Learn PHP Online » PHP Scripts

A Simple Yet Elegant Contact Form In PHP

Zachary Schuessler — Sun, 05 Apr 2009 00:29:27 +0000

3 Files Used:

contact.php
captcha.php
captcha.png

Requirements:

GD Library Installed (For Captacha- it’s 99% likely it’s already installed)

Simplicity is bliss. Unfortunately for webmasters, a simple and elegant contact form is hard to come by. Sure, it may be nice to include nifty AJAX validation techniques and a Captcha system that only a supercomputer could crack, but if you are anything like the LearnPHPOnline.com development team, you prefer a minimalistic approach to web development over a cluttered PHP script.

In this tutorial you will learn how to create a stylized form in HTML, code the backend in PHP to send an email to a specific address, and finally add a moderate Captcha system to thwart spammers from maliciously using your form.

Getting Started – Building The HTML Form And Style

We’ll start this off with a simple HTML template, that you are likely all too familiar with:

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
<title>Contact Form - YourWebsite.comtitle>

head>

<body>
body>

html>

We will be using a CSS layout to organize the information. To help keep things simple, we have used inline styling- but do feel free to make your own remote CSS file to further cut down on code count.







Contact Form - YourWebsite.com



<div style="width:650px;border-left:1px solid black;border-right:1px solid gray;margin:0px auto;overflow:hidden;">
  <h1 style="background-color:#1c5665;color:white;padding:5px;text-align:center;margin-top:0px;">Contact Form - YourWebsite.comh1>

  <div style="float:left;width:214px;border-right:1px solid gray;padding:5px;background-color:#f6f8f9;height:100%;">

    <p align="right" style="padding:5px;">Name:p>
    <p align="right" style="padding:5px;">Email Address:p>

    <p align="right" style="padding:5px;">Comment/Suggestion:p>
  div>

  <div style="float:left;width:415px;padding:5px;">

    <p><input type="text" name="name" style="border:1px solid #1c5665;padding:3px;margin-top:5px;">p>
    <p><input type="text" name="email" style="border:1px solid #1c5665;padding:3px;margin-top:5px;">p>

    <p><textarea cols="40" name="comment" rows="4" style="border:1px solid #1c5665;padding:3px;margin-top:5px;">textarea>p>

  div>

  <div style="clear:both;"> div>
  <hr style="color:gray" />

  <input type="submit" value="Submit Form" />
 <input type="hidden" name="form_submitted" value="1"/>
      form>

<div style="width:650px;height:10px;background-color:#1c5665;"> div>
div>

So far things should be fairly simple if you already have some knowledge about HTML and basic forms. One thing that seems to stump a lot of developers is the float property in CSS. To properly create a structured float, you will need four components: the wrapper, two or more sections of content that are using the float property, and finally a DIV that clears the float. You can see these, respectively, below:


<div style="width:650px;border-left:1px solid black;border-right:1px solid gray;margin:0px auto;overflow:hidden;">


  <div style="float:left;width:214px;border-right:1px solid gray;padding:5px;background-color:#f6f8f9;height:100%;">

(content)
  div>


<div style="float:left;width:415px;padding:5px;">
(content 2)
div>


  <div style="clear:both;"> div>
div>

And that’s it! The HTML form is done for now. Now let’s go on with sending the form contents to a specified email address.

Sending Mail In PHP

We like to keep file count as small as possible, so we will be recycling the same file we just created to act as both the form and the file that processes the data to email the contents to your email address. We can do this with a simple IF structure in PHP.

You may have noticed this hidden value in the form we created:

This is going to allow us to see whether or not the user is submitting the form, or if they are filling it out. Since this is only true once the “Submit Form” button is clicked, we can use the following IF structure in conjunction:

if ($_POST['form_submitted'] != '1') {
# Form not submitted, show form

} else {
# Process script, form was submitted
}
?>

To save you hassle, you can easily implement this selection structure by nesting in around the HTML:

if ($_POST['form_submitted'] != '1') {
# Form was not submitted, show form

?>





Contact Form - YourWebsite.com





...[form contents]...



} else if ($_POST[form_submitted] == 1) { ?>


# Code to send email goes here, since form was submitted
?>

}  ?>

Now, onto the email function! PHP developers can make use of the mail() function already included in the PHP language. This function takes four main parameters to function correctly. As you’ll see below, we can simply plug in the information we just got from the submitted form– and the function takes care of the rest.

