Form Mail Script With CAPTCHA PHP

Form Mail Script With CAPTCHA PHP

We recently became aware that there are users still using the old formmail.pl and PHP scripts to process
web forms which do not require CAPTCHA (http://en.wikipedia.org/wiki/CAPTCHA). This leaves large holes for
spam attacks and other exploitation on our servers so must be stopped completely.

One way to do this is by using a freely available PHP script called Securimage which provides CAPTCHA with
a PHP processing script which has the filled out CAPTCHA as a condition to process the form and send email.
Here is how:

First download a copy of Securimage here: www.simplicityhosting.com/supplib/securimage.tar.gz version 3.5.4
as of the time of this writing or download the latest here: https://www.phpcaptcha.org/

Extract the files into the DocumentRoot directory of your website (/home/$username/public_html on cPanel
servers, /var/www/html on others, if you do not know ask your systems administrator or web host).

Note: The processing script now depends on a mailing library for PHP called Swift Mailer, which has been installed on our servers. If you have a dedicated server or VM you will need to either have us install it or it may be found here: http://swiftmailer.org/

Then we need a processing script, we paste the following into a file names processemailform.php, or download it in archive format here (in case there are formatting issues) http://www.simplicityhosting.com/supplib/processemailform.tar.gz :

Now we need a form, this may dropped into any fully designed page ready for a form, please note the following

hidden input names:

captcha_code – The code from the CAPTCHA that proves the submitter is human
skip_Subject – Subject of the Email
skip_WhereToSend – Where to send the email, may be more than one address separated by commas
skip_SendFrom – Where the email is sent from, the from address

skip_WhereToReturn – Where to go after processing the form and sending email, usually a thank you submission
confirmation page

We use the filename contact_us.html:

There are of course more elaborate methods to accomplish this, however, this will work fine in most cases. If you need help with anything specific please contact us here: https://billing.simplicityhosting.com/submitticket.php?step=2&deptid=4

Leave a Reply

Your email address will not be published. Required fields are marked *