add criteria to check :
– detail input not allowed any url
– name input not allowed number
– topic input must be thai language
-tel input must be 10 digit format with 081… 06x.. or 08x or 09x ..
– check email allowed for .com or .co.th or .org
– check ban word suck ,ass, sexy , porn in all field
<?php
session_start();
if(isset($_POST['submit'])) {
// check Thai characters in topic input
if(!preg_match("/^[ก-๙เ ]+$/u", $_POST['topic'])) {
echo "Please enter Thai characters in the topic input field only.";
exit;
}
// check name input not allowed numbers
if(preg_match("/^[0-9]+$/", $_POST['name'])) {
echo "Please enter alphabets in the name input field only.";
exit;
}
// check tel input format
if(!preg_match("/^0(6|8|9|81)[0-9]{7}$/", $_POST['tel'])) {
echo "Please enter a valid 10-digit phone number in the format 081... or 06x... or 08x... or 09x...";
exit;
}
// check email allowed domains
if(!preg_match("/^[a-zA-Z0-9._%+-]+@(?:[a-zA-Z0-9-]+\.)+(?:com|co\.th|org)$/", $_POST['email'])) {
echo "Please enter a valid email address with .com or .co.th or .org domain.";
exit;
}
// check for banned words
$banned_words = array("suck", "ass", "sexy", "porn");
$input_fields = array("name", "topic", "detail", "tel", "email");
foreach($input_fields as $field) {
foreach($banned_words as $word) {
if(stripos($_POST[$field], $word) !== false) {
echo "Please do not use inappropriate language in the form fields.";
exit;
}
}
}
// check detail input not allowed url
if(preg_match("/(http|ftp|mailto|javascript):/i", $_POST['detail'])) {
echo "Please do not include URLs in the detail input field.";
exit;
}
// check input speed
if(isset($_SESSION['submit_time']) && time() - $_SESSION['submit_time'] < 15) {
echo "You are submitting the form too quickly. Please wait for 15 seconds before trying again.";
exit;
}
// check submission time spent on the page
if(isset($_SESSION['page_load_time']) && time() - $_SESSION['page_load_time'] > 50) {
echo "You have spent too much time on the page. Please refresh the page and try again.";
exit;
}
// prevent user from submitting again within the last 50 minutes
if(isset($_SESSION['last_submit_time']) && time() - $_SESSION['last_submit_time'] < 3000) {
echo "You have already submitted the form. Please wait for 50 minutes before trying again.";
exit;
}
// send email
$name = $_POST['name'];
$topic = $_POST['topic'];
$detail = $_POST['detail'];
$tel = $_POST['tel'];
$email = $_POST['email'];
$to = "mail@mail.com";
$subject = "New form submission";
$message = "Name: " . $name . "\n" . "Topic: " . $topic . "\n" . "Detail: " .
$detail . "\n" . "Tel: " . $tel . "\n" . "Email: " . $email;
$headers = "From: " . $email;
mail($to, $subject, $message, $headers);
$headers = "From: " . $email . "\r\n" .
"Reply-To: " . $email . "\r\n" .
"X-Mailer: PHP/" . phpversion();
if(mail($to, $subject, $message, $headers)) {
echo "Thank you for your submission.";
// set session variables
$_SESSION['last_submit_time'] = time();
$_SESSION['submit_time'] = time();
$_SESSION['page_load_time'] = time();
} else {
echo "Failed to send email. Please try again later.";
}
}
?>
<form method="post" action="">
<label for="name">Name:</label>
<input type="text" id="name" name="name" required>
<br>
<label for="topic">Topic (Thai characters only):</label>
<input type="text" id="topic" name="topic" pattern="^[ก-๙เ ]+$" required>
<br>
<label for="detail">Detail (not allowed URL):</label>
<textarea id="detail" name="detail" required></textarea>
<br>
<label for="tel">Tel:</label>
<input type="tel" id="tel" name="tel" pattern="^0(6|8|9|81)[0-9]{7}$" required>
<br>
<label for="email">Email (allowed domains: .com, .co.th, .org):</label>
<input type="email" id="email" name="email" pattern="^[a-zA-Z0-9._%+-]+@(?:[a-zA-Z0-9-]+\.)+(?:com|co\.th|org)$" required>
<br>
<button type="submit" name="submit">Submit</button>
</form>
การใช้งานสามารถแยกไฟล์เป็นสองไฟล์ได้ เช่นกัน
To use the two codes together, you can copy and paste them into separate files. For example, you could save the PHP form code in a file called form.php and the PHP mail code in a file called sendmail.php. Then, you can modify the form code to submit the data to the sendmail script by changing the action attribute of the form tag to the URL of the sendmail script. For example:
<form method="post" action="sendmail.php">
This tells the form to submit the data to the sendmail.php script when the submit button is clicked. The sendmail script will receive the data from the form, check it for the criteria you specified, and send an email if all checks pass. If any of the criteria fail, the script will prevent the email from being sent and display an error message instead.
Note that you may need to modify the file paths and other details in the code to match your server environment and email settings.
แก้ใหม่
if I want the user to stay on this page for at least 50 seconds to be able to use the form? Is this code correct? :
// check submission time spent on the page
if(isset($_SESSION['page_load_time']) && time() - $_SESSION['page_load_time'] > 50) { echo "You have spent too much time on the page. Please refresh the page and try again."; exit; }
No, the code you posted is checking if the user has spent more than 50 seconds on the page, and if so, it will display an error message and prevent the form from being submitted.
If you want to require the user to spend at least 50 seconds on the page before submitting the form, you need to modify the code. Here's an example:
// check time spent on the page
if(isset($_SESSION['page_load_time']) && time() - $_SESSION['page_load_time'] < 50) {
echo "Please spend at least 50 seconds on the page before submitting the form.";
exit;
}
This code checks if the $_SESSION['page_load_time'] variable is set and if the difference between the current time and the time the page was last loaded (time() - $_SESSION['page_load_time']) is less than 50 seconds.
If the condition is true, the code displays an error message that tells the user to spend at least 50 seconds on the page before submitting the form.
Note that this code should be placed before the code that checks for the maximum time spent on the page, as it modifies the same variable ($_SESSION['page_load_time']).