At the advice of some kind chaps on here, I have reworked a contact form. I am still very much a novice at coding and am still learning a lot of stuff.
I am having an issue with the code I have so far.
The contact form I am making, I am first trying to get the form work without the use of Javascript. I will then be adding client side validation once i've cracked it without js.
I have got all sanitization and validation using a PHP script sorted. My problem is now dealing with resbumissions.
Once the form is submitted successfully, I can clear the relevant inputfields and variables of the PHP script to prevent a resubmit after success, but there is nothing stopping the user simply clicking 'back' in their browser and landing back at the form they just submitted, complete with all the values they entered. From there they can click submit again and the PHP script runs and sends exactly the same thing.
- The PHP Script and the code for the HTML form are in a file called contact-form-template.php.
- The form is included on a couple of pages; so on the pages where I want the contact form, I am using include('contact-form-template.php').
So does anyone know how I stop form resubmissions when the user hits the back button in their browser.
FYI - I have tried including a headers (location: etc) redirect, on various lines each coming back with:
Warning: Cannot modify header information - headers already sent by (output started at /home/user/public_html/test/contact-us.php:152) in /home/user/public_html/test/contact-form-template.php on line 260
Any help appreciated. Thanks
So I have the actually contact page which is contact-us.php - is all HTML except this line :
<?php include('contact-form-template.php') ; ?>
And then this is the contact-form-template.php which has the PHP script and the HTML form underneath.
<?php
if(isset($_POST['submit'])) {
$sender_name = $_POST['input_name'] ;
$sender_company = $_POST['input_company'] ;
$sender_email = $_POST['input_email'] ;
$sender_telephone = $_POST['input_telephone'] ;
$sender_message = $_POST['input_message'] ;
$human_response = $_POST['input_human'] ;
$callback_date = $_POST['input_date'] ;
$callback_time = $_POST['input_time'] ;
// Error Messages
$errorMsg_prefix = "<li>" ;
$errorMsg_suffix = "</li>" ;
// Name
$errorMsg_Name_Empty = $errorMsg_prefix . "Please enter your name (cannot be empty)." . $errorMsg_suffix ;
$errorMsg_Name_Invalid = $errorMsg_prefix . "Please your name using valid characters only." . $errorMsg_suffix ;
// Email
$errorMsg_Email_Invalid = $errorMsg_prefix . "Please enter a valid e-mail address." . $errorMsg_suffix ;
$errorMsg_Email_Empty = $errorMsg_prefix . "Please enter your e-mail address (cannot be empty)." . $errorMsg_suffix ;
// Telephone
$errorMsg_Telephone_Invalid = $errorMsg_prefix . "Please enter a valid telephone number." . $errorMsg_suffix ;
$errorMsg_Telephone_Empty = $errorMsg_prefix . "Please enter your telephone number (cannot be empty)." . $errorMsg_suffix ;
// Message
$errorMsg_Message = $errorMsg_prefix . "Please enter a message. Your message should be at least 30 and no more than 3000 characters in length." . $errorMsg_suffix ;
// Human
$errorMsg_Human_Incorrect = $errorMsg_prefix . "You have not answered the simple maths question correctly!" . $errorMsg_suffix ;
// Callback Date
