Okay, I am in the process of creating a contact form and want it to be as spam proof as can be. Most of the validation was taken from another script. Opinions and suggestions on the below please! Keep in mind I'm not all too good with php. One thing I did notice is that cc and bcc dont appear to be covered which I WANT to add. Also, I was thinking about a way to validate for only ONE email entered.

<?php

// Required fields
$required_fields_check = 1;

// Specify which fields to require
$required_fields = array('Name','Email','Questions');

// Strip HTML tags
$strip_html_tags = 1;

// Gobbledegook check
$gobbledegook_check = 1;

// Initialise variables

$errors = array();
$message = "";
$set = "";

// Remove leading whitespace from all values.

foreach($_POST as $key => $value){
$_POST[$key] = ltrim($value);
}

// Check for required fields. If none, don't allow blank form to be sent.

if($required_fields_check){
foreach($required_fields as $value){
if(!isset($_POST[$value]) ¦¦ empty($_POST[$value])){
$errors[] = "Please go back and complete the $value field";
}
}
}else{

// Check for a blank form.
foreach($_POST as $value){
if(!empty($value)){
$set = 1; break;
}
}

if(!$set){
$errors[] = "You cannot send a blank form";
}
}

// Check all fields for gobbledegook.

if($gobbledegook_check){
$gobbledegook_alphabet = array('¡','¢','¤','¦','§','¨','ª','«','¬','®','¯','°','±','²','³','µ','¶','·', '¸','¹','º','»','¼','½','¾','¿','À', 'Á','Â','Ã','Ä','Å','Æ','Ç','È','É','Ê','Ë','Ì','Í','Î','Ï','Ð', 'Ñ','Ò','Ó','Ô','Õ','Ö','×','Ø','Ù','Ú','Û','Ü','Ý','Þ','ß', 'à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í', 'î','ï','ð','ñ','ó','õ','ö','÷','ø','ú', 'û','ü','ý','þ');
foreach($_POST as $key => $value){
foreach($gobbledegook_alphabet as $value2){
if(stristr($value,$value2)){
$errors[] = "You have entered an invalid character ($value2) in the $key field"; break;
}
}
}
}

// Strip HTML tags from all fields.

if($strip_html_tags){
foreach($_POST as $key => $value){
$_POST[$key] = strip_tags($value);
}
}

// Describe function to check for new lines.

function new_line_check($a){
if(preg_match("`[\r\n]`",$a)){
$errors[] = "You have submitted an invalid new line character";
}
}

// Validate name field.

if(isset($_POST['Name']) &&!empty($_POST['Name'])){
new_line_check($_POST['Name']);
if(preg_match("/[^a-z' -]/i",stripslashes($_POST['Name']))){
$errors[] = "You have submitted an invalid character in the name field";
}
}

// Validate email field.

if(isset($_POST['Email']) &&!empty($_POST['Email'])){
if(!preg_match('/^([a-z][a-z0-9_.-\/\%]*@[^\s\"\)\?<>]+\.[a-z]{2,6})$/i',$_POST['Email'])){
$errors[] = "Email address is invalid";
}
}

// Display any errors and exit if errors exist.

if(count($errors)){
foreach($errors as $value){
print "$value<br>";
}
exit;
}

// Create the email
$message .= "*******************************************************************************\n";
$message .= "Name: " .$_POST['Name']."\n";
$message .= "Email: " .$_POST['Email']."\n";
$message .= "Order ID: " .$_POST['OrderID']."\n";
$message .= "IP address: " .$_SERVER[REMOTE_ADDR]."\n";
$timestamp = time();
$message .= "Date: " .date("D, F d, Y",$timestamp)."\n";
$message .= "Time: ". date("h:i:s A",$timestamp)."\n\n\n";
$message .= "Questions:\n\n" .$_POST['Questions'];

// Strip slashes.

$message = stripslashes($message);

// Send email.

$headers = "From: " . $_POST['Email'] . "\n" . "Return-Path: " . $_POST['Email'] . "\n" . "Reply-To: " . $_POST['Email'];
mail('support@mysite.com','MySite Support',$message,$headers);

// Redirect location

header("location: [mysite.com...]
exit;

?>

[edited by: dreamcatcher at 9:23 am (utc) on Jan. 1, 2007]
[edit reason] Fixed side scroll. [/edit]