Use of this website is subject to the following terms of use:

• You may use any of the Tips & Scripts from this site on your website. However, you may not redistribute them from your website or make them available to others in any fashion other than through a link to this website.
• If you use any of the Tips or Scripts we would appreciate a link back to our site, but this is not required.
• Anything used from this website is used entirely at your own risk.
• You should take precautions to ensure that whatever information you access or download is free of viruses, worms, trojan horses and other harmful or damaging computer code.
• We reserve the right to amend these terms and conditions at any time by posting the amended terms on this website, which posting shall constitute notice to you.

Are the scripts on this site "ready to use"?
Why don't some of the .htaccess code examples (or scripts) work at my webhost?
How current are the Tips & Scripts on this site? Are they maintained?
Are you going to expand the site to include other languages and environments?
Why did you create this website?

Form Mail

Here is a simple Form Mail script.  It can be used on your website for people sending you messages, rather than using an email link.  The script provides a form with name, email address, phone (optional input), and message.  It validates the email address format.  It also provides some protection against mail bombing by only allowing 3 messages to be sent from a single browser session.  You can easily modify the script to fit the theme of your site, or change the form.

This script has built-in bot protection.  The mail bomb protection feature in this script uses a session variable which is set when the actual form is presented.  Form processing will not happen (an email will not be sent) unless the form has been presented first (and the session variable set).  Bots will initiate a new session on every access when trying to submit a form, so an email will not be sent.  For further protection against bots (and to slow down users), consider incorporating CAPTCHA (which you can find here on this site).

If you want to add or change the form, just make the html changes following the method used for the current variables.  The php script will put all $_POST variables in the email (except "send" which is the button).  The only requirement is that there must be an input element with id="email" (since that value is validated and could be used as the from address in the email).

Important Note (from email address) - Various webhosts may have differing rules for what is allowed in the from address in email sent from their servers. This script is coded to provide you the option to use the email address that was entered in the form as the from address. This allows easy response to that address. But, for example, your host may require use of a hosted address in your domain (to hinder spammers). You make the from email address choice in the script configuration (the first few lines). If you leave the $fromaddress variable empty (or just comment that line out) then the user input email address will be used as the from address.

The only thing you need to do is update the values in the first few lines if the script.

You can download this script as a .txt file.  Remember to rename the file as a .php file.

- - Start Script Here - -
<?php
// modify the four lines below
$emailaddress = "me@mydomain.com";
$fromaddress = "website@mydomain.com";
$subject = "A Website Message";
$thankyouPage = "";  // put in a url (or relative page) to go to a Thank You page
// modify the four lines above
putenv('TZ=EST5EDT'); // eastern time
session_start();
function processMail($inputArray) {
  // unset any input array variables not to be included in output email
  unset($inputArray['send']);
  // validation
  if (!preg_match("([a-zA-Z]+)",$inputArray['name'])) $errors .= "Please enter your name<br />";
  if (!preg_match("(^[-\w\.]+@([-a-z0-9]+\.)+[a-z]{2,4}$)i",$inputArray['email'])) $errors .= "Email address is not valid<br />";
  if (!empty($inputArray[phone])) if (!preg_match("(^[-0-9\(\)]{7,}$)i",$inputArray[phone])) $errors .= "Phone number is not valid<br />";
  if (!preg_match("([\w]+)",$inputArray['content'])) $errors .= "Your message is empty<br />";
  // stop if errors
  if (!empty($errors)) { return "Your message was not sent<br />".$errors; }
  // stop if max messages
  $_SESSION['msgCount']++;
  if ($_SESSION['msgCount'] >= "4") return "Messages have exceeded the maximum allowed<br />Your message was not sent";
  // need to use the config parms in this routine
  global $subject,$emailaddress,$fromaddress,$thankyouPage;
  // scrub variables
  foreach ($inputArray as $key=>$value) {
    $inputArray[$key] = trim($inputArray[$key]);
    $inputArray[$key] = stripslashes($inputArray[$key]);
    $inputArray[$key] = htmlspecialchars($inputArray[$key],ENT_QUOTES);
    $inputArray[$key] = wordwrap($inputArray[$key],65,"<br />");
  }
  // set headers
  if (empty($fromaddress)) $fromaddress = $inputArray['email'];
  $headers  = 'MIME-Version: 1.0'."\r\n";
  $headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
  $headers .= "From: website<".$fromaddress.">\r\n";
  // format message
  $message = "<table cellpadding='5' border='1'>";
  foreach ($inputArray as $key => $value) $message .="<tr><td><b>$key</b></td><td>$value</td></tr>";
  $message .= "</table>";    
  // add source info to the message
  $message .= "<br />Time of the message: ".date(" F d  h:ia")."<br />";
  $message .= "IP Address: ".$_SERVER['REMOTE_ADDR']."<br />";
  $message .= "Hostname: ".gethostbyaddr($_SERVER['REMOTE_ADDR'])."<br />";
  // send message
  //  die($message);   // use this line for testing changes without sending the mail
  if (!mail($emailaddress,$subject,$message,$headers)) return "There was a processing error<br />Your message was not sent";
  if (!empty($thankyouPage)) { header('location: '.$thankyouPage); die(); }
  global $_POST; unset($_POST);
  return "Thank you<br />Your message has been sent";
}
if (!isset($_SESSION['msgCount'])) $_SESSION['msgCount'] = 0;
if (isset($_POST['send']) AND isset($_SESSION['msgCount'])) $message = processMail($_POST);
if (!empty($_POST)) {
  foreach ($_POST as $key=>$value) {
    $_POST[$key] = stripslashes($_POST[$key]);
    $_POST[$key] = htmlspecialchars($_POST[$key],ENT_QUOTES);
  }
}
?>
<html>
<head>
</head>
<body>
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
<div style="text-align: center; padding: 20px; width: 500px; margin: 50px auto; border: solid 1px black;">
<span style="font-weight: bold;">Contact Us</span><br><br>
your name<br><input type="text" style="width: 330px;" name="name" value="<?php echo $_POST['name']; ?>" maxlength="50"><br><br>
your email address<br><input type="text" style="width: 330px;" name="email" value="<?php echo $_POST['email']; ?>" maxlength="50"><br><br>
your phone number<br><input type="text" style="width: 330px;" name="phone" value="<?php echo $_POST['phone']; ?>" maxlength="50"><br><br>
your message<br><textarea name="content" style="resize: none; width: 330px; height: 100px;"><?php echo $_POST['content']; ?></textarea>
<br><br>
<input type="submit" name="send" value="submit">
<div style="margin-top: 10px; color: firebrick;"><?php echo $message; ?></div>
</div>
</form> 
</body></html>
- - End Script Here - -

---