Form validation where all fields are required. The email field uses an extra syntax and dns check. This script is currently live at: www.why-guy.com/site/contact
CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases. To enable this edit application/config/config.php file and set:
$config['global_xss_filtering'] = TRUE;
$config['csrf_protection'] = TRUE;
Controller example:
/**
* contact form
*/
public function contact(){
$formsubject = date("Y-m-d H:i:s")." | ".
$_SERVER['REMOTE_ADDR']." | why-guy.com/site/contact";
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('name', 'Name', 'trim|required|min_length[3]|max_length[50]');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email|callback_email_check');
$this->form_validation->set_rules('comment', 'Comment', 'trim|required|min_length[5]|max_length[120]');
if ($this->form_validation->run() == FALSE){
//FAIL form rules are not met, reload the form
$data = array("page_title" => "contact me",
"form_subject" => $formsubject,
"form_button" => "<button type=\"submit\" class=\"btn btn-success\">Send the form</button>");
}elseif($this->form_validation->run() == TRUE ){
//SUCCES form rules are met, send the email
$name = trim(addslashes($_POST['name']));
$email = trim(addslashes($_POST['email']));
$comment = trim(addslashes($_POST['comment']));
$message = "name: ".$name."\n\n".
"email: ".$email."\n\n".
"comment: ".$comment;
$this->load->library('email');
$this->email->from('noreply@why-guy.com', 'site mail');
$this->email->to('guy@why-guy.com');
$this->email->subject($formsubject);
$this->email->message($message);
$this->email->send();
$data = array("page_title" => "contact me",
"form_subject"=> $formsubject,
"form_button" => "<button type=\"submit\" class=\"btn btn-success\" disabled>Send the form</button> Thank you, your form is send ");
}
$this->parser->parse('templates/header',$data);
$this->parser->parse('site/contact',$data);
$this->parser->parse('templates/footer',$data);
}
/*
* domain checker used for the contact form (above)
*/
public function email_check($str){
$domainname = explode("@",$str);
if (dns_get_record($domainname['1']) == FALSE){
$this->form_validation->set_message('email_check', 'The {field} field contains a invalid domainname');
return FALSE;
}
else{
return TRUE;
}
}
If you use the form helper the form_open() function will automatically insert a hidden csrf field in your forms.
View example:
<div class="col-md-2"></div>
<div class="col-md-8 panel">
<ul>
<h2>Please fillout the contact form (all fields are required).</h2>
<?php echo form_open('/site/contact'); ?>
<div class="form-group">
<label for="exampleInputEmail1">Name<?php echo form_error('name', '<div class="alert alert-danger fade in"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>', '</div>'); ?></label>
<input type="name" name="name" class="form-control" id="Username" placeholder="Your name" value="<?php echo set_value('name'); ?>" required>
</div>
<div class="form-group">
<label for="exampleInputEmail1">Email<?php echo form_error('email', '<div class="alert alert-danger fade in"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>', '</div>'); ?></label>
<input type="email" name="email" class="form-control" id="inputEmail" placeholder="Your email" value="<?php echo set_value('email'); ?>" required>
</div>
<div class="form-group">
<label for="exampleInputEmail1">Subject</label>
<input type="text" name="subject" class="form-control" id="subject" value="{form_subject}" required disabled>
</div>
<div class="form-group">
<label for="comment">Comment:</label><?php echo form_error('comment', '<div class="alert alert-danger fade in"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>', '</div>'); ?>
<textarea name="comment" class="form-control" rows="5" id="comment" placeholder="Your comment" required ><?php echo set_value('comment'); ?></textarea>
</div>
{form_button}
</form>
</ul>
</div>
<div class="col-md-2"></div>