UPDATE: One day after updating my code, I got some crappo spam email via the contact form for stupid hand bags. I am done with email forms. If you cannot figure out how to reach me, I am not sure I want to hear from you.

nuked comment form

Don’t even bother with what follows!

contact

Email contact forms, so 1990s. So prone to spam, but I guess still needed. Maybe. I have on my landing site and was asked about it

The Treble template I used for this site had a form, but nothing to process it. Using mailto: in the form action is pretty useless (won’t work in many client apps, especially mobile) and what you get is even more useless.

The template I used for another client project did have a PHP script to handle mailing of the message (using the PHP mail command). When I first set it up, all I got was spam. I did some research (and lost the link) but found some suggestions for tightening up the form to block spam.

I modified my form and saw the spam drop to zero. Then tonight while revisiting it to write this up, I noticed that I had left off the critical command to even send mail, so nothing at all has come my way.

Sorry if I ignored your message.

The main steps I had (thought I) put in place are:

  • Name your php file something obscure
  • Use non standard form field names for “name” and “email” since bots look for those to automatically insert into
  • Create a dummy form field with a name of “email” and use CSS to hide it (it is not used, scripts will think they did their work, but the info put in the field is never used).
  • Trap for missing referrer in the HTTP header (meaning the form content did not come from your original page, some bot/script tried to go directly to the form response)

So here is some of the elements in case you want to try, or better yet, tell me my method is crap.

This is the base of the form where people first encounter it- fields for “name”, “email”, “subject”, and “message”.

<form id="contact-form" name="contact-form" action="somecrypticnamefile.php" method="post">
	<input type="text" class="span12" placeholder="Name" name="someobscurefieldname" id="form-name" required="required"/>
	<input type="email" class="span12" placeholder="Email"  name="anotherobscurefieldname" id="form-email"  required="required"/>
	<input name="email" type="email" style="display:none;" />
	
	<input type="text" class="span12" placeholder="Subject"  name="subject" id="form-subject"/>
	 <textarea rows="10" class="span12" name="message" id="message" required="required"></textarea>
	<button type="submit" class="btn btn-primary">Send</button>
</form>

Create your own name for the form tag value of action=”” — this is the name of a php file you will create to process the form.

Also, edit the names of the fields for name and email to something non standard, cryptic. Something better than someobscurefieldname.

Now, make a new PHP file with the name you made up from above. Copy the header from your main file so it has all the stuff to format your page, and copy as well the form content. You will makes a few changes.

At the very top of your php response file, insert this code to manage the response

< ?php

// Destination email address
$emailto = "YOUREMAILADRESS";

// Prefix for Subject so you know where this came from
$subject_prefix = 'My Spiffy Contact Form: ';

// missing referrer spam check
if ("POST" == getenv("REQUEST_METHOD")) {
	if ("" == getenv("HTTP_USER_AGENT") || "" == getenv("HTTP_REFERER")) {
		header("HTTP/1.1 404\r\nContent-Type: text/html\r\n\r\n");
		exit;
	}
}

if (isset($_POST['someobscurefieldname'])) {
	
	// format the subject
	$subject = isset($_POST['subject']) ? $subject_prefix . $_POST['subject'] : $subject_prefix;
	
	// fetch user name and email
	$name = $_POST['someobscurefieldname'];
	$fromemail = $_POST['anotherobscurefieldname'];
	
	$message = $_POST['message'];
		
	// make some mail headers
	$headers = 'From: '. $name . '<' . $fromemail . '>'. "\r\n" .'Reply-To: ' . $name . '< ' . $fromemail . '>'. "\r\n" .'X-Mailer: PHP/' . phpversion();
	
	// send it baby!
	if ( mail( $emailto,  $subject, $message, $headers ) ) {
	
		// success message
		$feedback_msg = "<p>Some uplifting message of affirmation</p>";
		
	} else {
	
		// error error
		$feedback_msg = "<p>Some sympathizing but useless error message</p>";
		
	}
}
?>

Yo will want to change the names of the variables $_POST[‘someobscurefieldname]] and $_POST[‘anotherobscurefieldname’] to match the ones used in your form name= and of course make the feedback strings relevant.

Somewhere above the form, find a place to insert the feedback

 < ?php echo $feedback_msg?>

and copy the form, but add the value statements for the name and email fields so it remembers what your intrepid commenter has written

<form id="contact-form" name="contact-form" action="somecrypticnamefile.php" method="post">
	<input type="text" class="span12" placeholder="Name" name="someobscurefieldname" id="form-name" required="required" value="<?php echo $name?/>">
	<input type="email" class="span12" placeholder="Email"  name="anotherobscurefieldname" id="form-email"  required="required"  value="<?php echo $fromemail?/>">
	<input name="email" type="email" style="display:none;" />
	
	<input type="text" class="span12" placeholder="Subject"  name="subject" id="form-subject"/>
	 <textarea rows="10" class="span12" name="message" id="message" required="required"></textarea>
	<button type="submit" class="btn btn-primary">Send</button>
</form>

There you go. Not quite plug and play, and frankly I am leery it works. Frankly, I don’t want email from web contact forms.

But hey, someone might send you money.

The post "A Probably Not So Wonderful Email Contact Form" was originally assembled from spare parts of a 1957 Chevy at CogDogBlog (http://cogdogblog.com/2014/06/email-contact-form/) on June 15, 2014.

No comments yet.

Leave a Comment

All fields are required. Your email address will not be published.