I'm hoping that someone will be able to help please.
I have an 'contact us' page that has the following code within it
Code: Select all
<?php
$artiste = $_POST['artiste'] ;
if ($artiste == "biddles") {
$to = 'email1';
} elseif ($artiste == "caucheteux") {
$to = 'email2;
} else {
$to = 'adminemail';
}
$subject = 'Enquiry from the website';
$contact_submitted = 'Your message has been sent. Thank you';
function email_is_valid($email) {
return preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i',$email);
}
if (!email_is_valid($to)) {
echo '<p style="color: red;"-->You must set-up a valid (to) email address before this contact page will work.</p>'; }
if (isset($_POST['contact_submitted']))
{ $return = "\r"; $youremail= trim(htmlspecialchars($_POST['your_email']));
$yourname =stripslashes(strip_tags($_POST['your_name']));
$yourmessage =stripslashes(strip_tags($_POST['your_message']));
$contact_name = "Name: ".$yourname;
$message_text = " Message: ".$yourmessage; $user_answer =trim(htmlspecialchars($_POST['user_answer']));
$answer =trim(htmlspecialchars($_POST['answer']));
$message = $contact_name .$return . $message_text;
$headers = "From: ".$youremail;
if (email_is_valid($youremail) && !preg_match("\r",$youremail) && !preg_match("\n",$youremail) && $yourname != "" && $yourmessage != "" && substr(md5($user_answer),5,10) === $answer) {
mail($to,$subject,$message,$headers);
$yourname = '';
$youremail = '';
$yourmessage = '';
echo '<p style="color: blue;">'.$contact_submitted.'</p>';
}
else echo '<p style="color: red;">Please enter your name, a valid email address, your message and the answer to the simple maths question before sending your message.</p>';
}
$number_1 = rand(1, 9);
$number_2 = rand(1, 9);
$answer = substr(md5($number_1+$number_2),5,10);
?>
<div style="position:absolute;left:92px;top:440px;width:817px; ">
<form id="contact" action="contactus.php" method="post">
<div id="contact_form" class="form_settings">
<p class="Body P-1"><span class="c-16">Name </span><input
name="your_name" value="<?php echo $yourname; ?>" type="text"></p>
<p class="Body P-1"><span class="c-16">Email Address </span><input
name="your_email" value="<?php echo $youremail; ?>"
type="text"></p>
<p class="Body P-1"><span class="c-16">Email Address </span> <select name="artiste">
<option value="biddles">Robert Biddles</option>
<option value="caucheteux">Alain Caucheteux</option>
<option value="admin">Administrator</option>
</select>
</p>
<p class="Body P-1"><span class="c-16">Message </span><textarea
rows="50" cols="50" name="your_message" value="<?php echo $yourmessage; ?>"></textarea></p>
<p class="Body P-1">To help prevent spam, please enter the answer to
this question:</p>
<p class="Body P-1"><span class="c-16"><?php echo $number_1; ?> +
<?php echo $number_2; ?> = ? </span><input name="user_answer" type="text"><input
name="answer" value="<?php echo $answer; ?>" type="hidden"></p>
<p style="padding-top: 15px"><span> </span><input class="button a"
name="contact_submitted" value="send" type="submit"></p>
</div>
</form>
</div>It will be much appreciated if someone knows how to stop this happening and for the sender to see all that they've typed.
Thanks in advance
