contact form - validate email


#1

Hi together,
Got contact form that works fine in general, I just tried to add email validation to reject emails like user@example (no domain after [at] symbol). These are lines I tried to use:
[php]&& filter_var($_REQUEST[‘email’], FILTER_VALIDATE_EMAIL)[/php]
[php] if (!filter_var($_REQUEST[‘email’], FILTER_VALIDATE_EMAIL)) {
$desc = $desc.‘Email is not valid.’;
}[/php]
Actually it really disallows to send message, but it does not warn user in any way. The only difference is that in successful case it displays “thanks.php”, but in unsuccessful case it just displays main page.
So… please, be so kind, check code below and advise me how to display error to user.
Thanks ahead.
[php]<?php

function getUserIP()
{
$client = @$_SERVER[‘HTTP_CLIENT_IP’];
$forward = @$_SERVER[‘HTTP_X_FORWARDED_FOR’];
$remote = $_SERVER[‘REMOTE_ADDR’];

if(filter_var($client, FILTER_VALIDATE_IP))
{
    $ip = $client;
}
elseif(filter_var($forward, FILTER_VALIDATE_IP))
{
    $ip = $forward;
}
else
{
    $ip = $remote;
}

return $ip;

}

    $user_ip = getUserIP();
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $ref = @$_SERVER[HTTP_REFERER];
    $nl = nl2br("   |||||   ");

    $headerFields = array(
        "MIME-Version: 1.0",
        "Content-Type: text/html;charset=utf-8"
    );

    if (isset($_REQUEST['fullname']) && ($_REQUEST['fullname'] != '')
      && isset($_REQUEST['email']) && ($_REQUEST['email'] != '')
      && filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)
      && isset($_REQUEST['message']) && ($_REQUEST['message'] != '')

      && mail( "user@example.com",'example.com contact form', $user_ip.' '.$nl.' reference: '.$ref.' '.$nl.' '.$user_agent.' '.$nl.' '.$_REQUEST['fullname'].' email: '.$_REQUEST['email'].' mail: '.$_REQUEST['message'], implode("\r\n", $headerFields))) {

            echo '{"result": "sent", "desc": "Message was sent succesfully."}';

            // redirect

            if(! isset($_REQUEST['ajax'])){
                    $host  = $_SERVER['HTTP_HOST'];
                    $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
                    $extra = 'thanks.php';
                    header("Location: http://$host$uri/$extra");
            }


    } else {
      $desc = '';
      if (!isset($_REQUEST['fullname']) or ($_REQUEST['fullname'] == '')) {
      $desc = $desc.'Name field is empty.';
      }
      if (!isset($_REQUEST['email']) or ($_REQUEST['email'] == '')) {
      $desc = $desc.'Email field is empty.';
      }
    if (!filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) {
        $desc = $desc.'Email is not valid.';
    }
   if (!isset($_REQUEST['message']) or ($_REQUEST['message'] == '')) {
      $desc = $desc.'Site field is empty.';
  }
      echo '{"result": "failed", "desc": "'.$desc.'"}';

            if(! isset($_REQUEST['ajax'])){
                    header("Location: $_SERVER[HTTP_REFERER]");
            }

}
?>[/php]


#2

You just need to return the errors to the user. You are echoing the errors, so where does that echo display?


#3

Agree.

No idea. I’m pretty new to php, that’s why I’m asking for any suggestions…

Thanks for your reply anyway.
Will play around.


#4

Seems I figured out how to solve it.
[php] if (!filter_var($_REQUEST[‘email’], FILTER_VALIDATE_EMAIL)) {
$desc = $desc.‘Email is not valid.’;
$host = $_SERVER[‘HTTP_HOST’];
$uri = rtrim(dirname($_SERVER[‘PHP_SELF’]), ‘/\’);
$extra = ‘error.php’;
header(“Location: http://$host$uri/$extra”);
} else[/php]
No clue how to echo the error to user, but I just redirect to the error page when entered email is not valid.
Will play with additional checks for email validity when time permits.


#5

Your form processing code can be greatly simplified (you are repeating each test twice and stringing together logic) by -

  1. Detect that a post method form has been submitted before referencing any of the form data (you should also use $_POST variable, not $_REQUEST, as request combines $_GET, $_POST, and $_COOKIE.) This will also let you eliminate all the isset() statements (except for un-checked checkbox and radio buttons, all form fields will be set when the form has been submitted.

  2. Trim all input data in order to detect if all white-space characters were submitted for any value. You can do this for all the submitted ata at once with a single line of code using array_map();

  3. Validate all the trimmed input data before using it and use an array to hold validation errors. The array will also serve as an error flag. If the array is empty(), there are no errors.

  4. If there are no validation errors, use the submitted data.

  5. Apply htmlentities() to all the values being put into the message body to help prevent cross site scripting in case a browser is used to read the email.

  6. Use json_encode() to build the json response, rather than building your own json string.and you should only do so if an ajax request was used to submit the form. If you are not using ajax to submit the form, then the form processing code and the form should be on the same page so that you can display the errors when you re-display the form. You would also re-populate the form fields with the previously submitted data so that the user doesn’t need to keep typing in the same data over and over and can just correct the errors.


#6

phdr, thank you for your reply!
Honestly, it is rocket science for me so far, though I will try to figure out how to apply it when time permits.
Cheers!