARS['zip_code']."</td></tr>";
            $message .= "<tr><td align=left>Event type Social:</td><td align=left>".$HTTP_POST_VARS['event_type_social']."</td></tr>";
            $message .= "<tr><td align=left>Event type Corporate:</td><td align=left>".$HTTP_POST_VARS['event_type_corporate']."</td></tr>";                                           
            $message .= "<tr><td align=left>Event type Other:</td><td align=left>".$HTTP_POST_VARS['event_type_other']."</td></tr>";
            $message .= "<tr><td align=left>Source:</td><td align=left>".$HTTP_POST_VARS['source']."</td></tr>";

            $message .= "<tr><td align=left>Comments or Questions: </td><td align=left>".$HTTP_POST_VARS['comments']."</td></tr>";
            $message .= "<tr><td>&nbsp;</td><td>&nbsp;</td></tr></table></body></html>";
            
            mail("$to_name<$to_email>", $subject, $message, $headers);
            mail("$to_name<$to_emailb>", $subject, $message, $headers);
            mail("$to_name<$to_emailc>", $subject, $message, $headers);
            mail("$to_name<$to_emaild>", $subject, $message, $headers);

            
?>

<head>

<title>Carlyle at The Palace Website Submission Form</title>
<link href="carlylepalace.css" rel="stylesheet" type="text/css" />
<!--[if IE 6]>
<link href="ie6scrollfix.css" rel="stylesheet" type="text/css" />
<![endif]-->
<script type="text/javascript" src="swfobject.js"></script>
<script type="text/javascript" src="contactformvalidator.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
<body>
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td align="center" valign="top">
<table cellpadding="0" cellspacing="0" border="0" width="754" height="721" style="background-image:url(images/main_bg.jpg); background-repeat:no-repeat;">
<tr>
  <td height="94" align="center" valign="top"><img src="images/sendemail_header.jpg" width="754" height="94" align="top"></td>
</tr>
<tr>
<td align="center" valign="top" style="padding-top:70px"><p class="team_type2">&nbsp;</p>
  <p class="team_type2">Your request has been sent.</p>
<p><strong><a href="http://www.carlyleatthepalace.com/" class="team_type" id="team_type">Back to Carlyle at The Palace</a></strong></p>
</td>
</tr>
</table>
</td>
</tr>
</table>

</body>
</html>
0
 
julianne26Author Commented:
also i just found another contactformvalidator in the scripts folder of the ftp, at the end the code the return value is true.. the other conatfromvalidator in the ftp the return value is false.. could this have anything to do with the forms returning blank??
0
 
Dave BaldwinFixer of ProblemsCommented:
I don't think you understand yet.  I can make up my own form here on my computer that will POST to "send_form.php" on your server that can contain nothing or whatever values I want to send and it will not have to go thru your validation javascript.

You should consider checking the POST info in "send_form.php" before you send it.  At least you're not using an external user entered email address to send to because that would be an open invitation to spam relaying.  If your "send_form.php" recieves a POST that doesn't have the required information, you can consider it spam and not send it.  You can use essentially the same checks that you are using in your javascript.  However, if it doesn't pass validation in PHP, then it probably did not come from your page with the form and validation on it and you can probably consider it spam at that point and don't send the emails.

You should probably replace "$HTTP_POST_VARS" with "$_POST".  http://www.php.net/manual/en/reserved.variables.post.php
0
 
julianne26Author Commented:
i am confused when you say don't send the emails if its spam.. i don't want to send emails, I just want to make sure the form we have on our website is is being validated correctly. If there is an issue with spam, then i want to know how to solve the issue that will make the form validate the right way. I will take your suggestion and replace the $HTTP_POST_VARS with $_POST, will this solve the issue i am having with our clients receiving blank forms.. bc they are livid.. and I am trying to trouble shoot this the best that I can, thanks for all your help so far...
0
 
Dave BaldwinFixer of ProblemsCommented:
You really should have only one 'contactformvalidator' just to eliminate confusion.  I suppose if your page was getting the wrong one, it could be part of your problem.
0
 
Dave BaldwinFixer of ProblemsCommented:
"send_form.php" sends email to four people when the form on the contact page is posted.  I am saying that you also have to check or 'validate' the info on the PHP page to prevent people from sending spam to your clients.  This is a common issue with web page forms.  Validation in javascript is to help the desired users to fill out the form correctly.  Validation on the PHP page is to keep the undesired users out.
0
 
julianne26Author Commented:
GREAT feed back!! one more question.. i am going to delete one of the validation java script  forms... but i need to know which one... the first java script returns the value true at the end of the code (the code i pasted above).. and the other java script returns false.. which one should i keep?
0
 
Dave BaldwinFixer of ProblemsCommented:
The one you posted above looks fine to me.  It has 'return false' on all the errors and 'return true' if there aren't and that's what you want.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now