Friday, 14 January 2011

Pop-up Mail Form


All the following is the text from the webpage www.RichsWebArchive.com/aboutthissite/popupmailform/index.php and it reads as though you are viewing the actual page:

I wanted to replace the somewhat clunky message options on the site, as outlined on the Stopping Spambots page, with a safe and secure pop-up mail form.

There is an item on the blog previous to this page which talks about this a bit, it's probably a good idea to check it out before reading the rest of this.

You can download a zip archive of the relevant files called rwa_mailform1.zip. Files in the archive are from 15.01.2011 and may not reflect the current state of the site. Any links in this page to sendmail.php will instead take you to a file called sendmail_publish.zip - this is a version of sendmail.php with my address and key removed.

I had several objectives to achieve here:
  • Building the form
  • Open the form in pop-up window
  • Validate user input
  • Prevent Injection Attacks
  • Pass a sub-string of the referring page's url forward
  • Enable a CAPTCHA box on the form.

In tandem, almost, with making this page was the creation of another page called sendmail.php which does all the validation, error handling and sends the message. This page will not cover these issues. For a full run-down on sendmail.php please go to the Mail Validation & Sending page.

The first task was to create the pop-up window for the form to go in. There are two parts to this, the first is a link in the navbarlinks.htm file:

>a href="/contact/mailform.php" onClick="popUp(this.href, 'fixed', 495, 605);  
return false;" target="_blank"<Send me a message about this page>/a<

The href in the link targets the mailform.php page. The onClick part of the tag calls the JAVA function to open the href in a pop-up window. There are four parameters sent to the popUp function: this.href takes the href defined earlier in the link; 'fixed' tells the function to make a pop-up window of fixed dimensions, as defined by the last two parameters; width, and; height.

The second part is the JAVA function to open the pop-up window, which is placed in the sitewideheadcode.htm file, and thus loaded into every page on the site:

>script type="text/javascript"<
<!--
 var newWin = null;  
 function popUp(strURL, strType, strHeight, strWidth) {  
  if (newWin != null && !newWin.closed)  
   newWin.close();  
  var strOptions="";  
  if (strType=="console")  
   strOptions="resizable,height="+ 
   strHeight+",width="+strWidth;  
  if (strType=="fixed")  
   strOptions="status,height="+  
   strHeight+",width="+strWidth;  
  if (strType=="elastic")  
   strOptions="toolbar,menubar,scrollbars,"+  
   "resizable,location,height="+  
   strHeight+",width="+strWidth;  
  //set new window to open in centre of screen
  var left   = (screen.width  - strWidth)/2;
  var top    = (screen.height - strWidth)/2;
  strOptions += ",top="+top+",left="+left;
  //open window
  newWin = window.open(strURL, 'newWin', strOptions);  
  newWin.focus();  
 }
//-->
>/script<

This robust JAVA function for opening a pop-up window, came from a page at sitepoint.com. It does some clever tricks which are explained really well on their site. I added the three lines which centre the new window on the screen. Previous to this I had been using alternative code from this page at www.htmlcodetutorial.com. Check the link out, there is a fantastic Under The Hood link there also which explains the JAVA code line-by-line. Unfortunately this function stopped working properly - it either opened my mail-form in the same window or a new tab - so I replaced it with the one above.

The next task was to design the form itself. Forms are pretty straightforward in XHTML, a good explanation can be found at w3schools.com. Here is the code for the form from mailform.php:

<form id="thisform" method="post" action="sendmail.php">
<div class="bluetext" style="position:fixed; top:1%; bottom:1%; left:1%; background:#ebf5fc; right:1%; " >
 <fieldset>
  <legend style="color:black; ">  Send an email to Rich's Web Archive: </legend>
  Your Name:<br />
  <input type="text" name="name" size="20" tabindex="1" /><br />
  Your E-mail Address:<br />
  <input type="text" name="address" size="40" tabindex="2" /><br />
  <input type="hidden" name="subject" size="60" readonly />
  <script type="text/javascript" language="JavaScript">
   <!--
   // set subject to shortened url of referring page
   var refpage = new String(document.referrer.replace( "http://www.richswebarchive.com", "RWA"));
   document.forms['thisform'].elements['subject'].value = refpage;
  //--<
  </script>
  Subject:
  <script type="text/javascript" language="JavaScript" >
   <!--
   document.write(document.forms['thisform'].elements['subject'].value);
  //--<
  </script>
  <br />
  <input type="text" name="subjectUser" size="60" tabindex="3" /><br />
  Message:<br />
  <textarea name="message" cols="70" rows="5" wrap="soft" maxlength="500" tabindex="4" /></textarea><br />
  <p>Your message can include <code>html</code></p>
  <?php // set up CAPTCHA box
   require_once('recaptchalib.php');
   $publickey = "6LcldMASAAAAAJhgijHTLH-0JWhliBd_G6KdmCIQ";
   echo recaptcha_get_html($publickey);
  ?>
  <br/>
  <input type="submit" value="Send">
  <input type="reset" value="Reset">
 </fieldset>
</div>
</form>
<script type="text/javascript" language="JavaScript">
 <!--
 // set focus to first field 
 document.forms['thisform'].elements['name'].focus(); 
//-->
</script>

I'm not going to go into explaining about the form elements as others do it much better elsewhere. It's a simple form with 4 visible fields and 1 hidden field for passing the referring page's url.

The first thing of note then is the two lines of JAVA that deal with the url:

var refpage = new String(document.referrer.replace( "http://www.richswebarchive.com", "RWA"));
document.forms['thisform'].elements['subject'].value = refpage;

The first line creates a new var of type String called refpage with the referring page's url, stripped of the string http://www.richswebarchive.com which is replaced with RWA. The second line then puts refpage into the subject element of the form, which is hidden as a field on the form, although it is displayed after Subject: on the mail-form, above the subjectUser field. The subject and subjectUser fields will be combined into one in the sendmail.php page.

This is a neat feature of the mail-form as it means I'll always know what page a user was looking at when they felt motivated to send me a message.

The next thing to mention is setting up the CAPTCHA box on the form. You have to sign up with a CAPTCHA service first and get hold of the two keys, one public one private, which make the whole system work. The instructions given and the bit of code they send you are simple and easy to understand. The following PHP code is inserted at the bottom of your form, just before the submit button:

<?php // set up CAPTCHA box
 require_once('recaptchalib.php');
 $publickey = "6LcldMASAAAAAJhgijHTLH-0JWhliBd_G6KdmCIQ";
 echo recaptcha_get_html($publickey);
?>

All you have to do is edit in your own public key and that's it for this page. The verification of the input takes place in the sendmail.php page.

One final thing to note is the JAVA line at the end of the body section which sets the focus to the name field:

document.forms['thisform'].elements['name'].focus(); 

So that's it, the mail-form is set up, we're about half way there. Now it's time to look at the Mail Validation & Sending page to get the rest of the story.


Once again, all the preceding text is from the webpage www.RichsWebArchive.com/aboutthissite/popupmailform/index.php and it reads as though you are viewing the actual page:

No comments:

Post a Comment

keep it nice now