PHP Contact Form v.2.0 Released
 This has been long overdue — almost a year — but I have finally reworked my old contact form completely and I’m extremely pleased to re-release it as my all-new Secure and Accessible PHP Contact Form v.2.0. I made a vast number of improvements to enhance its accessibility, usability, and most notably its security. To get the full picture about its features, and to download it for yourself, please see this official download page, and if you want, you may also check out the working demo form. I have slaved over this for more than a week adding
 This has been long overdue — almost a year — but I have finally reworked my old contact form completely and I’m extremely pleased to re-release it as my all-new Secure and Accessible PHP Contact Form v.2.0. I made a vast number of improvements to enhance its accessibility, usability, and most notably its security. To get the full picture about its features, and to download it for yourself, please see this official download page, and if you want, you may also check out the working demo form. I have slaved over this for more than a week adding fourteen fifteen sixteen security features and myriad enhancements. My main goal was to make it spam-proof. It’s not, there are no absolutes, but it should be very resistant. Think of it as you would a waterproof watch. Sure, it won’t be ruined when you go swimming, but at around 2000 feet it’s going to implode. Anyway, I’m really pleased with the results and hope you like it too.
To date, this “Secure and Accessible PHP Contact Form v.2.0″ has been downloaded 35111 times since its release on: Oct. 3rd, 2006.
Attention: There is a new post for form support. Please use it to post your comments, questions or suggestions. Please, however, review the comments herein first to see if your question or concern has been addressed already. Thank you.
 
  
 
  
Harmen Janssen responds:
Posted: October 4th, 2006 at 4:31 am →
Hello Mike,
great script! I will surely study your anti-spam measurements.
I just wanted to point out an error in
gbcf_config.php: on line 28, the first entry in the$gb_optionsarray is followed by a semicolon instead of a comma.Keep up the good work, I enjoy your scripts 
Anthony Brewitt responds:
Posted: October 4th, 2006 at 7:35 am →
I loved your first version as you know, and cant wait to play with this one! - I just wish it was a WP plugin! Maybe v3?
Mike Cherim responds:
Posted: October 4th, 2006 at 9:37 am →
@Harmen: Thank you so much for letting me know. I really appreciate that info so early in the release. I made a quick copy of the config file in use and changed the values for the public release… and obviously I got careless. You probably saved me a ton of support questions let alone some embarrassment and user frustration. 
 
@Anthony: Thanks! Regarding WordPress… me too. I need to figure out how to make it WordPress-ready. I’ve never made a WP plug-in before (though it’s probably no harder than making a theme). For WordPress users, the hack-fix to use it anyway is to navigate to a blog “page,” View > Source, then copy it in a text editor. Remove the non-applicable stuff (leave header and footer portion but take out the guts, RSS links, category links if applicable, etc.), make sure there’s a link back to your blog home, then put the form “include” and style/JavaScript links in that (pointing it all to the newly uploaded
form-files-directory/, then save the page ascontact.phpand load it on the same level as the blog index. Then style the form itself using the supplied style sheet as needed. Navigate to the new page, test the form, validate it, and if all goes well, go into the blogsidebar.phpfile and add a link to the new Contact Page:<a href="/blog/contact.php">Contact Me</a>(or wherever it may be placed). This may sound difficult, but I don’t think it would take more than 20-30 minutes for most people and it should match their blog perfectly. A down and dirty implementation it is, but it’d work.Mike Cherim responds:
Posted: October 4th, 2006 at 5:17 pm →
Important Notice: I just modified one of the two hidden Spam Traps and made a few other changes. The first 15 form downloaders will want to grab a new copy of the download files and replace the file called
gbcf_form.php. Please be sure to check the Change Log for updates over the next few days.That should, however, be it for bugs… I hope. There may be one more that could affect users that connect via AOL, but I’m not sure and am awaiting confirmation of this. The fix will be easy but I don’t want to make it unless I have to. If you connect to the web via AOL, please test my form demo. If it won’t submit, please post here and provide the nature of the error. Based on what it is, I will know if I need to employ the fix. — Thanks!
Harmen Janssen responds:
Posted: October 4th, 2006 at 7:24 pm →
Glad to be of help, Mike!
Keep em coming!
Mike Cherim responds:
Posted: October 5th, 2006 at 5:03 pm →
I just got a support request in respect to the use of tabindexing on the form. I responded with what I feel is a sound rationale — even though I’m not a fan of tabindexing anything since it overrides the natural page order and you become a slave to it if you update, add a link, etc. I decided I wanted to make a record of my response here in case it comes up again so everyone will understand why I did it the way I did:
I changed one of the spam trap inputs to
type="text"and hid it with CSS. It has a value of “e-mail,” versus the legit “email.” If you turn off styles and read the label you’ll see some special label text: “Note: The input below should not be filled in. It is a spam trap. Please ignore it. If you populate this input, the form will return an error.” I did this so it hopefully won’t mess up screen reader and text browser users. I had both spam trap fieldstype="hidden", which the user skips right over when tabbing, but there was some controversy as to whether this would be effective if spam ‘bots scoured the page so I decided to make one of each.If tabbing through the page and you note the cursor suddenly goes bye-bye, that’s what you’re experiencing — the CSS-hidden input.
I added the tab indexes so people could set them if they wanted to, or leave them if they don’t, and zero doesn’t affect anything if it’s left it as is. Though, setting the tabindexes or even leaving them zero makes the form easier to use for Opera users. By using the tab key they can tab through the form fields and the associated links, whereas without tabindex they cannot do that and have to use a-key for the links and tab for the inputs… for them this makes the form harder to use.
My suggestion: If you want users to tab directly to the form, set the first input (Name) or the “Privacy” link (if being used) to
tabindex="1"and go from there adding a number for each. Doing it that way won’t mess up your tab order. and users won’t confront that CSS-hidden input at all. If you don’t want user to tab directly to the form, count the number of tabs it take from the first tab location on the page to the “Name” input or “Privacy” link, if used, and use that value as the first tabindex number.Rachel Turner responds:
Posted: October 5th, 2006 at 9:05 pm →
Nice work Mike! (I’ve signed up for your fan club )
  )
Less than 1/4 hour to install, configure the email address and stuff, and it works right out of the box. Tweak the CSS to suit your site and you’re ready to rock and roll. I ended up shifting the 
 
formheadout of the flow using a negative absolute position because I’d already got a heading announcing the form on the page (which meant putting a new class that I calledformhead_resultsingbcf_form.phpon line 259 with the original styling forformheadso the results heading didn’t go west too, but then I just like making things difficult.Just one teeny tiny typo on the CSS on line 8 on the
div#gb_form_dv- should bediv#gb_form_div- it doesn’t affect the demo form because it’s not styled.Valid, accessible and secure all rolled into one though - a vision of loveliness! You’ve done it again Mike. Kudos.
All bow down to the Green Beastie Man!
Mike Cherim responds:
Posted: October 5th, 2006 at 9:11 pm →
Awesome Rachel. Thank you, and thanks for pointing out that typo. I plan to do some work on it tonight and will get that fixed up. Good eye. I will probably add that class too just for the reason you gave… I think I’ll call it, um, .formhead_results 
 
Mike
EDIT: I decided to call it “.main_formhead” since it’s not a results heading per se. I should have a major but simple drag and drop update done for tomorrow sometime — well today actually since it’s 2:20 am 
Mike Cherim responds:
Posted: October 6th, 2006 at 6:57 pm →
Important Notice: I went ahead and addressed the possible AOL-user issue (it was confirmed) and made several modifications and improvements this afternoon inlcuding two security enhancements. One’s an imporvement on the last one, and another is brand new. Really easy upgradability… drag-and-drop, and possible CSS tweak. Child’s play. Big improvements to the form’s quality, though, so applying the changes will be something you’ll want to do for sure. See the Change Log for details.
Mike Cherim responds:
Posted: October 10th, 2006 at 6:40 pm →
Important Notice: Some users have noted issues with getting the “Spam Trap 1″ error. If this is something you’re experiencing, try changing the
$form_locationvariable as follows:// Comment out the existing string by placing two forward slashes in front of it // $form_location= "http://".$_SERVER['HTTP_HOST']."".@$_SERVER['REQUEST_URI'].""; // And replace it with your form page’s URL $form_location= "http://yourdomain.com/yourpage.php"; // If you have Apache mod_rewrite rules in effect, it will look something like this: $form_location= "http://yourdomain.com/yourpage/";Mike Cherim responds:
Posted: October 16th, 2006 at 10:56 am →
Details of Time-Offset Update: A couple of people have expressed a concern about the form submit date/time because their server is not in their time zone. Since mine is, I didn’t consider this. But I have now. I updated the
gbcf_form.php,gbcf_readme.txt, and thegbcf_config.phpfiles. In the latter file, in section 1 of 8, a new variable has been added called$time_offsetand a string of code has been changed in thegbcf_form.php(line 73). The download and readme has been updated accordingly. If the time zone of your server is in your time zone, you have no worries. Do nothing. If, however, that’s not the case and you may want to fix this and you have a four options:Option 1: Add this to your
gbcf_config.phpfile (Section 1 of 8)…// Enter time offset if needed $time_offset= "0"; // "+1"; "-1"; etc. (adjust +/- and number of hours per your needs)…then download the new files and swap out the
gbcf_form.phpand you’re done.Option 2: Change line 73 in the
gbcf_form.phpfile itself…// From this $ltd = date("l, F jS, Y \\a\\t g:i a"); // To this $ltd = date("l, F jS, Y \\a\\t g:i a", time()+2*60*60); // Adjust the time offset (in bold/red) +/-X hours as neededOption 3: Add this to your
gbcf_config.phpfile (Section 1 of 8)…// Enter time offset if needed $time_offset= "0"; // "+1"; "-1"; etc. (adjust +/- and number of hours per your needs)Then in the
gbcf_form.phpfile change line 73…// From this $ltd = date("l, F jS, Y \\a\\t g:i a"); // To this $ltd = date("l, F jS, Y \\a\\t g:i a", time()+$time_offset*60*60);Option 4:
Re-download the files, reinstall them, and simply configure the
gbcf_config.phpagain.That’s it. Again, if your server is in your time zone don’t worry any of this. If it’s not, then you may want to one of these four options.
Adam Messinger responds:
Posted: October 17th, 2006 at 6:54 pm →
Hi Mike,
This is probably one of the best PHP contact form scripts I’ve ever come across. There are a small handful of possible problems with it, however. I’ll be the first to admit that I’m far from an expert PHP programmer, but here’s what I’ve found and/or thought of:
1) Use of
isset()andempty()to test variables — I don’t understand the reason for using both of these functions to test the same variables, since they seem to do the same things. Also, I can imagine situations in which “0″ would be a valid value for a field in a contact form. By usingempty()to test field values, this becomes impossible. You might consider usingif ( strlen($variable) == 0 )instead.2) No abstraction of logic from presentation — Because of the way it’s built, the script is difficult to customize. For example, to pick and choose your own fields to display and/or make required, you have to dig through the gbcf_form.php file for the right things to alter and know enough PHP to do so. This is probably a version 3.0 thing, but you might consider scrapping gbcf_form for a gbcf_functions file. Instead of including an all-inclusive prefab contact form, people could call PHP functions to create new form fields and use arguments to specify the validation parameters.
3) Inline styles — This is more of a personal pet peeve, since I try to avoid them as much as possible. It would be nice to see the inline styles moved entirely to gbcf_styles.css.
None of these suggestions are meant to diminish the great work you’ve done on this script. You’ve paid special attention to the most important things: security and spam prevention. That’s a lot more than can be said for 90% of the contact forms floating around the Internet. My hope is only that suggestions like mine might make future versions even better.
Mike Cherim responds:
Posted: October 17th, 2006 at 7:28 pm →
Thanks Adam. I consider myself a PHP n00b. I struggle with it at best. Your suggestions are certainly welcome and appreciated.
Regarding functions. Right on. I should have done that. I could have shaved 15kb off the file, but it wasn’t really thought of until I was done and I said to heck with it for the time being, so, yes, it’s a v.3.0 thing — my biggest concern was to get v.1.0 off the web (mission complete). I also should have set up a way to add and remove fields as you suggested. My thinking at the time was to try and make a one-size-fits-all form so to speak. But of course there is no such thing 
 
