Web2 style secure & flexible free php contact form with easy setup

Web2 style secure & flexible free php contact form with easy setupThis a small and powerful contact form, which protected with a random colored captcha. You can start to use it with changing just ADMIN_EMAIL. You can easily add-remove contact fields like name, email, homepage, phone number, fax, address, subject, message etc. You can easily set required fields, which visitors must fill. Required fields are red marked when visitors try to send form with empty values. It is flexible; you can change filename or include it in your cms modules. Because of more security it uses session for validation not cookies. There is also a small brute-force protection included. A small donation or backlink wished but not required. Demo in action! (Download link is below)

Code of PHP-File:


*	powered by @cafewebmaster.com
*	free for private use
*	please donate by paypal or give a backlink

// Configuration
define("ADMIN_MAIL", "your_email@example.com");
define("MAIL_SUBJECT", "Message over Contact-Form from Your Website");

// one line input fields like name, phone, fax, website etc, just add or remove what do you want
$contact_fields_input = array("Name", "Website", "E-Mail", "Phone_Number", "Subject"); // no spaces, no symbols

// multiline input field(s), just add or remove what do you want
$contact_fields_textarea = array("Message");

// required fields, visitor must fill to send form
$contact_fields_required = array("Name", "Website", "E-Mail", "Phone_Number", "Message");

// You dont need to change below

foreach($_GET as $k=>$v){
	$req_string .= "".$k."=".$v."&";
$selfurl = 'http://'.$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"]."?".$req_string ;


function playCaptcha(){

	$text = rand(999,9999); // 4 chars number
	$seckey = md5(strtolower($text));
	$_SESSION["seckey"] = $seckey;
	$img_w = 80;
	$img_h = 30;
	$left = 5;
	$top = 2;
	$font = 'verdana.ttf';
	$font_size = 6;
	$sleep = 1; // against  brute-force
	$imgd = imagecreate($img_w, $img_h);
	$bg_light = imagecolorallocate($imgd, rand(200,255), rand(200,255), rand(200,255));
	$red = imagecolorallocate($imgd, 255, 0, 0);
	imagefill($imgd, 0, 0, $bg_light);
	$polight = imagecolorallocate($imgd, rand(155,240), rand(155,240), rand(155,240));
	$points = array( rand(0,$img_w), rand(0,$img_h),  rand(0,$img_w), rand(0,$img_h),
                     rand(0,$img_w), rand(0,$img_h),  rand(0,$img_w), rand(0,$img_h),  rand(0,$img_w), rand(0,$img_h));
	imagefilledpolygon($imgd, $points, 5, $polight);
	while($i2<10){ $i2++;
		$clight = imagecolorallocate($imgd, rand(155,240), rand(155,240), rand(155,240));
		$r1 = rand(0,$img_w);   $r2 = rand(0,$img_h);   $r3 = rand(0,$img_w);   $r4 = rand(0,$img_h);
		imageline ( $imgd, $r1, $r2, $r3, $r4,  $clight);
	#   imageline ( $imgd, $r1+1, $r2, $r3+1, $r4,  $clight);
	while( $i < strlen($text) ){ $i++;
		$darkcolor = imagecolorallocate($imgd, rand(0,111), rand(0,222), rand(0,222));
		$current_letter = substr($text, $i-1, 1);
		$font2 = $font;
	#       if( is_numeric($current_letter) ){ $darkcolor = $red ; $font2 = 'times.ttf'; }
	#       imagettftext($imgd, $font_size, rand(-45,45), $left+($i*30), $top+rand(25,30), $darkcolor, $font2, $current_letter);
      imagestring($imgd, $font_size, $left+(($i-1)*20), $top+rand(1,5), $current_letter, $darkcolor);
	header("Pragma: no-cache");
	header("Content-type: image/jpg");
	ImageJPEG( $imgd );

} // end of playCaptcha

function displayContactForm(){
	global $selfurl, $contact_fields_input, $contact_fields_textarea, $contact_fields_required ;
	foreach($contact_fields_input as $v){ 
		$redmark = ($_POST && in_array($v, $contact_fields_required) && !$_POST[$v]) ? "redmark" : "" ;
		if($redmark) $error_req++;
		$required = in_array($v, $contact_fields_required) ? "*" : "" ;
		$htmo_form .= "$v $required :
	foreach($contact_fields_textarea as $v)	{ 
		$redmark = ($_POST && in_array($v, $contact_fields_required) && !$_POST[$v]) ? "redmark" : "" ;
		if($redmark) $error_req++;
		$required = in_array($v, $contact_fields_required) ? "*" : "" ;
		$htmo_form .= "$v $required :
		$redmark = ($_POST && $_SESSION["seckey"] != md5($_POST['captcha'])) ? "redmark" : "" ;
		if($redmark) $error_req++;
		$htmo_form .= "Captcha: 
		if($_POST && !$error_req){	
			foreach($_POST as $k=>$v){
				if($k == "captcha") continue;
				$mailbody .= "$k : \n$v\n\n";
			if(@mail(ADMIN_MAIL, MAIL_SUBJECT, $mailbody, "From: ".ADMIN_MAIL."\r\n")) {
				$htmo_form = "Your eMail has been sent. Thank you!";
			} else {
				$htmo_form = "Error: Mail could not been sent!";

echo <<



Contact us!

Powered by CafeWebmaster
cafewebmaster_com; } switch($_GET['yekta']){ case "captcha": playcaptcha(); break; default: displayContactForm(); }
Download free secure_contact_form.zip2.36 KB


Test this form...

testing contact form...

From and Replay:to

Same as Urmel, I don't know how to replace .ADMIN_MAIL. with the visitors e-mail as From: and Replay:to
This script has great Captcha, but e-mail sending options should be more visible and simple to modify.


Is this going to work?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <b> <pre> <h1> <h2> <h3> <h4> <h5> <h6> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <div> <style><img> <br> <blockquote>
  • Lines and paragraphs break automatically.
  • You may insert videos with [video:URL]

More information about formatting options

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

CafeWebmaster.com(CW) is a free online community for webdevelopers and beginners. Anybody can share their code, articles, tips, tutorials, code-examples or other webdesign related material on the site. Newbies can submit their questions and reply to existing questions. CW does not guarantee or warrant reliability of code, data and information published on the site. Use the site on your own risk. The site takes no responsibility of direct or indirect loss or any kind of harm to its users. The site also doesn't take responsibility of infected files or source code with any kind of infection or viruses, worms, spywares, malwares, trojan horses. CW reserves the right to edit, move, or delete any of content for any reason.