Hi there.
I'd like to prevent possible form mail spam, and I thought of using cookies to do so. But how do I make my mail form accessible e.g. only every five minutes? I've given it a cuople of shots but I'm not a skilled coder so I usually end up with errors like"Cannot add header information - headers already sent by..." but I have no idea what I'm doing wrong. Could somebody give me a hand?
<?php
// Your e-mail adress:
$mailto = "email@email.tld";
# Maximum size of attachment in bytes:
$max_attach_size = 500000;
?>
<?php
/*if (empty($_POST['form_submitted']))
{
?>
<p>Please fill out the form:</p><?php
}
*/
if (isset($_POST["form_submitted"]))
{
$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$text = $_POST['text'];
unset($errors);
if ($email != "" and !preg_match("/^[^@]+@.+\.\D{2,5}$/", $email)) $errors[] = "Angiv venligst en gyldig e-mailadresse.";
if ($name == "") $errors[] = "Please type a name.";
if ($text == "") $errors[] = "Please type a message.";
if ($_FILES['probe']['size'] > $max_attach_size) $errors[] = "Attached file too large - (".number_format($_FILES['probe']['size']/1000,0,",","")." KB) - max size is: ".number_format($max_attach_size/1000,0,",","")." kb";
if (empty($errors))
{
$text = stripslashes($text);
$subject = stripslashes($subject);
if ($name != "") $mail_name=$name; else $mail_name="Anonymous";
if ($subject != "") $mail_subject = $subject; else $mail_subject = "From website";
if ($email != "") $mail_email = $email; else $mail_email = "email@unknown.xyz";
$ip = $_SERVER["REMOTE_ADDR"];
// if attachment, MIME-Mail:
if (isset($_FILES['probe']['name']) && trim($_FILES['probe']['name']) != "")
{
// read and encode file:
$datei_content = fread(fopen($_FILES['probe']['tmp_name'],"r"),filesize($_FILES['probe']['tmp_name']));
$datei_content = chunk_split(base64_encode($datei_content),76,"\n");
// Boundary:
$boundary = md5(uniqid(rand()));
// Mail-Header:
$mail_header = "From: ".$mail_name." <".$mail_email.">\n";
$mail_header .= "X-Sender-IP: ".$ip."\n";
$mail_header .= "MIME-Version: 1.0\n";
$mail_header .= "Content-Type: multipart/mixed; boundary=\"".$boundary."\"\n";
$mail_header .= "This is a multi-part message in MIME format.\n";
// Mail-Text:
$mail_header .= "--".$boundary;
$mail_header .= "\nContent-Type: text/plain";
$mail_header .= "\nContent-Transfer-Encoding: 8bit";
$mail_header .= "\n\n".$text;
// Attachment:
$mail_header .= "\n--".$boundary;
$mail_header .= "\nContent-Type: ".$_FILES['probe']['type']."; name=\"".$_FILES['probe']['name']."\"";
$mail_header .= "\nContent-Transfer-Encoding: base64";
$mail_header .= "\nContent-Disposition: attachment; filename=\"".$_FILES['probe']['name']."\"";
$mail_header .= "\n\n".$datei_content;
// End:
$mail_header .= "\n--".$boundary."--";
// Send E-Mail and display error or confirmation
if (@mail($mailto,$mail_subject,"",$mail_header)) $sent = true; else $errors[] = "No connection to the mailserver - please try again later";
}
// no attachment, normal E-mail:
else
{
$mail_header = "From: ".$mail_name." <".$mail_email.">\n";
$mail_header .= "X-Sender-IP: $ip\n";
$mail_header .= "Content-Type: text/plain";
if (@mail($mailto,$mail_subject,$text."$info",$mail_header)) $sent = true; else $errors[] = "No connection to the mailserver - please try again later";
}
// copy to sender:
if (isset($sent) && isset($email) && $email != "" && isset($_POST['copy']))
{
if (isset($_FILES['probe']['name']) && trim($_FILES['probe']['name']) != "") $copy_mail_text = "Copy of the e-mail:\n\n".$text."\n\nAttachment: ".$_FILES['probe']['name']; else $copy_mail_text = "Copy of the e-mail:\n\n".$text;
$header= "From: ".$mailto."\n";
$header .= "X-Sender-IP: ".$ip."\n";
$header .= "Content-Type: text/plain";
@mail($email, $mail_subject, $copy_mail_text, $header);
}
}
}
if (empty($sent))
{
if(isset($errors))
{
?><p class="caution">Error:</p><ul><?php foreach($errors as $f) { ?><li><?php echo $f; ?></li><?php } ?></ul><br /><?php