The inline styles I tried to keep to keep to a minimum. The ones I added were mostly offset to get stuff off the page that people won’t want to display, or for accessibility reasons. I did add some cursor styles, but my experience is that those can be a pain in some cases. Maybe I should have resisted the urge.
Good news: Within a week or so a version of this is going to be available for WordPress. It’s coming along nicely. I’m working with Mike Jolley on it. It was his idea, plus he has experience making plugins. It should be popular.
Adam Messinger responds:
Posted: October 18th, 2006 at 3:30 pm →
Hello again,
I have a suggestion that might provide additional spam protection. I noticed that your script uses the variable
$gb_email_addressto provide an alternate contact method when one is needed. While it’s great to give site visitors another way to reach my clients if they have form trouble, a clever spam script will scrape error pages like this for e-mail addresses that can be added to spammers’ lists.To preserve the alternate contact feature, but maintain a high level of spam protection for my clients, I added the following lines to the config file (hope this formats right…):
// Enter your alternate contact info (for form problems)// EXAMPLE: $gb_alt_contact = "(321) 555-1036";// EXAMPLE: $gb_alt_contact = "bob [at] mycompany [dot] com";$gb_alt_contact = "me [at] myhost [dot] com";This allows me to add stuff like the following to error messages:
If you think you’ve received this message in error, please contact '.$me_or_us.' at '.$gb_alt_contact.' to report the problem.I thought I’d pass this along to you, in case you felt like incorporating it into future versions. Thanks again for the excellent script.
Mike Cherim responds:
Posted: October 18th, 2006 at 5:37 pm →
Thanks Adam. That’s a good idea. The
me[at]domain[dot]comobfuscation method isn’t safe either, though, so I’ve been told. You have to write if out even further like I did for the alternate email address on this Hide Email Experiment. This method isn’t safe from what I’m told but I have yet to get any spam on it since it was published… go figure.I figured the contact form error page would be safe place, but ‘bots are getting smarter every day so I guess I’m not surprised that error pages would be “scraped” by some dual purpose ‘bot. It’s a never-ending war. 
Adam Messinger responds:
Posted: October 18th, 2006 at 7:35 pm →
Your e-mail hiding script looks like it would do the trick, but the hassle about filtering based on user agent is being comprehensive enough. For example, I’m not sure your script would work for Lynx or Flock (one of your tests for “mozilla” might catch Flock, though).
A future version of the contact form might incorporate the e-mail hider as a function. You could then add something like this to the section near the top, where you make all the config variables lowercase:
if ( ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})", "$gb_alt_contact") ) { $gb_alt_contact = getSafeEmail($gb_alt_contact); }Mike Cherim responds:
Posted: October 18th, 2006 at 8:39 pm →
Flock and both of the text browsers, Lynx and Links, are on there and covered. I hadn’t even heard of Links, only Lynx, but a friend of mine told me about it.
Mike Cherim responds:
Posted: October 19th, 2006 at 10:36 pm →
@Adam: You know I got thinking about the potential issue with the email address being presented on the error page and I don’t think it is an issue. The reason is because errors are returned exactly the same way successful submissions are and unless ‘bots can read, I’m not sure they’d know the difference. I don’t think they can tell the difference between a successful submission and an unsuccessful one because the form does submit… it just doesn’t carry out the mail() function — instead it echoes an error. Make sense?
Garrett responds:
Posted: October 20th, 2006 at 6:46 pm →
Thanks so much for the online PHP form explanation.
Mike Cherim responds:
Posted: October 21st, 2006 at 12:02 pm →
Want the form to send to multiple email addresses? Since a couple of people have asked, here goes: In the
gbcf_config.phpfile, find the$gb_email_address= "youremail@yourdomain.com";variable and simply add additional addresses to it, being sure to separate them with a comma and a space (though I don’t know if the space is needed). Like this:Simple, huh?
Peter Barrett responds:
Posted: October 25th, 2006 at 8:21 am →
Hello Mike pun intended !
   pun intended !
First off, like Adam Messinger, I’ll simply echo ‘This is the most intelligent and capable contact form script I’ve come across yet !‘;
I hope you’ll accept a couple of comments though from someone who is also no PHP guru but I’ve been around :-
1. Concerning the carbon copy $_POST[’gbcc’] variable. You obviously know this is going to give trouble else you wouldn’t attempt to suppress the potential errors it could give rise to. Eg. $gbcc - undefined index if cc. is not requested. This is OK but if you run your PHP installation with an error log, you will always get an unnecesary log post to this effect everytime a non cc. request is made. As this is the default option - probably most of them. I edited your code in gbcf_form.php as follows, which resolves this issue :
// Next conditional necessary because $_POST[’gbcc’] is NOT set unless gbcc checkbox is checked which would result in $gbcc being undefined.
if (isset($_POST[’gbcc’])) {
$gbcc = $_POST[’gbcc’];
} else {
$gbcc = ‘nocc’;
}
2. Given our ‘global society’ why not junk messing around with time offsets and the date() function in favour of adopting a standard with the gmdate() function. This latter function also doesn’t keep coming up with ‘don’t trust the timezone’ warnings like date() does. This is even better for the error log !
all the very best from England
Pete Barrett
Mike Cherim responds:
Posted: October 25th, 2006 at 9:01 am →
Hi Pete,
Thanks for your comments. Maybe I’m not understanding completely, but there should be no error logged in that if no carbon copy is selected the variable is still defined, it is just empty (defined as such). if I were no put “nocc” as the var then that would be inserted into the mail function. That might generate an error or kill the function (it would try sending to “nocc”) — I haven’t tried to test the result.
Regarding the
gmdate()function, I feel it might lead to confusion. Users like to see local time and better understand local time, especially in the US where the numbers of offset are pretty large from Greenwich Mean Time. You’re in the UK so this might be local time or within an hour, but here — I’m on the east coast, for example — it’s 5-6 hours of difference.Again, maybe I’m not understanding your comments properly. Thanks for the humorously written “echo,” though 
Secure and accessible PHP contact form for WORDPRESS - Blue Anvil Journal responds:
Posted: October 25th, 2006 at 10:09 am →
[…] Based on the PHP contact forms by Mike Cherim, Mike and I have developed a fully configurable, spam-proof, wordpress contact form plugin. […]
Mike Cherim responds:
Posted: October 25th, 2006 at 10:55 am →
@Anthony: Your wish is my command: Now it’s available for WordPress too!
Peter Barrett responds:
Posted: October 25th, 2006 at 11:04 am →
Hi Mike 
 
OK I hear where you’re coming from with this and hey, it’s your script so I really don’t want to upset anything and certainly anybody at all but I guess you must have a reason for suppressing the error on $_POST[’gbcc’] ? In your code $gbcc is only used as a comparison against the string ‘gbcc’ which is the value of the $_POST[’gbcc’] variable if, and only if, the gbcc checkbox is checked. If the gbcc checkbox is unchecked, not only is there no value involved but crucially there is no $_POST[’gbcc’] variable created as part of the $_POST array to hold that value. Hence when you assign it to $gbcc it causes the error because it doesn’t exist. Checking the $_POST array will confirm all of this and I suspect it’s the reason for the error suppression in the script.
As far as I’m aware, the default installation of PHP runs with the lowest error category ‘warnings’ turned off. If anybody runs like that (that I would think would be just about every hosting provider) then if you had no error log, it wouldn’t be seen.
As for ‘nocc’ well, that string can be anything (as long as it is 4 characters or less) because you’re only testing against ‘gbcc’ and to take it a stage further, the else part of the if construct I previously posted actually isn’t programmatically required because I’m only checking to see if $_POST[’gbcc’] is actually set, which it isn’t if no cc. is requested.
Hope that’s as clear as mud
best wishes always
Pete Barrett
Mike Cherim responds:
Posted: October 25th, 2006 at 11:17 am →
Muddy, yes, Peter, but a couple of re-reads and I may get it. I haven’t seen any warnings in the logs when testing, though, so I am a bit confused. I’m certainly not upset or anything, though. I hope I didn’t come across that way. I appreciate any and all suggestions for improvement.
Peter Barrett responds:
Posted: October 25th, 2006 at 1:32 pm →
Hi Mike
You simply come across as a guy who has laboured long and hard to produce a truly useful and capable contact form script alongside some pretty impressive web development. This point I’m making about error suppression ie. the ‘@’ on that variable is somewhat academic anyhow. If anyone wants to do what I suggested then OK but it’s definitely not essential because the script is excellent without it. There maybe someone out there who can clarify it better than me, so until then …
all the best
Pete Barrett
Mike Cherim responds:
Posted: October 25th, 2006 at 2:01 pm →
Thanks Peter. It was lot of work, much more so for me because I’m definitely in the throes of learning this excellent server-side scripting language (it amazes me endlessly). I struggle with it, a lot, though. I’m not real good at it yet so everything takes me twice as long to do it half as good 
  
Projects like this, however, are great learning experiences. I just wish I didn’t have to do stuff like this as a reaction to misconduct on the web, a.k.a. spammers, but that’s the way it is nowadays I guess :-/
Mike Cherim responds:
Posted: October 26th, 2006 at 7:42 pm →
Important Notice: Bug found and squashed. Please read the details, item 8, and act if applicable to you. Sorry about this. I tried like hell to get it right on the first go ‘round, but it figures I didn’t. My story, this stuff is complex, and that’s the story I’m sticking to. 
 
Rest assured the fix is really quite simple.
Mike Cherim responds:
Posted: November 1st, 2006 at 3:36 pm →
Important Notice: New build made with lots of improvements — this could be the “final” build of this version. Please read the details, item 9. Post here if you need any help.
Penny responds:
Posted: December 6th, 2006 at 8:20 pm →
Hi Mike-
Again great script. Anytime spent on standards based projects that actually work in the real world is fantastic! Good on you, I can’t wait until I am at the stage where I can contribute to the world out there.
Something that might concern you, (as it does me) is MySQL injection attack, where a user can insert MySQL into a form field, and drastically change any of your databases. I put in some non-invasive MySQL statements (just selecting data, didn’t want to stuff up anything) But i didn’t receive an error about it.
Just thought I should let you know!
Mike Cherim responds:
Posted: December 6th, 2006 at 8:29 pm →
Thanks Penny. Hopefully the bases are covered against nasty stuff, but if you have any suggestions, please contact me and share with me what you know regarding prevention and I’ll certainly incorporate some more protection. Email header and input injection exploits are covered, but perhaps there is something in regards to MySQL injections and I can add to button it down more. The problem is that I’m not a black-hatter so it challenges more to be a thorough white-hatter.
Andrew responds:
Posted: January 2nd, 2007 at 6:46 am →
I have the form working on my site and when I include the file I keep getting the Anti-Spam Trap 1 Field Populated:
I’ve changed the $form_location variable and no difference.
When I try and access the forrm direct at http://www.domain.com/contact/gbcf_form.php I then get the Referrer Missing or Mismatch: error
Now I am totally lost
Also I wish to change the url field to a zip code field and add a couple of other fields as well. I’m ok but not the best at debugging things as you’ve guessed. Is there any notes about making changes.
Mike Cherim responds:
Posted: January 2nd, 2007 at 9:54 am →
Hello Andrew,
What you describe is attributable to an incorrect form location variable, but the link you gave doesn’t show me a page with the form. The contact page on that site is “http://www.domain.com/contact/” and that’s what should be the form location if that’s the page the form will be on.
Regarding adding and changing fields it is a bit tricky. Unfortunately I don’t have a write up on how it would be done. I have done a couple of custom modifications for folks, but I’ve never written instructions. Sorry.
Beast-Blog.com - WordPress-Ready Contact Form v.2.0WP by Mike Cherim responds:
Posted: January 13th, 2007 at 2:34 pm →
[…] On October 3rd I announced that I released my Secure and Accessible PHP Contact Form v.2.0. It was also requested at that time that it made available for use with WordPress. Well, now it is. I teamed up with Mike Jolley and together we took my form script and made a WordPress plugin that you can download on the Official v.2.0WP Download Page (see WordPress Version Demo). Check it out. (Also see Mike Jolley’s Official Page.) I think you’re going to be very pleased. […]
Karen responds:
Posted: January 20th, 2007 at 8:09 am →
Thanks for making a great AND accessible form. The word “accessible” is what sold me instantly! 
  
Suggestion: Change charset in wp-gbcf_form.php from iso-8859-1 to utf-8. I live in Denmark and just received a comment in Danish that distorted the Danish letters. I wasn’t sure where to start bugtracking, because my site is utf-8. I found the culprit in this .php file. Once I changed that, everything was perfect. This wouldn’t affect any US users, but for all international users, it might be an advantage to have utf-8 in there already. Just an idea I wanted to share. Just a sure tip I picked up at http://www.joelonsoftware.com/articles/Unicode.html a while back. Cheers! And thanks again for a great plug-in.
Mike Cherim responds:
Posted: January 20th, 2007 at 10:10 am →
Thanks Karen. I will did that on the next build for sure.
Mike Cherim responds:
Posted: January 20th, 2007 at 2:16 pm →
Updated the form today. See details here. Thank you to anyone who made suggestions — like Karen 
darrell responds:
Posted: March 1st, 2007 at 10:49 pm →
Hi, I keep getting the error
“Results: Whoops! Error Made!
Anti-Spam Trap 1 Field Populated: You populated a spam trap anti-spam input so you must be a spambot. Go away!”
I followed the instructions carefully, but I’m still stuck with this error. Any ideas on what’s going on?
Nice script, by the way. I use it for wordpress plugins also and it works great. Thanks to you, Mike.
Thanks.
Mike Cherim responds:
Posted: March 2nd, 2007 at 3:09 am →
Typically, Darrell, that is due to
$_SERVER['REQUEST_URI'];not being supported. Please manually enter the$form_locationvariable as described in this comment. Based on what I viewed in your source, I think that’ll do it for you. Please let me know.darrell responds:
Posted: March 2nd, 2007 at 8:20 am →
Thanks Mike. It works now. One of these days I’m going to learn that these things are very specific. One comma or semi-colon missing, and it’s a disaster.
I do have one other question - how do i either remove the line around the form or squeeze it in to fit in a smaller (like one side) part of a page? Which function on the css? Sorry for the silly questions - still learning.
Thanks again!
Mike Cherim responds:
Posted: March 2nd, 2007 at 10:44 am →
Hello Darrell, glad you go it worked out. The border you’re referring to is the fieldset. And the width would be the form. Try…
fieldset { border : 0; } #gb_form { width : 98%; }…maybe that’ll work for you.
darrell responds:
Posted: March 3rd, 2007 at 2:40 am →
Thanks Mike! That worked out just fine. I was also able to change the width to 50%.
Mike Cherim responds:
Posted: March 3rd, 2007 at 4:47 am →
Cool 
Sam responds:
Posted: March 13th, 2007 at 9:06 pm →
Hi Mike
I have just found your script and it’s simple, powerful, and does exactly what is required in terms of SPAM.
I have configured the form and having it working now, however i wonder is there a way to not utilise the “Required Contact Reason” - or is this integral to its functionality. The config file says it is an “optional”, or maybe this just references the fact that you can add/edit your own. I would ideally not want to use this drop select box on my form. Be greatful if you could post someinfo on this.
Anyhow, thanks for making this script available it is much appreciated. regards Sam
Mike Cherim responds:
Posted: March 13th, 2007 at 10:46 pm →
Hi Sam. Unfortunately it must be the wording…
The reference to “options” is meaning options provided to the form user as to why they are making contact with you. It is a required field and like the rest of the form’s input, fairly integrated. It could be disabled but a fair amount of scripting would need be done. I guess the only thing I could suggest would be to make one of the reasons the “selected” reason, then comment to whole thing out. That said, though, the way I look at it is your site’s visitors, if they contact you, will have a reason to do so, thus providing various contact reason options would allow them the select a reason for them to be contacting you. It seems as this would be helpful information to have but that of course is your call.
DrDiesel responds:
Posted: March 16th, 2007 at 2:05 am →
I can’t seem to get the textarea to enlarge. I changed the cols to 95 to make it obvious that it was changing but this did nothing. Additionally I noticed that the textarea box (as the one I am typing this into) doesn’t line up with the “Enter your message” text above it.
No where in the styles could I find anything that would be keeping the logical fixes from working.
Besides this current issue, I think you have done a WONDERFUL job with the form, very nice work!
Mike Cherim responds:
Posted: March 16th, 2007 at 9:14 am →
Hello DrDiesel,
Going to your site I see a couple of issues. First of all , in the config file, you have the form set to XHTML whereas your site document type is HTML. Thus for that variable you need to remove “x” and enter “h” in there. Not to say that’ll solve the layout problem, but it really should be done right. (While you’re in there, you might want to change the title element of your page. Right now it says “-----Index----- and while this isn’t related to the matter at hand, the title is really important to search engines so having it as “index” is a big detriment to your site.) Ok, back on topic.
You are probably drawing the form’s styles from your site’s style sheet. What you need to do is link the style sheet that comes with the form and adjust your elements, IDs, and classes in that (instructions on how to do that are in the readme file that comes with the form). Or, trying putting this in your style sheet:
textarea.textbox { margin : 0; width : 400px; }That’ll probably give you the desired result if you’re otherwise satisfied with the look, fieldset borders, green label text, etc. Hope this helps.
DrDiesel responds:
Posted: March 16th, 2007 at 12:20 pm →
Ah ha!
It was my style sheet overwriting yours, that has been rectified, thank you tons.
The XHTML issue was an oversight and will be fixed, thanks for that too.
The —Index— is of course fine, this is just a staging site and not yet ready for prime-time, but once again, thanks for looking at the details that weren’t even related to my question, it *is* appreciated.
This is a great form, I have passed this around to all my developer friends and co-horts, well done!
Mike Cherim responds:
Posted: March 16th, 2007 at 1:02 pm →
Hello DrDiesel. Glad it worked out for you. Sorry about the title thing; I didn’t realize it was under construction. Nice looking site, by the way. Thanks for the positive feedback 
Sam responds:
Posted: March 18th, 2007 at 11:16 pm →
Hi Mike, i am wanting to collect a couple of additional fields on the Contact Form. Can you tell me if this is do-able, and how i would go about this please. Best regards again from Auckland, New Zealand.
Mike Cherim responds:
Posted: March 19th, 2007 at 12:37 am →
Hello Sam. It’s not easy to do, at least not easy enough to do so as to be able to really write about it comprehensively in a comment. I do offer form customizations as a for-hire service. I gotta make a living so while it’s true that the form is free, this depth of support is not. Sorry.
Thomas responds:
Posted: March 29th, 2007 at 3:20 am →
Hello I am getting the “Spam Trap 1″error. I made the suggested changes (or think I did). Nonetheless, I am having little success.
In the following line, does “yourpage.php” refer to the contact page we made or the gbcf_form.php?:
$form_location= "http://yourdomain.com/yourpage.php";This is what I have:
// $form_location= "http://".$_SERVER['HTTP_HOST']."".@$_SERVER['REQUEST_URI']."";$form_location= "http://www.tpaluchniak.com/formsdirectory/gbcf_form.php";I also tried:
$form_location= "http://www.tpaluchniak.com/contact.php";Mike Cherim responds:
Posted: March 29th, 2007 at 8:47 am →
Hello Thomas,
$form_location= "http://www.tpaluchniak.com/contact.php";should work.Do you have the script pasted into this page. I ask because the form is submitting to “/formsdirectory/gbcf_form.php” and that is the problem. It’s not common, but some people have this issue when including the form. It should be submitting to itself (as in the page it’s on, above). Please check this, then use my form to get in touch if you need more help and I’ll give you a hard-code, but easy to do, fix.
Jessicadoyle.ca : The good things - Immediate needs and financial priorities list responds:
Posted: April 4th, 2007 at 8:12 pm →
[…] If you are interested in sponsoring this Blog please get in touch with me. You can contact me easily now. I created a contact page thanks to an article on Lorelle’s Blog that pointed me to a great contact plugin by Mike Cherim. Note to self - Donate to the plugin creator via paypal today. Done. […]
mads responds:
Posted: April 17th, 2007 at 1:12 pm →
Thanks This form is great.
  This form is great.
Clint Foster responds:
Posted: April 25th, 2007 at 11:17 am →
Hi Mike,
Thanks again for you offline help. The script is working great, but wanted to point out that, in order to get it to work on my Win2K server, I had to make the following adjustments to gbcf_form.php:
original:
$ip = getenv("REMOTE_ADDR"); $hr = getenv("HTTP_REFERER"); $hst = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );my code:
Thanks!
Jessicadoyle.ca : Revisiting the Needs and Priorities List to practice positive self talk and hand coding - Striking Out responds:
Posted: April 26th, 2007 at 9:41 pm →
[…] If you are interested in sponsoring this Blog? please get in touch with me. You can Contact me. easily now. I created a contact page And thanks to an article on Lorelle’s Blog that pointed me to a great contact plugin by Mike Cherim. Note to self - Donate to the plugin creator via paypal today. Done. Thank you, Lorelle and Mike. […]
Neal responds:
Posted: April 29th, 2007 at 7:47 am →
The plugin works fine except that no matter what I do none of the styles will apply. Has anyone experienced this problem? Blog is at: simplecomplexity.net
Mike Cherim responds:
Posted: April 29th, 2007 at 9:29 am →
Hello Neal: Since this is related to the WordPress version, it should have been posted as a comment to that entry, but to answer, I’ve seen this a couple of times. It’s due to the public not having read access to the directory contents: http://simplecomplexity.net/[…]/blue-anvil.css. As you can see, this URL gives an access error. That is the problem. I should be able access this file directly.
It is usually due to one of two things:
1) The theme folder permissions are not set to 755, thus access is barred. One person changed the folder to 666, not realizing it was the editable file(s) inside that should be set that way.
2) The domain has heightened security on folders not specifically meant for access, as configured by the host. This new folder would be unknown. If this is the case, you need to contact your host and tell them this folder needs to be public read accessible and CHMOD’d to 755.
Let me know if this solves the issue.
kReEsTaL responds:
Posted: May 7th, 2007 at 5:00 pm →
Hi Mike 
 
I’m trying to install the PHP form after I successfully intalled the WP version on my blog.
But I have a problem: although I get the “success!” message, I do get no email. I’m desperate! I spent a few hours trying all the tips you gave here and there, changing the form location etc. but it doesn’t change anything. I also tried to install it on another server to check whether the main one is down, but it doesn’t change anything either.
The current form location is as follow:
$form_location= "http://www.aenemya.com/maria/contact.php";The thing is the form works perfectly on my blog, despite me using the WP version and not that PHP version.
kReEsTaL responds:
Posted: May 7th, 2007 at 5:04 pm →
Oh and is this normal:
$me_or_us = "me";;in gbcf_form.php, line 22 ?
Mike Cherim responds:
Posted: May 7th, 2007 at 6:11 pm →
Hello kReEsTaL,
I’m sort of confused. Are you trying to install the stand alone version on a WordPress blog. The config suggests you are. On the page you linked to I see a very old version of the form. I would advise you to change that, test the most recent build, then translate it after if working.
Regarding the config question, you should enter “
pers” or “org” and that’ll swap out all possessive instances to reflect if the form is for personal use or organizational use.kReEsTaL responds:
Posted: May 7th, 2007 at 7:18 pm →
Hi Mike, thanks for your quick reply!
- I’m trying to install the PHP form on an independent website. Nothing to do with Wordpress at all this time!
- I’m using the very last version of the PHP form that can be downloaded on your site (the one that has been obviously modified on April, 14th). I can’t understand what makes you say I’m using a very old version? I’m confused.
- My question about the code was not about using the personal or organisation settings, but about the two semicolons you can fin after “me”:
$me_or_us = "me";;?
Anyway, I deleted all my form folder, re-downloaded it all from your site, changed the settings, and I have the same problem: despite the form being sent without any problem (I get the “Success!” message), I do not get any email in my mailbox once the form has been validated. I’ve tried all afternoon long, at least 50 times, eh, and I still haven’t got any email. :-S I don’t know where this problem it could come from? As though there was a problem with the “action” that is involved when the input button is pushed. Any clue what that might be?
You can still test the form here. The form files are contained here.
Mike Cherim responds:
Posted: May 8th, 2007 at 12:34 am →
I see. One semi-colon only. Were there two semi-colons when you downloaded it? If so I’ll have to fix that.
The wrong form… whoops. I guess I was looking at the one is on your blog. That is an older version. Sorry.
As far as the form not working, I don’t really know. Have you checked a spam filter? It shouldn’t be trapped but it could I suppose. It is possible your web host has something going on and your next step would be to ask them. With the version you have it actually looks for the PHP mail function so it should be enabled, else you’d get a warning as soon as it was installed and you brought up the page.
kReEsTaL responds:
Posted: May 8th, 2007 at 12:38 pm →
It’s all fixed now! Obviously it was my host who held my messages for some unknown reasons, and sent them to me only this morning (so I got about 36 in a row! lol). So it works smoothly now. 
 
