[Pro] PHP Feedback Form Questions

Robert_B · February 19, 2010, 2:24pm

Wasn’t sure if I should start a new thread, but since my other problem was solved (user error!), I figured I’d start a new one.

Is there a way in the PHP Feedback Form or in FW Form tools to make sure the name and email addresses are real?

To test the form on a site we’re working on, one of us used the name of a famous person along with a fake email address. Now, I know the person can’t be checked for legitimacy, but can the email address at at least be?

I have the Spam Trap and IP Address checked in the Feedback form, too.

Thanks.

Bob

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tim3 · February 19, 2010, 2:51pm

Hi Robert,
I’ve a version of the action that I’ve yet to release that uses the
checkdnsrr function in PHP (http://php.net/manual/en/function.checkdnsrr.php
) to see if the domain associated with the email address is real.
Unfortunately the action isn’t in a state that I can share at the
moment but if you fancy editing you -go.php file yourself then here’s
the addition;

Open up the -go.php text file the action creates (it should be in the
same folder as the page the form is on in your created web site) and
look for the following code;

$email = $_POST["email"];
if ( !preg_match('/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-.]+.[a-zA-Z]+(.[a- 
zA-Z]+)?$/', $email) ){
	header( "Location: ".$invalidaddress_errorpage );
	exit;
}

change this to;

$email = $_POST["email"];
$domain = explode('@', $email);
if ( !preg_match('/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-.]+.[a-zA-Z]+(.[a- 
zA-Z]+)?$/', $email) || !checkdnsrr($domain[1]) ){
	header( "Location: ".$invalidaddress_errorpage );
	exit;
}

Keep a backup copy of this file handy (the action will blindly
overwrite it next time you publish your site) and manually FTP it into
your server replacing the old file.
Unfortunately I don’t have a similar fix to look for famous people’s
names.
Regards,
Tim.

On 19 Feb 2010, at 14:24, Robert B wrote:

Wasn’t sure if I should start a new thread, but since my other
problem was solved (user error!), I figured I’d start a new one.

Is there a way in the PHP Feedback Form or in FW Form tools to make
sure the name and email addresses are real?

To test the form on a site we’re working on, one of us used the name
of a famous person along with a fake email address. Now, I know the
person can’t be checked for legitimacy, but can the email address at
at least be?

I have the Spam Trap and IP Address checked in the Feedback form, too.

FreewayActions.com - Freeware and commercial actions for Freeway
Express & Pro.
…
Protect your mailto links from being harvested by spambots with Anti
Spam.
Only available at FreewayActions.com
…
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Robert_B · February 19, 2010, 2:58pm

Thanks, Tim.

I’ll tell the client they have to do their own checking on famous queries!

Bob

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tim3 · February 19, 2010, 3:04pm

That sounds like the best option. You could build a list of ‘famous
names’ that the script looks through but it’s unnerving how many
people share names with historic or famous figures. I recall seeing a
Bart Simpson on a UK talk show, for example.
Regards,
Tim.

On 19 Feb 2010, at 14:58, Robert B wrote:

I’ll tell the client they have to do their own checking on famous
queries!

FreewayActions.com - Freeware and commercial actions for Freeway
Express & Pro.
…
Protect your mailto links from being harvested by spambots with Anti
Spam.
Only available at FreewayActions.com
…
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Robert_B · February 19, 2010, 3:08pm

Yeah, the client wanted to test it, so she use George Clooney. The email address was george(at)yahoo(dot)com!

