Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 1 of 1
  1. #1
    Senior Coder
    Join Date
    Jun 2008
    Location
    Cornwall
    Posts
    2,099
    Thanks
    297
    Thanked 12 Times in 12 Posts

    Exclamation please can someone take a look at my contact form and help make it secure?

    Hi All

    I have a contact form which needs securing, i've added some validation but not sure if its enough. If someone would kindly check it out and help me make it more secure i'd really appreciate it. Also if anyone can suggest ways to improve it please do as i want to create a form which i can use on many projects

    the code is
    PHP Code:
    <?php
    $emailAddress 
    'myemailaddress';

    /* config end */
    require "phpmailer/class.phpmailer.php";

    session_start(); /* starts session to save generated random number */

    if(isset($_POST['submit']))
    {
        
        
    $input1 $_POST['myField1'];
        
    $input2 $_POST['myField2'];
        
    $input3 $_POST['myField3'];
        
    $input4 $_POST['comment'];
        
        if((
    preg_match('/[^a-zA-Z]/'$input1) || strlen($input1)<5)) 
        {
            
    #need to allow spaces
            
    $error[] = "Input1 be longer than 5 chars must not contain numbers or be left blank.";
        }
        
        if(
    preg_match('/[^a-zA-Z]/'$input2) || ( ( strlen$input2 )<) || ( strlen$input2 ) >15)))
        {
            
    $error[] = "Input2 be longer than 5 chars but less than 15 must not contain numbers or be left blank.";
        }
        
        
    // Set up regular expression strings to evaluate the value of email variable against
        
    $regex '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/'
        
    // Run the preg_match() function on regex against the email address
        
    if (!preg_match($regex$input3))
        {
             
    $error[] = "Email error";
        } 
        
        if((isset(
    $_POST['captcha'])) && $_POST['captcha'] == $_SESSION['captcha'])
        {
            unset(
    $_SESSION['captcha']); /* this line makes session free, we recommend you to keep it */    
        

        else
        {
            
    $error[] = 'Validation Check Incorrect';#echo "Passed!"; /* YOUR CODE GOES HERE */ 
        
    }
        
        if(!isset(
    $error))
        {
            
    $sent 1;
            echo 
    "<h1>Email Sent</h1>";
            
    $mail = new PHPMailer();
            
    $mail->IsMail();
            
            
    $mail->AddReplyTo($input3$input1);
            
    $mail->AddAddress($emailAddress);
            
    $mail->SetFrom($input3$input1);
            
    $mail->Subject "Test Email!";
            
            
    $mail->MsgHTML($input4);
            
            
    $mail->Send();
        }
        else
        {
            
    $sent 0;
        }
        
    }
    ?>
    <html>
    <head>
        <meta http-equiv="Content-type" content="text/html; charset=utf-8">
        <title>Contact</title>
        <script type="text/javascript" src="latest-jquery/jquery-1.5.1.min.js"></script>
        <script type="text/javascript" src="latest-jquery-ui/jquery-ui.min.js"></script>
        <script type="text/javascript" src="captcha/jquery.captcha.js"></script>
        <link href="captcha/captcha.css" rel="stylesheet" type="text/css" />
        <script type="text/javascript" charset="utf-8">
            $(function() {
                $(".ajax-fc-container").captcha({
                    borderColor: "silver",
                    text: "Verify that you are a human,<br />drag <span>scissors</span> into the circle."
                });
            });
        </script>
    </head>
    <body>
    <?php
    if (isset($error))#Display any errors
    {?>
        <p class='message error'><ul><?php foreach($error as $error){echo "<li>".$error."</li>";}?></ul></p><?php
    }

    if(
    $sent == 0)#IF FORM IS NOT SENT OF HAS ERRORS SHOW THE FORM ELSE HIDE THE FORM
    {?>
        <form action="#" method="post" id="myForm">
            <p><label for="Input1">Input 1</label><input type="text" name="myField1" value="<?php if(isset($input1)){echo $input1;}?>"></p>
            <p><label for="Input2">Input 2</label><input type="text" name="myField2" value="<?php if(isset($input2)){echo $input2;}?>"></p>
            <p><label for="Input3">Input 3</label><input type="text" name="myField3" value="<?php if(isset($input3)){echo $input3;}?>"></p>    
            <p><label for="Input4">Input 4</label><br /><textarea name="comment" cols="36" rows="6"><?php if(isset($input4)){echo $input4;}?></textarea></p>
            <!-- Begin of captcha -->    
            <div class="ajax-fc-container">You must enable javascript to see captcha here!</div>
            <!-- End of captcha -->
            <p><input id="submit" type="submit" name="submit" value="Submit"></p>
        </form><?php
    }?>

    </body>    
    </html>
    many thanks
    Luke
    Last edited by LJackson; 11-06-2012 at 03:30 PM.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •