homepage Welcome to WebmasterWorld Guest from 54.211.97.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP Email Confirmation Form
RDreamer



 
Msg#: 4476764 posted 3:22 pm on Jul 18, 2012 (gmt 0)

Hi, I'm trying to set up a form that with two fields that a user would have to enter their email addresses into. I'm really new at PHP and wasn't sure how to go about doing this

The user would type their email address into the first field. The second field would have to match the address value that was written into the first field. The confirmed email address would then be sent as an email.

If the addresses did not match, it would display an error message saying, "Entered Email Addresses do not match. Please re-enter your information and try again. I'd also like it to give an invalid format message if anything other than an email address is entered into the form.

I'd really appreciate any help I can get with this. I'll post the code I managed to put together so far.

 

RDreamer



 
Msg#: 4476764 posted 3:26 pm on Jul 18, 2012 (gmt 0)

HTML:
<form name="subscriptionform" method="post" action="subscribe_2.php">
<table width="300px">
<tr>
<td valign="top">
<label for="title"><strong>Subscribe to Newsletter</strong></label>
</td>
</tr>
<tr>
<td valign="top">
<p>E-mail Address:*<br>
<input name="email" type="text" size="20"></p>
</td>
</tr>

<tr>
<td valign="top">
<p>Confirm E-mail Address:*<br>
<input name="email" type="text" size="20"></p>
</td>
</tr>
<tr>
<td colspan="15" style="text-align:left">
<input type="submit" value="Subscribe">
</td>
</tr>
</table>
</form>
</html>


PHP: subscribe_2.php
<?php
$to = "example@example.com";
$subject = "Newsletter Subscription Request";
$email = $_REQUEST['email'] ; //required
$headers = "From: $email";
$sent = mail($to, $subject, $headers) ;
if($sent)
{print "Thank you for subscribing! Your request is being processed"; }
else
{print "We encountered an error during your request"; }
// required fields in the line below
if (!$email)
{ $error = "You must complete all required fields"; }
if (!$error) {
// Code to do something with the data here
$mailed = "Your request has been sent. Thank you"; }
?>

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4476764 posted 9:16 pm on Jul 24, 2012 (gmt 0)

Welcome to WebmasterWorld, RDreamer.

I'm not sure if this script is merely a practice to learn how to use php and the mail() function but implementing a script such as this on your public server is going to get your IP addressed put on a blacklist quite quickly as spammers are going to have a field day abusing your form to their advantage and the great dismay of every recipient!

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4476764 posted 1:44 pm on Jul 25, 2012 (gmt 0)

If you make the user type the email address twice (why? Users do not forget their email address and any typo will get cut&pasted anyway), would it not be smart to check it is in fact the same in both fields (and hence give them different names to start with ?

To elaborate on coopster's remark:

ANYTHING coming from the browser absolutely must be cleaned before you use it.
(consider it tainted data: only after you absolute know it is ok, will you use it, till then consider it has multiple lines, all sorts of funny characters, extreme length etc.)

Even though you hardcoded the "To" to come to you (I presume at least), you really should build a system where you send the apparent subscriber an email with a link in it that they need to click to confirm they want to be subscribed before you do so.
(On do confirm opt-in - you're in for a big heap of trouble if you don't get confirmation)
Now that's not enough: you also need to rate limit the confirmation requests, have an opt-out method etc.

Running a mailing list is much more than just a form on a website.

All it takes is a few malcontent subscribers to complain and you loose the ability to send email. That's why services such as e.g. mailchimp (just to name one that I use) -it's free in it's basic form- exist and deliver a service well above of what you can code in a few days yourself. They take care of all of that, and keep their reputation intact by enforcing some behavior on their customers.

not2easy

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



 
Msg#: 4476764 posted 1:56 pm on Jul 25, 2012 (gmt 0)

There is a very nice free .php contact form available at fastsecurecontactform dot com/
It is highly configurable and can forward and auto reply. It is free, but a donation would be the right thing to do. This form is for use with static html sites, he also offers a WP plugin version.

If you are trying to build an email list, the recommendations above are better, this is just for contact.

RDreamer



 
Msg#: 4476764 posted 6:37 am on Jul 26, 2012 (gmt 0)

@ Coopster.:
This was mostly just a test script and wasn't what I had intended on implementing. I'm very new when it comes to PHP scripting and figured I'd better talk to someone with more experience in it before making any scripts of my own. Pertaining to what you said, that's definitely something I'd like to avoid. What would be the best way to keep spammers from abusing a PHP form?

@swa66:
That's a good point. My intention for that was so that, when they entered the address, it would make sure they had entered it in correctly in email format and that the two matched. It was something I wanted to try to do, but now that I think about it, there are better ways to go about confirming email addresses.

I've been looking into a system like that, and someone I'm working with had something in mind. I'd have to check in with them to see what exactly it was. But this was just to make sure that I had a working form for subscriber emails. I'll definitely look into mailchimp because that sounds like a much better approach to doing this.

Does mailchimp only help with setting up an emailing and confirmation system, or does it let you customize a form for website input, like the one I'm trying to put together?


@not2easy:
I'll look into that. It sounds like it'd be helpful, thanks a lot!

As you can probably tell, this is my first time doing this, so I'd really like it to be secure and safe to use. I'll make sure to look into all of this. I may have a few more questions down the line. I hope you won't mind me posting them here.

Thanks for the great advice!

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4476764 posted 11:55 pm on Jul 27, 2012 (gmt 0)

Pretty sure we should not discuss mailchimp here. But FWIW: yes you can integrate a form to subscribe on your website. It's easy enough.

A pet peeve of mine is that when learning, all examples you find contain more security holes that one cares to count. That way you're taught to create security issues. I've yet to find any good tutorial of any language that takes security into account from page 1, slide 1 or example 1.

It makes it really hard to those learning to post stuff without getting "killed" for the security issues, but letting you put things online where the first hacker that finds it is having a blast isn't going to be fun either.

RDreamer



 
Msg#: 4476764 posted 2:42 am on Jul 30, 2012 (gmt 0)

@swa66

You're right, and thanks, that's good to know.

I know that security holes are a big issue, and it seems difficult to find a good resource on them and how to avoid the risks. I don't feel comfortable making these kinds of things and leaving them riddled with risks, so it looks like I'm going to have to learn a lot more about security if I want to make things like this safe and functional.

I know you mentioned not being able to find any good tutorials that take security into account, but is there any resource that explains the causes of some basic security holes in basic PHP scripts? I'll start looking into it, but I'd appreciate a point in the right direction.

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4476764 posted 3:19 am on Aug 2, 2012 (gmt 0)

It changes so rapidly because of advances and updates to technology ... but the PHP online documentation has a good starting point regarding Security and after that you may want to search for mailing lists that discuss not only PHP security but more general security, including the HTTP server (Apache) that you use, web security issues in general such as XSS, SQL injection, etc. And lastly, come to Pubcon and learn how to hack a site so you can effectively defend against the very same tactics!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved