Enquiry Form

HTML forms have two major parts, the form itself and an action file - the form processor. And, to make sure you get sensible data back from your form, it's usual to have some sort of validation - a small javascript function to check that, at the very least, the enquirer has filled in all the mandatory fields.

Enquiry Form HTML

Create a Raw/HTML Item in your website then copy & paste the HTML below into it to create the form.

<h2>Send us a Message</h2>
<form id="frmContact" method="post" action="act_sendmessage.php" onsubmit="return bValidateForm(this);">
  <fieldset>
    <legend></legend>
    <p><label for="sName" class="lblReq" id="lblName">Name:</label><input type="text" name="sName" id="sName" size="42" maxlength="32" /></p>
    <p><label for="sPhone" class="lblOpt" id="lblPhone">Tel:</label><input type="text" class="short" name="sPhone" id="sPhone" size="20" maxlength="16" /></p>
    <p><label for="sEmail" class="lblReq" id="lblEmail">Email:</label><input type="text" name="sEmail" id="sEmail" size="42" maxlength="128" /></p>
    
    <p><label for="sSubject" class="lblOpt" id="lblSubject">Subject:</label><input type="text" name="sSubject" id="sSubject" size="42" maxlength="128" /></p>
    <p><label for="sMessage" class="lblReq" id="lblMessage">Message:</label><textarea name="sMessage" id="sMessage" rows="5" cols="34"></textarea></p>
    <input type="submit" id="submit" value="send message" />
  </fieldset>
</form>

[ select all ]

The form validation function, bValidateForm() is contained in the javascript file pp_top.js which you should already have included in your web pages - in the head section. (This is already included in all PanPage themes.)

Styling the Form with CSS

Copy and paste the following into your CSS file to style the form. (Note that you don't need this step if you're using a ready-made theme as it's already included in all PanPage themes.)

[ select all ]

Lines 1-4 style the text input and textarea fields giving them a fixed width and Courier New fixed width font. Ordinarily input and textarea fields have a different font which makes the form look a bit disjointed. Line 2 prevents the textarea from being resized on browsers that support CSS3

Line 6 styles the label fields giving them a width of 6em, and line 5 places the submit button just under the last field on the left.

Note that IE6 doesn't recognise these styles and will use the size and rows.cols attributes to determine the width and height of the text and textarea fields.

Form Processing

When you hit the 'submit' button the form's data is wrapped up in an 'HTTP request' and sent to the URL specified in the 'action' attribute. PanPage themes all include a form processing file called act_sendmessage.php that also lets your site visitor know their message has been sent, but if you're building your own you can use the PHP code below.

To use it, create an 'excluded fixed page' called act_sendmessage.php and copy and paste the PHP code below in place of the WriteBody(); line...

WriteBodyTop();
//
//// message sending and acknowledgement code...
//
require("cms/incl_sanitize.php");
require("cms/incl_phpmailer.php");
echo("<div class='colFullWidth'><div class='itemFullWidth'>\n");
// handle POST vars safely...
$sName = "";
if (isset($_POST['sName']) && $_POST['sName'] != "")
  $sName = $_POST['sName'];
$sPhone = "";
if (isset($_POST['sPhone']) && $_POST['sPhone'] != "")
  $sPhone = $_POST['sPhone'];
$sSubject = "";
if (isset($_POST['sSubject']) && $_POST['sSubject'] != "")
  $sSubject = $_POST['sSubject'];
$sEmail = "";
if (isset($_POST['sEmail']) && $_POST['sEmail'] != "")
  $sEmail = $_POST['sEmail'];
$sMessage = "";
if (isset($_POST['sMessage']) && $_POST['sMessage'] != "")
  $sMessage = $_POST['sMessage'];

// check each message item for MIME codes, email addresses and links
// as we build it into an HTML mesage...
SetUnsanitary(False);   // innocent until proven guilty...
$head   = "<html>\n<head>\n". (isset($cfgPP['EmailStyle']) ? "<style>". $cfgPP['EmailStyle']. "</style>\n" : ""). "</head>\n<body>\n<table cellspacing='0'>\n";
$greet  = "<tr><td colspan='2'>Hello ". $g_Site->sOrgName. "</td></tr>\n";
$greet .= "<tr><td> </td></tr>\n";
$body   = "<tr><td> </td></tr>\n";
$body  .= "<tr><td>Date: </td><td>". date('l d/m/Y g:ia', time()). "</td></tr>\n";
$body  .= "<tr><td>Name: </td><td>". sSanitize($sName, FORBID_ALL). "</td></tr>\n";
$body  .= "<tr><td>Phone: </td><td>". sSanitize($sPhone, FORBID_ALL). "</td></tr>\n";
if ($sSubject !- "")
  {
  $sSubject = sSanitize($sSubject, FORBID_ALL);
  $body  .= "<tr><td>Subject: </td><td>". $sSubject. "</td></tr>\n";
  }
$sVisitorEmail = sSanitize($sEmail, ALLOW_EMAIL);
$body  .= "<tr><td>Email: </td><td>". $sVisitorEmail. "</td></tr>\n";
$body  .= "<tr><td>Message: </td><td>". sSanitize($sMessage, ALLOW_ALL). "</td></tr>\n";
$sign   = "<tr><td> </td></tr>\n";
$sign  .= "<tr><td colspan='2'>Your illustrious website</td></tr>\n";
$tail   = "</table>\n</body>\n</html>\n";

// did we get a message?
if ($sName. $sEmail. $sPhone. $sMessage == "")
  {
  // no... no data...
  echo("<h1>Oops!</h1>\n  <p>Thank you for contacting ". $g_Site->sOrgName. "</p>\n  <p>Unfortunately your enquiry contained no information and has not been sent.</p>\n  <p>Please click the 'back' button and enter at least your name, email address and a message!</p>\n");
  }
else
  {
  // yes - is it OK?
  if (bIsUnsanitary())
    {
    // no... some naughty responses...
    $subject = "[SPAM] Junk message from your website!";
    $greet .= "<tr><td colspan='2'>The following message from your website has been filtered to remove abusive or potentially harmful content...</td></tr>\n";
    $from = $g_Site->sOrgEmail;
    $sAcknowledgement = "<h1>Oh Dear!</h1>\n  <p>Thank you for contacting ". $g_Site->sOrgName. "</p>\n  <p>Unfortunately your enquiry contained unwelcome content and has not been sent.</p>\n  <p>Please enter your email address only in the email field and do not enter multiple links or email addresses anywhere in your message.</p>\n";
    }
  else
    {
    // yes... message was OK...
    // check email address given and use it if present and valid...
    if ($g_Site->bUseVisitorEmail && $sVisitorEmail != "" && ($nAt = strpos($sVisitorEmail, "@")) >= 1 && strpos($sVisitorEmail, ".", $nAt) >= 1)
      $sFromEmail = $sVisitorEmail;
    else
      $sFromEmail = $cfgPP['SiteEmail'];
    $subject = "Message from your website!";
    $greet .= "<tr><td colspan='2'>You have received a message from your website...</td></tr>\n";
    $sAcknowledgement = "<h1>Thank You</h1>\n  <p>Thank you for contacting ". $g_Site->sOrgName. "</p>\n  <p>Your enquiry is on its way to us and we will reply as soon we can.</p>\n";
    }
  // send the email...
  if (!bIsUnsanitary() || (isset($cfgPP['SendJunk']) && $cfgPP['SendJunk']))
    {
    $mail = new PHPMailer();
    // mail format and user credentials...
    $mail->IsSMTP();                          // set mailer to use SMTP
    $mail->Host = $cfgPP['SmtpServer'];       // eg. mail.fix-my-pc.net
    $mail->SMTPAuth = true;                   // turn on SMTP authentication
    $mail->Username = $cfgPP['SmtpUser'];     // eg test@fix-my-pc.net
    $mail->Password = $cfgPP['SmtpPassword']; // eg. 0ld(B00T)
    $mail->From = $cfgPP['SiteEmail'];        // 'From' email addr
    $mail->FromName = "Your Website";
    $mail->AddAddress($g_Site->sOrgEmail, $g_Site->sName);  // address/name to send message to
    $mail->IsHTML(true);                                  // set email format to HTML
    // mail subject, content etc...
    $mail->Subject = $subject;
    $mail->Body = $head. $greet. $body. $sign. $tail;
    if ($mail->Send())
      echo($sAcknowledgement);
    else
      echo("<h1>Oops!</h1>\n  <p>Thank you for contacting ". $g_Site->sOrgName. "</p>\n  <p>Unfortunately there was a problem sending your message. Please try again later or contact us by phone.</p>\n");
    }
  else
    echo($sAcknowledgement);
  }
echo("</div></div>\n");
WriteBodyBottom();

[ select all ]

Remember to enclose the above in <?php ... ?> tags if your file is in HTML.

There's a lot there but in essence the PHP code checks that it has received the correct form data and then passes it thru a sanitizer function to ensure that the enquirer has not embedded any MIME codes to try to hijack your mailserver. While it's doing that the sanitizer also checks for multiple links and email addresses which usually come from porn or drug pedlars trying to get links back to their websites.

The sSanitize() function takes two arguments, the text string to be sanitized and a flag telling it what's allowed and what's not...

FORBID_ALL:	squashes any links or email addresses
ALLOW_EMAIL_ADDR:	allows email addresses but squashes links
ALLOW_ALL:	allows both email addresses AND links but no more than three at a time

If the input text is OK sSanitize() sends it back to you untouched, but if it finds anything that's not allowed, it returns a warning message, eg. "contained more than 3 links" and sets a flag (tested by the bIsUnsanitary() function). The result is that you get a message telling you what happened and your mail server is protected from internet low-life!

The above code requires a valid SMTP mail account to send form messages to you. Some servers will allow the use of the PHP mail() function but this is increasingly being disabled for security reasons. You should enter valid email account details in the PanPage config file, pp_config.php.

sitemap • terms & conditions