// Send

$to      = 'yourname@yourdomain.com';
$subject = "Message from " . $_POST['name'];

$message = $_POST['comment'];
$headers = "From: " . $_POST['email'] . "\r\n" .

    "Reply-To: ".$_POST['name'] . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

echo "Your comment has been sent! Thanks!
";

It looks like we would be done. But, wait- what about those dastardly spammers?

Creating A Simple Captcha For PHP Forms

Some Captcha scripts are quite confusing; making use of many different technologies to provide the best possible protection against spam robots. Even though Captchas have been cracked, they are hard to do so- and certainly will cut out almost all of your spam, if not all of it completely.

In this example we are using a fairly secure Captcha system. First we are going to need a background image for our Captcha, which you can download via “Save As..” here:

Now we will have to create a captcha.php file to build the image we will be using via the GD Library. Follow the comments in the script to help get an understanding of how it works:

();

// Generate a Random String, Based On Time
$md5 = md5(microtime() * mktime());

 //We don't need a 32 character long string, let's trim it
 $string = substr($md5,0,5);

// Use GD Library to make a PNG from a file
$captcha = imagecreatefrompng("captcha.png");

// Set colors of lines with RGB colors
$black = imagecolorallocate($captcha, 0, 0, 0);

$line = imagecolorallocate($captcha,233,239,239);

// The following creates random lines to help throw off a spam robot's ability to guess the string

imageline($captcha,0,10,50,16,$black);
imageline($captcha,40,11,64,29,$black);

imageline($captcha,0,60,90,0,$black);

//Write the string to the image

imagestring($captcha, 5, 20, 10, $string, $black);

// Use MD5 encryption on the key, and store it for a comparison test later

$_SESSION['key'] = md5($string);

// Print out the image
header("Content-type: image/png");

imagepng($captcha);
?>

This script is really neat, considering the .PHP file is treated as a .PNG image if successfully executed. This way, we can simply call to the image from the form and have a dynamic image to test our users with!

Now let’s go back to our form and make some necessary changes, as seen in red words below. This is the final version of the script- enjoy!

session_start();
    if ($_POST['form_submitted'] != '1') {
?>







Contact Form - YourWebsite.com





  Contact Form - YourWebsite.com

  
    

    Name:
    Email Address:
    Comment/Suggestion:

  

  
    
    

    
  

   

  

  
    

      
        Please enter the image text:
      
      
        

      
      
      
      
  

   



//Encrypt the posted code field and then compare with the stored key

if(md5($_POST['code']) != $_SESSION['key'])

{
  echo "It seems you entered an invalid Captcha key. Please go back and try again.";

}else{
session_unset();
session_destroy();
// Send

$to      = 'yourname@yourwebsite.com';
$subject = "Message from " . $_POST['name'];

$message = $_POST['comment'];
$headers = "From: " . $_POST['email'] . "\r\n" .

    "Reply-To: ".$_POST['name'] . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

echo "Your comment has been sent! Thanks!";

}
?>


?>

Note in particular that we are using the Session Unset and Session Destroy functions. Without them, you could refresh the page continually after you passed the Captcha test and send as much spam as you would like- – despite our efforts!

Closing Comments

Our form is still missing several things. You will likely need to add form validation, such as checking to see if all fields were filled out. You may also tweak the Captcha system to your liking- which is a great way to get experience with the GD Library. You may also want to consider that not everyone can see or hear- and that the Captcha in its current state will prevent such users from sending you mail.

Email Activation For Registration Forms

Zachary Schuessler — Fri, 03 Apr 2009 23:31:16 +0000

Email Activation For Registration Forms

Foreword: There are two good reasons why email activation is a necessary for webmasters. First, it helps root out spam by requiring user interaction. It also creates a sense of trust, since we can build a certain amount of trust with a user who can confirm they are who they say they are. In this example you will need access to a database (MySQL is what we’ll use) with proper permissions.

We’ll start out creating the interface of the form. You will need to create two files: one file to hold the form, the next file to handle the verification process and interface with the database. It doesn’t necessarily matter what you name your files, but to stay uniform with our examples name the registration and verification files register.php and verify.php, respectively.

Below you will see register.php in action- in all its simplistic glory.

Our Registration Form – register.php


 
  
    Username: 
    Password: 
    Email:

At this point the only things worth mentioning is that we are putting “verify.php” as the form action, and naming the form “register” with the name command. Go ahead and save this file and upload it to your hosting account- we’re done with this file for now.

