Posts Tagged ‘form mail’

Using a common form mail script for multiple websites

Thursday, June 12th, 2008

I run a number of different websites. Most of them have a contact page which is powered by a form mail script. Until recently each of these websites used an almost identical copy of the same form mail script – I use PHPFormMail but you could adapt this solution for other form mail scripts. Each contact us page has very similar HTML in it. I wanted a way of sharing a common form script and wanted to avoid the duplicated HTML without losing the individual styling of each contact us page.

For this to work for you you’ll need:

  1. All your websites to be on a single host.
  2. To be allowed to use .htaccess files.
  3. Have enough technical knowledge to understand what I’m saying and to customise this for your own site. I’ll give you enough information to implement this, but only if you have enough understanding of knowledge of HTML, PHP and .htaccess files.

On my web server I use one directory for each domain. I map my domain names to directories like this:

http://www.reviewmylife.co.uk    ->   /reviewmylife-web/
http://www.advancedhtml.co.uk    ->   /advancedhtml-web/
http://www.interrail-italy.co.uk ->   /interrail-web/

You’ll note that it is not possible to access the root of my web hosting account ‘/’ from the web.

I’ve added a common directory to store the form mail script and the form HTML. This directory is not accessible from any web address. I’ll explain the contents of the formmail.inc later on.

/common/
/common/formmail.php
/common/formmail.inc

The formmail.php is my usual PHPFormMail script.

I then set up a global variable in a .htaccess file in the root of my web server. This .htaccess file is not accessible to any of my website visitors but it is processed.

/.htaccess

The contents of the .htaccess look like the below snippet. You’ll need to replace the /kunden… part with the path of your own common directory. 

SetEnv COMMON_PATH /kunden/homepages/25/d3262381/htdocs/common

If you don’t know what your web server path looks like create a file called ‘test.php’ with the following contents – <?PHP phpinfo(); ?> and then load file from your browser. You can use this test.php to verify that your new environmental variable is present. Below is my formmail.inc

formmail.inc
<center>
<form method="post" action="commonformmail.php">
<table width="80%" cellpadding="0" cellspacing="0">
<tr>
  <td><font face="arial">Name</font></td>
  <td><p><input type="text" name="name"></p></td>
</tr>
<tr>
  <td><font face="arial">Email</font></td>
  <td><p><input type="text" name="email"></p></td>
</tr>
<tr>
  <td><font face="arial">Subject</font></td>
  <td><p><input type="text" name="subject"></p></td>
</tr>
<tr>
  <td><font face="arial">Message</font></td>
  <td><p><textarea name="message" rows="15" cols="45"></textarea></p></td>
</tr>
<tr>
  <td></td>
  <td><p><input type="submit" name="Submit" value="Send"></p></td>
</tr>
</table>
<p>
<input type="hidden" name="redirect" value="thanks.htm"></p>
<input type="hidden" name="recipient" value="commonmail">
<?php
print "<input type="hidden" name="referer" value="" . $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"] . "">\n";
?>
<input type="hidden" name="env_report"
 value="REMOTE_HOST,HTTP_USER_AGENT,REMOTE_ADDR">
</form>
</center>

Look at the PHPFormMail documentation for information about the redirect, recipient and env_report fields. You’ll note that I have added a referer field so that I’ll know which of my websites this form was posted from. The value of the recipient field has to be present in the PHPFormMail $recipient_array. If your contact page is a .html rather than a .php you’ll have to make sure that you can use PHP in HTML files.

In your contactus/emailus HTML file you can include the form like this:

<?php
include_once($_SERVER['REDIRECT_COMMON_PATH'] . '/formmail.inc');
?>

The final part of the solution is to add a commonformmail.php to each of your individual website directories. It will look like this and just includes the shared form mail script.

<?php
include_once($_SERVER['REDIRECT_COMMON_PATH'] . '/formmail.php');
?>

From now on you can change the behaviour and look of all your website forms from one place.

Related Posts

Tags: , , , , , ,
Posted in Website building | 1 Comment »

Hidden field spam trap for PHPFormMail

Friday, May 30th, 2008

If you have a form mail script on your website you may find that you reguarly recieve automated spam to your email account. Even worse it is possible that spammers may use your form mail script to send spam to other people.

One well known method of significantly reducing (or even stopping) spam without having any impact on your website visitor is to add a hidden field to your form. Real human visitors will not see this field and leave it blank. Automated spam scripts will fill it in. You can therefore easily tag or reject any emails that have this hidden field filled in. This method of stopping spam has been talked about on many other blogs – for example on modernblue, and horizonweb.

I’m not going to explain the technique in depth – you can read about it on the above links. I’m just going to show you how to apply this form of spam protection if you are using the PHPFormMail script.

You will need to add an entry to your style sheet to hide the spam trapping field. I use two fields with similar names – one to display a field as normal and one to hide a field. I suggest you use different names to me to make it less likely that spam scripts will work around this trap.

style.css
div#formstyle1 { display: inline; }
div#formstyle2 { display: none; visibility: hidden; }

In blue you can see where I have added the spam trap field next to the usual message field.

contactus.html
<tr>
<td>Message</td>
<td>
<p>
<div id="formstyle1">
  <textarea name="message" rows="10" cols="40"></textarea>
</div>
<div id="formstyle2">
  <p>Please leave the following field blank: </p><input type="text" name="spamtrap">
</div>
</p>
</td>
</tr>

There are two things I can do in the PHPFormMail script if spam is detected (i.e. if the spamtrap field is not empty). I can either tag the email with a [spam?] tag, or I can reject it.

I have commented out the ‘email rejection’ lines so the below modification will tag the email. If you want to enable the ‘email rejection’ then you can simply uncomment the relevant two lines.

PHPFormMail.php
function send_mail()
{
	global $form, $invis_array, $valid_env, $fieldname_lookup, $errors;

	$email_replace_array = "\r|\n|to:|cc:|bcc:";

	### Anti-spam: start - reject email ###
	#if (($form['spamtrap']) != '')
	#	return true;
	### Anti-spam: end                  ###
	if (!isset($form['subject']))
			$form['subject'] = 'WWW Form Submission';
	if (isset($form['subject_prefix']))
			$form['subject'] = $form['subject_prefix'] . $form['subject'];

	if (!isset($form['email']))
			$form['email'] = 'email@example.com';
	### Anti-spam: start - tag email ###
	if (($form['spamtrap']) !='' )
			$form['subject'] = '[SPAM?]: ' . $form['subject'];
	### Anti-spam: end               ###
	switch ($form['mail_newline']) {
		case 2:		$mail_newline = "\r";
				break;
		case 3:		$mail_newline = "\r\n";

Since applying these changes to my various sites, the script has caught all the formmail spam that I was previously getting.

If you do decide to adopt these changes then make sure you test them carefully – first try testing with the spam trap field visible, before making it invisible. I’d also suggest that you adjust the field and style sheet names to make it harder for spammers to bypass.

Related Posts

Tags: , , , , , ,
Posted in Website building | 1 Comment »