Bob

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Lode_Rosel · February 20, 2011, 1:42pm

On 19 Feb 2010, 1:51 pm, Tim Plumb wrote:

Hi Robert,
I’ve a version of the action that I’ve yet to release that uses the
checkdnsrr function in PHP (http://php.net/manual/en/function.checkdnsrr.php
) to see if the domain associated with the email address is real.
Unfortunately the action isn’t in a state that I can share at the
moment but if you fancy editing you -go.php file yourself then here’s
the addition;

Open up the -go.php text file the action creates (it should be in the
same folder as the page the form is on in your created web site) and
look for the following code;
$email = $_POST["email"];
if ( !preg_match('/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-.]+.[a-zA-Z]+(.[a- 
zA-Z]+)?$/', $email) ){
	header( "Location: ".$invalidaddress_errorpage );
	exit;
}
change this to;
$email = $_POST["email"];
$domain = explode('@', $email);
if ( !preg_match('/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-.]+.[a-zA-Z]+(.[a- 
zA-Z]+)?$/', $email) || !checkdnsrr($domain[1]) ){
	header( "Location: ".$invalidaddress_errorpage );
	exit;
}
Keep a backup copy of this file handy (the action will blindly
overwrite it next time you publish your site) and manually FTP it into
your server replacing the old file.
Unfortunately I don’t have a similar fix to look for famous people’s
names.
Regards,
Tim.

On 19 Feb 2010, at 14:24, Robert B wrote:

Wasn’t sure if I should start a new thread, but since my other
problem was solved (user error!), I figured I’d start a new one.

Is there a way in the PHP Feedback Form or in FW Form tools to make
sure the name and email addresses are real?

To test the form on a site we’re working on, one of us used the name
of a famous person along with a fake email address. Now, I know the
person can’t be checked for legitimacy, but can the email address at
at least be?

I have the Spam Trap and IP Address checked in the Feedback form, too.

FreewayActions.com - Freeware and commercial actions for Freeway
Express & Pro.
…
Protect your mailto links from being harvested by spambots with Anti
Spam.
Only available at FreewayActions.com
…
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Lode_Rosel · February 20, 2011, 1:46pm

Hello,

I came across this tread, as I’m looking for the same thing (check on e-mail). I tried to replace the code, but now it gives an error on my own e-mail address.

thanks, Lode

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · February 20, 2011, 2:04pm

This is a tricky one to check as unless you can post the code in the yourpage-go.php file we cannot check it for you.

You can open the file in a text editor, copy all the text and paste it here if you put 4 tildes (~) in a row, Return, paste text, Return, 4 tildes, Return

/~~~~
Text here
/~~~~

The forward slashes can be ignored as they are only there so that this feature doesn’t get implemented in my example

And remember that every time you upload your page this file will be overwritten by FW

David

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Lode_Rosel · February 20, 2011, 5:25pm

Hi, I formulated my question badly; I replaced the code in the “go.php” (code joined) document and uploaded it to a test-site: (http://www.roselnet.com/contact.php).
I have no knowledge of HTLM, PHP etc…, coming from a InDesign, Quark environment.

