Contact Form Security and Functions Don't Work

Question

I am working on a contact form and the code doesn't seem to work. I don't get verifications when its submitted, I don't get to see what the user submitted, and the form has no security at all. Here is what I produced so far, it has most of the things complete, I just can't get it to work the way I want. Can someone help me with this:

EDIT: I am making a contact form to collect inputs for a childcare website (I just need the name of the parent, email, phone number, and information about the child). I expect it to, when submitted by the visitor/parent, to send me a verification that the form was submitted and I get a copy of what they submitted to me. The parent who submitted the form should also get verification that the form was submitted. When the form is inputted, the page resets and I don't get a copy of their inputs nor does the parent get a verification.. – Suppahman 4 mins ago edit

I am expecting it to send me a verification of the form being submitted, I get a copy of the inputs so I can contact them later, the parent gets a verification that I got it, and the form should be secured so that nobody can spam me. At the moment, the form is basically... well... dead. Are you guys able to help me with that by any chance? I don't know if I answered your questions correctly, but I think it should do?

PHP

$contactname  = $_POST["contact-name"];
$contactemail = $_POST["contact-email"];
$contactphone = $_POST["contact-phone"];
$child_info   = $_POST["child_info"];
$to           = 'maemail@gmail.com';
$subject      = 'Contact Form Submission!';

//******************************************************************************************************************************//

if(isset($_POST['email'])) {
    $to      = "maemail@gmail.com";
    $subject = "Contact Form Submission";

    function died($error)
    {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error . "<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }

    if(!isset($_POST['contact-name']) || !isset($_POST['contact-email']) || !isset($_POST['contact-phone']) || !isset($_POST['child-info'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');
    }

    $contactname   = $_POST['contact-name']; //required
    $contactemail  = $_POST['contact-email']; //required
    $contactphone  = $_POST['contact-phone']; //required
    $child_info    = $_POST['child_info']; //required
    $error_message = "";

    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';

    if(!preg_match($email_exp, $contactemail)) {
        $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
    }

    $string_exp = "/^[A-Za-z .'-]+$/";
    $numb_exp   = '/^[0-9.-]';

    if(!preg_match($string_exp, $contactname)) {
        $error_message .= 'The First Name you entered does not appear to be valid.<br />';
    }

    if(!preg_match($numb_exp, $contactphone)) {
        $error_message .= 'The Phone Number you entered does not appear to be valid.<br />';
    }

    if(strlen($child_info) < 2) {
        $error_message .= 'The Comments you entered do not appear to be valid.<br />';
    }

    if(strlen($error_message) > 0) {
        died($error_message);
    }

    $email_message = "Form details below.\n\n";

    function clean_string($string)
    {
        $bad = array(
            "content-type",
            "bcc:",
            "to:",
            "cc:",
            "href"
        );
        return str_replace($bad, "", $string);
    }

    $email_message .= "First Name: " . clean_string($contactname) . "\n";
    $email_message .= "Email: " . clean_string($contactemail) . "\n";
    $email_message .= "Telephone: " . clean_string($contactphone) . "\n";
    $email_message .= "Child Information: " . clean_string($child_info) . "\n";

    $headers = 'From: ' . $contactemail . "\r\n" . 'Reply-To: ' . $contactemail . "\r\n" . 'X-Mailer: PHP/' . phpversion();

    @mail($to, $subject, $email_message, $headers);
    echo "Thank you for contacting us. We will be in touch with you very soon.";
}
//******************************************************************************************************************************//

$v1      = "
                <html> <body> <style>
                    h1 {color:#000066;}
                    table {border:1px solid black; background: #e3f0ff;}
                </style> <h1>Hello, this form has been submitted!</h1> <img src= 'logo1.png' /> <table rules='all' style='border-color: #ffb300;' cellpadding='10' width='500px'> <tr style='background: #ffb300;'><td>First Name: $contactname</td> <tr style='background: #fafafa;'><td>Email: $contactemail</td> <tr style='background: #fafafa;'><td>Phone: $contactphone</td><tr style='background: #fafafa;'><td>Child Information: $child_info</td></table> </body> </html> ";
$message = $v1;
$headers = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
mail($to, $subject, $message, $headers);
echo "Message has been sent..."; //Page RE DIRECT 
echo $v1;
//******************************************************************************************************************************//

