Last active
March 2, 2018 19:26
-
-
Save cmccormack/838d3ebf00f6ad879fe4341b6ba45ada to your computer and use it in GitHub Desktop.
Simple PHP Contact Form
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if(!isset($_POST['submit'])) | |
{ | |
//This page should not be accessed directly. Need to submit the form. | |
echo "error; you need to submit the form!"; | |
} | |
$name = $_POST['name']; | |
$visitor_email = $_POST['email']; | |
$message = $_POST['message']; | |
//Validate first | |
if(empty($name)||empty($visitor_email)) | |
{ | |
echo "Name and email are mandatory!"; | |
exit; | |
} | |
if(IsInjected($visitor_email)) | |
{ | |
echo "Bad email value!"; | |
exit; | |
} | |
$email_from = $visitor_email; | |
$email_subject = "Feedback from [WEBSITE_NAME]"; | |
$email_body = "You have received a new message from the user $name.\n"; | |
$email_body .= "Here is the message:\n\n > $message"; | |
$to = "[MY_EMAIL_ADDRESS]"; | |
$headers = "From: $email_from \r\n"; | |
$headers .= "Reply-To: $visitor_email \r\n"; | |
// Send the email | |
mail($to,$email_subject,$email_body,$headers); | |
// Redirect to thank-you page. | |
header('Location: thank-you.html'); | |
// Function to validate against any email injection attempts | |
function IsInjected($str) | |
{ | |
$injections = array('(\n+)', | |
'(\r+)', | |
'(\t+)', | |
'(%0A+)', | |
'(%0D+)', | |
'(%08+)', | |
'(%09+)' | |
); | |
$inject = join('|', $injections); | |
$inject = "/$inject/i"; | |
if(preg_match($inject,$str)) | |
{ | |
return true; | |
} | |
else | |
{ | |
return false; | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment