I want a help in my Contact form. I want that when a user inputs his email id in input field & if it is wrong i.e without # the input box should shake (which depicts an error) & when user enters correct email Id, it should accept it.
The problem in my current code is, when user enters correct email Id, even then the input field shakes. Need to validate the input field for correct Email.
Any help would be appreciated.
Thanks in advance.
<form id="form_id" method="post" action="<?php $_SERVER['PHP_SELF'] ?>" onsubmit="javascript:return validate('form_id','email');" novalidate>
<input type="text" id="email" name="email" value="<?php if (isset($_POST["email"])) {echo $ema;} ?>" class="error"/>
<br><br>
<button type="submit" name="submit" class="getaccess-btn">Get Access </button>
</form>
The js for the same is:
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script language="javascript">
function validate(form_id,email) {
var reg = /^([A-Za-z0-9_\-\.])+\#([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
var address = document.forms[form_id].elements[email].value;
if(reg.test(address) == false) {
$(document).ready(function(){
$("button").click(function(){
$("#email").delay(0).animate({"left": "-=30px"}, 80).animate({"left": "+=60px"}, 80).animate({"left": "-=60px"}, 80).animate({"left": "+=60px"}, 80).animate({"left": "-=30px"}, 80);
});
});
return false;
}}
</script>
this php code
<?php
$your_email = "youremailid#gmail.com"; // email address to which the form data will be sent
$subject = "Contact Message"; // subject of the email that is sent
$thanks_page = "thank-you.html"; // path to the thank you page following successful form submission
// Nothing needs to be modified below this line
if (isset($_POST["submit"])) {
$ema = trim($_POST["email"]);
if (get_magic_quotes_gpc()) {
$ema = stripslashes($ema);
}
$error_msg=array();
if (empty($ema) || !filter_var($ema, FILTER_VALIDATE_EMAIL)) {
$error_msg[] = "Your email must have a valid format, such as name#mailhost.com";
}
$email_body =
"Email of sender: $ema\n\n" .
"$com" ;
// Assuming there's no error, send the email and redirect to Thank You page
if (!$error_msg) {
mail ($your_email, $subject, $email_body, "From: $nam <$ema>" . "\r\n" . "Reply-To:");
header ("Location: $thanks_page");
exit();
}
}
?>
The css for the same is:
.error{height:auto;width:100px;position:absolute;}
I can't understand your issue properly, but if you are working with email validation then there is no need of javascript. You can simply use email as input type in HTML5:
for ex, you can write as following:
<form>
<input type="email" name="email" required>
<input type="submit">
</form>
this will automatically validate input field for # and ..
fiddle is here
Related
I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case the vulnerability is from Paypal input form. I build my website with Paypal redirect so the user will input their own data into the form and the system will send it to paypal. This is the example of my form code:
<div class="col-md-5">
<input type="text" class="form-control" name="L_PAYMENTREQUEST_FIRSTNAME" id="L_PAYMENTREQUEST_FIRSTNAME" value="<?=$_SESSION['post_value']['shipping_first_name']?>" readonly="readonly">
</div>
<input type="hidden" name="billing_first_name" value="<?=$_POST['billing_first_name']?>">
<input type="hidden" name="billing_last_name" value="<?=$_POST['billing_last_name']?>">
<input type="hidden" name="billing_email" value="<?=$_POST['billing_email']?>">
<input type="hidden" name="billing_phone" value="<?=$_POST['billing_phone']?>">
<input type="hidden" name="billing_address" value="<?=$_POST['billing_address']?>">
<input type="hidden" name="billing_city" value="<?=$_POST['billing_city']?>">
<input type="hidden" name="billing_postcode" value="<?=$_POST['billing_postcode']?>">
<input type="hidden" name="billing_state" value="<?=$_POST['billing_state']?>">
That is some part of my form. What I want to know is whats wrong with that form and how to prevent Sitelock to scan XSS vulnerability ? Please anyone knows could help me.
I would also recommend using the HTTP header.
X-XSS-Protection: 1; mode=block
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
you probably dont check/nullify the data you are getting in the input fields
and by typing <script>alert('hacked')</script> in billing_address field
on next page where you print the billing_address you will get a popup window calling hacked
On the page that process your form you should validate that input fields doesn't have any javascript code.
for example
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
you need to create a function like test_input and run for all your input fields
I have been able to get the order_id and the total order value to process them on the success page in OpenCart (v. 1.5.4) by applying the very helpful suggestions of Shadyyx (thank you!) in Opencart successful order ID and Total from JavaScript. However, I have been unable to get the email address of the (registered or guest) customer across, i.e.:
If I insert $this->data['email'] = $this->session->data ['email']; in success.php before $this->cart->clear();
I get an Undefined Index error in success.php when submitting an order.
If I insert $this->data['email'] = $this->cart->getEmail();
instead, I avoid the Undefined Index error, but still the email address does not load in the html form via the input tag (this does, however, work for the order_id and the total) as follows:
<?php if(!empty($email)): ?>
<input name="email" type="hidden" value="<?php echo $email ?>">
<?php endif; ?>
To do this properly you need to open /catalog/controller/checkout/success.php and find this line of code
if (isset($this->session->data['order_id'])) {
After it, add the following
$this->load->model('account/order');
$order = $this->model_account_order->getOrder($this->session->data['order_id']);
if($order) {
$this->data['email'] = $order['email'];
}
In your template /catalog/view/theme/your-theme-name/template/common/success.tpl you need to put
<?php if(!empty($email)) echo $email; ?>
Wherever you want to see the e-mail address
$this->customer->getEmail(); - this will get you logged in customer's email id.
In catalog/controller/checkout/success.php, insert the below code between
if (isset($this->session->data['order_id'])) {
and
$this->cart->clear();
Code to add:
if (isset($this->session->data['guest'])) {
$this->data['customer_email'] = $this->session->data['guest']['email']; // Guest user's email
} elseif($this->customer->isLogged()) {
$this->data['customer_email'] = $this->customer->getEmail(); // Customer's email
}
Then in success.tpl, add:
<?php if(isset($customer_email)){ ?>
<input name="email" type="hidden" value="<?php echo $customer_email ?>">
<?php } ?>
I have a javascript function that checks if someone entered their email:
function formValidate(){
form1 = document.forms['_register1'];
if (form1.elements['email'].value == 'Type Your Email Address Here')
{
alert('Please enter your email address.');
form1.elements['email'].focus();
return false;
}
}
Here is the form html:
<form method="post" enctype="multipart/form-data" name="_register1" id="_register" action="signup.php" >
<input type="text" class="field" value="Type Your Email Address Here" name="email" title="Type Your Email Address Here" />
<input type="submit" class="button button-signup" value="SIGN UP!" onclick="formValidate();" />
If the user has not entered an email address, I want the javascript alert to popup and once the user presses ok, I want the page to stay the same. I don't want the action="signup.php" to happen until the email is valid. This seems like it should be simple but I've looked all over the internet and can't find a solution.
Thanks.
http://www.html-form-guide.com/php-form/php-login-form.html
this might be what you're looking for.
I finally figured out the answer. The key is to use the javascript submit() function. Rather than use an input type submit, I use just a regular button. Then, after javascript validates the form and the form has the proper data, I used the submit function. Here is my code below. If anyone is curious, feel free to ask me about it.
function formValidate(){
//define form1 as registration form
form1 = document.forms['_register1'];
var submission = true;
//make sure email address is not blank
if (form1.elements['email'].value == 'Type Your Email Address Here') {
alert('Please enter your email address.');
form1.elements['email'].focus();
var submission = false;
}
//submit form if data is good
if(submission != false){
form1.submit();
}
}
And here is the html:
<input type="text" value="Type Your Email Address Here" name="email" title="Enter email" />
<input type="button" value="SIGN UP!" onclick="formValidation();" />
Here is my form.
<form method="post" name="frm">
<label>Name*<input type="text" name="Name" value="<?php echo $r['Name'] ?>" onblur="if(this.value.length<3) alert('Name too short');" /></label>
<label>Username*<input type="text" name="UN" value="<?php echo $r['UN'] ?>" onblur="if(this.value.length<5) alert('Username too short');" /></label>
<label>Password*<input type="password" name="PW" onblur="validation()" /></label>
<label>Confirm Password*<input type="password" name="CM" onblur="validation()" /></label>
<?php } ?>
<input type="submit" name="Submit" value="<?php if($new) echo 'Register'; else echo 'Update'; ?>" />
</form>
Without writing separate onBlur events I am trying to get all these events into a function called validation() as I have done for password and confirm-password fields. Here is my validation function:
<script language="javascript">
function validation() {
var password = document.frm.PW.value;
var password2 = document.frm.CM.value;
if (password.length < 5) {
alert ("Password too short");
}
else if (password != password2) {
alert("password mismatch");
}
}
</script>
But with this code once I have filled password, and when I am about to start inputting for confirm-password field, it alerts the message "password mismatch". How to get rid of this? And for all the form tags if I am validating and using validation() function, then in each tag do I have to call onblur=validation()?
Don't have the password validation fired on the main password change - have it fired when you alter password2 or when you click submit. :)
If you insist on checking when you update password AND password 2, I would just add a check to see if password2 had been left blank:
else if(password !== password2 && password2 !== ""){
But doing ALL your checks on submit is a much cleaner solution (and as Rake says, it would be neater still to have a span that is updated instead of an alert).