The two semi-colons were in your original file.
Thanks for your help!! ^^
Mike Cherim responds:
Posted: May 8th, 2007 at 1:06 pm →
Awesome. Glad it worked out. Thanks for the heads up about the two semi-colons. I will fix that on the next build.
LolitochkaBC responds:
Posted: May 10th, 2007 at 3:09 am →
Ааанц-уа ребятки голосуем!!!
Прижнавайтесь проказпики и владельцы сайта green-beast.com ))))
ЧТО вы удете делать этим летом?!
Catia responds:
Posted: May 10th, 2007 at 3:10 pm →
Is there any way to enable logging? I’d like to be able to see both the successful and blocked email. (Along with reason blocked, IP and if possible what they were trying to send.)
Great form even without this feature, but this would make it amazing! I’m just a bit worried I may be blocking more than I want, or worse missing injection problems.
Mike Cherim responds:
Posted: May 10th, 2007 at 4:20 pm →
Hi Catia. On the WordPress version we do log the number of emails trapped, but we don’t get into any details as to why. It could be implemented on this version easily enough ( a log file would have to be added), but I do save that for custom modifications (gotta save something so I can earn a living). As far as legitimate emails being blocked, the number should be zero. I don’t know if it helps, but I haven’t gotten feedback about legits being blocked that weren’t attributable to host settings, but this is usually discovered immediately upon testing. Moreover, I get tons of legit mail on my forms so it seems to come through with ease. As far as injection problems, there shouldn’t be any as the form is hardened in this way in addition to all of its anti-spam stuff. But if it was manipulated to perform bad deeds, you’d still get an email on submit and it likely wouldn’t be a message that made any sense so while you wouldn’t know exactly what was going on, you know something was up.
Nicole responds:
Posted: May 11th, 2007 at 2:14 pm →
Hello,
Great site and awesome form! I’m a novice when it comes to web design and scripting, but I’m giving it a go! One of the most annoying forms of spam I get is link spam. Is there a way to disallow this in the form?
Thanks!
Mike Cherim responds:
Posted: May 11th, 2007 at 2:23 pm →
Hi Nicole, 99.99% of the time link spam via a contact form is posted by a bot. This form will stop that so you should be very pleased. Moreover, if the link spam isn’t plain text, if they send you HTML and UBBC (
[url=]) links, all that will be stripped. The only thing that could happen is if you have a human spamming you (which is very rare), note their IP address in the email footer and add that to the Blacklist array.Khurram Ali responds:
Posted: May 14th, 2007 at 10:48 pm →
Hi.
Nice Form, does really work the way it is supposed to work. Thanks for the effort,
I appreciate it.
Keep up the good work.
Mike Cherim responds:
Posted: May 14th, 2007 at 11:03 pm →
So far so good, Khurram!
ross responds:
Posted: May 16th, 2007 at 10:31 pm →
Any ideas on how to radio buttons?
I’ve had a go editing the php, but can’t get it right. Any help would be much appreciated.
Mike Cherim responds:
Posted: May 16th, 2007 at 10:53 pm →
Hi Ross. You’d do radio buttons the same way you’d do any other input in that you’re having the user submit a value assigned to a specific input name using the form.
You’d process that value starting at the top of the script. It’s posted, gets the first-round sanitized, then it’s required (or you skip that), and run it through all of the applicable trap: length regulation (to ensure it’s not great than you assign), injection exploit prevention, etc. This is overkill for radio buttons, but that’s what this form is all about; I tried to make it as difficult for miscreants to overcome as humanly possible.
After that you’d collect and output the data in both emails and in the success message output to the page. Then you’d test and style ‘em. No tricks or special methods need to be employed. If you did want to get fancy you could process the radio button values in an array and make a loop the way I did with the contact reasons and add it to the config file, but it’s for your own use so that’s completely unnecessary.
ross responds:
Posted: May 16th, 2007 at 11:11 pm →
Thanks Mike, I was over complicating things as usual. Seems to work fine now. Thanks for the quick response and fantastic form.
Paul responds:
Posted: May 25th, 2007 at 5:33 pm →
Hi
Thanks for making this available! I have a problem with my install of the form in that it ALWAYS gives me the following error…
Results: Whoops! Error Made!
Anti-Spam Trap 1 Field Populated: You populated a spam trap anti-spam input so you must be a spambot. Go away!
What is causing this? I’m certain it’s something I have failed to do!
The form is at www.kulayphotography.com/contact/
Kind regards
Paul
Mike Cherim responds:
Posted: May 25th, 2007 at 5:47 pm →
Try reconfiguring the last section with this (placed below the string that’s there now):
$form_location = "http://www.kulayphotography.com/contact/index.php";Let me know if that solves the problem for you.
Paul responds:
Posted: May 26th, 2007 at 3:25 am →
Mike
This worked perfectly. Thank you very much. I’l now work on the appearance of the form so it matches my site and I’ll be sure to turn the “credit option” on.
Regards
Paul
Mike Cherim responds:
Posted: May 26th, 2007 at 10:15 am →
Awesome Paul. Thanks for the update!
Paul responds:
Posted: May 26th, 2007 at 6:35 pm →
Hi again
I’ll have to back-step a little…
It worked once and now gives me the same message as it did before.
Paul
Mike responds:
Posted: May 27th, 2007 at 12:29 am →
I’ve got the form installed and it works great except for not sending out the form email. I get the confirmation page after submitting the form, but I get no email. My ISP PHP FAQ says this about PHP mail (It’s from 2005, so likely things have changed):
Due to the way email works in PHP for Windows, you must use ini_set() to set the From: address correctly or else it will send out email using From: php@localhost and most mail servers will reject that immediately. To set the From: using ini_set(), you would do something like ini_set(‘sendmail_from’, ‘me@domain.com’); before you try to use mail().
I know next to nothing about PHP, so any suggestions before I submit a ticket to my ISP would be helpful. I also replaced the $form_location… line with
$form_location= “http://www.blueplanetphoto.com/gbcf_form.php”;
to avoid the referrer mismatch error. The form link is www.blueplanetphoto.com/gbcf_form.php
Thanks!
Mike Cherim responds:
Posted: May 27th, 2007 at 1:34 am →
Hi Mike. If the host won’t configure it to send, then I guess you can add this to the form file near the beginning:
ini_set("SMTP","mail.yourdomain.com"); ini_set("smtp_port","25"); ini_set("sendmail_from","fromYou@typeyourdomainhere.com");Sorry for the trouble.
Mike responds:
Posted: May 27th, 2007 at 12:11 pm →
Thanks, no trouble. However, this isn’t working either. So, looks like I’ll have to contact my ISP. I also commented out the line
mail(”$gb_email_address”, “[$gb_website_name] Contact from $name”, $gb_content, $gb_email_header);
because there was an error message (below) and I thought the ini_set lines and the mail($gb_email…) lines were trying to do the same thing
PHP Warning: mail(): Failed to connect to mailserver at “mail.blueplanetphoto.com” port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set() in D:\Webserver\blueplanetphoto.com\www\gbcf_form.php on line 227
I don’t have access to php.ini on my server. Removing the mail(”$gb_emailaddress….) line removed the PHP Warning message, resulted in a Success! message, but still no returned form.
Mike Cherim responds:
Posted: May 27th, 2007 at 12:24 pm →
Hi Mike. Yeah, it sounds like this one may be one for your host. Often when the form doesn’t work, we’ve found that the host is capable of making it work.
Wilbur responds:
Posted: May 28th, 2007 at 10:09 am →
Excellent script! Thank you for sharing!
Cheers!
Mike responds:
Posted: May 28th, 2007 at 1:54 pm →
Thanks, Mike. Got the script running via specific server info from my ISP. A couple more questions:
1. I would like the “From” line to read the sender’s email address not mine. Can this be done in the line:
ini_set(”sendmail_from”,”yourmail@domain.com”);
to replace the “yourmail@domain.com” with the email placeholder to return the sender’s email from the form?
2. The random question feature doesn’t seem to be working. Is there a switch I need to turn on to make that active?
Thank you!
Mike Cherim responds:
Posted: May 28th, 2007 at 3:08 pm →
Hello Mike. The email says your email address [From] to help by-pass a need for SMTP authentication so no emails get blocked. If, however, you hit “Reply,” the email will sent to the user [Reply-to] as expected. Thus I wouldn’t mess with that… there’s no real need to.
The Q&A isn’t random. To make it so would require the use of a session cookie and I didn’t make it so it replies on that since not everyone or their devices use cookies. An accessibility thing.
Mike responds:
Posted: May 29th, 2007 at 10:38 am →
Mike, ok that makes sense. Also, on the “random” question (says so in the comments section) I re-read the comment and now understand that it is not *random*, but that there are miscellaneous questions from which to select as the “question of the day”. Now I just need to match the form to my website. Thanks for the script!
Mike responds:
Posted: May 29th, 2007 at 10:44 am →
One other thing. The title on the contact form page is “Contact Form2″ instead of “Contact Form”. I cannot locate where the “2″ is coming from. It doesn’t show in the form code where “Contact Form” is listed or in the config.php
class=”main_formhead”> Contact Form
Any thoughts?
Mike Cherim responds:
Posted: May 29th, 2007 at 10:58 am →
Mike. Did you open the script in Dreamweaver per chance?
I’ve seen this before. This is the line:
<h<?php echo(''.$gb_heading.''); ?> class="main_formhead"><?php echo(''.$gb_website_name.''); ?> Contact Form</h<?php echo(''.$gb_heading.''); ?>>What happens is a program like Dreamweaver will close the heading before the “2″ (assuming you chose 2) because of the PHP scripting, so you’ll end up with this.
<h>2Site Name Contact Form</h>2.If you look at that top line carefully you’ll see how it’s supposed to work. If you opened it in Dreamweaver (etc) try again using Notepad or another text editor and that will no longer be an issue.
Make sense?
Mike responds:
Posted: May 29th, 2007 at 8:05 pm →
Mike,
That fixed it. Thanks! No more questions, I think I’m good to go. Thanks for your help.
Dan responds:
Posted: June 18th, 2007 at 7:44 am →
Thanks for the fantastic Contact Form and updates, they work a treat. I’ve been using it for a few months now and haven’t had one piece of Spam (touch wood).
I’ve recently implemented some Mod Rewrite rules, and the form returned a SpamTrap Error 1.
Thanks very much for updating your code, it made it an effortless transition
$form_location
// Comment out the existing string by placing two forward slashes in front of it
// $form_location= “http://”.$_SERVER[’HTTP_HOST’].”".@$_SERVER[’REQUEST_URI’].”";
// If you have Apache mod_rewrite rules in effect, it will look something like this:
$form_location= “http://yourdomain.com/yourpage/”;
Many thanks
Dan.
Mike Cherim responds:
Posted: June 18th, 2007 at 7:59 am →
So you’re all set Dan. Doing that worked for you?
Dan responds:
Posted: June 18th, 2007 at 10:17 am →
Certainly did, I was expecting to have to rip apart the code, but on my first search found this page and the explanation… some days are just grand; thanks again for the great script and hard work. Dan 
Mike Cherim responds:
Posted: June 18th, 2007 at 11:18 am →
Very cool. Love happy endings! 
James responds:
Posted: June 21st, 2007 at 2:16 am →
My host does not allow the mail() function. Can anyone help me how i can specific an SMTP server and username + password? I looked at the above comments and tried adding the ini set stuff but i’m still not having any joy.
Anyone got any tips?
Mike Cherim responds:
Posted: June 21st, 2007 at 2:34 am →
You could ask your host to enable the function. Or I suppose you could add this to the
gbcf_form.phpfile to override the server settings (php.ini). I think so anyway:ini_set("SMTP","mail.yourdomain.com"); ini_set("smtp_port","25"); ini_set("sendmail_from","fromYou@typeyourdomainhere.com");Thanks goes to Josh Gerdes for the code above.
Colin responds:
Posted: June 28th, 2007 at 4:07 am →
Great job Mike. Thought I might suggest a little addition to auto-randomize your Q&A section (RANDOM QUESTIONS CONFIG PART 3 of . If anyone has a more efficient methodology feel welcome to add your thoughts.
 . If anyone has a more efficient methodology feel welcome to add your thoughts.
// little function to shuffle and slice associative array
function ass_array_shuffle ($array) {
while (count($array) > 0) {
$val = array_rand($array);
$new_arr[$val] = $array[$val];
unset($array[$val]);
}
return array_slice($new_arr, 0, 1);
}
// question/answer array
$questions = array(
‘Is fire hot or cold?’ => ‘hot’,
‘What color is the sky?’ => ‘blue’,
‘What color is grass?’ => ‘green’,
‘Two plus two equals?’ => ‘four’,
‘What color is mars?’ => ‘red’,
‘Spell SPAM backwards’ => ‘maps’,
‘Is water wet or dry?’ => ‘wet’,
‘Monkeys eat what?’ => ‘bananas’,
‘Anteaters eat what?’ => ‘ants’,
‘Spell team backwards’ => ‘meat’,
‘Spell smart backwards’ => ‘trams’,
);
// shuffle and slice $questions to get a single question
$question = ass_array_shuffle($questions);
// set variable for question and answer
$gb_randomq = array_shift(array_keys($question));
$gb_randoma = array_shift(array_values($question));
Thanks again Mike
Colin
Mike Cherim responds:
Posted: June 28th, 2007 at 7:54 am →
Hello Colin, thanks. I’m curious, have you tested that? The reason I ask is that the tricky part isn’t making a random Q&A, it’s doing so without the use of a [session] cookie. I’m trying to avoid that, and since the form has to process parts of the script twice, the Q&A is one such part, It’ll fail.
Colin responds:
Posted: June 28th, 2007 at 8:12 am →
Hi Mike,
My bad. You are right of course. It did fail. If I can think of a way, without a session, I’ll let you know.
Colin
griter responds:
Posted: June 28th, 2007 at 8:02 pm →
Probably it’s a kind of stupid question - but why Enter doesn’t work in textarea? It’s a bit annoying when you wanna break the line and nothing happens… Anyway - nice piece of code!
Mike Cherim responds:
Posted: June 28th, 2007 at 8:11 pm →
Hi griter. It works for me in everything I’ve tested it in and I’ve never had or heard of a problem with hitting the Enter in the textarea to create a line break. What are you using? And what happens when you do?
griter responds:
Posted: June 28th, 2007 at 8:23 pm →
It’s a bit strange - now everything works perfect… I’m using Fireofx 2.0 - when I posted here the Enter really didn’t work. Then I’ve closed FF and opened it again - the Enter worked fine…
Sorry for the mess - I’m confused a bit, so please delete my first post. Thanks!
Mike Cherim responds:
Posted: June 28th, 2007 at 9:11 pm →
How odd. I wonder if it was possible your cursor jumped focus out of the textarea to the page — in which case hitting Enter would’ve submitted the form. Just wondering. Glad it’s working for you now.
Darryl responds:
Posted: July 6th, 2007 at 12:25 am →
Hi Mike,
I just installed this on a new site…It’s truly awesome….BUT, (and it’s a biggie), it works flawlessly in Firefox - mail is sent/recieved etc. But I cannot for the life of me get it to display in an IE browser…at all!
Any thoughts?
Thanks!
Mike Cherim responds:
Posted: July 6th, 2007 at 12:40 am →
Hi Daryl. That’s a new one on me. Got a link?
Darryl responds:
Posted: July 6th, 2007 at 1:11 am →
http://burrbuilding.com/form.php I must be missing the smallest thing!!
Thanks!
Mike Cherim responds:
Posted: July 6th, 2007 at 1:31 am →
Hi Darryl. You have a lot of errors on that page. You need to fix at least some of those. One in particular, you have a stray closing
</script>tag in the head. That can’t be a good thing. I have a feeling if you fix the errors you’ll fix the issue. There’s nothing connected with the form that would prevent it from displaying in IE.Darryl responds:
Posted: July 6th, 2007 at 1:40 am →
Holy shit!! lol See what ya get when a network admin ventures off his beaten path!?!?!?! I’ll have a look …thanks.
Feel free to remove that link from here if you’d like.
I’ll report back once I apply band-aids!
Thanks Mike.
griter responds:
Posted: July 10th, 2007 at 7:16 pm →
Is it possible to add another field (input type=”file”) to your form so as to make e-mail attachement? If yes, then how it should be done properly? Thanks in advance!
Mike Cherim responds:
Posted: July 10th, 2007 at 7:56 pm →
Adding attachments isn’t that easy I’m afraid. I took a crack at it once but couldn’t work it out. I had a problem with the content-type not working properly no mater what I tried. Sorry.
10 Essential Plug-ins for WordPress Version 2.1 - PHP Contact Form | www.Recruiting-USA.com responds:
Posted: July 12th, 2007 at 9:42 am →
[…] This is the seventh post in our series detailing essential plug-ins for WordPress version 2.1. Today we will be discussing "PHP Contact Form" plug-in, which can be downloaded here. […]
Steph responds:
Posted: August 11th, 2007 at 11:50 pm →
I love your contact form script. I just used on a clients website now and it’s unbelievable - I’m now going to be using it all my sites 
Lee Sai Fon responds:
Posted: August 15th, 2007 at 5:13 pm →
This is really cool but I have one question - if a data input error occurs, why do you explain it on a new page and force the user to click their back button and recall the error or errors they made in order to correct them. Why not deliver the error details above the form itself? This is what most forms on the web do?
Mike Cherim responds:
Posted: August 15th, 2007 at 5:32 pm →
I could have. I find both methods have their merits and weaknesses. Handing the errors as I did, sending the user directly to the results content, is a pretty accessible method, but I didn’t do it the way I did for any particular reason. As far as what “most forms on the web” do, I didn’t check to see others do, but I’ll take your word for it I guess.
Nathan responds:
Posted: August 17th, 2007 at 1:52 am →
Great form…quick question…
Do you see any way to implement this into a Joomla powered site…
I created a mysiteform folder with your files in it then pasted the java and php lines into a content page but it is not working…
Any thoughts would be appreciated.
Regards.
Mike Cherim responds:
Posted: August 17th, 2007 at 8:38 am →
I really don’t know about Joomla so I don’t know of any proper way. You could try this. Bring up a page on your site with your browser, then copy the source and use it to create an independent, stand alone page. You’ll want to remove any dynamic content, and you’ll need to modify navigation probably, and the title and H1 elements for sure, but everything else should be ready to go: style sheet, imagery, etc.
Rose responds:
Posted: August 22nd, 2007 at 6:55 pm →
hi mike, thanks for this script, it is definitely very accessible!
i have had no trouble embedding it in my site, and styling it to suit.
I am wondering if there is a way to make the form submit to my specified email address from the enquirers email address. At the moment i am getting emails from myself, what i would like to have happen is receive the emails from my clients so that i can hit reply and their email address is automatically in the ‘to:’ field, so that it retains the information they submited and i dont have to keep cutting and pasteing.
cheers
Rose
Mike Cherim responds:
Posted: August 22nd, 2007 at 7:36 pm →
Hi Rose. I do that on purpose to increase the chance the web site owner will get the mail. They can whitelist themselves, they can allow filter bypass, avoid SMTP authentication — it is a consistent value so it’s easier to deal with.
However, I didn’t forget ease of use for you. The “Reply-to” is the actual sender. Thus, using your email client, if you hit “Reply” you will see the sender’s email address on the “To” line as you would like and it works as normal. I guess you never tried it, but that’s cool. This comes up now and then and I can point people to this comment 
Grizzly responds:
Posted: August 26th, 2007 at 11:52 am →
Dude,
Got to say this is a fantastic script, I have little to no knowledge of CSS or PHP and this script installed a treat. The only big issue I seem to have is the carbon copy function, running a number of tests before the contact form goes live on my site I don’t seem to be getting a copy of the email to the creators email address even though the tick box is propagated on the form.
any ideas would be much appreciated.
Grizzly
Mike Cherim responds:
Posted: August 26th, 2007 at 12:15 pm →
I’m not really sure Grizzly, unless your host has a limit on mail function activation, in other words they’re limiting how many times the mail function can work at any given time. I’m not even sure if that’s it. But if you’re getting one, you should get the other, simple as that. Contact your host to ask. If they do have a limit of one-at-a-time, ask them to raise it to two. Let me know what they say. Just so you know, in case the host asks, the script uses two mail functions, and not a true CC in the official tech sense of the word. Actually CCs and BCCs are disallowed for security.
The only other possible think I can think of… the email used in the input was invalid, or has a spam filter and the test copies are in there. That’s always going to be a possibility if the submitter has a tight spam filter they may have their copy blocked/trapped. Nothing I can do about that, though.
Rose responds:
Posted: August 28th, 2007 at 7:03 pm →
Hi mike,
i can see where you’ve put the “reply-to” programming, and i can see that it should work. but ive tried several tests, with different email addresses. And when i hit “reply” its still my own email that fills in that field. Ive tried it with a couple of different email hosts including Gmail and a local NZ web provider, but niether work like they should… im not sure what else to do
Mike Cherim responds:
Posted: August 28th, 2007 at 7:45 pm →
I guess you could change the “From” in the script, just put what’s in the “Reply-to” now (and leave that as is). Then test it. If it works you should be golden. Before you do that, though, silly question: are you using a different address as the submitter?
Rose responds:
Posted: August 30th, 2007 at 7:17 pm →
wicked! the first time i tried i was using the same address as submitter and i thought all was sweet… silly me. then i was using two different addresses.
anyways, taking out the “from” part in the email header section of the config file makes it work. now i am getting an email from the actual hosting server,and it replies to the enquirer. YaY!!
just a question though, what happens if the server is down?
Mike Cherim responds:
Posted: August 30th, 2007 at 8:36 pm →
If your mail server is down I imagine the mail wouldn’t send, but I don’t know if its held somewhere or anything.
Steel Froggy responds:
Posted: September 8th, 2007 at 12:08 pm →
This is perfect, exactly what I’ve been looking for.
The only other thing is you should make it (if possible) so you can only send 1 mail per IP, per day.
That way my limited amount of mails I can send won’t be wasted by somebody who thinks they’re funny…
Let me know about this, asap.
Steel Froggy responds:
Posted: September 8th, 2007 at 12:09 pm →
Oh, Thanks. 
Mike Cherim responds:
Posted: September 8th, 2007 at 1:04 pm →
It could be done, Froggy. If, however, you encounter a jerk like that, it’ll only work if they have a static IP. And if they have a static IP there is already a mechanism in place to deal with them: the IP Blacklist part of the config. After all, if you have some idiot doing that, I’d assume getting even a single a daily email from them would be too much. Right?
Adnan responds:
Posted: September 9th, 2007 at 6:10 pm →
Hello, thank you very much for script…really well done job. I have a question…i put my page on server, and add your script to it. It says that mail is sent, but i dont get anything on mail that i put in config file. I put my hotmail mail. Do i need to put some smtp infotmations somwhere, or soething else..i just put my adress in config file and
$form_location= “http://mbacentar.ba/Contacts/index.php”;
please answer as soon as possible…i am in troubel:)
Greet
Mike Cherim responds:
Posted: September 9th, 2007 at 6:24 pm →
A lot of times Adnan the host needs to be contacted. 9 times out of ten. I know some free hosting is like that. Not everyone can use it for that reason. The script should not need SMTP authentication with Hotmail so I’m not exactly sure what you need there.
Adnan responds:
Posted: September 9th, 2007 at 6:43 pm →
ok i will contact them tomorrow..thank you on fast replay! Greeting from Sarajevo
Adnan responds:
Posted: September 9th, 2007 at 6:49 pm →
i have informations i needed i saw that u suggested to put few line of codes in gbfc config
ini_set(”SMTP”,”mail.yourdomain.com”);
ini_set(”smtp_port”,”25″);
ini_set(”sendmail_from”,”fromYou@typeyourdomainhere.com”) to avoid php.ini customization. (i would like to do this because support of my hosting is not so kind:))
so is this reliable, and in this “sendmail_from, i put mail where i will receive all comments….
Mike Cherim responds:
Posted: September 9th, 2007 at 7:35 pm →
Don’t know. Sorry,
Adnan responds:
Posted: September 9th, 2007 at 7:43 pm →
Unfortunately i get this :
“Referrer Missing or Mismatch: It looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. Using your “Back” button, please go back and try again or use our regular email, [email removed], to circumvent Referrer Mismatch.
Attention Site Admin: Be sure to double check the last section in the form’s configuration file and edit accordingly. If “Form Location” is manually entered, make sure it matches the page URL exactly — as seen on your browser’s address bar. A misconfigured URL is typically the cause of this error. “..sorry for being boring…
Mike Cherim responds:
Posted: September 9th, 2007 at 10:47 pm →
Not boring man, but it does sound like you need to check/change the configuration’s last section as it says. Either that or you don’t log referrers on your browser. To test, send an email to me via my form. If if goes through it’s your form config. If you get the same error it is your browser settings (which it could be since your posts are ending up in the Akismet filter).
NSpeaks.com responds:
Posted: September 14th, 2007 at 1:58 am →
I am using WP 2.2.3 here and I installed your plugin. Whenever I try to reach configuration page, it shows an error:
Mike Cherim responds:
Posted: September 14th, 2007 at 2:47 am →
You commented on the wrong post. The answer is in this post, for the WP version. In a nutshell it’s the UTW plugin and the maker of that plugin said she was going to work on a fix. That was a couple of weeks ago.
Layla responds:
Posted: September 16th, 2007 at 12:39 pm →
Hi Mike,
I’m a total PHP newbie, and have never installed a script until today. I love the form and your instructions are brilliant.
I’ve been playing around with the code and have two questions:
1) I didn’t want the heading at the top, so i’ve deleted it. But I now have the heading size number showing up in place of that heading. What do I do to rectify this?
2) I attemped to change the colours (borders, text). I had some success when I changed some things to either black or white using the .css file. My main problem came when I wanted to change some things to differnt colours. My question is, does php coding or .css files use different colour codes to html? The html colour codes I tried to use did not work.
LOL, don’t know if that sounds like I’m having a ‘blonde moment’ to any of you techies, but I am a newbie, and am pretty stoked that I actually installed the script and it worked, all on my very first go! : )
Thanks in advance for your help!
Mike Cherim responds:
Posted: September 16th, 2007 at 12:56 pm →
Congratz Layla. To remove the heading you’ll have to remove this entire line:
<h<?php echo(''.$gb_heading.''); ?> class="main_formhead"><?php echo(''.$gb_website_name.''); ?> Contact Form</h<?php echo(''.$gb_heading.''); ?>>Or just put this in your style sheet:
.main_formhead { position : absolute; top : -9000px; left : -9000px; }That’ll make it stay (accessible), but it will be removed visually.
Regarding the styling: Make sure the link to the style sheet in in the
head, then adjust the colors as you would any style sheet. Same color codes:element { color : #000; /* #000 is the same as writing “black” */ }Hope this helps.
Mike
Russ responds:
Posted: September 18th, 2007 at 3:30 pm →
Hello Mike,
Great PHP form. I looked around for a good form script and yours was the nicest looking form and the easiest to install and modify. However, I am having one small problem I’ve been unable to fix. And after spending half a day trying to correct the problem, I’m giving up. I’m not really a code guy. While the form displays beautifully, the error and success pages don’t space properly between lines. Everything, except for the result title, is single spaced–giving it a rather crammed together look. I imagine it’s a css problem (my css I’m sure), but one I’ve been unable to identify. I’ve not incorporated the form yet into my website, but I’ve created a practice page to work with it. Here it is: www.selfhypnosismadeez.com/contact.php
If you could give it a quick look, I’d certainly appreciate it. Thanks
Befuddled and frustrated,
Russ Melrose
Mike Cherim responds:
Posted: September 18th, 2007 at 3:52 pm →
Hi Russ. You could add this to your style sheet I suppose:
#gb_form_div dl { margin : 10px; 20px; } #gb_form_div dd { padding : 3px; }That should add some space where you want it.
Russ responds:
Posted: September 18th, 2007 at 5:26 pm →
Thank you Mike,
That worked perfectly and is exactly what I was trying to accomplish. Again, great script.
Russ
Sam responds:
Posted: September 26th, 2007 at 6:12 am →
After upgrading to WordPress 2.3 I see the following error:
Fatal error: Cannot access empty property in /[real server path]/wp-includes/functions.php on line 255
Any ideas?
Mike Cherim responds:
Posted: September 26th, 2007 at 7:43 am →
Hi Sam. This is will be a bit of a path to follow, but the answer is on the way.
Sam responds:
Posted: September 26th, 2007 at 8:38 am →
Thanks Mike, that was very helpful: I ended up cleaning out (drop) all the old ‘utw’ records in wp_options. Soon as I finished, I could hear a symphony playing as a monkey swung a femur bone around like a club (and your plugin worked again ;’).
Mike Cherim responds:
Posted: September 26th, 2007 at 9:10 am →
Cool. The plugin’s maker has been notified and a fix is supposed to be made so hopefully that’ll happen soon. People will then be able to just upgrade the plugin.
Susan responds:
Posted: October 16th, 2007 at 9:05 am →
Hello,
I’ve heard great things about this contact form, but I’ve never taken the time to actually install and use. I’ve just done so today, and I’m so glad I did! Excellent work!!
I do have one question. Is it possible for me to easily create another form with custom fields using this script? For example, I have the default contact form installed on my contact page, but now I’d like to create a new form for potential clients to fill in when requesting a quote and I need the form to ask for various other information from them.
Thanks!
Mike Cherim responds:
Posted: October 16th, 2007 at 9:31 am →
Hi Susan. It is possible, and none of the variables need to be changed if on different pages. In some cases the config file can be shared if only certain variables are being used. The tricky part would be renaming the fields. The labels need changing as well as both mail lines and the success output. If you’re using the same number of required and optional fields you can do it with some care (that variables can be reused to the visitor wouldn’t know). If you need to add fields then that would be more difficult as it would involve adding data to the various security strings.
Susan responds:
Posted: October 16th, 2007 at 10:14 am →
Okay, thanks so much for your reply. I will reconsider and probably just use the one contact form for all my needs.
I am so happy with this form. I’ve been dealing with lots of spam recently and it was high time to make the change.
Secure and Accessible PHP Contact Form « Security News responds:
Posted: October 17th, 2007 at 7:54 am →
[…] read more | digg story […]
Tom responds:
Posted: October 22nd, 2007 at 6:58 pm →
Hi Mike,
I installed your form and it works when going to the contact page from another blog page. The issue I am having is that I am also wanting to use the same form on a static home page which is the first page that users come into.
I get the referrers are blocked whoops error when trying to use it on another page, but it works fine if I nav through to the contact page.
I can get the form to display fine on any other page using the same block that I put into the contact page, I just can’t get it to accept the form. I tried it on a number of pages other than the static and it does the same thing.
Is there anything I can do to indicate referrers somehow within the php code for these pages so the form would work on them too?
Tom
Mike Cherim responds:
Posted: October 22nd, 2007 at 8:24 pm →
Hi Tom. If you’re talking about the WordPress version — this post is for the standalone version — you can only install it on a single page if I understand. The URL for that page is what goes in the config. To get it to work on another page the “Form page URL” would need to be reconfigured.
Please use this post to ask questions about the WordPress version. Thanks.
roger myles responds:
Posted: October 27th, 2007 at 7:36 am →
Looking for an accessible and secure form and this seems ideal. BUT not a php coder. I have a site where the page I want to include this form on has a SHTML extension. How do I configure the system to get PHP and SHTML together.
Mike Cherim responds:
Posted: October 27th, 2007 at 9:29 am →
That should be able to be done with server settings (to process PHP on any page). Ask your web host.
Mike responds:
Posted: November 7th, 2007 at 6:10 pm →
Mike,
I am not a coder, so please forgive my ignorance. I want to use your script, but I got caught up when the instructions called for:
1. “…using a php include function….” What I did was to copy example 1 below the body tag. It put a little php marker on the page.
2. “…using a javascript link within the head….” This ended my attempt to add your script. I found an editable spot within the head and pasted example 2. However, the page to which I tried to add this code gave me an error message telling me that this would require a change to the template and that changes would be discarded.
Is my ignorance worth your time to respond?
It’s the best looking contact us form I’ve seen. I hope I’m able to use it.
Mike
Mike Cherim responds:
Posted: November 7th, 2007 at 6:48 pm →
Hi Mike. The include would look like this:
<?php include("yourdirectoryofchoice/gbcf_form.php"); ?>The form script will end up on this page OR, just paste the script on that page.
As far as your second question, I really have no idea what you mean. The JS file is linked to to provide hover/focus states (if added to the style sheet) for IE6 and older. As far as the message you got I have no idea, but I don’t have any info about your site. You might want to ask who ever made the site, or the folks who made your content management system (CMS) if you use one. Bear in mind the purpose of the JS file is single. If you aren’t offering hover/focus styles for the form elements, you don’t need it.
I hope this helps.
Mike responds:
Posted: November 8th, 2007 at 10:21 am →
For some reason I’m getting only the text “
<!--gb_contact_form-->” to appear in the form using WP 2.3. Everything is set correctly as is the page URL. I used both permalinks and without them. Anyone else have this problem? Looks like PHP / WP is not recognizing the tag.Mike Cherim responds:
Posted: November 8th, 2007 at 10:46 am →
I’ve seen that before. I’d say it’s a WP glitch. If one puts in a comment it screws everything up, even though adding a comment is how several plugins get onto a page. While editing/making your contact page, you need to turn off the visual rich editor (see your Profile page I think). Either that or edit in HTML/Code view on the editor. What happening, without even looking, is WP is converting the comment into this:
<p><code><!--gb_contact_form--></code></p>
View Source to confirm this.
Mohammed responds:
Posted: November 9th, 2007 at 10:19 am →
Hello! This is just an awesome script. I like it very much.
I saw the “multiple email addresses” above, and was wondering: is it possible to choose to send messages to separate addresses? Thanks a lot.
Mike Cherim responds:
Posted: November 9th, 2007 at 10:31 am →
@Mohammed: With the WordPress one there is a commercical version which supports this, but that’s currently only available for the WP version.
Hugues responds:
Posted: November 12th, 2007 at 10:35 am →
Before all, thanks for sharing this awesome form!
I’m currently integrating it to my new Website and while I was doing tests on browsers compatibility, I’ve noticed that Safari (Windows) users can’t enter text in the last 2 fields, i.e. message and antispam (there’s no problem with previous fields).
It’s a minor problem, but I wanted to let you know…
Hugues responds:
Posted: November 12th, 2007 at 10:40 am →
To be more precise, in Safari, after having chosen a reason for the message, I can’t access the message box with a mouse click, but I have to use the TAB key… Seems that the focus stays on the reason list if I don’t use the TAB key.
Mike Cherim responds:
Posted: November 12th, 2007 at 10:59 am →
It’s a problem I cannot replicate unfortunately — using Safari on Windows I had zero issues.
dejavu news » Blog Archive » Secure and Accessible PHP Contact Form responds:
Posted: November 13th, 2007 at 1:30 pm →
[…] Decent security and high accessibility married and rolled into one PHP contact form. I did this more out of need than want, because cotact form spammers, like comment spammers waste my time. It’s free for you to use if you share this problem.read more | digg story […]
Thomas responds:
Posted: November 16th, 2007 at 9:27 am →
Hello,
i have the Secure and Accessible PHP Contact Form v.2.0 in use on a webserver, it works very good but i have a problem with (Check this box if you want a carbon copy of this email.). I don´t become a copy of the mail. Please help me
Thomas
Mike Cherim responds:
Posted: November 16th, 2007 at 9:58 am →
So if you check the box the mail isn’t being delivered to the email address you’re submitting but you’re getting the original mail? If I got that right, you need to check the spam filter on that email account (as obviously the form is sending, you’re just not getting to the email address you’re inputting). Right?
Sharon responds:
Posted: November 19th, 2007 at 9:51 pm →
Mike,
I am working on modifying this to read the questions and answers from a database, so that I can use a number of different questions to keep those spammer robots confused. I also am not a php guru, more like a newbie. I am having no difficulty reading the database and build randomq and randoma and keeping them static. I can echo them out all over the place, and they are fine; but the minute I click on the Submit button, I get an error message that shows another random question (no particular order to it). Would you know what part of the form.php code would rebuild randoma and randomq? I am not finding it. If you email me, I will send you the link so you can see what I mean.
Take Care, Sharon
Mike Cherim responds:
Posted: November 19th, 2007 at 10:56 pm →
I know exactly what you’re saying, Sharon, that’s why I don’t have the random Q&A. I haven’t been concerned about it because it doesn’t seem necessary. So far the form has been effective. To make it possible you’d need to pass along the original values or retain them. The most obvious way to do that is to set a session cookie for the user to maintain the inputted data (and originally generated Q in the Q&A), but I wanted to avoid requiring cookies for actual functionality — for accessibility — so I decided not to add that feature. That’s why I don’t have flood controls either, but again, that hasn’t seemed necessary. I’m afraid there’s no easy way to try an explain adding that functionality.
Vini responds:
Posted: November 21st, 2007 at 8:31 am →
Im having problems getting the form to work on my domain, http://www.vini.co.uk/dump/stix/
I’ve modified the form to my liking, and also tried an original virgin copy of the script, both give the same error. Any ideas?
Mike Cherim responds:
Posted: November 21st, 2007 at 10:07 am →
I don’t know Vini. All I can think of is configuration. For the past week I’ve seen that one 3 or 4 times whereas never before. It’d be understandable if I had changed the plugin, but I haven’t. Sorry, I don’t know what it is.
Alan responds:
Posted: November 23rd, 2007 at 5:53 am →
Hey great work Mike! Keep it up. Just got a question though, how do I change the font size of the anti-spam question? That is “echo('’.$gb_randomq.'’);”
Alan responds:
Posted: November 23rd, 2007 at 5:57 am →
Nevermind I got it
Sharon responds:
Posted: November 23rd, 2007 at 11:50 pm →
Mike, Have you tried an array of questions and then assigned a random set to $gb_randomq and $gb_randoma?
Thanks and take care, Sharon
Mike Cherim responds:
Posted: November 24th, 2007 at 12:06 am →
I have Sharon, but to do that would require a session (to recall the Q when submitting the form) and thus the user would have to accept cookies. That could get in the way of accessibility so I chose to avoid cookies for functionality. It hasn’t proven necessary gladly, between all of the other measures it still seems to do its job.
Sarah responds:
Posted: November 27th, 2007 at 1:15 pm →
There is a small error in the stylesheet, on line 77:
input.short:hover, input.short:hover,
should read
input.short:hover, input.short:focus,
Mike Cherim responds:
Posted: November 27th, 2007 at 2:54 pm →
You’re right, Sarah. Thanks. When I finally get my act together and do an update build (something I’ve been wanting to do for more than a month) I will address that. 
michael responds:
Posted: November 30th, 2007 at 12:46 am →
i’ve been using your form on about 4 or 5 sites for a while and it’s really great.
i’ve tried adding a filed such as ’subject’ and using _GET to try to pass the subject from the referring page.
of course i get spam trap 1 error. so the question is, is there a way i can drop the whole referrer checking or a way to add the the url after the “?” to the referrer. (you know http://domain.com?subject=my%20subject ) with regex or is there a php way to do this?
Mike Cherim responds:
Posted: November 30th, 2007 at 1:48 am →
Hi Michael. If you want to put the “Contact Reason” (subject) on the email’s subject line, you should go to line 1215 and change
Contact from $gbnameto$reason. You could also manipulate line 1218 (the CC) if you wanted to. I wouldn’t suggest adding a “Subject” input since that would be sort of duplicitous of the “Contact Reason.” And the “Contact Reason”selectelement is actually one of the security measures in that the$reasonhas to match one of those in the array. Hijacked forms will have their menus filled with non-existent data so this is a worthwhile measure.If you’re using the “Contact Reason” menu for something else, that is fine, go ahead and add an input like one of the others (Copy and Paste) then basically go down the file, block by block, adding your new variable to the applicable blocks. Then, follow the steps I outlined above substituting
$reasonfor whatever variable you’ve assigned to your “Subject” input (I’d use$subjectprobably).I hope you got all that 
 
