Free PHP FormMail With Image Verification (from tectite.com)
by Rich Deem

Introduction

Many hosting providers do not provide a formmail program for use on your website. Although the original formmail program by Matt Wright provides a good way for website visitors to submit feedback, in recent years, spammers have used the program to submit spam through the form or harvest email addresses that are included in the form code. The problem had become so bad for us that we had to find a new program to prevent all the spam from being sent through our forms. There is a really excellent PHP-based program from tectite.com that will handle just about any of your needs, including sending forms securely. Although the documentation is extensive and complete, it took me two days to go through it and get the program working. The program is extremely versatile, although the drawback is that there is a lot of documentation and parts to install to make it do what you want. So, here is an abbreviated set of instructions to get you up and running in a much shorter period of time.

Installation instructions

This is a simplified, "quick and dirty" instruction set to get the program up and running. There are many more options that can be configured, including some that have some cost. Check tectite.com for more details.

  1. Download the program parts (if these links don't work, go to tectite.com)
    1. main program
    2. verifyimg.php
    3. fmbadhandler.html
  2. Extract the downloaded program using Win Zip or other zip extraction program.
  3. Set configuration parameters for each PHP file.
    1. frm.html - the main program file
      1. Open file in your text editor and search for "/* CONFIGURATION". This will take you directly to the configuration area.
      2. Set target domain email address:
        $TARGET_EMAIL = array(EMAIL_NAME."@yourdomain\.com$",EMAIL_NAME."@otherdomain\.com$");
      3. Optional (but good for testing) set email address for form errors:
        define("DEF_ALERT","you@yourdomain.com");
        You probably will want to remove this address when testing is done, since every user error will be emailed to you
      4. Optional (I recommend another technique, see below) set @ mangle characters:
        define("AT_MANGLE","some_characters"); [replace "some_characters" with some random set of letters and numbers]
      5. Optional (recommended) set log directory:
        $LOGDIR = "/home/yourname/logs";
      6. Optional (but do it!) set ini file:
        $FORM_INI_FILE = "/home/yourname/formmail.ini";
        This is how we will protect your email addresses
    2. verifyimg.php - does not need to be configured (optional)
    3. fmbadhandler.html - handles errors
      1. Open file in your text editor and search for "/* CONFIGURATION". This will take you directly to the configuration area.
      2. Optional (but do it) set target URLs
        $TARGET_URLS = array("http://www.yourdomain.com/formmail.html,http://www.yourdomain.com/formmail2.html");
        These are the URLs where your form(s) will reside.
      3. Optional set template URL
        $TEMPLATEURL = "/home/yourname/fmerror.htm";
        This where you can put a custom page for user errors. Add the following code to your custom error page:
        <p><fmfullerror /></p>
        <p><a href="javascript:history.go(-1)"><b>Return to form</b></a></p>
  4. Upload all the parts (frm.html, verifimp.html, sampleimgwhy.htm, and fmbadhandler.html) into the same www directory of your server.
  5. Create formmail.ini file using a text editor
    [special_fields]
    required = "Email,realname"

    [email_addresses]
    Your_Name = "yourname@yourdomain.com"
    Name_2 = "name2@yourdomain.com,optional@yourdomain.com"
    [special_fields] is optional and should not be used unless you want to require certain fields in all your forms. You can specify which fields are required in the form itself.
    [email_addresses] is where you enter all the e-mail addresses you want to send to.
  6. Upload formmail.ini file to the directory specified in 3) a) 6) (preferably outside your www directory).
  7. Create your form (formmail.html). For image verify feature add this script to the <head>:
    <head>
    <script language="javascript" type="text/javascript">
    var nReload = 5;
    function NewVerifyImage()
    {
    if (nReload <= 2)
    if (nReload <= 0)
    {
    alert("Sorry, too many reloads.");
    return;
    }
    else
    alert("Only " + nReload + " more reloads are allowed");
    nReload--;
    var e_img;
    e_img = document.getElementById("vimg");
    if (e_img)
    e_img.setAttribute("src",e_img.src+'?count='+nReload);
    }
    // -->
    </script>
    </head>
  8. Include your form fields and code.
    Example #1: Multiple Recipients Form:
    <form method="post" action="http://www.yourdomain.com/frm.html" name="Contact_Form">
    <input type="hidden" name="env_report" value="REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT,AUTH_TYPE,REMOTE_USER">
    <input type="hidden" name="bad_url" value="http://www.yourdomain.com/fmbadhandler.html" />
    <input type="hidden" name="this_form" value="http://www.yourdomain.com/formmail.html" />
    <input type="hidden" name="good_url" value="http://www.yourdomain.com/thankyou.html" />
    <input type="hidden" name="required" value="email:Your email address,realname:Your name,imgverify:The text shown in the image" />
    <p>Name: <input type=text name="realname" size="30,1" maxlength="30"><br>
    E-mail address: <input type=text name="email" size="30,1" maxlength="50"><br>
    Subject: <input type=text name="subject" size="30,1" maxlength="50"><br>
    Select Contact
    <select name="recipients">
    <option value="Your_Name" selected>Your Name</option>
    <option value="Name_2">Name 2</option>
    </select></p>
    <p>Comments:<br>
    <textarea name="comments" rows=15 style="width:100%" cols="20"></textarea></p>
    <p>To submit this form, please enter the characters you see in the image:<br>
    <img src="verifyimg.php" alt="Image verification" name="vimg" id="vimg" />
    <input type="text" size="12" name="imgverify" maxlength="6" /> <a href="sampleimgwhy.htm" target="_blank">Why?</a>
    <p>If you cannot read the image, click for a new one
    <button onclick="NewVerifyImage(); return false;">New image</button></p>
    <p><input type="submit" value="Submit"> <input type="RESET" value="CLEAR"></p>
    </form>
  9. Example #2: Single Recipient Form:
    <form method="post" action="http://www.yourdomain.com/frm.html" name="Contact_Form">
    <input type="hidden" name="env_report" value="REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT,AUTH_TYPE,REMOTE_USER">
    <input type="hidden" name="bad_url" value="http://www.yourdomain.com/fmbadhandler.html" />
    <input type="hidden" name="recipients" value="Your_Name" />
    <input type="hidden" name="this_form" value="http://www.yourdomain.com/formmail.html" />
    <input type="hidden" name="good_url" value="http://www.yourdomain.com/thankyou.html" />
    <input type="hidden" name="required" value="email:Your email address,realname:Your name,imgverify:The text shown in the image" />
    <p>Name: <input type=text name="realname" size="30,1" maxlength="30"><br>
    E-mail address: <input type=text name="email" size="30,1" maxlength="50"></p>
    <p>Comments:<br>
    <textarea name="comments" rows=15 style="width:100%" cols="20"></textarea></p>
    <p>To submit this form, please enter the characters you see in the image:<br>
    <img src="verifyimg.php" alt="Image verification" name="vimg" id="vimg" />
    <input type="text" size="12" name="imgverify" maxlength="6" /> <a href="sampleimgwhy.htm" target="_blank">Why?</a>
    <p>If you cannot read the image, click for a new one&nbsp;
    <button onclick="NewVerifyImage(); return false;">New image</button></p>
    <p><input type="submit" value="Submit"> <input type="RESET" value="CLEAR"></p>
    </form>

    Important Note: Make sure you substitute all instances of "yourdomain.com" with your own domain name and "/home/yourname/" with your server user name.

Conclusion Top of page

Help stop the spammers and save yourself some time dealing with spam. Spammers were even using my old form to manually paste their spam and send it. Now, with the image verify feature, it is too much trouble for them, although legitimate users will take the time to verify the image. If you need to send forms securely, check out tectite.com for more information.



http://www.godandscience.org/general/formmail.html
Last Modified March 21, 2007

 

Rich's Blog