Create a gist now

Instantly share code, notes, and snippets.

@frjo /contact.php
Last active Jul 10, 2017

What would you like to do?
PHP script for contact form
<?php
// Set address that submission should be sent to.
// Also set sender/return path header to this address to avoid SPF errors.
$to = $sender = "info@example.com";
$error = false;
$success = false;
// Check that referer is local server.
if (!isset($_SERVER['HTTP_REFERER']) || (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $_SERVER['SERVER_NAME'])) {
exit('Direct access not permitted');
}
// Check that this is a post request.
if ($_SERVER['REQUEST_METHOD'] != 'POST' || empty($_POST)) {
$error = true;
}
// Check if fake url field is filled in, i.e. spam bot.
if (!empty($_POST['url'])) {
$error = true;
}
// Check that e-mail address is valid.
if ((bool) filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL)) {
$email = trim($_POST['email']);
}
else {
$error = true;
}
if (!$error) {
// Construct the mail with headers.
$name = _contact_clean_str($_POST['name'], ENT_QUOTES, true);
$subject = _contact_clean_str($_POST['subject'], ENT_NOQUOTES, true);
$subject = "[Website feedback] $subject";
$message = _contact_clean_str($_POST['message'], ENT_NOQUOTES);
$lines = explode("\n", $message);
array_walk($lines, '_contact_ff_wrap');
$message = implode("\n", $lines);
$headers = [
'From' => "$name <$email>",
'Sender' => $sender,
'Return-Path' => $sender,
'MIME-Version' => '1.0',
'Content-Type' => 'text/plain; charset=UTF-8; format=flowed; delsp=yes',
'Content-Transfer-Encoding' => '8Bit',
'X-Mailer' => 'Hugo - Zen',
];
$mime_headers = [];
foreach ($headers as $name => $value) {
$mime_headers[] = "$name: $value";
}
$mail_headers = join("\n", $mime_headers);
// Send the mail, suppressing errors and setting Return-Path with the "-f" option.
$success = @mail($to, $subject, $message, $mail_headers, '-f' . $sender);
}
$status = $success ? 'submitted' : 'error';
$contact_form_url = strtok($_SERVER['HTTP_REFERER'], '?');
// Redirect back to contact form with status.
header('Location: ' . $contact_form_url . '?' . $status, TRUE, 302);
exit;
function _contact_ff_wrap(&$line) {
$line = wordwrap($line, 72, " \n");
}
function _contact_clean_str($str, $quotes, $strip = false) {
if ($strip) {
$str = strip_tags($str);
}
return htmlspecialchars(trim($str), $quotes, 'UTF-8');
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment