This code is a PHP-based contact form processor that sends emails using the msmtp command. It validates and sanitizes user input, composes an email with the user’s input, and sends it to a hardcoded recipient email address. The code prioritizes security and includes error handling and debugging mechanisms. To use this code, you’ll need to have your own email account that can work with an msmtp configuration, as it relies on this setup to send emails. Overall, the code provides a solid foundation for a contact form processor, and with some customizations, it can become even more robust and feature-rich. Expansion opportunities include adding support for multiple recipient email addresses, implementing CAPTCHA or anti-spam measures, integrating with popular email services, and allowing file attachments.
HTML
<style>
/* Set a max width for the form */<br />
form {<br />
width: 100%;<br />
max-width: 600px; /* Adjust the max-width as needed */<br />
margin: 0 auto; /* Center the form */<br />
padding: 20px;<br />
background-color: #f9f9f9;<br />
border-radius: 8px;<br />
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);<br />
}</p>
<p> /* Style the labels */<br />
label {<br />
display: block;<br />
margin-bottom: 8px;<br />
font-weight: bold;<br />
}</p>
<p> /* Style the input fields */<br />
input[type="text"],<br />
input[type="email"] {<br />
width: 100%; /* Make input fields full width */<br />
padding: 10px;<br />
margin-bottom: 15px;<br />
border: 1px solid #ccc;<br />
border-radius: 4px;<br />
box-sizing: border-box; /* Include padding in the width calculation */<br />
}</p>
<p> /* Style the textarea */<br />
textarea {<br />
width: 100%; /* Make the textarea full width */<br />
height: 150px; /* Increase the height of the message box */<br />
padding: 10px;<br />
margin-bottom: 15px;<br />
border: 1px solid #ccc;<br />
border-radius: 4px;<br />
box-sizing: border-box; /* Include padding in the width calculation */<br />
}</p>
<p> /* Style the submit button */<br />
button {<br />
padding: 12px 20px;<br />
background-color: #4CAF50; /* Green background */<br />
color: white;<br />
border: none;<br />
border-radius: 4px;<br />
cursor: pointer;<br />
font-size: 16px;<br />
}</p>
<p> button:hover {<br />
background-color: #45a049; /* Slightly darker green on hover */<br />
}</p>
<p> /* Add small text for the message character limit */<br />
.char-limit {<br />
font-size: 14px;<br />
color: #888;<br />
margin-bottom: 10px;<br />
}<br />
</style>
<form action="/contact-process-form.php" method="POST">
<input type="hidden" name="nonce" value="<?php echo $nonce; ?>"></p>
<p> <label for="name">Name:</label><br />
<input type="text" id="name" name="name" required maxlength="100"></p>
<p> <label for="email">Email:</label><br />
<input type="email" id="email" name="email" required maxlength="100"></p>
<p> <label for="subject">Subject:</label><br />
<input type="text" id="subject" name="subject" required maxlength="100"></p>
<p> <label for="message">Message:</label><br />
<textarea id="message" name="message" required maxlength="6000"></textarea></p>
<p> <!-- Add a character limit notice --><br />
<small class="char-limit">Maximum characters allowed in message: 6000</small><br /> <!-- Added line break --></p>
<p> <button type="submit">Send</button><br />
</form>php contact-process-form.php in root folder of website.
<?php
// Load WordPress functions (adjust path if necessary)
require_once('/var/www/bashing.life/wp-load.php');
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Log errors to a secure file instead of displaying
ini_set('log_errors', 1);
ini_set('error_log', '/var/log/php_errors.log');
// Define the path to msmtp (adjust according to where msmtp is installed)
$msmtp_path = '/usr/bin/msmtp'; // Replace with your msmtp path if it's different
// Define the path to the msmtp configuration file
$msmtp_config_file = '/etc/msmtprc'; // Replace with the correct path to the msmtp configuration file
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Sanitize and retrieve the form data
$name = sanitize_text_field($_POST['name']);
$email = sanitize_email($_POST['email']);
$subject = sanitize_text_field($_POST['subject']);
$message = wp_kses_post($_POST['message']); // Sanitizing message further
// Validate the email address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Invalid email format.";
exit;
}
// Escape each variable to prevent command injection
$safe_name = escapeshellarg($name);
$safe_email = escapeshellarg($email);
$safe_subject = escapeshellarg($subject);
$safe_message = escapeshellarg($message);
$hardcoded_subject = "New Contact Form Submission";
$email_content = "You have received a new contact form submission:\n\n";
$email_content .= "Name: $safe_name\n";
$email_content .= "Email: $safe_email\n";
$email_content .= "Subject (from form): $safe_subject\n\n";
$email_content .= "Message:\n$safe_message\n";
// Escape the full email content (to ensure no issues with newlines, quotes, etc.)
$escaped_email_content = escapeshellarg($email_content);
// Send the email using msmtp
$recipient = 'example@example.com'; // Your recipient email address
// Properly escape the command to avoid injection
$command = "echo \"Subject:$hardcoded_subject\nContent-Type: text/plain; charset=UTF-8\n\n$email_content\" | $msmtp_path --file=$msmtp_config_file -a default example@example.com";
// Execute the command and capture the output
$output = shell_exec($command . ' 2>&1'); // Capture both stdout and stderr
// Debugging: Check if output is captured and display it
if ($output === null) {
echo "Failed to send the message. No output received from msmtp.";
} else {
//echo "Message sent successfully!<br>"; //for future debugging
//echo "<strong>Debugging Output from msmtp:</strong><br>"; //for future debugging
//echo "<pre>$output</pre>"; // Debugging output from msmtp
// Redirect to the thank-you page after success
header("Location: thank-you");
exit;
}
} else {
echo "Please fill in all fields.";
}
?>
The msmtprc system-wide configuration file must be in /etc