$contactname     = $_POST["contact-name"];
$contactemail    = $_POST["contact-email"];
$contactphone    = $_POST["contact-phone"];
$child_info      = $_POST["child_info"];
$verificationmsg = 'Thank you for your inquiry, we will contact you shortly! <br>Best,<br>Me<br>©Hi LOGO WENT HERE(TM) All Rights Reserved 2015';
$subject         = 'Message Confirmed!';
$v1              = "
                <html> <body> <style>
                    #disclosure {font-size: 8px; color: #333;}
                    h1 {color:#000066;}
                    table {border:1px solid black;}
                </style> <img src= 'logo1.png' /> <table rules='all' style='border-color: #ffb300;' cellpadding='10' width='500px'> <tr style='background: #ffb300;'><td>Email Confirmation <tr style='background: #fafafa;'><td>Hello  $contactname, your message has been recieved! We will contact you shortly! <br><br>Best, <br>M<br>©M(TM) All Rights Reserved 2015 </div> </table> </body> </html> ";
$headers         = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
mail($contactemail, $subject, $verificationmsg, $headers);

$count = count(file("formsubmissions.csv"));
$today = date("d M Y h:i A");
echo $today;
echo $v1;

$cvsData = "\n" . $count . "," . $today . "," . $contactname . "," . $contactemail . "," . $contactphone . "," . $child_info;

$fp = fopen("formsubmissions.csv", "a");
if($fp) {
    fwrite($fp, $cvsData);
    fclose($fp);
}

HTML

<form action="contact.php" class="footer-form" method="post">
    <p class="title">How can we be of service?</p>

    <div class="form-group">
        <strong>
            <input type="text" class="form-control" name="contact-name" id="contact-name" placeholder="Name:">
        </strong>
    </div>
    <div class="form-group">
        <strong>
            <input type="email" class="form-control" name="contact-email" id="contact-email" placeholder="E-mail:">
        </strong>
    </div>
    <div class="form-group">
        <strong>
            <input type="phone" class="form-control" name="contact-phone" id="contact-phone" placeholder="Phone:">
        </strong>
    </div>
    <div class="form-group">
        <strong> 
            <input type="text" class="form-control" name="child_info" id="child_info" placeholder="Tell us about your child:">
        </strong>
    </div>
    <button type="submit" class="btn btn-default waves-effect waves-button waves-float waves-classic"><strong>Submit</strong></button>
</form>

