Ok, my form data seems to be working fine but I've realised a problem. Someone can refresh the page they are redirected to and resend data, letting them spam my mail.
I think by using 'unset post' I've at least stopped it sending mail when you just click back or forward but I'd like to completely clear it so a reload won't work either. Not sure if theres anything I can do about them clicking back to the form that would probably be filled with their data short of installing a captcha but one problem at a time.
The form is on one page (Page1), submitting it goes to another page (Page2) which has an include, which contains the code below which provides a success message.
Any help is appreciated. Thanks.
<?php
date_default_timezone_set('Europe/London');
$currentdate=date("D-d");
?>
<?php
function isPhoneNumber($checkNo) {
// validate a phone number
return preg_match("/^([0])[0-9]{10}$/D", $checkNo);
}
//Check that the required fields are filled out - also checks that email, if entered, is valid.
if(isset($_REQUEST['callbacksubmitted']))
{
$callbackfullname=(isset($_REQUEST['callbackname']) ? $_REQUEST['callbackname'] : NULL);
$callbacktelno=(isset($_REQUEST['callbackno']) ? $_REQUEST['callbackno'] : NULL);
//Begin Checks
if(trim($callbackfullname) == '') //Check Name is not empty
{
echo "<p class='displayerror'>You don't appear to have entered a name. Please try again.</p>";
}
else if(trim($callbacktelno) == '') //Check Contact Number is not empty
{
echo "<p class='displayerror'>You don't appear to have entered a phone number. Please try again, including the area code, e.g. '01515556666'</p>";
}
else if(!isPhoneNumber($callbacktelno)) //If Contact Number has been entered, check it is a valid telephone number
{
echo "<p class='displayerror'>The number you have entered is invalid. Please try again, including the area code, e.g. '01515556666'</p>";
}
else //If none of the above is true, make sure the e-mail loop can be activated
{
$notEmpty='1';
}
}
//If all necessary fields are filled out, begin validating the data and submit the claim
if(!empty($callbackfullname) && !empty($callbacktelno) && !empty($notEmpty))
{
//The Actual Email. All the components are here to send an email with the message in full.
$destination_email = "supervegetauk2001@yahoo.com";
$subject = "CALL BACK REQUEST";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: callback@cash4aclaim.com' . "\r\n";
//The actual contents of the message, formatted in HTML for easy reading.
$message='<html>
<head>
<title>Call Back Request</title>
</head>
<body>
<h1><u>cash4aCLAIM.com CALL BACK REQUEST</u></h1>
Callback Request made on ' . ($currentdate) . ' by '. ($callbackfullname) .
'<h2>Information</h2>
<table border=1 cellpadding=3 >
<tr>
<td><b>Claimant:</b> </td> <td>' . ($callbackfullname) . '</td>
</tr>
<tr>
<td><b>Contact Number:</b> </td> <td>' . ($callbacktelno) . '</td>
</tr>
</table>
</body>
</html>';
if(mail($destination_email, $subject,$message,$headers))
{
echo "<p class='submissiontext'>Thank you for your submission, we should be contacting you soon!</p>";
unset($_REQUEST['callbacksubmitted']);
$callbackfullname='';
$callbacktelno='';
$notempty='';
unset($_POST);
}
else
{
echo "<p class='submissiontext'>An error has occured, the webmaster has been notified. We apologise for any inconvenience.</p>";
mail("majinvegeta90@hotmail.com","Error has occured in mail system","Error in claim system",$headers);
}
}
?>
