Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

contact form ending

Posted on 2014-04-11
6
Medium Priority
?
551 Views
Last Modified: 2014-04-25
The code below is for a contact form. It validates name, email, and messages. However when it is successfully submitted, the form disappears and a thank you message is displayed. I am not a PHP programmer. So I need some help in keeping the form on the page in addition to the thank you message. Thank you very much in advance.

From a high level:
...
<?php if($form_complete === FALSE): ?>
...
 <?php else: ?><p>Thank you for your Message!</p><?php endif; ?>

<?php

// Set email variables
$email_to = 'youremail@address.com';
$email_subject = 'Form submission';

// Set required fields
$required_fields = array('fullname','email','comment');

// set error messages
$error_messages = array(
	'fullname' => 'Please enter a Name to proceed.',
	'email' => 'Please enter a valid Email Address to continue.',
	'comment' => 'Please enter your Message to continue.'
);

// Set form status
$form_complete = FALSE;

// configure validation array
$validation = array();

// check form submittal
if(!empty($_POST)) {
	// Sanitise POST array
	foreach($_POST as $key => $value) $_POST[$key] = remove_email_injection(trim($value));
	
	// Loop into required fields and make sure they match our needs
	foreach($required_fields as $field) {		
		// the field has been submitted?
		if(!array_key_exists($field, $_POST)) array_push($validation, $field);
		
		// check there is information in the field?
		if($_POST[$field] == '') array_push($validation, $field);
		
		// validate the email address supplied
		if($field == 'email') if(!validate_email_address($_POST[$field])) array_push($validation, $field);
	}
	
	// basic validation result
	if(count($validation) == 0) {
		// Prepare our content string
		$email_content = 'New Website Comment: ' . "\n\n";
		
		// simple email content
		foreach($_POST as $key => $value) {
			if($key != 'submit') $email_content .= $key . ': ' . $value . "\n";
		}
		
		// if validation passed ok then send the email
		mail($email_to, $email_subject, $email_content);
		
		// Update form switch
		$form_complete = TRUE;
	}
}

function validate_email_address($email = FALSE) {
	return (preg_match('/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $email))? TRUE : FALSE;
}

function remove_email_injection($field = FALSE) {
   return (str_ireplace(array("\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:"), '', $field));
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

	<title>welcome</title>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	
	<link href="contact/css/contactform.css" rel="stylesheet" type="text/css" />
	
	<script type="text/javascript">
		var nameError = '<?php echo $error_messages['fullname']; ?>';
		var emailError = '<?php echo $error_messages['email']; ?>';
		var commentError = '<?php echo $error_messages['comment']; ?>';
	</script>

</head>

<body>

<div id="formWrap">
	<div id="form">
    <?php if($form_complete === FALSE): ?>
    <form action="contact.php" method="post" id="comments_form">
    	<div id="row">
        	<div class="label"> ur name</div>
            <div class="input">
            	<input type="text" id="fullname" class="detail" name="fullname" value="" />
</div>
             <div class="context">e.g. john smith</div>
        </div>
        
        <div id="row">
        	<div class="label"> ur email</div>
            <div class="input">
            	<input type="text" id="email" class="detail" name="email" value="<?php echo isset($_POST['email'])? $_POST['email'] : ''; ?>" />
                <?php if(in_array('email', $validation)): ?><span class="error"><?php echo $error_messages['email']; ?></span><?php endif; ?>
</div>
             <div class="context">email not share</div>
        </div>
        
         <div id="row">
        	<div class="label"> ur msg</div>
            <div class="input">
            	<textarea id="comment" class="mess" name="comment"/><?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?></textarea><?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?>
                </div>
             
        </div>
        
        <div class="submit"><input type="submit" id="submit" name="submit" value="send msg" /></div>
        </form>
        <?php else: ?>
<p>Thank you for your Message!</p>
<?php endif; ?>

</div>
</div>

</body>
</html>

Open in new window

0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 1000 total points
ID: 39995658
Delete line 88 - <?php if($form_complete === FALSE): ?>

Replace line 117-119 with:
<?php if($form_complete === TRUE): ?>
<p>Thank you for your Message!</p>
<?php endif; ?>

HTH,
Dan
0
 
LVL 1

Author Comment

by:leblanc
ID: 39996230
Awesome... How do you reset the form... Thank you very much
0
 
LVL 35

Assisted Solution

by:Dan Craciun
Dan Craciun earned 1000 total points
ID: 39996254
Add a reset button to the form, so the user can reset it.
<button type="reset" value="Reset">Reset</button>

Or, use JS and reset it on load or on another event:
document.getElementById("comments_form").reset();
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 1000 total points
ID: 40003832
The code snippet with the question looks very suspicious to me.  It may be old or from an uncertain source.  For better or worse, if you're not a PHP programmer, trying to copy untested examples of code is a sure recipe for catastrophe.  Eventually you will copy something with a security vulnerability.  You really don't want to do that.

