forked from PHPMailer/PHPMailer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
simple_contact_form.phps
102 lines (98 loc) · 3.81 KB
/
simple_contact_form.phps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
/**
* PHPMailer simple contact form example.
* If you want to accept and send uploads in your form, look at the send_file_upload example.
*/
//Import the PHPMailer class into the global namespace
use PHPMailer\PHPMailer\PHPMailer;
require '../vendor/autoload.php';
if (array_key_exists('to', $_POST)) {
$err = false;
$msg = '';
$email = '';
//Apply some basic validation and filtering to the subject
if (array_key_exists('subject', $_POST)) {
$subject = substr(strip_tags($_POST['subject']), 0, 255);
} else {
$subject = 'No subject given';
}
//Apply some basic validation and filtering to the query
if (array_key_exists('query', $_POST)) {
//Limit length and strip HTML tags
$query = substr(strip_tags($_POST['query']), 0, 16384);
} else {
$query = '';
$msg = 'No query provided!';
$err = true;
}
//Apply some basic validation and filtering to the name
if (array_key_exists('name', $_POST)) {
//Limit length and strip HTML tags
$name = substr(strip_tags($_POST['name']), 0, 255);
} else {
$name = '';
}
//Validate to address
//Never allow arbitrary input for the 'to' address as it will turn your form into a spam gateway!
//Substitute appropriate addresses from your own domain, or simply use a single, fixed address
if (array_key_exists('to', $_POST) && in_array($_POST['to'], ['sales', 'support', 'accounts'], true)) {
$to = $_POST['to'] . '@example.com';
} else {
$to = '[email protected]';
}
//Make sure the address they provided is valid before trying to use it
if (array_key_exists('email', $_POST) && PHPMailer::validateAddress($_POST['email'])) {
$email = $_POST['email'];
} else {
$msg .= 'Error: invalid email address provided';
$err = true;
}
if (!$err) {
$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = 'localhost';
$mail->Port = 25;
$mail->CharSet = PHPMailer::CHARSET_UTF8;
//It's important not to use the submitter's address as the from address as it's forgery,
//which will cause your messages to fail SPF checks.
//Use an address in your own domain as the from address, put the submitter's address in a reply-to
$mail->addAddress($to);
$mail->addReplyTo($email, $name);
$mail->Subject = 'Contact form: ' . $subject;
$mail->Body = "Contact form submission\n\n" . $query;
if (!$mail->send()) {
$msg .= 'Mailer Error: ' . $mail->ErrorInfo;
} else {
$msg .= 'Message sent!';
}
}
} ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>PHPMailer Contact Form</title>
</head>
<body>
<h1>Contact us</h1>
<?php if (empty($msg)) { ?>
<form method="post">
<label for="to">Send to:</label>
<select name="to" id="to">
<option value="sales">Sales</option>
<option value="support" selected="selected">Support</option>
<option value="accounts">Accounts</option>
</select><br>
<label for="subject">Subject: <input type="text" name="subject" id="subject" maxlength="255"></label><br>
<label for="name">Your name: <input type="text" name="name" id="name" maxlength="255"></label><br>
<label for="email">Your email address: <input type="email" name="email" id="email" maxlength="255"></label><br>
<label for="query">Your question:</label><br>
<textarea cols="30" rows="8" name="query" id="query" placeholder="Your question"></textarea><br>
<input type="submit" value="Submit">
</form>
<?php } else {
echo $msg;
} ?>
</body>
</html>