15 replies to this topic

[Tarquin]

Hi there,

On my website I have a contact form that user's can fill out and send to my email address. A friend pointed out to me today (very annoyingly) that people can fill out the form, send it, click on the back button and then resend it, doing this over and over again, basically spamming my inbox.

Basically what I want to know is, is there a piece of code which I can add to my PHP denying users to contact me for say 5 minutes, after they have sent one message?

Thanks a bunch

Mark

[rc69]

The simple way would be to set a cookie, but not everybody accepts cookies, so it wouldn't be fool proof.

You could throw their IP into a database with a timestamp, and check to see if that IP has sent an e-mail within the last $x seconds. But again, that's not fool proof either.

[Tarquin]

Cheers for the reply RC, just went and had a look in the cookies section of the PHP tutorials, and have just found a tutorial that should help.

[Tarquin]

Nah that didn't help

Would anyone be able to supply the code for the cookie part? and How to do it, its just I don't know or understand how to do it. Thanks very much guys.

I already have the php file for the submission of the form done, so would I add the coding to that?

[Demonslay]

Do something like this.

<?php
if(!$_COOKIE['contacted']){
setcookie('contacted', true, time()+(60*5), '/');
//
/* Process and send email here */
//
}
else{
//
/* Echo error or redirect, whatever you wish */
//
}
?>

[Tarquin]

Back again!

What I want to know, is whats wrong with this code? Line 47 comes up with an error, and users can still use the contact form within seconds.

Thanks for your helps guys and girls, I really do appreciate it.

<?php

$subject = 'Results from Contact form';


$emailadd = 'Mark@playawayuk.com';


$url = 'contactsent.html';

$req = '0';


$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 20)
{echo "Name of form element $key cannot be longer than 20 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
$ip = $REMOTE_ADDR;
if($sentmessage == '1'){
echo "You have already sent a message!";
exit();
}else{
$num = $sentmessage + 1;
//This is line 47 below
setcookie("sentmessage","$num",time()+600);
}
?>

[Mr. Matt]

OK A) What is the error you are getting?

and the email is being set time and time again because you are sending the email, then doing the check after to see if its been sent or not. And your also setting the cookie but assuming you can get to the cookie by using $sentmessage when you need to stick at the top of the page along with the other vars:

$sentmessage = $_COOKIE['$sentmessage'];

Thats after a quick look over

Matt

[Tarquin]

Cheers Matt the error has gone now.

I will have to read into cookies.

[Tarquin]

Ok, thanks everyone for their help.

Another problem though.

I've only just realised that there is one piece of information I don't receive from my contact form.

On my contact form I have a drop down menu, which the user can chose the subject type, i.e Feedback, Complaint, Picture Contribution ETC.
How do I go about adding this information to the PHP script?

[Av-]

You would simply add a value to each dropdown item

Show us the html part

[Demonslay]

Just like any other form element.

HTML

<select name="subject">
<option value="feedback">Feedback</option>
<option value="complaint">Complaint</option>
<!-- So on and so forth... -->
</select>

PHP

$subject = trim(html_special_chars($_POST['subject']));

Remember it will grab what is in the 'value' attribute, and not what is between the tags, and be sure to validate it before using it for anything. Never trust user submission, no matter what form element it is from...

[Tarquin]

Cheers for your help guys. I wont be able to test if I have done it right at the moment, as my host has some problems, as every site they host is down. (n.b. remember to keep contact details for your host)

any way, thanks again guys.

[Tarquin]

I'm sorry to be a pain on here, I don't like asking for help all the time as I don't want to annoy anyone.

I've tried to do this cookie thing but I just can't get to grips with it. If anyone has the time, then could you possibly help me with this?

If I paste the code I am using (I've changed the code from the original one, as I wanted to do it myself using the tutorials) then would you be able to enter the cookie code? Then I will be able to understand what's going on. You will be acknowledged for your help on the website. Thank so much!

<?php

$name	  = $_POST['name'];
$email	 = $_POST['email'];
$subject	   = $_POST['subject'];
$team  = $_POST['team'];
$comments  = $_POST['comments'];
$ip = $_SERVER['REMOTE_ADDR'];

$recipient = "Mark@playawayuk.com";
$emailsubject   = "Email sent from Contacts Page";

$message   = "E-mail: $email \n";
$message  .= "Subject: $subject \n";
$message  .= "Supports: $team \n";
$message  .= "Message: $comments \n";
$message  .= "IP Address: $ip";

$headers   = "From: $name \n";
$headers  .= "Reply-To: $email";

mail($recipient,$emailsubject,$message,$headers);

$URL="contactsent.html";

header ("Location: $URL");
?>

[Av-]

<?php
$name		=	$_POST['name'];
$email		=	$_POST['email'];
$subject	=	$_POST['subject'];
$team		=	$_POST['team'];
$comments	=	$_POST['comments'];
$ip			=	$_SERVER['REMOTE_ADDR'];

$recipient		=	"Mark@playawayuk.com";
$emailsubject	=	"EmailsentfromContactsPage";

$message	=	"E-mail:$email\n";
$message	.=	"Subject:$subject\n";
$message	.=	"Supports:$team\n";
$message	.=	"Message:$comments\n";
$message	.=	"IPAddress:$ip";

$headers	=	"From:$name\n";
$headers	.=	"Reply-To:$email";

if(!isset($_COOKIE[delay])){
	mail($recipient, $emailsubject, $message, $headers);
	// sets cookie called 'delay', value doesn't matter as it only checks if the cookie is there, cookie will be trashed after 300 second, 5 minutes.
	setcookie('delay', 'null', time()+60*5);
}

$URL	=	"contactsent.html";

header("Location: $URL");
?>

[dotbart]

<?php

$name	  = $_POST['name'];
$email	 = $_POST['email'];
$subject	   = $_POST['subject'];
$team  = $_POST['team'];
$comments  = $_POST['comments'];
$ip = $_SERVER['REMOTE_ADDR'];

$recipient = "Mark@playawayuk.com";
$emailsubject   = "Email sent from Contacts Page";

$message   = "E-mail: $email \n";
$message  .= "Subject: $subject \n";
$message  .= "Supports: $team \n";
$message  .= "Message: $comments \n";
$message  .= "IP Address: $ip";

$headers   = "From: $name \n";
$headers  .= "Reply-To: $email";

if($_COOKIE['sentmessage']!=1){

mail($recipient,$emailsubject,$message,$headers);
$URL="contactsent.html";
header ("Location: $URL");
setcookie("sentmessage",1,time()+600);

}else{

echo "You've allready sent a message";

}

?>

Should work, not tested though

Edited by dotbart, 21 November 2006 - 05:19 PM.

[Tarquin]

Excellent, the both of you are gods! They both work fine.


I know its only basic stuff, but that's the level im at currently.

But I've managed to enter and change some coding to the php code. I've managed to put a validation in, and also changed it so that instead of getting a page saying "You've already sent a message" it now redirects to a page I created.

Thanks guys and girls, your really helping me with learning php.

Edited by Tarquin, 21 November 2006 - 05:46 PM.