GBCF-v3 Secure & Accessible Form Script
Introducing Mike Cherim's GBCF-v3 Secure and Accessible PHP Contact Form.
Contact form spam is bad for everyone, but with this script you can rest easy knowing your form is safe, accessible, and valid. Now, as 95292 others have done, you can download it for free. Want to learn more first? Check out the included validation, help (updated 1.30.2009 at 11:23 am), and test form pages.
The version two of my form, which is also available as a WordPress plugin (this copy is not yet for WP), works well, but there were enough little support-craving issues to warrant creating a version 3. This is it and it's more than just a secure and accessible contact form. This version is feature rich — language support, choices about what inputs to offer, display options, and much more. Plus, even though you won't get this page, the other pages, the validation, help, and test form pages, actually come with the download and are designed to help you set it up and pre-test the script. This version is sophisticated, powerful, flexible, and easy to install (I think so) if you take it a step at a time. So, what do you think?
This version is has myriad features and fine details. Way too many to list them all here. But here's a quick overview:
- Easy Usage Terms: While giving credit in the form of keeping the form footer link is cool, as is hiring me, giving a donation (a commission if you're a webby dever), or making a language or style contribution, there are no strings. Don't redistribute it or claim it as your own work and we're good.
- Easy Setup Steps: There are some very advanced features using this form, but with only one file you need to configure (you can edit two), one file to make writable, one include, and two
headlinks to make, and some optional styling, it's really quite easy. Start with the README file.
- Hardened Security: Security hardened against spam 'bots, header injection, cross-site scripting (XSS), email harvesters, and in some cases, pesky human users that you can block (if they have the same IP address).
- Highly Configurable: You can have all the fields showing (like the test form), as it is by default, or turn some off. This form can be as lean as the required fields only: Name, Email, Subject, Message, and the Anti-spam Question.
- Persistent Validity: Regardless of what optional fields you have, the form knows what to add or remove to ensure the form stays valid, accessible, and usable. Based on some things I saw with version two, I thought this would be beneficial.
- Language Support: Offers exceptional language support. From a configurable character set, selecting a language also grabs an easy-to-edit language file (if language file exists). The language files, ca, be, sv, id, en-us, ja, zh-tw, nl, de, en, pl, tr, zh-cn, sk, fi, pt, gl, en-gb, no, es, he, pt-br, el, da, ru, cy, lv, my, fr, it, es-sp, ro, are currently available. In use now is the en file. More language files wanted, please.
- Inherent Intelligence: In addition to the ability to remain valid and semantic, everything under the hood happens automatically. Change a form legend and it happens in the email as well. And this is just the beginning. The form script is smart!
- Error Management: Smart yet human-forgiving errors. Get the anti-spam question wrong and you are given the correct answer. Fill in the honeypot and the script clears it for you and tells you to try again.
- Smart Feedback: All errors and users messages are clear and immediately accessible to users. In many cases, where applicable, users are provided with link directing them to the culprit input. User messages, because they are important, are wrapped in
strongtags. This is quite proper.
- Input Highlights: Missing a required input - while well marked in three possible configurations - the user is given the error, a link to the input, a border around the input, and a colored, bolded label. Miss that!
- Themes Potential: Until contributors make themes for the download (even some basic color schemes would be cool), the form does come with a style sheet that you can use to help you with form styling. All the classes and IDs are shown to help.
- Back Button Gone: All errors are returned to the same page. No more hitting the back button to fix the problem. And no more lost data experienced by some Safari users on Macs reported with version two. All stuff like that was addressed.
- Blocked/Error Stats: This script will keep track of error-trip statistics which serves as an indictor to the form's effectiveness. Right now all form errors are recorded. Is this overkill? Isolating 'bot errors only isn't possible as some features can be triggered by both man and machines.
- Anti-Flood Control: This version offers an anti-flood control that can be activated if really needed. Flooding is when a user refreshes/re-submits the form repeatedly, sending numerous emails. This feature also provides an aggression level setting.
- Myriad Advanced Settings: Mail server not cooperating? Well this version offers several advanced features to help you get stuff working. There are also configurable input length variables in this section. Possibly useful if you want to change the Phone input to something else, for example.
- Admin Lockdown Mode: New lockdown mode so you can turn your form off during closures, site or form maintenance or re-styling. One user IP address is allowed to access and use the form during lockdown.
- Thank You Option: If you want users who successfully submit the form to wind up on your own custom thank you page, you now can with two easy configuration settings. This, as well as the anti-flood, can be troublesome, depending on several factors.
- Excellent Support: I'm told I offer great support, but I do like people to first try and help themselves. That's why this form comes with it's own help page you can put online during setup. You may also see my help page at any time. Either will offer you the means to help yourself.
