Secure and Accessible PHP Contact Form

	Home Register Search Help Login

Sponsors

Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.

Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.

Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Search Forums

Recent Posts

Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

Secure and Accessible PHP Contact Form

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Web Development >> Accessibility >> Secure and Accessible PHP Contact Form

Page: [1]


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	Secure and Accessible PHP Contact Form - 10/4/2006 22:23:04 Hi guys, Hopefully this is an appropriate thread. I need some testing of a secure and accessible PHP contact form. I don't think it can get much more accessible, and from a security standpoint it should be a spammer's worst enemy, and the PHP is solid. I have a concern, though: One of the security features might make it inaccessible to AOL users. A friend of mine, Tommy Olsson, said he thinks AOL users (those with access to the web via an AOL account) generate a new IP address with each HTTP request. If this is the case the form might trigger three possible errors. Two of the 15 security measures might produce PHP undefined index warnings but the form will still submit, but one of them may cause the form to not submit at all. That would be bad. Anyway, I'm am hoping you guys can check it out, the more the merrier, but especially if you have AOL internet service. Download and information page: http://green-beast.com/blog/?page_id=71 Release introduction: http://green-beast.com/blog/?p=128 Working demo page: http://green-beast.com/gbcf/ Thank you very much. Mike _____________________________ http://accessites.org http://graybit.com


jaybee Posts: 14153 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 4:52:57 Well how spooky is that. I saw your form two days ago and thought I might try it for a client site. I've been having problems with the form on there which occasionally serves up a blocked referrer page to visitors even when they've come in via the site as normal. The AOL thing may well be the answer. Hmmmm I'll download it and if I get time I'll bolt it in at the weekend and see how it goes. I know a couple of AOL users I can throw it at. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Mike Cherim)


womble Posts: 5526 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 5:01:58 That's nice Mike! Wombley likey! Just tested it out and it worked fine for me (not an AOL user though). Nice one with the #results fragment identifier on form submit bit - that hadn't occured to me. On the security....just,wow! I particularly like the Pooh Bear heffalump style hidden spam trap. I'm just about to start the contact page on a site this morning (after I've put the kettle on, that is ), so I'll try it out on there. _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 8:23:40 Thanks guys. Do let me know what those AOL users say. The form does require a referrer match as well, but if that error is triggered, if offers an alternative email. I know some legit users do block referrers so I had to try and accommodate them. Mike _____________________________ http://accessites.org http://graybit.com (in reply to womble)


womble Posts: 5526 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 17:28:15 Pleased to report that it works like a dream! /Wombley does happydance around the thread Just installed it in quarter of an hour or so - and it just works! Last week I did a contact form on a site and it took most of a day hacking at php to get it to fit in with the rest of the site and trying to get the damned thing to validate and stuff, but this is just lovely (my only complaint is that the brown and green clashes horribly with the rest of the site, but I guess I can change that ) Mike, you really are The Man! _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 18:12:25 /And now Mike does happydance around the thread Do check out the download page for updates within the week. I plan to add further enhancements to make it even better. But I promise, you'll have to do nothing more than drop in an updated gbcf_form.php file and all will be good. I'm going to try my best to do nothing to any file that will change anything that needs to be addressed by the form admin. Drag 'n drop is where it's at. :) Mike _____________________________ http://accessites.org http://graybit.com (in reply to womble)


womble Posts: 5526 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 18:27:15 Sounds good! Wombley likes enhancements! One thing I did wonder about is if the anti-spam q/a could be randomised - I noticed in the script the name of the variable - that one of the possible improvements? (not that it could get much better IMHO) If drag 'n' drop's coming to a secure and accessible form near me, I fear I may have to get Taz to make an ecstaticdance smiley, nevermind the happydance! /does another happydance around the thread anyhow Can I join your fan club please? _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 19:08:05 quote: ORIGINAL: womble Sounds good! Wombley likes enhancements! One thing I did wonder about is if the anti-spam q/a could be randomised - I noticed in the script the name of the variable - that one of the possible improvements? (not that it could get much better IMHO) If drag 'n' drop's coming to a secure and accessible form near me, I fear I may have to get Taz to make an ecstaticdance smiley, nevermind the happydance! /does another happydance around the thread anyhow Can I join your fan club please? I tried and tried to make that Q/A a random array (which was fine doing that much) but it seemed the only way I could get it to work was to use a session cookie. The form is loaded which generates the random Q/A, but on submit it's a separate request so the Q/A was being regenerated. The obvious answer was a session, but if people don't accept cookies they wouldn't be able to use the form so I opted not to go that route in favor of greater usability. The variable could be stored another way I suppose, like in a text file, but I thought that might lead to problems if there were multiple simultaneous users. It added a wicked layer of complexity. I'm not positive it's really necessary, either. I sort of suspect the owners of spam bots never actually go to these forms to negotiate the variable and response then specifically program the bots. I think the bots just go out and fill inputs with their garbage, possibly looking for specific field value like email, etc. There are so many insecure forms out there I wouldn't think they'd see the need to bother. Fan club indeed... hehe, I'm blushing. Mike _____________________________ http://accessites.org http://graybit.com (in reply to womble)


womble Posts: 5526 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 19:26:31 Sounds fair enough to me. I suppose with the variable name I was just wondering if randomness was what was planned. I did think I'd hit an accessibility problem...but then discovered I hadn't! I've been tweaking the CSS (the brown and green clashed horribly) and trying to get rid of the form heading. I suppose for screen readers it's necessary so their users know what's coming up, but for visual users, on the page I've put it on it's kinda superfluous cos there's a rather large heading on the page announcing it already. Of course my first thought was display: none or visibility: hidden, then I slapped myself and remembered that screen readers won't read it then. No problem though - I've just slapped a humungous negative text-indent on it, and it's nicely out of the way now. It leaves a bit of a space, and I suppose I could tweak the padding and margin and pull it up a little, but on this particular page actually I think the extra white space helps, so I'm leaving it as it is. _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 20:10:26 You can try this too (what I normally do): .formhead { position : absolute; top : -9000px; left : -9000px; } The advantage to this is that the positioning takes it out of the document's flow so it doesn't affect anything else if, say, the text is enlarged. I think with a negative text indent if you enlarge the text -- because to element stays in the document's flow, albeit out of sight, the elements which follow might seem to move downward. Not sure, though. That said, if you do have it in a heading already, display:none; is probably fine because it'd just be redundant anyway. Mike _____________________________ http://accessites.org http://graybit.com (in reply to womble)


womble Posts: 5526 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 20:37:59 Good points. Just tried it out and it does move downward slightly, though it's not too noticeable. A problem I have just spotted though while trying it out is that taking that out of the flow also takes out the form results heading as well, which I do still want there. Problem solved though - I've just renamed the class "formhead" to "formhead_results" in that section of the include and used the original CSS for the "formhead" class for it. That sorted I can now go to bed a happy Wombley. _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 20:50:34 Good point, I didn't even think of that. Mike _____________________________ http://accessites.org http://graybit.com (in reply to womble)


womble Posts: 5526 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 21:07:22 I have just spotted a teeny tiny typo (couldn't resist a little more CSS tweaking) - on line 8 on the div#gb_form_dv - should be div#gb_form_div - it doesn't affect the demo form because it's not styled. That's really it now - I really am going to bed this time! _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/5/2006 21:22:42 Thank you very much. 'twill fix it up :) _____________________________ http://accessites.org http://graybit.com (in reply to womble)


jaybee Posts: 14153 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 6:46:51 One AOL user down. He's got so fed up with them he's switching to NTL and refusing to use his machine until it's done. But I have another, just got to get hold of them as they aren't getting their emails. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 8:21:23 Thanks jaybee! _____________________________ http://accessites.org http://graybit.com (in reply to jaybee)