By the way, that doesn’t explain the Spam Trap 1 error. That could be a config issue. Check that. Or feel free to just comment out the Spam Trap 1 error block with /* before it and */ after it. It will actually be removed on the next version. I think a full v3 will be coming out sometime within the next couple of months.
michael responds:
Posted: November 30th, 2007 at 5:34 am →
hey thanks for the quick reply, i can’t ‘pick a reason’ from a predefined list as the idea was to have people to click on product links and have that product name passed to the form. now i could populate that reason list from the database, but the client proposed that he would have around 1000 products at some point. so my array of reasons would be too big 
 
um now maybe i need to download this again, but i have version 2.0 and i don’t have anything near 1200 lines long
maybe i’ll start over from scratch for this client as i think i’ve modded this quite a bit already
thanks
Mike Cherim responds:
Posted: November 30th, 2007 at 10:09 am →
Whoops, my bad line 221 (and 224 for CC). The lines numbers I gave you are for the WP version. I should have looked at this post. As far as what you want to do so you could add a hidden input, then have a link to the form from each product and it could capture a variable for use as you like. I don’t know exactly how this would be carried out, but it could be done. This could be negotiated as the contact reason too with something to the effect of:
IF
$NewVaris empty, print default contact reason menu, ELSE,$reasonis$NewVar.michael responds:
Posted: November 30th, 2007 at 5:31 pm →
well i was just trying
<a href="contact.php?regarding=$product_description">product questions</a>where contact.php has your form on it and then in gbcf_form.php just adding a$regarding = $_GET['regarding'];at the top and then in a new form fieldanyway i’m still playing around with it, but with a variable in the url it doesn’t work
i’ll take another look at commenting out the trap1 (but i’m not exactly which lines to comment out), but what i’ve tried so far has thrown other errors at me. i’m not going to ask you to work on anything special for me, but if there’s a simple solution you could post that’s great. otherwise i’ll probably just write myself a less secure form myself from scratch 
 