A brief overview of script changes with upgrade suggestions. Files marked with !!! means those are files you may have edited. (Important: All updates require the
version.php file to be swapped out.)
- B3.20090130.01 Update. The
-fparameter was changed to be switched via the config file. Swap out the
CONFIG.php!!! files. The language file
eswas updated so you may want to swap out the
es!!! file. The language file
cawas added. If needed, add the file,
cafiles to the
- B3.20081118.01 Update. The
-fparameter was added to introduce a proper Return-Path allowing better service for some users such as those using AOL accounts. Swap out the
functions.phpfile. The language file
elwas added. If needed, add the file,
- B3.20081002.01 Update. The language file
plwas added. If needed, add the file,
- B3.20080906.01 Update. The language file
cywas added. If needed, add the file,
- B3.20080731.01 Update. The
functions.phpfiles were edited to fix an issue of the CC checkbox not remembering if it's checked during a failed form submission. Swap out the files
help.phppage had an FAQ added and a language file, sk, was added, upload them if you need them.
- B3.20080622.01 Update. The
form.phpfile was edited to remove another instance of the
langattribute used in the form footer
p, which is not valid in XHTML 1.1. Swap out the file
form.php!!!. Two variables were added to the
functions.phpfile, managed and added to the
CONFIG.phpfile. Swap out the
CONFIG.php!!! files if you want to keep stay current (recommended due to future upgrades). The
validation.phpfiles were updated to reflect the aforementioned changes. A language file, id, was added, upload it if you need it.
- B3.20080602.01 Update. The
form.phpfile was edited to remove instances of the
langattribute used on the main form
div, which is not valid in XHTML 1.1. Swap out the file
- B3.20080503.01 Update. The language file
lvwas edited. The language files, pt, zh-cn, zh-tw, and tr were added. If needed, swap out the file
lv!!!. Add the files,
- B3.20080405.01 Update. The
form.phpfile was edited (one label changed), one error text was edited in the
functions.phpfile, and a new FAQ was added to the
help.phpfile. The language file, my, was added. Swap out the files
help.php. Add the file,
- B3.20080312.01 Update. The language files, sv, he and es, were updated (sv and he were actually just re-saved in UTF-8), and the language files, es-sp, de, and pt-br were added. Swap out files
he!!!, if applicable. Add files,
pt-brfiles to the
- B3.20080211.01 Update. A language file, lv, was added. Add file
- B3.20080209.02 Update. Whoops. Scratch the last one. I had to do it another way... grrr. Swap out files:
- B3.20080209.01 Update. An editable function was added to the functions file to correct two issues I discovered when installing this form in a differently-named directory. The help and readme files were also updated. Swap out files:
- B3.20080208.01 Update. A bug was found in the functions file allowing thank you page and anti-flood redirect the user on invalid posting attempts. Swap out file:
- B3.20080205.01 Update. A small error was found in the functions file (email case issue). Also, he language file and matching style sheet were added. Swap out file:
functions.php. Add files:
langsfolder, and add
- B3.20080203.01 Update. The fr and ro language files were edited. An update was made to the help page FAQs, the form file was slightly modified, and a small error was found in the functions file. Three style sheets were added. Swap out files:
functions.php, and the
rolanguage files. Add files:
- B3.20080127.01 Update. A language file, ro, was added. An update was made to the help page addressing the still open issue defined in build
B3.20080124.01below. Swap out file:
help.php. Add file:
- B3.20080124.01 Update. A language file, no, was added. A small edit was made to fix a
Header Already Outputwarning that some sites might experience when using the thank you page or anti-flood features. Swap out file:
functions.php. Add file:
- B3.20080115.01 Update. Two language files, be and nl, were added. Add files:
- B3.20080114.01 Update. A few file updates were made, tweaks, and ru and ja language files were added. Swap out files:
functions.php. And add
- B3.20080109.01 Update. A few file updates were made and a new es language file was added. Swap out files:
default.css!!!. And add
- B3.20080108.01 Update. A thank you page option was added, some general content changed, and the it language file was updated again. Swap out files:
- B3.20080107.01 Update. A couple of typos were found, and a really obscure label association bug was identified and fixed in the
form.phpfile. Swap out files:
form.php, and the
CONFIG.php!!! (typo only so no worries).
