Form Mail Script With CAPTCHA PHP
We recently became aware that there are users still using the old formmail.pl and PHP scripts to process
web forms which do not require CAPTCHA (http://en.wikipedia.org/wiki/CAPTCHA). This leaves large holes for
spam attacks and other exploitation on our servers so must be stopped completely.
One way to do this is by using a freely available PHP script called Securimage which provides CAPTCHA with
a PHP processing script which has the filled out CAPTCHA as a condition to process the form and send email.
Here is how:
First download a copy of Securimage here: www.simplicityhosting.com/supplib/securimage.tar.gz version 3.5.4
as of the time of this writing or download the latest here: https://www.phpcaptcha.org/
Extract the files into the DocumentRoot directory of your website (/home/$username/public_html on cPanel
servers, /var/www/html on others, if you do not know ask your systems administrator or web host).
Note: The processing script now depends on a mailing library for PHP called Swift Mailer, which has been installed on our servers. If you have a dedicated server or VM you will need to either have us install it or it may be found here: http://swiftmailer.org/
Then we need a processing script, we paste the following into a file names processemailform.php, or download it in archive format here (in case there are formatting issues) http://www.simplicityhosting.com/supplib/processemailform.tar.gz :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
<?php session_start(); require_once '/usr/local/swiftmailer/lib/swift_required.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { // the code was incorrect // you should handle the error so that the form processor doesn't continue // or you can use the following code if there is no validation or you do not know how echo "The security code entered was incorrect.<br /><br />"; echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again."; exit; } if(isset($_POST['submit'])) { $sendfrom = $_POST['skip_SendFrom']; $sendto = $_POST['skip_WhereToSend']; //put your email address on which you want to receive the information $sendto2 = explode(",",$sendto); $subject = $_POST['skip_Subject']; //set the subject of email. $field_names = array_keys($_POST); $messagebody = "<table>"; foreach($_POST as $field_name => $field_value) { $messagebody .= "<tr><td>$field_name</td><td>$field_value</td></tr>"; } $messagebody .= "</table>"; $transport = Swift_SmtpTransport::newInstance(); $mailer = Swift_Mailer::newInstance($transport); foreach ($sendto2 as $sendit) { $sendit = trim($sendit); $message = Swift_Message::newInstance() ->setSubject($subject) ->setFrom(array($sendfrom => '')) ->setTo(array($sendit => '')) ->addPart($messagebody,'text/html'); $result = $mailer->send($message); } if(isset($_POST['skip_WhereToReturn'])) { $returnto = $_POST['skip_WhereToReturn']; } else { $returnto="http://google.com"; } header("Location: $returnto"); } ?> |
Now we need a form, this may dropped into any fully designed page ready for a form, please note the following
hidden input names:
captcha_code – The code from the CAPTCHA that proves the submitter is human
skip_Subject – Subject of the Email
skip_WhereToSend – Where to send the email, may be more than one address separated by commas
skip_SendFrom – Where the email is sent from, the from address
skip_WhereToReturn – Where to go after processing the form and sending email, usually a thank you submission
confirmation page
We use the filename contact_us.html:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
<form action="processemailform.php" method="post"> <input type="hidden" name="skip_SendFrom" value="[email protected]"><input type="hidden" name="skip_WhereToSend" value="[email protected]"><input type="hidden" name="skip_Subject" value="Contact Us Form"><input type="hidden" name="skip_WhereToReturn" value="http://www.simplicityhosting.com/myip"> Name: <input name="Contact_FullName" size="35"><br> Address: <input type="TEXT" name="Contact_StreetAddress" size="35"><br> Address2: <input type="TEXT" name="Contact_Address2" size="35"><br> City: <input type="TEXT" name="Contact_City" size="35"> State: <input type="TEXT" name="Contact_State" size="35"> Zip: <input type="TEXT" name="Contact_ZipCode" size="12" maxlength="12"><br> Email: <input type="TEXT" name="Contact_Email" size="50" maxlength="50"><br> <a href="#" onclick="return ReloadCaptchaImage('CaptchaImage');"><span style="font-size:12px;">reload image</span></a><br> <img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image"></a><br> <i>Enter Captcha code</i><br> <input type="text" name="captcha_code" size="10" maxlength="6" /><a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a> <input type="submit" name="submit" value="Click To Send"><input type="RESET" value="Reset Form"> </form> |
There are of course more elaborate methods to accomplish this, however, this will work fine in most cases. If you need help with anything specific please contact us here: https://billing.simplicityhosting.com/submitticket.php?step=2&deptid=4