Empty Contact Messages

[NBarnum]

I'm having this problem again. Last night I received three empty emails from the contact form all within a minute of each other. I know its a bot but how do I work around it. I think it must be getting into my php file and exploiting it there some how.

I had a web designer friend help me with all this. Praise God soon I'll be going to school for this. I found American Sentinel University. Lots of perks for military and veterans. And the GI Bill will cover 100%.

Need to finish getting ready for church. I added all the relevant code below.

Here's my php code.
[php]
// initialize your POST form variables to local variables
$from_name = $_POST['name'];
$from_email = $_POST['email'];
$phone_number = $_POST['phone'];
$message = $_POST['message'];

$to_name = "Webmaster";
$to_email = "webmaster@fbcholland.com"; // change this to the recipient's e-mail address

$subject = "Website Contact Message Received"; // change this to whatever you want the subject to be
$today = date("n/j/Y g:ia"); // logs today's date and time
$ip_addr = $_SERVER['REMOTE_ADDR']; // logs sender's IP address

$body = "Website Contact Message Received

-----------------------------------------

From: $from_name
E-mail: $from_email
Phone: $phone_number

Message:

$message

--------------------------------------------------------
Message received on $today from $ip_addr
";

mail($to_email, $subject, $message, "From: $from_email");


// Insert your HTML page below, confirming their message was sent, etc.

?>[/phpE]

EDIT

Deleted the javascript and form. Couldn't figure out how to post it.

So I found out that just by simply going to http://www.fbcholland.com/sendemail.php it automatically sends out a blank form. Not sure what to do about it.

[youthguy2007]

NBarnum, did you ever get it figured out? I have a simple little contact form that i built if you still need one...just let me know!

[temex]

NBarnum,

You may want to add captcha or such security feature to your script. That prevents bots to send anything with it. Also requiring $message length longer than 1 character makes a little patch (not fix though). Make sure they are not injecting your script by sending such messages as: " /"$to_email = "spam_this_address@domain.com"/" or even worst to upload stuff to your server by injecting to a weak code. Google for "php injection" for more info. It's a common pain nowadays.

Keep in mind, when it comes to interacting, security and testing eats more than half of your time!

Temex

[dmerchen]

I've done a few forms, from the looks of it, their not too much different than your own. I've done a few things to validate the information people provide, all using a set preg_match functions.

I took a slightly different approach, as I passed the variables gathered in the form to another page, which was what processed my mail function, then passes it's variables through another sheet that processes the validation.

I'm sure you'll find that it's far simpler than I'm making it out to be, but I hope you can find it useful.

Download Form

Since you've been having trouble with it showing a blank message let's debug. Are you getting the correct information for $to_email, $subject, $message, and $from_email? I'd suggest you add a line few lines at the bottom of your page an do something like this:

print "To: $to_email";
print "Subject: $subject";
print "Body: $message";
print "From: $from_email";

You can use those lines to see where something is going wrong. If $message is blank, then your email will be too.

[temex]

I always use something like:

if ($_SERVER['REMOTE_ADDR'] == "12.34.567.890") {
print "To: $to_email";
print "Subject: $subject";
print "Body: $message";
print "From: $from_email";
}

Change "12.34.567.890" to your own (ISP) IP address. You can check it with http://www.whatsmyip.org or such. This way no visitors can see all your testing in case you must test it live.

Most of my longer scripts has that IP protected part in the beginning of the program and includes lines like:
$test1="y";
$test2="";

and where the tests has to be done I use
if($test1) print "/$to_email: " . $to_email;

This way I can switch testing on/off with single character up top. That's for places which has to be checked more often. But I'd still use IP protection even for little tests, unless you're some small site and changes are no-one's going to visit it today when you do your tests

Running variables is usually the #1 test you must do to get things moving. Just like dmerchen said. Let us know how it comes along.

Temex