- B3.20080106.04 Update. Installing mulitple copies ended up being more of a struggle than anticpated, but several changes where made to better accommodate this. When installing multiple copies, you will have to make a few small config-type edits in five files, super simple. Details are avilable in the FAQs. The Italian it language file was tweaked, and the Finnish fi language file has been added. The time zone was removed from the time stamp. A problem with this was found and it wasn't worth the effort to circumvent it. Swap out files:
form.php, and the
it!!! language file. Add the
- B3.20080106.03 Update. Based on feedback from users having an undefined function call errors when putting the files more deeply than anticipated, all path negotiations were edited. Swap out files:
- B3.20080106.02 Update. An error in the include negotiation was found in the test-form file. Swap out file:
- B3.20080106.01 Update. A few minor edits/modifications were made and the da, sv, and it language files were added. A correction was made to the fr file. Swap out files:
CONFIG.php!!! (for a typo only), and
fr!!!. And add
- B3.20080102.01 Update. A few minor edits were made, a styling fix (bug noted), and the fr language file was added. Swap out files:
default.css!!!. And add
- B3.20071231.01 First release final. Since last a language file typo was fixed, and an anti-flood control with aggression setting was added. This is a configurable item. Swap out files:
- B3.20071230.RC1 Initial release candidate. So far so good, hehe.
Come back now and then to check for upgrades. Every attempt will be made to keep them simple drag-and-drop operations.
I can't do all this myself. I get by with a little help from others. In the case of this form I would like to acknowledge the following people. (Note: Language files may not appear as they really are on your browser due to encoding.)
- Everyone who helped me with version two, plus...
- Gill Lucraft made this French fr language file.
- Mark Barner made this Danish da language file.
- Tommy Olsson made this Swedish sv language file.
- Pierluigi Montinaro made this Italian it language file.
- Dave and Pirjo Prescott made this Finnish fi language file.
- Joe Dolson helped locate a really obscure label association bug.
- Peter Abrahams for identifying a time zone issue.
- Blair Millen for giving me the idea of adding a thank you page option.
- Mel Pedley and Phil Smears for both offering an indepth script check.
- Gui made this Spanish es language file.
- Roman Matusevich made this Russian ru language file.
- Yoichi Kinoshita made this Japanese ja language file.
- Michel Tournier made these Dutch nl and Belgian be language files.
- Tormod Rangnes made this Norwegian no language file.
- Radu Micu made this Romanian ro language file.
- Jean-Jacques Etotoué edited the French fr language file.
- Ron Roy made me aware of an XHTML 1.1 validation error. I removed the
langattribute from the
- Sophie Garrett made me aware of an email case-sensitivity issue. I updated the
functions.phpfile to correct the issue.
- Oren Farhi made this Hebrew he language file and a matching RTL modified style sheet:
- John Nelson reported and identified an issue allowing invalid submissions to redirect.
- Edgars Kalchenko made this Latvian lv language file. Typo later identified by Baiba.
- Laura Moreno made this Spanish (Spain) es-sp language file.
- Brian Templeton updated the Spanish (Central America) es language file.
- Cornelia Kraus made this German de language file.
- Thiago Estrela made this Portuguese-Brazil pt-br language file.
- Wan Assad made this Malay my language file.
- João Alexandre made this Portuguese pt language file.
- Tolga Mirmirik made this Turkish tr language file.
- Jesse Lee made these Simplified Chinese zh-cn (People's Republic of China) and Traditional Chinese zh-tw (Taiwan) language files.
- Michael Venables reminded me of a
langattribute usage issue making the form invalid with XHTML 1.1. (main
- Ode made this Indonesian id language file.
- Jack Toering reminded me of a
langattribute usage issue making the form invalid with XHTML 1.1 (form footer).
- Michal Miksik made this Slovak sk language file.
- Blair Millen found an error with the CC option when checked during an error submission. It would reset itself.
- Kevin Donnelly and Stefhan Caddick made this Welsh cy language file.
- Piotr Barszczewski made this Polish pl language file.
- Panos Chronopoulos made this Greek el language file.
- DC identified an improper Return-Path issue and proposed the
- David Zemens confirmed that the Return-Path issue noted previously will not work for all. A switch for the
-fparamenter was added.
- Balbina Escale made this Catalan ca language file.
- Jesus Quintana made this Galacian (Galego) gl language file and revamped the Spanish es language file.
If you would like to be a contributor, style sheets and language files are needed (ca, be, sv, id, en-us, ja, zh-tw, nl, de, en, pl, tr, zh-cn, sk, fi, pt, gl, en-gb, no, es, he, pt-br, el, da, ru, cy, lv, my, fr, it, es-sp, ro, are already done). See the default style sheet and default en language file to serve as working examples or templates if you will. To learn more about this opportunity, use the test form to get in touch. If you have contributor language questions, please see this language help file, then contact Mike if you still need help. Current themes available: default (green), blue, gray, orange, and hebrew.