Flash mailform any good?

digitalecartoon

I've made a flash form which sends it's values through a mailform php script, checking for errors and sending it if everything is correct. It's my first real php script. I've adapted it over the last few months. This is the edited most recent version. Could you check if it is any good? And that it does what the comments say it should?

First the Flash mailform actionscript.

stop();
//When using TAB key only input fields are allowed to
//be moved through

naam.tabIndex = 1;
email.tabIndex = 2;
bericht.tabIndex = 3;

//Scrolling arrows function
//In case of large text being typed into the message  

//field, the text can be scrolled with the arrow buttons

Hoog.onRelease = function() {
	bericht.scroll = bericht.scroll-1;
};
Laag.onRelease = function() {
	bericht.scroll = bericht.scroll+1;
};

//When an error has been found in a field, the error
//message "Niet (goed) ingevuld" is put inside  it and when  

//clicked on that input field the field is cleared so it 
//can be typed in again

naam.onSetFocus = function(oldFocus) {
	if (naam.text == "Niet (goed) ingevuld") {
		naam.text = "";
	}
};
email.onSetFocus = function(oldFocus) {
	if (email.text == "Niet (goed) ingevuld") {
		email.text = "";
	}
};
bericht.onSetFocus = function(oldFocus) {
	if (bericht.text == "Niet ingevuld") {
		bericht.text = "";
	}
};

//Sending typed name, email address and message text
//variables to php mailform.php script

Versturen.onRelease = function() {
	mySendVars = new LoadVars();
	myLoadVars = new LoadVars();
	mySendVars.naam = naam.text;
	mySendVars.email = email.text;
	mySendVars.bericht = bericht.text;
	mySendVars.sendAndLoad("mailform.php", myLoadVars, "POST");
	gotoAndStop(2);

//The returned variables indicate whether there 
//was an error in one or more input fields
//In case of no error the email has already been 
//sent by the php script and Flash goes to frame 3 
//of the movieclip, showing the Thank-You screen

myLoadVars.onLoad = function(success) {
	if (success) {
		if ((myLoadVars.naam != "error") && (myLoadVars.email != "error") && (myLoadVars.bericht != "error")) {
			gotoAndStop(3);
		} else {

			//In case of an error the error message 
			//is displayed in red characters in 
			//the input field(s) which has the error
			gotoAndStop(1);
			if (myLoadVars.naam != "error") {
				naam.text = mySendVars.naam;
			} else {
				naam.text = "Niet (goed) ingevuld";
				naamformat = new TextFormat();
				naamformat.color = 0xFF0000;
				naam.setTextFormat(naamformat);
			}
			if (myLoadVars.email != "error") {
				email.text = mySendVars.email;
			} else {
				email.text = "Niet (goed) ingevuld";
				emailformat = new TextFormat();
				emailformat.color = 0xFF0000;
				email.setTextFormat(emailformat);
			}
			if (myLoadVars.bericht != "error") {
				bericht.text = mySendVars.bericht;
			} else {
				bericht.text = "Niet ingevuld";
				berichtformat = new TextFormat();
				berichtformat.color = 0xFF0000;
				bericht.setTextFormat(berichtformat);
			}
		}
	}
};
};

This sends the variables to the php script. If an error is found, the php script sends variables back with "error" values. Otherwise it sends the mail. Here's the php script:

<?php

/* Email settings, doing some basic filtering */
/* Used by Flash form so utf8 decode neccessary for allowing international (accented) characters */
/* (utf8 decode turns everything to iso 8859-1) */
/* Using stripslashes so names like O'Brien don't get converted to O/'Brien when posted by Flash */

$to = "test@mail.nl";
$subject = "Request for information";
$naam = stripslashes(utf8_decode($_POST["naam"]));
$email = stripslashes(utf8_decode($_POST["email"]));
$bericht = stripslashes(utf8_decode($_POST["bericht"]));

/* Convert newline codes to correct newlines to that each paragraph starts on a new line */

$bericht = preg_replace('~\r(?!\n)|(?<!\r)\n~', "\r\n", $bericht);

/* To protect agains email injection, some regular expressions to validate inputed values */
/* Checking for a proper name, including accented characters, apostrophe, space and hyphen */
/* Hexadecimal codes used to allow accented characters */

if (!preg_match('~^[a-z\xC0-\xFF][a-z\xC0-\xFF \-\']*$~i', $naam)) {
$naam = "error";
/*echoes are used the send variables back to Flash again */
echo "&naam=error&";
} else {
echo "&naam=correct&";
}

/* Checking for properly formed email address*/

if (!preg_match('~^[a-z0-9][a-z0-9_.\-]*@([a-z0-9]+\.)*[a-z0-9][a-z0-9\-]+\.([a-z]{2,6})$~i', $email)) {
$email = "error";
echo "&email=error&";
} else {
echo "&email=correct&";
}

/* Has a message been filled in? */

if (!$bericht || $bericht == "Niet ingevuld") {
$bericht = "error";
echo "&bericht=error&";
} else {
echo "&bericht=correct&";
}

/* Everything is ok and mail will be sent as plain text mail */
/* When sending as html text mail, the use of htmlentities on the message is advised */
/* That way the message part can't be used to input malicious scripts */
if ($naam != "error" && $email != "error" && $bericht != "error") {

$message = "Naam:\r\n".$naam."\r\n\r\n";
$message .= "Emailadres:\r\n".$email."\r\n\r\n";
$message .= "Bericht:\r\n".$bericht."\r\n";

$headers = "MIME-Version: 1.0\r\n";  

$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: ".mb_encode_mimeheader($naam, "iso-8859-1", "Q")." <".$email.">\r\n";  

mail($to, $subject, $message, $headers);

}
?>

digitalecartoon

I don't want to miss emails send to me, because for some reason people get error messages even though everything is filled in correctly. I think, after some updates and tweaks, everything should work fine. But just to be sure... have I done it ok?

digitalecartoon

Just edited my flash/php mailform script. Some improvements over the last few months. What do you think of it?