Groundwork For The Verification Process

Now let’s create a file named verify.php. We are using this file for two things. First, we use it to insert data into the database if everything seems to be hunky-dory. But we also use it to confirm the verification code we email the user, so we’ll need to make use of the “IF” selection structure to differentiate between the two processes.

So how do we know if the verify.php file should submit data to our database or verify the activation code a user provides? We’ll admit that when we said we were done with register.php, we lied. To properly determine if the user is submitting data or verifying a code, we need to add a hidden value on the registration form, as seen below:

Hidden Values For Our Registration Form – register.php


 
  
    Username: 
    Password: 
    Email:

Now we can check to see if this value is set on our verify.php file with the following code:

Selection Structure – verify.php

if ($_POST['form_submitted'] == '1') {

## Form was submitted,the user is registering!

 } else{

## No value found, user must be activating their account!

}

With our form and selection structure in place, we need to go to our “backend” and create a database.

Database Design For Email Activation

In our example we are creating a table named “users” with the fields “id, status, username, password, email, and activationkey” – we encourage you to use the same values for the sake of simplicity. In fact, you can just run the SQL query below and do just that:

SQL Query Code – Run Code to Create Table And Fields

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL auto_increment,
  `status` varchar(20) NOT NULL,
  `username` varchar(20) NOT NULL,
  `password` varchar(20) NOT NULL,
  `email` varchar(20) NOT NULL,
  `activationkey` varchar(100) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `username` (`username`),
  UNIQUE KEY `email` (`email`),
  UNIQUE KEY `activationkey` (`activationkey`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=9 ;

If all has gone well, your database should look something like the following (note if you aren’t using PHPMyAdmin and MySQL, you may see some differences):

Inserting Registration Data Into Database With PHP

Now that we have a good grasp on where we are going, we can go ahead and connect to our database. First we’ll need to arrange the correct connection statement. We will be using the mysql_connect and mysql_select_db functions to make the connection to our database.

Connecting To The Database – verify.php

mysql_connect("localhost", DATABASE, PASSWORD or ;die(mysql_error());

mysql_select_db("USER_TABLENAME ") or die(mysql_error());

Above we can see that the only thing we need to change is the database, password, and table name. Ideally the table name should be “users” as per our example. Your password and database name can be created via MySQL if you have the proper permissions. If you don’t, contact your web host to get a database configured.

So far your verify.php should look like this:

Project Thus Far – verify.php

("localhost", "DATABASE", "PASSWORD") or die(mysql_error());

mysql_select_db("USER_TABLENAME") or die(mysql_error());

if ($_POST['form_submitted'] == '1') {
} else {

}
?>

Test the connection by uploading the file to your server and navigating to the file. If an error doesn’t present itself, it means you successfully connected to your database! (Even if you see a blank page) Now we can create a random key and answer all of the data into our database.

Creating A Random Key And Inserting Database Values

We will be using the mt_rand() function to create our random key. Below you’ll see that we concatenate the function five times in order to get a lengthy string.

Random Number Generator – verify.php

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

Don’t get too excited to try it out yet, first let’s write the code to insert the value into our database.

Inserting Data Into A Database – verify.php

$sql="INSERT INTO users (username, password, email, activationkey, status) VALUES ('$_POST[username]', '$_POST[password]', '$_POST[email]', '$activationKey', 'verify')";

if (!mysql_query($sql))

  {

  die('Error: ' . mysql_error());

  }

Above you can see we are updating all of the rows with information from our registration field via the $_POST command. We are also including the $activationKey variable and inputting the word ‘verify’ into the status field. This is to keep track of who is verified and who isn’t. If someone isn’t verified yet, but has registered, we could easily have them request to resend the email instead of having to register again. Oh, technology!

So far the code should be as below:

Script Thus Far – verify.php

("localhost", DATABASE, "PASSWORD") or die(mysql_error());

mysql_select_db("USER_TABLENAME ") or die(mysql_error());

if ($_POST['form_submitted'] == '1') {
##User is registering, insert data until ;we can activate it

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

$sql="INSERT INTO users (username, password, email, activationkey, status)

VALUES

('$_POST[username]', '$_POST[password]', '$_POST[email]','$activationKey', 'verify')";

if (!mysql_query($sql))

  {

  die('Error: ' . mysql_error());

  }

} else {

}

?>

Sending The Activation Key

Sending an email with PHP is painlessly easy- we just have to supply a few values to an already-made function in PHP: the aptly named mail() command. In our example we are using four parameters to send the email: the recipient address, the subject of the email, the message, and our own return address.