$errorMsg_callbackDate = $errorMsg_prefix . "Please enter a valid date for us to call you back on, formatted as dd/mm/yyyy (for example: 31/01/2013)." . $errorMsg_suffix ;
$errorMsg_callbackDate_ifTime = $errorMsg_prefix . "You have selected a date for us to call you back, but not a time." . $errorMsg_suffix ;
// Callback Time
$errorMsg_callbackTime_ifDate = $errorMsg_prefix . "You have selected a time for us to call you back, but not a date." . $errorMsg_suffix ;
// Server Side Validation
// Input: Name
if ( $sender_name != "") {
$sender_name = substr(filter_var( $sender_name, FILTER_SANITIZE_STRING), 0,49) ;
if ( $sender_name == "" ) {
$errors .= $errorMsg_Name_Invalid ;
}
} else {
$errors .= $errorMsg_Name_Empty ;
}
// Input: Company
if ( $sender_company != "") {
$sender_company = substr(filter_var( $sender_company, FILTER_SANITIZE_STRING),0,49);
}
// Input: Email
if ( $sender_email != "") {
$email_temp = filter_var( $sender_email, FILTER_SANITIZE_EMAIL);
if (!filter_var( $email_temp, FILTER_VALIDATE_EMAIL )) {
$errors .= $errorMsg_Email_Invalid ;
}
} else {
$errors .= $errorMsg_Email_Empty ;
}
// Input: Telephone
if ( $sender_telephone != "") {
$sender_telephone = filter_var($sender_telephone, FILTER_SANITIZE_NUMBER_INT);
if ( strlen ( $sender_telephone ) < 11 || strlen ( $sender_telephone ) > 12 ) {
$errors .= $errorMsg_Telephone_Invalid ;
}
} else {
$errors .= $errorMsg_Telephone_Empty ;
}
// Input: Message
if ( $sender_message != "") {
$sender_message = filter_var($sender_message, FILTER_SANITIZE_STRING);
if ($sender_message == "") {
$errors .= $errorMsg_Message ;
} elseif ( strlen ($sender_message) < 30 || strlen ($sender_message) > 3000 ) {
$errors .= $errorMsg_Message ;
}
} else {
$errors .= $errorMsg_Message ;
}
// Input: Human
if ( $human_response != "12" ) {
$errors .= $errorMsg_Human_Incorrect ;
}
// Input: Callback date
$callback_date = filter_var($callback_date, FILTER_SANITIZE_STRING);
if ( $callback_date != "" ) {
list ($day,$month,$year) = explode ("/" ,$callback_date );
if ( (is_numeric($day)) || (is_numeric($month)) || (is_numeric($year)) and strlen($year) == 4 ) {
if (!checkdate($month, $day, $year))
$errors .= $errorMsg_callbackDate ;
} else {
$errors .= $errorMsg_callbackDate ;
}
}
if ( $callback_date != "" && $callback_time == "") {
$errors .= $errorMsg_callbackDate_ifTime ;
}
// Input: Callback Time
if ( $callback_time != "" && $callback_date == "" ) {
$errors .= $errorMsg_callbackTime_ifDate ;
}
// If there are no errors - send the form.
if (!$errors) {
$sender_ipAddress = $_SERVER['REMOTE_ADDR'];
$sender_browser = $_SERVER['HTTP_USER_AGENT'];
// E-mail headers
$recipient_email = "[email protected]" ;
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html; charset: utf8" . "\r\n";
$headers .= "From: Website\r\n";
$headers .= 'Reply-To: [email protected]' . "\r\n" ;
// Setting the e-mail subject
$subject = "Message from the website." ;
// For database scripting - replace new-line html with carriage return character - Array
// Placeholders for array
$sender_message_placeholders = array("\n") ;
//Replace Values for array
$sender_message_replaceValues = array("¶") ;
// $sender_message stripped of new-lines, and replaced with nc-characters.
$sender_message_stripped = str_replace($sender_message_placeholders, $sender_message_replaceValues, $sender_message) ;
// Writing the e-mail body.