thanks, Lode

/~~~~

<?php $notindomain_errorpage = "error.html"; $server_errorpage = "error.html"; $invalidaddress_errorpage = "error.html"; $successpage = "success.html"; $recipient="email@hidden"; $subject="Demande Info location"; // Set the server variables for older (PHP4,3 etc) systems if (!isset($_SERVER)){ $_POST = &$HTTP_POST_VARS; $_SERVER = &$HTTP_SERVER_VARS; } $servername = $_SERVER['SERVER_NAME']; if ($_SERVER['REQUEST_METHOD']=="POST") { if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 || !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { header( "Location: ".$notindomain_errorpage ); exit; } else { $msg="The following information was submitted from a form on ".$servername.":\n\n"; foreach($_POST as $key => $val) { //filter out any form items called send or reset //image based submit and reset buttons will be in the format // send_x: 13 // send_y: 10 $myKeySlice = substr("$key",0,4); if ($myKeySlice != "send" && $myKeySlice != "rese"){ if ($key == "subject" || $key == "email" || $key == "name"){ //Prevent injection attacks by stripping tags and newlines from the data //Do this only on data that makes it into the e-mail header as newlines in a message body should still be valid $key = strip_tags($key); $val = strip_tags($val); if (eregi("\r",$key) || eregi("\n",$key)){ header( "Location: ".$notindomain_errorpage ); exit; } if (eregi("\r",$val) || eregi("\n",$val)){ header( "Location: ".$notindomain_errorpage ); exit; } } //replace any underscores in the input names (PHP puts these in!) with spaces $key = str_replace("_"," ",$key); //if the form item is called "subject" then set this as the subject line of the mail if ($key == "subject"){ $subject=$val; } else { if (is_array($val)){ $msg.="Item: $key\n"; foreach($val as $v) $msg.=" $v\n"; } else { $msg.="$key: $val\n"; } } } } //set up the default headers $headers = ""; //get the senders name (if specified) if ($_POST["name"]) { $name = $_POST["name"]; } else { $name = ""; } //get the senders email address (if specified) if (isset($_POST["email"])) { $email = $_POST["email"]; $domain = explode('@', $email); if ( !preg_match('/^[a-zA-Z0-9_\.-]+@[a-zA-Z0-9-\.]+\.[a-zA-Z]+(\.[a- zA-Z]+)?$/', $email) || !checkdnsrr($domain[1]) ){ header( "Location: ".$invalidaddress_errorpage ); exit; } } else { //the email is missing! //strip the domain from the address //www.domain.com -> domain.com if (substr($servername,0,4) == "www."){ $theaddress = substr($theaddress,4); } $email = "noreply@".$theaddress; $msg.="\n\n------------------------------------------------------------------"; $msg.="\nPLEASE NOTE: This is a message from the ".$servername." web site"; $msg.="\nand has been sent from a machine and not a person."; $msg.="\nPlease do not reply to this e-mail as it will bounce."; $msg.="\n------------------------------------------------------------------"; } $headers .= "From: $name <$email>\r\n"; //add the correct headers for plain text //see: http://www.webmasterworld.com/php/3949990.htm $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-type: text/plain; charset=\"ISO-8859-1\"\n"; $headers .= "Content-transfer-encoding: 7bit\n"; $headers .= "Reply-To: $email\r\n"."Return-Path: $email"; error_reporting(0); if (mail($recipient, $subject, $msg, $headers)){// header( "Location: ".$successpage ); } else { header( "Location: ".$server_errorpage ); } } } else { header( "Location: ".$server_errorpage ); } ?>

/~~~~

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · February 20, 2011, 6:07pm

OK - firstly no forward slash in front of the Tildes and a Return after each set of Tildes to get code to show.

This is your form code:

<?php $notindomain_errorpage = "error.html"; $server_errorpage = "error.html"; $invalidaddress_errorpage = "error.html"; $successpage = "success.html"; $recipient="email@hidden"; $subject="Demande Info location"; // Set the server variables for older (PHP4,3 etc) systems if (!isset($_SERVER)){ $_POST = &$HTTP_POST_VARS; $_SERVER = &$HTTP_SERVER_VARS; } $servername = $_SERVER['SERVER_NAME']; if ($_SERVER['REQUEST_METHOD']=="POST") { if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 || !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { header( "Location: ".$notindomain_errorpage ); exit; } else { $msg="The following information was submitted from a form on ".$servername.":nn"; foreach($_POST as $key => $val) { //filter out any form items called send or reset //image based submit and reset buttons will be in the format // send_x: 13 // send_y: 10 $myKeySlice = substr("$key",0,4); if ($myKeySlice != "send" && $myKeySlice != "rese"){ if ($key == "subject" || $key == "email" || $key == "name"){ //Prevent injection attacks by stripping tags and newlines from the data //Do this only on data that makes it into the e-mail header as newlines in a message body should still be valid $key = strip_tags($key); $val = strip_tags($val); if (eregi("r",$key) || eregi("n",$key)){ header( "Location: ".$notindomain_errorpage ); exit; } if (eregi("r",$val) || eregi("n",$val)){ header( "Location: ".$notindomain_errorpage ); exit; } } //replace any underscores in the input names (PHP puts these in!) with spaces $key = str_replace("_"," ",$key); //if the form item is called "subject" then set this as the subject line of the mail if ($key == "subject"){ $subject=$val; } else { if (is_array($val)){ $msg.="Item: $keyn"; foreach($val as $v) $msg.="   $vn"; } else { $msg.="$key: $valn"; } } } } //set up the default headers $headers = ""; //get the senders name (if specified) if ($_POST["name"]) { $name = $_POST["name"]; } else { $name = ""; } //get the senders email address (if specified) if (isset($_POST["email"])) { $email = $_POST["email"]; $domain = explode('@', $email); if ( !preg_match('/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-.]+.[a-zA-Z]+(.[a- zA-Z]+)?$/', $email) || !checkdnsrr($domain[1]) ){ header( "Location: ".$invalidaddress_errorpage ); exit; } } else { //the email is missing! //strip the domain from the address //www.domain.com -> domain.com if (substr($servername,0,4) == "www."){ $theaddress = substr($theaddress,4); } $email = "noreply@".$theaddress; $msg.="nn------------------------------------------------------------------"; $msg.="nPLEASE NOTE: This is a message from the ".$servername." web site"; $msg.="nand has been sent from a machine and not a person."; $msg.="nPlease do not reply to this e-mail as it will bounce."; $msg.="n------------------------------------------------------------------"; } $headers .= "From: $name <$email>rn"; //add the correct headers for plain text //see: $headers .= "MIME-Version: 1.0n"; $headers .= "Content-type: text/plain; charset="ISO-8859-1"n"; $headers .= "Content-transfer-encoding: 7bitn"; $headers .= "Reply-To: $emailrn"."Return-Path: $email"; error_reporting(0); if (mail($recipient, $subject, $msg, $headers)){// header( "Location: ".$successpage ); } else { header( "Location: ".$server_errorpage ); } } } else { header( "Location: ".$server_errorpage ); } ?>

The problem with doing it this way is that even though you uploaded the contact-go.php file when you used the action a new file was created called contact-goa.php which was used by the action and not the one you uploaded.

<form action="contact-goa.php" method="post" name="form1" onsubmit="return(VerifyForm('form1'));">

Ideally what you want to do is use the action, publish to create the contact-go.php file.

Modify the contact-go.php file - I would then rename it to something like formhandler.php and upload it to the server.

Then remove the PHPFF action from the page (or wherever you have apppled it)

Use Page>Form setup and set this to Method: Post and Action: formhandler.php (making sure that you have the correct path to the uploaded file)

Now the form will use the custom formhandler file and you don’t have to worry that this will be overwritten by FW every time you upload the site.

As an aside your FW contact page does NOT need to have the .php suffix and if you keep it as .html you will be able to preview it locally.

David

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Lode_Rosel · February 20, 2011, 10:43pm

Thanks,

I’ll try this out.

I have another question (I have some more, but step by step ;-)), what is the difference between this files “contact-go.php” and a “contact-goa.php”?

bye, Lode

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · February 21, 2011, 12:16am

FW has created a ‘contact-goa.php’ because it will not overwrite an existing file that it did not create so adds the a to differentiate it.

I was trying to duplicate your problem and noticed that the code here (on the Web) for Tim’s alteration is not displayed correctly. One of the lines is split and may give you an error.

It should read

				$email = $_POST["email"];
				$domain = explode('@', $email);
	      		if (!preg_match('/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-.]+.[a-zA-Z]+(.[a-zA-Z]+)?$/', $email) || !checkdnsrr($domain[1]) ){
	      			header( "Location: ".$invalidaddress_errorpage );
	      			exit;
	      		}

That certainly worked for me but if you still have problems contact me via the people page and I can email the correct text to you.

David

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options