Contact Us Form

[mizsteel66]

TCH Staff.... do you recommened any particular script etc for a contact us form?

[stevevan]

If you're interested I can PM you a URL for one that I use that seems to work pretty darn well.

[TCH-Thomas]

Sorry, I have no script to recommend but please keep in mind that it is your responsibility to make sure the script processing your form is secure and does not allow injection headers to be inserted.

[carbonize]

Whichever you choose to use make sure it has some anti spam capability such as CAPTCHA. I wrote a basic contact form for a client of mine (a small local company) and they stated receiving spam emails from it. Luckily I just slapped my captcha code from Lazarus into it.

 

I am actually in the middle of updating their site and am rewriting the contact form to use database sessions for added anti spam measures as well as storing all sent emails in the database in case they get deleted or lost on route.

[wampthing]

While I am not TCH Staff, I thought I would chime in.

I found the following contact form with captcha HERE.

 

It is a nice clean form that is easy to implement. The link shows you what the output looks like, the code, and the 4k download to get the files.

 

Has anyone else used this? Any known problems?

 

Pray tell.

[mizsteel66]

Hmm, getting CAPTCHA to work was pretty simple.

My understanding is that CAPTCHA prevents a flood of garbage submissions from the form.

 

My question is, does that prevent the page scanners from picking up the email address embedded in the script? If not, what can one do to prevent that?

 

BTW i used the CAPTCHA information off of http://www.captcha.biz and altered it to work with my already built contact us form.

[carbonize]

A good script has your email in the script and not visible in the form.

[Pony99CA]

I've been using code that I got back in the 90s for my contact form, and it hasn't gotten too much spam (even without a Captcha). You can see two versions of it at http://guest.svvg.biz and http://contact.svpocketpc.com if you're interested (the second one is the better of the two).

 

I did start getting some obvious spam where the spammers were stupid and used the same name for the first, middle and last name fields, so I put a check for that in (and redirected them to a hopefully nasty page).

 

I can't make any claims about the code's security, but if anybody wants to see it, use the contact forms above and request it. (It's written in PERL and works fine on TCH.) If you find a security issue, I'd be interested in hearing about it.

 

Steve