@GottliebNotschnabel sorry about that, I just added the HTML — Suppahman, Jul 08 '15 at 23:04
What exactly is your problem? Try to narrow your code down to relevant lines. — Gottlieb Notschnabel, Jul 08 '15 at 23:06
@GottliebNotschnabel The problem is that I can't get the form to send me a verification of what the user submitted nor can the user who submitted it get a verification that we got their email. Also, the form security I added doesn't seem to work at all. Is there something I am doing wrong? When I submit the form, it just refreshes the page. I am just stumped :/ — Suppahman, Jul 08 '15 at 23:11
[Add error reporting to your code](http://stackoverflow.com/a/21429652/1828051) and check again. What does it say? And what is in your `formsubmissions.csv` file? — Gottlieb Notschnabel, Jul 08 '15 at 23:21
State the following: What are you doing (what values do you fill into the form, what do you click)? What do you expect to happen? What do you observe happens instead, and how does it differ from your expectation? — Sven, Jul 08 '15 at 23:23
@Sven oh okay. What are you doing: I am making a contact form to collect inputs for a childcare website (I just need the name of the parent, email, phone number, and information about the child). What do you expect: I expect it to, when submitted by the visitor/parent, to send me a verification that the form was submitted and I get a copy of what they submitted to me. The parent who submitted the form should also get verification that the form was submitted. What happened: When the form is inputted, the page resets and I don't get a copy of their inputs nor does the parent get a verification.. — Suppahman, Jul 08 '15 at 23:26
@Sven I am expecting it to send me a verification of the form being submitted, I get a copy of the inputs so I can contact them later, the parent gets a verification that I got it, and the form should be secured so that nobody can spam me. At the moment, the form is basically... well... dead. Are you guys able to help me with that by any chance? I don't know if I answered your questions correctly, but I think it should do? — Suppahman, Jul 08 '15 at 23:28
@GottliebNotschnabel at the moment, the csv just has the headers: the number/count, the date, name, email, phone, and child's info. Sadly, because the form doesn't work, I can't get a copy of their submissions, leaving the csv blank. — Suppahman, Jul 08 '15 at 23:29
What are the filenames of your code (PHP and HTML)? Are they organized within one file? — Gottlieb Notschnabel, Jul 08 '15 at 23:32
@GottliebNotschnabel They are seperate files. I am just referencing the php within the html file by using the `action="contact.php"`. The form is in the index.html of my site. The PHP is being referenced. I don't know if I sound too confusing :P — Suppahman, Jul 08 '15 at 23:34
@GottliebNotschnabel you mentioned the error reporting snippet, where do I put that within my code and can you explain to me how it works? I am pretty curious to know about that. — Suppahman, Jul 08 '15 at 23:36
@suppahman - also you are checking if isset $_POST["email"] - shouldn't that be "contact-email" — Dex Dave, Jul 08 '15 at 23:49
@DexDave I thought that I was supposed to put `email`? Was I not supposed to do that? — Suppahman, Jul 08 '15 at 23:51
I feel like I may end up needing some assistance to rewrite the entire code? When I started adding "security," that's when things started to get worse... before, the form was able to do most of what I needed but lacked security and had odd glitches to it. — Suppahman, Jul 09 '15 at 00:01
@Suppahman $_POST is an array of the values posted from your form(by their names) - so since there is no input on your form with name="email", that variable doesn't exist in your $_POST array hence your if statement is always skipped - try contact-email and see what happens — Dex Dave, Jul 09 '15 at 00:06
@DexDave I can't seem to see where I make that change? What line of the php code do you recommend me switching email to contact-email? — Suppahman, Jul 09 '15 at 00:14
@DexDave I did that, it didn't do anything new or different :/ — Suppahman, Jul 09 '15 at 00:24
@Suppahman tried your code on my pc - it seems to work, replaced line 10 "email" with "contact-email", line 23 at the end should be "child_info" instead of "child-info", line 40 your regular expression should have a forward slash after the right square bracket "/^[0-9.-]/" other than that I don't know why its not working for you — Dex Dave, Jul 09 '15 at 01:00
@DexDave Did the form, when you ran it, do what was requested? Like send verification, collect inputs, store in csv, security protected form? — Suppahman, Jul 09 '15 at 01:19
@Suppahman haven't received the verification yet(should work though) , but the csv part works — Dex Dave, Jul 09 '15 at 01:43
@DexDave How about the security? did that part workout just fine? — Suppahman, Jul 09 '15 at 01:48
@Suppahman that part worked out okay - however I did not test it out extensively — Dex Dave, Jul 09 '15 at 01:51
@DexDave Oh okay, I am seeing some progress. I can see the security take its a place, except, I am not sure how to make it a simple pop up? It just flashes all the mistakes the user has made in the inputs for like a quick second. I also don't get any email verifications so far :/ Am i forgetting something? — Suppahman, Jul 09 '15 at 01:55
@Suppahman thats good, for popups maybe consider doing some client side javascript validation but thats outside the scope of the question, still don't know why email is not working — Dex Dave, Jul 09 '15 at 02:03
@DexDave are you able to connect your email and try running the form? Maybe that would help? Is there something blocking the email verification from happening? — Suppahman, Jul 09 '15 at 02:07
@Suppahman not at this moment unfortunately - will do later though, good luck — Dex Dave, Jul 09 '15 at 02:09
@DexDave Thank you Dex! I really appreciate your help so far! — Suppahman, Jul 09 '15 at 02:11
@DevDave Is it best that I create a new thread to answer the email problem? — Suppahman, Jul 09 '15 at 04:05
@Suppahman sorry I've been busy all day, i tested it and the email works - I dint make any other changes — Dex Dave, Jul 09 '15 at 21:58

Contact Form Security and Functions Don't Work

0 Answers0