Good day friends, please i am still an upcoming developer please could you help me check if this contact form code is secured from hackers. Thanks
<?php
require "define.php";
$seotitlemeta = "Contact $sitename";
include './themes/header.php';
function filter_spam(&$string){ $url = str_replace(array("'", '', '%20'), ' ', $string); $url = preg_replace('~[\pL0-9]+u', ' ', $url); $url= strtolower($url); $url = trim($url, ""); return $url;}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = strip_tags($data);
return $data; } ?>
<h1 title="Contact <?php echo $sitename;?>">Contact <?php echo $sitename;?></h1>
<?php
if ($SERVER["REQUEST_METHOD"] == "POST") {
$code1= trim(preg_replace(array("'", "[^a-z0-9]+"), array("", ""), strtolower(test_input($POST['code']))), "-");
$code1 = substr($code1, 0, 10);
$code= trim(preg_replace(array("'", "[^0-9]+"), array("", ""), strtolower(bin2hex(test_input($POST['code1'])))), "-");
$code = substr($code, 0, 10);
if (filter_var(test_input($POST['mail']), FILTER_VALIDATE_EMAIL)) {
if(strlen(test_input($POST["message"])) > 5){
$email_sumbit = test_input($POST['mail']);
$contact_name = test_input(filter_spam($POST['name']));
$subject_submit = test_input($POST['head']);
$message_submit= test_input($POST["message"]);
if($code1!== $code)
{ } else {
$from = "$email_sumbit";
$to_email = "mail@example.com";
$subject = $subject_submit;
$message = $message_submit;
$headers = "From: $contact_name $from";
mail($to_email,$subject,$message,$headers);
$sent_show_response = '<div class="contact-done">Your message has been sent successfully</div>';
$message_sent_remove_form = "1";
}
}}
if ($SERVER["REQUEST_METHOD"] == "POST") {
if($sent_show_response){
$sent_show_response = $sent_show_response; } else {
if(strlen(test_input($POST["message"])) < 5){
$sent_show_response = '<div class="contact-fail">Your message is too short</div>'; } else{
$sent_show_response = '<div class="contact-fail">Please provide valid information</div><br>';
}}}}
?><p><?php echo $sent_show_response; ?></p><?php if ($message_sent_remove_form == '1'){ } else{ ?><?php $Random_code=mt_rand(); $Random_code = substr($Random_code, 0, 5); $Random_codehex = substr(bin2hex($Random_code), 0, 10); ?><div class="contact"><form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"><label> Full name: <input type="text" name="name" placeholder="Enter your full name" value="<?php echo $contact_name;?>" class="" required></label><label> E-mail address: <input type="email" name="mail" placeholder="Enter your valid e-mail address" value="<?php echo $email_sumbit;?>" class="" required></label><label> Subject: <input type="text" name="head" placeholder="Enter subject of your message" value="<?php echo $subject_submit;?>" class="" required></label><label> Message: <textarea name="message" placeholder="Write your complete message here..." class="" required><?php echo $message_submit;?></textarea></label><label> Human verification: <input type="text" name="code1" autocomplete="off" spellcheck="false" placeholder="Enter text shown on below image" class="captcha-in " required /><input type="hidden" name="code" value="<?php echo $Random_codehex; ?>" /></label><div class="captcha"><div class="image"><h3><b><?php $random_spilit = str_split($Random_code);foreach($random_spilit as $code_one_one){ echo "$code_one_one "; }?></b></h3><span class="overlay"></span></div><div class="reload"><font color="white" style="font-weight: bold;">CODE</font></div></div><button type="submit" name="submit"><span class="fas fa-paper-plane"></span> Send Message </button></form></div><?php }?></div></div><?php include './themes/footer.php'; ?>