thanks again
Mike Cherim responds:
Posted: November 30th, 2007 at 6:11 pm →
Michael. Shouldn’t that be written like this?
<a href="contact.php?regarding=<?php echo $product_description; ?>">product questions</a>Regarding that error block, it is commented. Look for this
// Anti-spam trap 1directly above that block.michael responds:
Posted: November 30th, 2007 at 11:33 pm →
well yes or no i was thinking in php and forgot my \’s, how about this
echo "<a>product questions</a>";:D
my above comment dropped some of my code, but it doesn’t matter you got the idea.
in the end my url looks like
http://domain.com/contact.php?regarding=a%20short%20description%20goes%20herehere’s what i get if i comment out the trap 1 lines
Form ID Value Mismatch: The submitted ID does not match registered ID of this form which means you’re trying to post remotely so this mean you must be a spambot. Go away
so i comment that out and get
referrer missing or mismatch: it looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. using your “back” button, please go back and try again
then i comment that bit out and it works
any reason (other than the obvious lessening of security) not to do this ?
michael responds:
Posted: November 30th, 2007 at 11:33 pm →
more code got stripped above 
Mike Cherim responds:
Posted: December 1st, 2007 at 12:28 am →
If you want to post stuff with angle brackets, you must convert them: Write
<to display<and write>to display>.As far as all those issues, it seems like you need to edit the config (last section). That would explain all of that. Is it possible you could supply a link to the form in question?
Wordpress PHP Contact Form v.2.0 error resolved - - My Investing Blog responds:
Posted: December 2nd, 2007 at 7:05 pm →
[…] Wordpress PHP Contact Form v.2.0 error resolved - Add Completely unrelated to my blog (aside from the fact I use the “contact” form - but I figured I’d toss it out because I did some searching Google that a couple people posted concerning this error and my answer wasn’t in there - […]
SWiz responds:
Posted: December 4th, 2007 at 6:15 pm →
Hi Mike,
I have tried to find some info about this errormessage.
Referrer Missing or Mismatch: It looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. Using your “Back” button, please go back and try again or use our regular email, info@xxxxxx.com, to circumvent Referrer Mismatch.
What to do?
Best / SWiz
SWiz responds:
Posted: December 4th, 2007 at 6:30 pm →
Hi again Mike,
I just found out what was wrong.
Had change from a windows-sever to a unix, without updating your script.
Best / SWiz
Mike Cherim responds:
Posted: December 4th, 2007 at 6:51 pm →
Cool. I’m a huge fan of self-answered questions 
gofree responds:
Posted: December 5th, 2007 at 2:16 pm →
No, how hard i tried I still got this while testing:
Results: Whoops! Error Made!
Referrer Missing or Mismatch: It looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. Using your “Back” button, please go back and try again or use our regular email, [email removed], to circumvent Referrer Mismatch.
please email me.
Gunnar responds:
Posted: December 9th, 2007 at 3:22 pm →
Thank you for sharing this plug-in. It’s so nice to not wake up with 20 spam comments in moderation any more. One minor issue: I’m using the k2 theme (http://getk2.com) and I have to turn off its nifty AJAX Live Commenting feature because if the user types in the wrong spam answer, hitting the back button goes back to the page they were on before the post page (usually the blog’s main page) and they lose their comment draft. I just discovered that the “awaiting moderation” message to the user doesn’t appear with the AJAX thing turned off (which seems to be a bug with k2), so I’m faced with a choice between two annoyances for the user. Any thoughts? Thanks, Gunnar
Noam Eppel responds:
Posted: December 9th, 2007 at 3:22 pm →
Hello Mike,
Great script.
My sendmail configuration was specifying a Return Path on all emails of www-data@server.com. To specify a Return path I made the following modifications to gbcf_form.php v.2.0:
Line 106: // Email header
Line 107: $gb_return_path = “-f” . $gb_email_address;
Line 108: $gb_email_header = “From: $gb_email_address\n”.”Reply-To: $email\n”.”MIME-Version: 1.0\n”.”Content-type: text/plain; charset=\”utf-8\”\n”.”Content-transfer-encoding: quoted-printable\n\n”;
Line 221: mail(”$gb_email_address”, “[$gb_website_name] Contact from $name”, $gb_content, $gb_email_header, $gb_return_path);
The Return Path is now set to the From address.
Mike Cherim responds:
Posted: December 9th, 2007 at 3:36 pm →
@Gunnar: Comments should be disabled on the contact page so maybe just doing that would solve the matter?
@Noam: Thanks.
Gunnar responds:
Posted: December 9th, 2007 at 3:50 pm →
@Mike Cherim: Woops. I really should go eat breakfast, my brain must be low on sugar. That comment should have gone to Mike Jolley’s site for wp-comment-spam-stopper. Now that I’m here, there is a similar problem with the back button on the PHP Contact Form, using k2 and Safari 3.0.4 on Mac. If the spam question isn’t answered, or if the answer is wrong, it says to hit the back button. If I do, it shows the same contents again. If I hit it again, it goes back to the blog main page. However, I can go forward and get to the form as it was before submitting the message.
An aside: I was surprised during this testing that my real email address gets exposed, as a commenter mentioned above. I’ll be ripping that out as soon as I figure out how. The whole point of the contact form for me was to avoid revealing my email address.
  The whole point of the contact form for me was to avoid revealing my email address.
Mike Cherim responds:
Posted: December 9th, 2007 at 4:13 pm →
That address that gets spit out isn’t at risk. It’s based on a different methodology. I wouldn’t expose it like that if it was at risk! Furthermore, that is only done on the human-possible errors for accessibility, and they are the three last in line. A ‘bot will trip the form long before any of those addresses are presented in an bot-possible error. Thus, I wouldn’t be too concerned about them.
As far as the back button thing, I’ll address that with the next full release. You should be happy to know at least that that doesn’t happen using any other browser on any other platform. Even Safari for Windows.
Gunnar responds:
Posted: December 10th, 2007 at 3:59 pm →
@Mike Cherim Thanks for the reply. I was surprised Safari 3.0 didn’t fix that problem. Oh well. Thanks for working on it for the next release.
RE: Exposing the email address. I saw the discussion earlier about bots not tripping it, so that is reassuring. But I still don’t want to expose my real email address even to humans unless I really want to. It’s very nice for the user how you err on the side of letting them contact you no matter what; I get why you designed it that way. Once someone has abused having your email address you become less generous in that regard. Ideally this would be a user configurable option.
Just a suggestion for a future version. It’s still a great plug-in. I’ll dig through the guts and see if I can comment out the relevant parts.
Mike Cherim responds:
Posted: December 10th, 2007 at 4:29 pm →
I do plan on doing that differently on the next version. You’re one of a half dozen people to feel uncomfortable with that. It’s based on this in progress (still successful) experiment.
Jasco responds:
Posted: December 14th, 2007 at 10:41 pm →
I’m a complete n00b at this. I currently have no form on my site, but I want to put one there. My contact page is named contact.html. I notice in the instructions (yes, I’m reading them) that I need to place this code in a php page file. I’m not using php files, but html files. How can I make this work inside an html file?
Thank you.
Mike Cherim responds:
Posted: December 14th, 2007 at 11:12 pm →
You have two options: rename the file contact.php and just change your navigation accordingly. If the file extension is .php it’s still just a file that HTML works on, but it’ll also process PHP scripting. Or, contact your host and ask them to enable PHP on HTML file types (a server setting). Either way and you should be good to go.
Michael Erb responds:
Posted: December 16th, 2007 at 2:36 am →
Hi, thank you for such a fantastic script! I hope I can get it working but right now I’m having some problems. I use CMSmadesimple (http://www.cmsmadesimple.org) on my CMSmadesimple site.
I followed your install directions and created a directory “form_files_directory” I then placed the three files in there including the css file. In CMSmadesimple, I created a user defined tag titled “contactForm” to contain the php code (you call the php code to pages via a global content block using a smarty tag {contactForm} )
When I went to the actual contact page on the site, the form was displayed just fine. I filled it out in a valid fashion and submitted it. I did not get any confirmation message of any sort and was delivered to the home page of my site. I did notice that the URL had a “#results” appended to it however. I never got the emails either. To the best of my knowledge I put in the correct values in the config file.
So any ideas why this isn’t working for me in my CMSmadesimple installation?
Mike Cherim responds:
Posted: December 16th, 2007 at 2:55 am →
Hi Michael. If you view source you’ll probably see the form action pointing to index.php. I’ve seen that before.
Edit the script with a text editor like notepad. Look for the form element and change the action from
PHP_SELFtoREQUEST_URI. That should solve the problem.Carey responds:
Posted: December 17th, 2007 at 2:50 am →
Great plug-in guys,
Worked a charm - except for my mistake with the Wordpress maning conventions.. But the amazing thing is - when I sent a note for help and support, I got feedback and a solution right away..that is incredible!!! I have not had this kind of service from “paid-for” software; let alone with free software…. you definitely get a donation from us.
Best secure contact plug-in for Wordpress
Cheers.
Michael Erb responds:
Posted: December 17th, 2007 at 12:59 pm →
Mike,
Your suggestion works. Brilliant! I never would have deduced the solution so thank you very much. I plan to tell the CMSMS community about your fantastic form script. It’s hands-down the best script out there for forms that I’ve seen!
Mike Cherim responds:
Posted: December 17th, 2007 at 1:16 pm →
@Carey: Thank you. I am glad it worked out. Love it when a plan comes together.
@Michael: Ditto. 
Michael Erb responds:
Posted: December 17th, 2007 at 1:35 pm →
Mike,
I’m now having a bit of a formatting issue. When I look at your demo form, it looks great.
http://green-beast.com/gbcf/gbcf_form.php
But when I look at my just installed form, the formatting is all squished together.
http://home.twcny.rr.com/merb/screenshot.jpg
I’ve put the css path into the contact form page so I’m not sure why this is happening. Is it possible that another css style is overriding your css or what?
Michael Erb responds:
Posted: December 17th, 2007 at 1:40 pm →
Yes, I see that the css for the template page is overriding your css. So how exactly do I allow the css for the CMSMS temlate to still work and at the same time include the css for the form? I’ve tried adding it at the bottom of the original template css file and it does the same thing.
Mike Cherim responds:
Posted: December 17th, 2007 at 2:04 pm →
Hi Michael: My guess is that your main style sheet has a universal selector dictating all padding and margin is 0. It’s look like this:
* { margin : 0; padding : 0; }Thus you’ll have to apply margin and padding to the various form elements. Go easy on padding inputs though because cross-browser consistency is weak. You can make the fieldset border 0 as well and that’ll help some.
Michael Erb responds:
Posted: December 17th, 2007 at 2:27 pm →
Mike, I’m pretty green when it comes to CSS. Are you saying that I need to go into the gbcf_styles.css file to add these padding values to the form elements? What padding and margin value would you suggest? How many instances of this change would I have to make?
Sorry for all the questions, but I’m sure you can do this stuff blindfolded, with your hands tied behind your back while being asleep, whereas I can barely spell my name 
Michael Erb responds:
Posted: December 17th, 2007 at 2:39 pm →
Mike, I’ve gone into the gbcf_styles.css file and made numerous changes just to see the result and absolutely nothing happens. It’s as if the stylesheet were being ignored completely. I guess I’ll have to figure out why this is happening.
Mike Cherim responds:
Posted: December 17th, 2007 at 2:43 pm →
Hi Michael, you could try 1px of padding on inputs, then margin applied to space them as you like. Maybe a peek of one of my form style sheets may help. Another option for general CSS questions would be to go to a forum like SitePoint.com. That’s always helpful or can be.
Mike Cherim responds:
Posted: December 17th, 2007 at 3:11 pm →
Check the path to your style sheet then. It must not be getting the file. A link to your installation would help eliminate the guess work.
Michael Erb responds:
Posted: December 17th, 2007 at 4:47 pm →
Mike, I think I’ve got things ironed out for the most part. I appreciate your help.
I’m wondering about the feature whereby when the anti-spam question is answered incorrectly, it shows an error screen that offers my email address for the person to request assistance. Can this be turned off? It seems to me that this totally defeats the purpose of using a contact form in the first place, if ultimately my email address -is- shown and available for abuse by whoever is seeing it. Maybe I’m missing something?
Michael Erb responds:
Posted: December 17th, 2007 at 4:58 pm →
Mike, I think I’ve answered my own question. I just went into the gbcf_form.php and deleted the part that contained my email address and the appropriate text that mentioned emailing for support. Maybe that wasn’t the best way to do it, but it works for me.
Mike Cherim responds:
Posted: December 17th, 2007 at 5:50 pm →
Hi Michael. Glad you got things ironed out. As far as the email exposure, that is available of the three final traps and done for accessibility since they are human-possible, thus an alternate means is provided. The email is rather safe like that and not in defeat of the whole form (I wouldn’t have done that or use it myself if I didn’t think it was safe). ‘Bots should trip one of the other errors long before they get to those. But even if there were no ‘bot-specific errors prior to those three, the tech used to uncover the email is still solid (so far anyway). It’s based on this. That said, if you wanted to removed them, you’d strip them out of the error strings as you did so that is right.
Michael Erb responds:
Posted: December 17th, 2007 at 6:47 pm →
Mike, I gave your form a nice plug in the CMSMS forums… http://tinyurl.com/2hcxpl
Mike Cherim responds:
Posted: December 17th, 2007 at 7:02 pm →
Thank you Michael.
don-got-no-avitar responds:
Posted: December 21st, 2007 at 2:56 am →
First, THANKS for creating this form. I have just (minutes ago) installed it and am ready to start testing prior to hacking.
First attempt didnt work… coulsn’t see the form:
Your “Readme” says:
5. Using the PHP include function, include the file gbcf_form.php
in any *.php page file where you want it to be. It must be
below the tag and preferably below the main heading.
I recommend placing it in the main content area.
See Example 1, below.
Example 1
BUT, I had to use the following in my html:
(my .htaccess calls for XBitHack on)
Should you add: “include virtual” as an option in your readme… or did I miss an important comment elsewhere?
Cheers
don-got-no-avitar responds:
Posted: December 21st, 2007 at 3:00 am →
sorry for my typos and also not stating that I inserted your form into a HTML page file NOT php. Maybe that’s why the problem. Will the form function properly from within a html page?
Cheers
Mike Cherim responds:
Posted: December 21st, 2007 at 10:35 am →
Hey don-got-no, thanks.
don-got-no-avitar responds:
Posted: December 21st, 2007 at 4:48 pm →
Hi Mike;
Fighting the “Spam Trap 1″ error. Tried your fix; no joy.
Here is the only place where I found the term “$form_location”:
line 116 (in my editor) says:
// Modify referrer to counter bogus www/no.www mismatch errors
$form_location = strtolower(trim(rtrim(str_replace(array(”http”, “www”, “&”, “/”, “#”, “\\”, “:”, “%”, “|”, “^”, “;”, “@”, “?”, “+”, “$”, “.”, “~”, “-”, “=”, “_”, ” “,), ‘’, $form_location))));
$form_location = “http://nwsid.us/find-designer/find-designer.htm/”;
NOTE THIS FILE HAS BEEN REMOVED AND REPLACED UNTIL I CAN FIX THE PROBLEM.
ALSO NOTE YOUR FIX DOES NOT HAVE A SPACE BETWEEN “$form_location” AND THE “=”
I read the comment about changes for a v3; but wonder if you could publish a method to REMOVE the “Spam Trap 1″ feature.
Thanks
the no-avitar guy
Mike Cherim responds:
Posted: December 21st, 2007 at 5:47 pm →
You should be looking in the config file — last section.
The space or lack thereof is completely irrelevant.
Sorry, that’s not going to happen. I have started work on v3 though. Please know, 99% of the installations have no issue with this. If you fix the $form_location in the config file though that’ll probably fix it…. not sure.
don-got-no-avitar responds:
Posted: December 21st, 2007 at 6:16 pm →
Thanks, Mike;
Interesting… it worked… I guess I need RTFM lessons (as in reading for “understanding”).
Cheers
Mike Cherim responds:
Posted: December 21st, 2007 at 6:31 pm →
Cool, Don. Glad it’s all straightened out. 
Nick responds:
Posted: January 12th, 2008 at 12:23 pm →
hi mike,
I’m using an aol email address and aol requires smtp auth. I don’t see smtp auth in config. please help!
Mike Cherim responds:
Posted: January 12th, 2008 at 2:56 pm →
With this version you shouldn’t have to do a thing. I know lots of AOL users that this form works with so you need to check any spam filter(s), and if nothing’s there, then contact AOL. I know one person whose email address had been so abused in the past it was on an AOL blacklist. He contacted AOL, they removed it from the blacklist and it worked.
Nick responds:
Posted: January 14th, 2008 at 4:18 pm →
somehow it works now.
thanks!
ryan responds:
Posted: February 6th, 2008 at 5:55 am →
Cant get it to work, its says i have populated a spam field (I didnt)
I have change the for location to the exatact address (i.e the url in the add bar) ! Still no success !
Any tips ? ta.
Mike Cherim responds:
Posted: February 6th, 2008 at 9:54 am →
If you did that then I don’t know Ryan. Wanna try v3?
alexandru singeorsanu responds:
Posted: February 15th, 2008 at 5:50 am →
Hello Mike!
It looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. Using your “Back” button, please go back and try again or use my regular email, [email removed], to circumvent Referrer Mismatch.
I am receiving this message when using Firefox but not in IE6….
At the same time it happens only on my pc.
Do you know what the problem might be? In the configuration section of Wordpress the site address is set as http://www.awholeuniverse.com/contact
Thanks.
Mike Cherim responds:
Posted: February 15th, 2008 at 9:54 am →
The error’s right it seems in his case. I just tested with FF on Windows and it went just fine. Thus, it sounds like you have referrer logging turned off on your FF browser. Check your settings.
Seamus responds:
Posted: March 3rd, 2008 at 1:18 pm →
Hi Mike
I too seem to have this issue with blocked refferer, etc….
I’ve tested on FF, IE7 and Safari - and they give the result. I can’t seem to find the setting to turn “referer logging” on in any of the browsers listed above. I must be blind to something that I’m sure you are going to tell me is obvious - well I hope.
Thanks for all the great work.
Mike Cherim responds:
Posted: March 3rd, 2008 at 2:41 pm →
It’s just buried. Don’t feel bad, I can rarely find those “advanced” settings either. I’ve seen it before, but I did just look for it with no success. If you want, just disable that error in the script by commenting it out. The check will be down near the bottom of the script (it is marked). Just add
/*before the block then put*/after that block.Hi Mike responds:
Posted: March 3rd, 2008 at 6:12 pm →
Thanks that did the trick!
FYI I’ve really looked hard for those browser settingson ie7 and FF and to no avail. If anybody out there knows where they are please post and let us know.
Mike Cherim responds:
Posted: March 3rd, 2008 at 7:01 pm →
It seems, after looking around, that Opera will allow it to be switched on and off. On my FF I found the option in my web developer toolbar. Others it seems might be disabled by Norton or other security software, and I know some routers will block referrers. Here’s some more info from Wikipedia.
Glad the fix worked 
Mark Golledge responds:
Posted: April 16th, 2008 at 10:54 am →
Hiya,
I’m having problems with the contact form (v2.0). I’ve integrated it into Wordpress fine and users can successfully submit a question using the contact form. However, I don’t get anything delivered to my email. I haven’t changed anything on php.ini - do I need to do so?
My email address has been setup using my DNS Registry (123 Reg). This directs to my Googlemail account (I can still send using my non-Googlemail email address).
If I am to edit my php.ini file which settings do I need to include?
Thanks
Mike Cherim responds:
Posted: April 16th, 2008 at 12:17 pm →
This post is for the standalone version for the form, not the WP version, but if you got it that far I guess you’re using the right one. If the form sends, it is working. You need to contact your host and ask why the mailserver isn’t sending the mail.
African Safari responds:
Posted: April 26th, 2008 at 3:50 am →
Hi Mike,
Thanks so much for the support you as providing the users of you script.
This question was asked by someone eariler but they asked you to email them so there is no trace of how to fix the error. i’m getting this error
Results: Whoops! Error Made!
Referrer Missing or Mismatch: It looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. Using your “Back” button, please go back and try again or use our regular email, [email removed], to circumvent Referrer Mismatch.
How do i solve it? my contact form is “on our promise to you” page.
Please answer it here so it may help others too.
Mike Cherim responds:
Posted: April 26th, 2008 at 8:02 am →
Manually set the
$form_location(contact page URL) as it says in the last section of the config and you should be all set. Perhaps you should try my version 3 anyway since it’s better.Dan responds:
Posted: May 22nd, 2008 at 10:26 am →
Hi Mike,
I have installed version 3 of this fantastic script and it is working great. I would however like to remove a few fields - namely address, city/town, state/province and zip/postal code. I would also like to make the message field optional (sounds strange I know, but hey).
I can’t seem to find anywhere that describes either of these things. Is this because it is only available as a paid-for service?
Cheers,
Dan
Mike Cherim responds:
Posted: May 22nd, 2008 at 11:31 am →
Hi Dan. If you’re using v3, I don’t know why you posted in this v2 post. You really need to read the instructions. Removing the fields you want is simply a matter of configuring the form that way via the config file. All of this is already explained, in detail. As far as the message, there is not switch to make it optional. But I figure who’d want to get a blank email. To make that optional would require a ton of work.
Dan responds:
Posted: May 22nd, 2008 at 12:04 pm →
Oh, how strange - I am not entirely sure how it is that I ended up in the v2 section. I’m sorry about that.
Anyway, back to the issue at hand. I have studied the instructions from start to finish and I have already removed company/organisation, website and the optional select menu, as shown below:
$get_org = “no”; // Or “no”
$get_phone = “yes”; // Or “no”
$get_website = “no”; // Or “no”
$get_address = “yes”; // Or “no”
$get_optmenu = “no”; // Or “no”
But I can’t for the life of me see anywhere to remove the fields that I listed in the previous post and removing the subject menu from the CONFIG file manually results in a blank page showing where the form should be.
Thank you for the lightning fast reply by the way.
Cheers,
Dan
Mike Cherim responds:
Posted: May 22nd, 2008 at 12:17 pm →
Hi Dan. Change…
$get_address = "yes";to$get_address = "no";and that will remove the address stuff. Not sure what is up with the blank page but it is typically indicative of a fatal PHP error. I would check your server’s error log to find out what specifically is going wrong.Dan responds:
Posted: May 22nd, 2008 at 1:14 pm →
OK great, I’ve done that. I don’t know why I didn’t do it before actually.
The form is now showing after removing the subject code from CONFIG, but the subject field is still showing…only there are no subjects in the menu, which is good in a way, as I don’t want any subjects. But I also don’t want an empty menu there.
Thanks again,
Dan
Mike Cherim responds:
Posted: May 22nd, 2008 at 1:47 pm →
It’s not going to be easy to remove the subject without breaking the form and the emails it will send. Don’t know what to tell you but I’d keep the subject.
James S. Huggins responds:
Posted: June 6th, 2008 at 9:35 pm →
I visited this page some time ago and used your great insights in trying to improve my small project … a parameter driven script to process some forms. My acknowledgments page at http://www.JamesSHuggins.com/h/web1/huggins-email-form-script-acknowledgements.htm references your great contribution. I also include this acknowledgment in the manual. And, I just update the acknowledgement to reference your “recent” post at http://green-beast.com/blog/?p=220. Thank you again.
James S. Huggins
…
daan responds:
Posted: December 11th, 2008 at 10:48 am →
My contact form ist working 
 