As one example, the best-practices method for validating an email address has not used a regular expression since PHP5.2+  That's several years ago!  Please see these pages for information on the upgrades to PHP and how to use the current technology filters.
http://php.net/ChangeLog-5.php#5.2.0
http://php.net/manual/en/function.filter-var.php
http://php.net/manual/en/filter.filters.php
http://php.net/manual/en/filter.filters.validate.php

If you want to learn this stuff, this article will give you some good learning resources and, more importantly, steer you away from the many terrible examples that litter the internet:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html

And if you don't have time or don't want to learn this stuff, consider hiring a programmer to do the work for you.  It won't cost much and good work products will be in hand much faster.  As the great firefighter Red Adair famously said, "If you think it's expensive to hire a professional, just wait until you hire an amateur!"
0
 
LVL 1

Author Comment

by:leblanc
ID: 40003984
Ray,

Thanks for the info. I got my codes from this tutorial, https://www.youtube.com/watch?v=fBfXQqDcNSk&index=22&list=PLUWoaEuQPDX5h2rbVEP4-ErVIdbNQgl_H.
I am not a PHP kind of programmer. But from the tutorial, the form seems to be straight forward. So you are saying that using regular expression for form validation in PHP is not a best practice.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 1000 total points
ID: 40004084
Yes, I would choose the PHP filter.  Here's why:

Almost every regular expression is complicated and difficult to understand.  As a result, there is latent risk that the regular expression might match or miss something unwanted.  The internet is full of regular expressions that are only partially right, leading to innumerable run-time failures in PHP applications.  That is why PHP developed the filters.  They are not perfect, but they are PHP built-ins and subject to a lot of scrutiny from the community, including bug reports.  Your regular expression is yours and yours alone.  And frankly, I am not better than all of the programmers working on PHP, so I would rather rely on them than on myself alone.

These are "jokes" but they ring true for experienced developers!
https://xkcd.com/208/
https://xkcd.com/1171/

Here is my demonstration script showing how to validate an email address.

<?php // demo/email_validation.php
error_reporting(E_ALL);


// A FUNCTION TO TEST FOR A VALID EMAIL ADDRESS, RETURN TRUE OR FALSE
// SEE MAN PAGE: http://php.net/manual/en/intro.filter.php
function check_valid_email($email, $rout=TRUE)
{
    // LIST OF BLOCKED DOMAINS
    $bogus = array
    ( '@unknown.com'
    , '@example.com'
    , '@gooseball.org'
    )
    ;

    // IF THE EMAIL STRING IS IMPROPERLY FORMED
    if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) return FALSE;

    // TEST TO SEE IF THE DOMAIN IS IN OUR BLOCKED LIST
    foreach ($bogus as $badguy)
    {
        if (stripos($email, $badguy)) return FALSE;
    }

    // FILTER_VAR DOES NOT TEST IF THE DOMAIN IS ROUTABLE
    if ($rout)
    {
        $domain = explode('@', $email);

        // MAN PAGE: http://php.net/manual/en/function.checkdnsrr.php
        if ( checkdnsrr($domain[1], "MX") || checkdnsrr($domain[1], "A") ) return TRUE;

        // EMAIL IS NOT ROUTABLE
        return FALSE;
    }
    return TRUE;
}



// DEMONSTRATE THE FUNCTION IN ACTION
$e = NULL;
if (!empty($_GET["e"]))
{
    $e = $_GET["e"];
    if (check_valid_email($e))
    {
        echo "<br/>VALID: $e \n";
    }
    else
    {
        echo "<br/>BOGUS: $e \n";
    }
}


// END OF PROCESSING - CREATE THE FORM USING HEREDOC NOTATION
$form = <<<ENDFORM
<form>
TEST A STRING FOR A VALID EMAIL ADDRESS:
<input name="e" value="$e" />
<input type="submit" />
</form>
ENDFORM;

echo $form;

Open in new window

0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question