Sending Mail With PHP – verify.php

	echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";

##Send activation Email

$to      = $_POST[email];

$subject = " YOURWEBSITE.com Registration";

$message = "Welcome to our website!\r\rYou, or someone using your email address, has completed registration at YOURWEBSITE.com. You can complete registration by clicking the following link:\rhttp://www.YOURWEBSITE.com/verify.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\ YOURWEBSITE.com Team";

$headers = 'From: noreply@ YOURWEBSITE.com' . "\r\n" .

    'Reply-To: noreply@ YOURWEBSITE.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

This should be fairly self-explanatory. Notice that we are using the \r command to force a return- this is to format the email so all the text isn’t on one line. If you wanted, you could even include HTML and images into the email. We would recommend you didn’t, however, as many mail platforms today either don’t support such features or mark most emails that contain them as spam.

Coding The Verification Checking Process

We have arrived at the final part of this lesson: checking the verification code and allowing the user to either be registered or tell them they have entered the wrong code and to try again. In this section we will actually grab the current URL, take the query string, and then check our database to see if it matches a record. If it does, we will call the registrant a member and remove the key from our database. Otherwise, tough luck!

Script Thus Far – verify.php

##User isn't registering, check verify code and change activation code to null, status to activated on success

$queryString = $_SERVER['QUERY_STRING'];

$query = "SELECT * FROM users";

$result = mysql_query($query) or die(mysql_error());

  while($row = mysql_fetch_array($result)){

    if ($queryString == $row["activationkey"]){

       echo "Congratulations!" . $row["username"] . " is now the proud new owner of a YOURWEBSITE.com account.";

       $sql="UPDATE users SET activationkey = '', status='activated' WHERE (id = $row[id])";

       if (!mysql_query($sql))

  {

        die('Error: ' . mysql_error());

  }

    }

  }

Above we are doing just as we stated. Pay special attention to the fact we are using the UPDATE command in SQL- not INSERT. Also note that we need the while loop to find the exact ID of the member to update- we don’t want to update everyone in our database! We do this by comparing the current record ID with one from the database- and voila! If a match is found, we can update it.

Finally, we need to add some security to our script. Read our SQL Injection Tutorial and add the updates below:

Final Result – verify.php

mysql_connect("localhost", DATABASE, "PASSWORD") or die(mysql_error());

mysql_select_db("USER_TABLENAME") or die(mysql_error());

if ($_POST['form_submitted'] == '1') {
##User is registering, insert data until we can activate it

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$username = mysql_real_escape_string($_POST[username]);
$password = mysql_real_escape_string($_POST[password]);

$email = mysql_real_escape_string($_POST[email]);

$sql="INSERT INTO users (username, password, email, activationkey, status) VALUES ('$username', '$password', '$email', '$activationKey', 'verify')";

if (!mysql_query($sql))

  {

  die('Error: ' . mysql_error());

  }

echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";

##Send activation Email

$to      = $_POST[email];

$subject = " YOURWEBSITE.com Registration";

$message = "Welcome to our website!\r\rYou, or someone using your email address, has completed registration at YOURWEBSITE.com. You can complete registration by clicking the following link:\rhttp://www.YOURWEBSITE.com/verify.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\ YOURWEBSITE.com Team";

$headers = 'From: noreply@ YOURWEBSITE.com' . "\r\n" .

    'Reply-To: noreply@ YOURWEBSITE.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

} else {

##User isn't registering, check verify code and change activation code to null, status to activated on success

$queryString = $_SERVER['QUERY_STRING'];

$query = "SELECT * FROM users"; 

$result = mysql_query($query) or die(mysql_error());

  while($row = mysql_fetch_array($result)){

    if ($queryString == $row["activationkey"]){

       echo "Congratulations!" . $row["username"] . " is now the proud new owner of an YOURWEBSITE.com account.";

       $sql="UPDATE users SET activationkey = '', status='activated' WHERE (id = $row[id])";

       if (!mysql_query($sql))

  {

        die('Error: ' . mysql_error());

  }

    }

  }

}

Verification Key Conclusion

So where should you take it from here? Obviously we haven’t included any error checking for input data. What if the user misspelled his or her password? We should probably put another password field in, and check to see if the passwords match. Additionally, we should mask the content in the password field to ensure security.

We might also add a CAPTCHA to prevent the mail server from getting abused by spam bots- something your host would probably appreciate. We could also simplify matters by using functions and cleaning up code.

There are many ways to improve- but be sure to check out our scripts and tutorials section for more information, because we’ve covered such topics like this in the past.