I have a contact form which is a template for pages on wordpress that I use if I need a contact form. All works fine but I want to add the capability of adding a file attachment so when the user fills in their name etc they can upload a photo and that photo will be sent to be me as an attachment.
I have a perfect working contact form and I only want to add that functionality to it. All my current code does all this it sends the name of the person their email address and their message to my email, all I'm missing is the attachment feature. I've been looking at alot of contact forms with this feature but to integrate that feature to my sendmail.php seems very hard as the coding style is completely different. Here is a demo of this in action. demo
This is my php file that has the form in it.
<?php get_header(); ?>
<script type="text/javascript">
$(document).ready(function(){
$('#contact').ajaxForm(function(data) {
if (data==1){
$('#success').fadeIn("slow");
$('#bademail').fadeOut("slow");
$('#badserver').fadeOut("slow");
$('#contact').resetForm();
}
else if (data==2){
$('#badserver').fadeIn("slow");
}
else if (data==3)
{
$('#bademail').fadeIn("slow");
}
});
});
</script>
<!-- begin colLeft -->
<div id="colLeft">
<!-- Begin .postBox -->
<div class="postBox">
<div class="postBoxTop"></div>
<div class="postBoxMid">
<div class="postBoxMidInner first clearfix">
<h1>Contact Us</h1>
<p><?php echo get_option('alltuts_contact_text')?></p>
<p id="success" class="successmsg" style="display:none;">Your email has been sent! Thank you!</p>
<p id="bademail" class="errormsg" style="display:none;">Please enter your name, a message and a valid email address.</p>
<p id="badserver" class="errormsg" style="display:none;">Your email failed. Try again later.</p>
<form id="contact" action="<?php bloginfo('template_url'); ?>/sendmail.php" method="post">
<label for="name">Your name: *</label>
<input type="text" id="nameinput" name="name" value=""/>
<label for="email">Your email: *</label>
<input type="text" id="emailinput" name="email" value=""/>
<label for="comment">Your message: *</label>
<textarea cols="20" rows="7" id="commentinput" name="comment"></textarea><br />
<input type="submit" id="submitinput" name="submit" class="submit" value="SEND MESSAGE"/>
<input type="hidden" id="receiver" name="receiver" value="<?php echo strhex(get_option('alltuts_contact_email'))?>"/>
</form>
</div>
</div>
<div class="postBoxBottom"></div>
</div>
<!-- End .postBox -->
</div>
<!-- end colleft -->
<?php get_sidebar(); ?>
<?php get_footer(); ?>
and here is the file that handles the sending of the mail.
<?php
if(isset($_POST['submit'])) {
error_reporting(E_NOTICE);
function valid_email($str)
{
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*#([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}
if($_POST['name']!='' && $_POST['email']!='' && valid_email($_POST['email'])==TRUE && strlen($_POST['comment'])>1)
{
$to = preg_replace("([\r\n])", "", hexstr($_POST['receiver']));
$from = preg_replace("([\r\n])", "", $_POST['email']);
$subject = "Website contact message from ".$_POST['name'];
$message = $_POST['comment'];
$match = "/(bcc:|cc:|content\-type:)/i";
if (preg_match($match, $to) ||
preg_match($match, $from) ||
preg_match($match, $message)) {
die("Header injection detected.");
}
$headers = "From: ".$from."\r\n";
$headers .= "Reply-to: ".$from."\r\n";
if(mail($to, $subject, $message, $headers))
{
echo 1; //SUCCESS
}
else {
echo 2; //FAILURE - server failure
}
}
else {
echo 3; //FAILURE - not valid email
}
}else{
die("Direct access not allowed!");
}
function hexstr($hexstr) {
$hexstr = str_replace(' ', '', $hexstr);
$hexstr = str_replace('\x', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
?>
Thanks!
You can read this simple tutorial to know what needs to be done to add file upload support to your current form:
http://www.tizag.com/phpT/fileupload.php
Hope it helps!
EDITED
After the upload process, you can do like this:
if (file_exists($_FILES['uploaded']['tmp_name'])) {
$mail->AddAttachment($_FILES['uploaded']['tmp_name'], $_FILES['uploaded']['name']);
}
What this does is to add an attachment to your email by calling the AddAttachment from PHPMailer, and using the file just uploaded from the TMP folder of your server... so no actual storage of the file is necessary.
You can use
http://wordpress.org/plugins/contact-form-7/
It has a option for Upload field as well as all validations, really easy to use.
You just need to enter shortcode and you can use the contact form anywhere you want.