//Head - Commmon
$emailBody = "
<head>
<style type \"text/css\">
body { font-family: Helvetica, Arial ; font-size: 16px ; line-height: 20px ; color: #5e5e5e }
h1 { font-size: 42px ; line-height: 42px ; color: #c1c1c1 }
div.section { padding: 12px ; margin-bottom: 8px ; background-color: #f7f7f7 ; border: 1px solid #c8c8c8 }
div.section#callback-details { background-color: #f8e0e0 }
div.section#callback-details label { color: #df5c5c }
div.part { margin-bottom: 8px }
div.part:last-child { margin-bottom: 0 }
label { margin: 0 ; font-size: 13px ; line-height: 20px ; font-weight: bold ; color: #80a553 }
p { margin: 0 }
p.input-field#sender-message { white-space: pre-line }
div#dbImport { color: #a1a1a1!important }
div#dbImport p { font-size: 12px!important ; line-height: 19px ; white-space: normal!important }
</style>
</head>
<body>
<html>
<h1>Message</h1>
<p class=\"input-field\" style=\"margin-bottom:12px\">A message has been sent.</p>
" ;
// If Callback Date/Time are provided
if ( $callback_date != "" ) {
$emailBody .= "
<div class=\"section\" id=\"callback-details\">
<div class=\"part\">
<label>Callback Date:</label>
<p class=\"input-field\">$callback_date</p>
</div><!-- !.part -->
<div class=\"part\">
<label>Callback Time:</label>
<p class=\"input-field\">$callback_time</p>
</div><!-- !.part -->
</div><!-- !.section -->
" ;
}
// Body - Common
$emailBody .= "
<div class=\"section\">
<div class=\"part\">
<label>Name:</label>
<p class=\"input-field\">$sender_name</p>
</div><!-- !.part -->
<div class=\"part\">
<label>Company:</label>
<p class=\"input-field\">$sender_company</p>
</div><!-- !.part -->
<div class=\"part\">
<label>E-mail:</label>
<p class=\"input-field\">$sender_email</p>
</div><!-- !.part -->
<div class=\"part\">
<label>Telephone:</label>
<p class=\"input-field\">$sender_telephone</p>
</div><!-- !.part -->
</div><!-- !.section -->
<div class=\"section\">
<div class=\"part\">
<label>Message:</label>
<p class=\"input-field\" id=\"sender-message\">$sender_message</p>
</div><!-- !.part -->
</div><!-- !.section -->
<div class=\"section\" id=\"visitor-info\">
<div class=\"part\">
<label>Sender IP Address:</label>
<p class=\"input-field\"><a href=\"http://network-tools.com/default.asp?prog=express&host=$sender_ipAddress\">$sender_ipAddress</a></p>
</div><!-- !.part -->
<div class=\"part\">
<label>Sender Web Browser:</label>
<p class=\"input-field\">$sender_browser</p>
</div><!-- !.part -->
</div><!-- !.section -->
<div id=\"dbImport\">
<p style=\"font-weight:bold\">IMPORTDB DATA</p>
<p>NAME/COMPANY/EMAIL/TELEPHONE/MESSAGE/CALLBACK-DATE/CALLBACK-TIME</p>
<p>#begin#$sender_name#$sender_company#$sender_email#$sender_telephone#$sender_message_stripped#$callback_date#$callback_time#end</p>
</div>
</body>
</html>" ;
/* Send the message using mail() function */
//mail($recipient_email, $subject, $emailBody, $headers) ;
// The message to display in the contact form success div
$success_message = "
<div id=\"successContainer\">
<h4>Your message has been sent. Thank you.</h4>
<hr>
<p>Someone will get back to you very shortly. We aim to respond to all messages within 24 hours. If your enquiry is super-duper-urgent, why not give us a ring?</p>
</div>
" ;
// Reset the form if successful.