http://defensedragon.com/webshop/index.php/contact/
This is the error:
Referrer Missing or Mismatch: It looks like you’re trying to post remotely or you have blocked referrers on your user agent or browser. Using your “Back” button, please go back and try again or use my regular email
What can i do??
Someone please?
Mike Cherim responds:
Posted: December 11th, 2008 at 11:28 am →
If you get that error it means the form location variable
$form_locationat the bottom of the config file needs to be changed to show the exact URL of your contact page (there are instructions in the file). Either that or referrers are blocked on your browser. Try the v2.0 test form to see if you get the error there. If so then it’s your browser. That’s really uncommon though.daan responds:
Posted: December 11th, 2008 at 12:32 pm →
Hey Mike,
Thanks for your rapid reply,
I have another quenstion for you now that my form works..
I have quickshop also integrated in my form, and if you send the form you get confirmation about which data you have send.
The message someone send comes up very nicely, but how can i add the “shop” part to that?
So i want beneath the “message” part another part between blockquotes where people can see again what they have ordered…
Can you tell my how i can do that?
Code:
Starting from Line 1286 - 1289 of WP-GBCF V. 2.0 (wp-gbcf_form.php):
$forms.=(’
‘.$x_or_h_br.’
Message’.$x_or_h_br.'’);
// Add quickshop integration by adding the cart info into the text area.
if ($_SESSION[’qscart’] && is_array($_SESSION[’qscart’]))
{
$forms .= (’I would like to order the following items:
‘);
foreach ($_SESSION[’qscart’] as $item)
{
$forms .= (”".$item[’name’].” - Price: $”.$item[’price’].” - Quantity: “.$item[’quantity’].”
“);
}
}
$forms.=('’.$x_or_h_br.’
Mike Cherim responds:
Posted: December 11th, 2008 at 1:07 pm →
I have no idea. Looking at your code I realize this is support for the WordPress form plugin. If you have any questions about that, please post them under the correct support post. This post is for the v2 stand-alone which is why I responded to your first question inaccurately (though I’m glad you figured it out anyway). Thanks.
Vivek Thomas responds:
Posted: January 2nd, 2009 at 12:45 am →
Hello
When I submit the form, I get the error
“Results: Whoops! Error Made!
Anti-Spam Trap 1 Field Populated: You populated a spam trap anti-spam input so you must be a spambot. Go away!”
I tried editing $form_location variable but still it doesnt work. What could be the reason?
Mike Cherim responds:
Posted: January 2nd, 2009 at 4:15 am →
There’s an input hidden by styling (turn off styles to see it). I suspect you entered content in that by accident when testing, and I suspect you have “Autofill” which remembered this. You need to clear that out. This shouldn’t affect other users.
Jonathan Ackerman responds:
Posted: January 19th, 2009 at 6:23 am →
HI Mike,
Thanks a lot for the contact form, it is truly great and a life saver.
I just installed it and I am having some issues which I don’t understand. After installing the form everything is working just fine. I had an issue with the form_location but I took care of that. At the moment the form is sending the emails to the mailserver running on the local machine, is there a way for me to have the form send to a gmail address?
Thanks!
Mike Cherim responds:
Posted: January 19th, 2009 at 10:02 am →
The mailserver should be localhost normally. As far as it sending to a gmail address you should be able to just put that into the config and have your localhost mailserver send to it or where ever you want it to. Unless I’m misunderstanding something.
Mike Cherim responds:
Posted: February 21st, 2009 at 10:44 am →
Attention: There is a new post for form support. Please use it to post your comments, questions or suggestions. Please, however, review the comments above first to see if your question or concern has been addressed already. Thank you.