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="imagetoolbar" content="no">
<title>Kontakt</title>
<link href="/style.css" rel="stylesheet" type="text/css">
</head>
<body onload="if(document.formnavn)document.formnavn.name.focus()">
<table width="770" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="height:100%;">
<tr>
<td width="43" class="left-bg"> </td>
<td valign="top"><table width="685" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><table width="96%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="191" height="52" valign="top"> </td>
<td width="494" height="52" valign="top"> </td>
</tr>
</table></td>
</tr>
<tr>
<td height="150" valign="top" class="banner"> </td>
</tr>
<tr>
<td><table width="685" border="0" cellpadding="0" cellspacing="0" style="height:300px;">
<tr valign="top">
<td width="135" bgcolor="#F0EFED" class="menu-bg-top"><br> </td>
<td style="padding-top:6px; padding-left:10px;"><strong>Kontakt:</strong><br>
<br>
<form name="formnavn" method="post" action="<?php echo basename($_SERVER["PHP_SELF"]); ?>" enctype="multipart/form-data">
<div>
Name:<br />
<input type="text" name="name" style="border:1px solid #999999;" value="<?php if (isset($name)) echo htmlentities(stripslashes($name)); else echo ""; ?>" onfocus="this.style.borderColor='#666';" onblur="this.style.borderColor='#999999';" size="30" />
<br>
E-mail:<br />
<input type="text" name="email" style="border:1px solid #999999;" value="<?php if (isset($email)) echo htmlentities(stripslashes($email)); else echo ""; ?>" onfocus="this.style.borderColor='#666';" onblur="this.style.borderColor='#999999';" size="30" />
<br>
Subject:<br /><input type="text" name="subject" style="border:1px solid #999999;" value="<?php if (isset($subject)) echo htmlentities(stripslashes($subject)); else echo ""; ?>" onfocus="this.style.borderColor='#666';" onblur="this.style.borderColor='#999';" size="30" />
<br>
<br>
Message:<br />
<textarea name="text" cols="55" rows="8" style="border:1px solid #999999; overflow:auto;" onfocus="this.style.borderColor='#666';" onblur="this.style.borderColor='#999';"><?php if (isset($text)) echo htmlentities(stripslashes($text)); else echo ""; ?></textarea>
<br>
<br>
Attachment:<br /><input type="file" name="probe" style="border: 1px solid #999999;cursor:pointer;" value="<?php if (isset($_POST['probe'])) echo htmlentities(stripslashes($_POST['probe'])); else echo ""; ?>" size="20"/>
<p><input type="checkbox" name="copy" value="true" /> Copy to sender. </p>
<input onmouseover="this.style.color='#FF9900'" onmouseout="this.style.color='#000'" type="submit" name="form_submitted" class="submit_knap" style="width:70px;" value=" Send " />
<input type="reset" value="Slet alt" name="reset" class="submit_knap" style="width:70px;">
</div>
</form><?php
}
else
{
if (empty($email)) { ?>
<p><br /><b>Thanks!</b><input type="hidden" name="name" align="top"><br />
Message is sent but you didn't specify an e-mail address,<br />so I can't reply.<br />
</p>
<table width="400" border="0" cellpadding="0" style="height:300px;">
<tr>
<td> </td>
</tr>
</table>
<?php }
else { ?><p><b>Thanks!</b><input type="hidden" name="name"><br />
Message sent! <br />
<table width="400" border="0" cellpadding="0" style="height:300px;">
<tr>
<td> </td>
</tr>
</table>
</p>
<?php }
}
?>
</td>
</tr>
<tr valign="top">
<td height="19" class="menu-bg"align="center"> </td>
<td height="19"> </td>
</tr>
</table></td>
</tr>
</table></td>
<td width="42" class="right-bg"> </td>
</tr>
<tr>
<td class="left-bg"> </td>
<td valign="bottom"><table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff">
<tr valign="bottom">
<td width="70" align="left"> </td>
<td width="510" align="center"> </td>
<td width="70" align="right"> </td>
</tr>
</table></td>
<td class="right-bg"> </td>
</tr>
</table>
</body>
</html>
Or does someone have a better idea to prevent possible form mail spam?
