PHP/AJAX pop up Mail Form

The pop-up Mail Form

This page presents a simple to implement and fairly secure Javascript/AJAX pop-up mailer. To try it out click the button below.

First we use a script similar to that used in our unblockable pop-up to display a form. At first I thought the form needed a captcha element but then I realised that if we use AJax to get a key value, and wrote the form in javascript this would deter all but the most determined Hackaz.

So here is the sequence of operations:

On page load we initialise the form by fetching a magick number from a PHP script.
When the button is pressed we pop-up the mail form.
When the form is finished with we send the fields via AJAX to a PHP script and wait for a return message
The PHP script either rejects the info or sends the email we show an email sent message or a guidance message then close the pop-up automagically after 5 secs.

Sounds simple but its gonna take a lot of code!

Below is the Javascript we require in the header:

AJAX Pop Up Mailer Javascript

var data;
var magick;

function getquerystring(action) {
var qstr;
if (action==1) qstr = 'pass=m12622p';  // NOTE: no '?' before querystring
if (action==2) 	qstr = 'data='+data;
return qstr;
}

function updatepage(str,action){
    if (action==1) {
			magick=str;
}
	if (action==2) {
		hideit('divpu');

if (str.length>3) {
			var ele=document.getElementById('divmess');
			ele.innerHTML="<center><h3>"+str+"</h3>This window will auto-close.<P></center>";
			revealit('divmess');
			setTimeout('hideit("divmess")',6000);
		}
	}
}

function hideit(tdiv){
document.getElementById(tdiv).style.top = 0;
document.getElementById(tdiv).style.left = -500;
document.getElementById(tdiv).style.visibility = 'hidden';
}

xmlhttpPost("mcode.php",1);

So we define some functions - the ajax functions are simply called with a flag to govern the actions taken by the script. See AJAX made simple for a description of the script function. We have 2 options here 1=get the magick number and 2=send an email. We then call xmlhttpPost to get the magick number from mcode.php (this is part of our hacker proofing).

In addition we need two PHP scripts the magick number script (mcode) and the mailer. Here they are:

AJAX Pop Up Mailer PHP Code for Magick Number (mcode.php)

This simple script takes a password and simply echoes a magic number consiisting of the unix timestamp + 8640 converted to base 30 arithmetic. You can do whatever you like to generate a number so long as your system can check it!

AJAX Pop Up Mailer PHP Code for Mail program (mailme.php)

$emailadd="somebody@someplace.com";
$allowed=array(
"http://www.webmaster-a.com/making-popup-mail-form-with-php-ajax.php",
"http://www.webmaster-a.com/contact.php");
$refurl=$_SERVER["HTTP_REFERER"] ;
foreach($allowed as $pageurl){
	if ($pageurl==$refurl) {
		sendthemail($emailadd);
		echo "Mail Sent";
		exit;
	}
}
echo "Mail Not sent - Invalid instruction";
exit;
function sendthemail($emailadd){
	list($message,$fremail,$key)=explode('XxXx',trim($_POST['data']));
	#check key
	$code=base_convert($key,30,10)-8640;
	$diff=time()-$code;
	##allow 20 mins diff
	if ($diff>(20*60)) {
		sleep(10); #anti hack
		echo "Mail Not Sent - Code Timed Out";
		exit;
	}
	if ($diff<3) {
		sleep(10); #anti hack
		echo "Mail Not Sent - Invalid Code";
		exit;
	}
	#we should be ok if we get this far! Now do we have a message...
	if (strlen($message)<30){
		echo "Mail Not Sent - Message too short. Must be 30 chars or more.";
		exit;
	}
	#email is not mandatory
	if (trim($fremail)=="") $fremail="No email Address given for Reply";
	mail($emailadd, "Email from Public at Webmaster-a", "Contents:\n\n$message\n\nFrom $fremail\n\n");
}

So we check first to make sure that the page we are being called from is an allowed page... this avoids cross site script attacks. Then we check the magick number when decoded is between 3 seconds and 20 minutes old. Finally we see if there is actually a message to send, then if all is ok we send the message.

In html we need some styling code, a button and two divs, one for the form and one for the response message. Something Like this:

Javascript/AJAX Pop Up Mailer HTML/Javascript Code

<div class="divms" id="divmess" name="divmess">
Message will go here....
</div>

<div class=divp id=divpu name=divpu>
<table cellpadding=20 border=2 bgcolor=white width=440 align=center><tr><td><h2 align=center>Email Us!</h2><form name=email>Message:<br><textarea name=message rows=10 cols=50></textarea><P>Your Email:<br><input type=text size=50 name=semail><P><input type= button value="Send Mail" onclick="sendme();" ></form></td></tr></table>
<script >
function sendme(){
data=document.email.message.value+"XxXx"+document.email.semail.value+"XxXx"+magick;
xmlhttpPost("mailme.php",2);
}
</script>
</div>
</body>

Note that the form has also the javascript that puts together the query string data to send to the mail program, and the call to the AJAX functions-this is because I like to group functions with their html where it is logical to do so.

Please note that the exact codes used to secure the mailer on this page have been changed to protect the innocent... Simple Huh? You are welcome to use any or all of this code. A link back would be nice!

Message will go here....

Email Us!

Useful Pages

Social Bookmarking:

PHP Unique Filename Referrers

bookmark hit
vidvain.com
www.google.co.in
www.google.com
...
internal hit
www.google.com.sg
www.google.com.om
www.google.co.uk
...
ozinengland.com
...
...
www.google.com.kh
...
ecashhyip.com
www.google.co.id
...
www.google.com.ph
...
www.google.de
www.google.at
www.google.ro
www.google.it
www.google.com.tr
www.google.com.ar
www.google.com.pk
www.google.cl
www.google.com.au
...
...
www.google.com.ng
www.google.co.il
www.google.lk
bilber.net
www.google.co.mz
www.google.com.br
www.google.rs
search.babylon.com
www.google.be
www.google.ee
...
www.google.ie
yandex.ua
blog.bitcomet.com

This list of people who link to this PHP Code Snippet page is automagically maintained. Link to us, send traffic, and get listed. Simple.