$sender_name = "" ;
$sender_company = "" ;
$sender_email = "" ;
$sender_telephone = "" ;
$sender_message = "" ;
$human_response = "" ;
$callback_date = "" ;
$callback_time = "" ;
// end 'if there are no errors'
} else { // if there are errors with the users inputs
$error_message = "
<div class=\"errorContainer\" style=\"display: block\">
<b style=\"display:block\">Oops... it looks like there is a problem with the data you have entered into the form. Please correct the following errors:</b>
<ul>
$errors
</ul>
</div>" ;
//echo $error_message ;
}
}
?>
<!-- The HTML Form -->
<form id="contact-form" method="post" action="" class="contact-form clearfix">
<div id="contact_form"></div>
<h2>Contact Form</h2>
<?php if(isset($error_message)) { echo $error_message ; } ;?>
<?php if(isset($success_message)) { echo $success_message ; } ;?>
<div id="errorContainer" class="errorContainer">
<b>Oops... it looks like there is a problem with the data you have entered into the form. Please correct the following errors:</b>
<ul />
</div><!-- !#errorContainer-callback -->
<!-- BEGIN 4 INPUT FIELDS -->
<div id="input-fields">
<div id="name-company">
<label>Name</label>
<input name="input_name" tabindex="1" value="<?php echo htmlspecialchars($sender_name); ?>">
<label>Company</label>
<input name="input_company" tabindex="2" value="<?php echo htmlspecialchars($sender_company); ?>">
</div><!-- ! #name-company -->
<div id="email-telephone">
<label>Email</label>
<input name="input_email" tabindex="3" value="<?php echo htmlspecialchars($sender_email); ?>">
<label>Telephone</label>
<input name="input_telephone" tabindex="4" value="<?php echo htmlspecialchars($sender_telephone); ?>">
</div><!-- ! #email-telephone -->
</div><!-- ! #input-fields -->
<!-- BEGIN MESSAGE CELL -->
<div id="message">
<label>Tell us a little about what you'd like talk about when we call you back.</label>
<textarea name="input_message" id="input_message" tabindex="5"><?php if (isset($sender_message)) { echo htmlspecialchars($sender_message) ; } ?></textarea>
</div><!-- ! #message -->
<div class="clearfix"></div>
<!-- BEGIN Bottom of Form (Date/Time/Human/Button) -->
<div id="end">
<!-- BEGIN DATE -->
<div id="cell1" class="cell">
<label>When would you like us to get back to you?</label>
<div>
<input placeholder="Date" name="input_date" type="date" id="callback-date" tabindex="6" value="<?php echo $callback_date ; ?>">
</div><!-- ! date input container -->
<!-- BEGIN CELL-TIME -->
<div>
Time
<select id="callback-time" name="input_time" tabindex="7">
<?php if($_POST['submit'] == true) { ?>
<option value="<?php echo $callback_time ; ?>" selected="selected">
<?php echo $callback_time ; ?>
</option>
<?php } else { ?>
<option value=""></option>
<?php } ?>
<option value=""></option>
<option value="0900-1100">09:00-11:00</option>
<option value="1100-1300">11:00-13:00</option>
<option value="1300-1500">13:00-15:00</option>
<option value="1500-1700">15:00-17:00</option>
</select>
</div><!-- ! subcell -->
</div><!-- ! #cell1 -->
<!-- BEGIN CELL-HUMANCHECK -->
<div id="cell2" class="cell human-check">
<label><b> What is 3 + 9</b></label>
<input id="human-result-callback" class="human" name="input_human" type="number" maxlength="2" tabindex="8"/>
</div><!-- ! #cell2 .cell -->
<!-- BEGIN CELL-BUTTON -->
<div id="cell3" class="cell">
<input class="button" id="submit" name="submit" type="submit" value="Send Your Message">
</div><!-- ! #cell3 .cell -->
</div><!-- ! #end -->
</form>
contact-us.php:152(from error) in your code as the handler, yet your code shows asaction="<?php $_SERVER['PHP_SELF'] ?>"--- which one is it? If you were to split your form/handler in two, you could put yourheader('Location: your_file.php');after yourmail()function. When you start mixing stuff, you're bound to hit a few bumps and hiccups, as it were. – Funk Forty Ninerheader('Location: http://www.example.com');underneath your:mail($recipient_email, $subject, $emailBody, $headers) ;and it worked fine. – Funk Forty Niner$headers .= "From: Website\r\n";to$headers .= "From:" . $sender_email . "\r\n";– Funk Forty Niner