jaybee Posts: 14153 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 8:28:46 I posted a help request in the lounge for AOL users so hopefully you'll get a decent test running. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 9:38:37 Awesome. Thank you very much. AOL has, what, billions of users, right? ;) _____________________________ http://accessites.org http://graybit.com (in reply to jaybee)


treetopsranch Posts: 1022 From: Cottage Grove, OR, USA Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 15:56:47 AOL produces a 505 error for www.green-beast.com/gbcf _____________________________ Don from TreeTops Ranch, Oregon "I've got a taste for quality and luxury" (in reply to Mike Cherim)


jaybee Posts: 14153 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 16:33:48 quote: ORIGINAL: Mike Cherim Awesome. Thank you very much. AOL has, what, billions of users, right? ;) You only need one. Thanks Don. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 16:39:39 A 505 error is an Internal Server Error. That doesn't seem that it would have to do with the form or AOL, but thanks anyway. Care to try it again per chance? I updated the file. Mike < Message edited by Mike Cherim -- 10/6/2006 18:31:39 > _____________________________ http://accessites.org http://graybit.com (in reply to jaybee)


treetopsranch Posts: 1022 From: Cottage Grove, OR, USA Status: offline	RE: Secure and Accessible PHP Contact Form - 10/6/2006 23:13:53 I PM'd jaybee, at her request, the results of looking again using AOL. If you didn't get her message, here is the info: Form ran this time but had a SCRIPT ERROR Line 11 Char 2 Expected identifier, string or number ------------------------- Please note the test was run using AOL version 4 which is pretty old. _____________________________ Don from TreeTops Ranch, Oregon "I've got a taste for quality and luxury" (in reply to Mike Cherim)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/7/2006 0:32:11 That is extremely bizarre. Any "Script" error it seems would refer to JavaScript, but the form itself is PHP. I don't understand why or how someone with an AOL connection would detect or record a serverside PHP error (which there are no errors in the script). My concern before was the form not submitting because it was using the IP address as part of the form ID, and if AOL generates a new IP with each HTTP request then there wouldn't be a match and the script would echo a PHP error that I wrote. But I took that out of the form ID completely so it'd no longer be an issue at all. If it was a referrer issue, that too would generate an error but would provide an email option. It still uses host data for the form ID but that should be static unless unavailable in which case it would just leave it out and continue to process. No errors generated; it's not a requrired variable, but much match on submit if present, but again, you'd get a PHP error that I wrote. Now there is Javascript used just for form focus in an IE conditional comment because IE offers support for focus (as active) on anchors only, but that wouldn't have a bearing on whether the form submitted or not. I'm at a complete loss as to the why. Thanks. A mystified Mike _____________________________ http://accessites.org http://graybit.com (in reply to treetopsranch)


jaybee Posts: 14153 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: Secure and Accessible PHP Contact Form - 10/7/2006 5:54:16 Mike as far as I'm aware, AOL on the PC uses a barstardised version of IE so it could be that IE hack that's the problem. AOL on Mac uses a similarly hacked about version of Netscape. There may be something around somewhere that tells you exactly what they changed but I haven't found it. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Mike Cherim)


jaybee Posts: 14153 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: Secure and Accessible PHP Contact Form - 10/7/2006 6:25:38 Clutching at straws here but in the js file you have several blank lines. The first two are just returns but line 11 is the the first one that has something in it, either a space or a non printable character. Try removing all the blank lines and see if that helps. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to jaybee)


Mike Cherim Posts: 49 Joined: 4/17/2006 Status: offline	RE: Secure and Accessible PHP Contact Form - 10/7/2006 10:14:19 Sounds like a plan. I will remove the blank lines. When I read "script error" I did perform one test on Firefox. I took out the conditional comment so FF would read the Jscript file, but it didn't report any errors in my JavaScript console when I ran the test. Will try that though right now. Thanks. Mike _____________________________ http://accessites.org http://graybit.com (in reply to jaybee)

Page: [1]

All Forums >> Web Development >> Accessibility >> Secure and Accessible PHP Contact Form

Page: [1]

Jump to: 1

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts