This simple PHP project will help you to create GDPR/DSGVO conform contact forms. It is targeted on Javascript-Based websites,which might not have a backend that is capable of sending emails or storing data in a database. This tool can easily be deployed on your own PHP host. Then you can send the contact form as a javascript request using formdata format.
Mail config in php.ini must be set up correctly and should support SSL/TLS in order to transfer the data securely.
Also this project should be hosted on a HTTPS secured server, so the data can be transered securely from the frontend to this php page.
Currently there is no CORS yet, since it is not yet included in our real case scenario project, but this will follow.
This project will protect your mailbox from spam using the securimage project (https://www.phpcaptcha.org/). I will not include it in this package, so you will have to download it from https://www.phpcaptcha.org/download/ and unzip it to the subfolder called "securimage" next to these php files.
Check out the config.inc.php
for the settings.
- $mailTo = '[email protected]';
- $mailSubject= 'New Contact form entry';
- $dbServer = 'localhost';
- $dbDatabase = 'contactform';
- $dbUsername = 'root';
- $dbPassword = '';
You only need to provide a valid database. A table called captchas will automatically be created. Un-resolved captchas are automatically removed, so do not worry about a hard disk full of captchas. But you still might need a rate limiter on the endpoint if you play it hard.
Request GET https://yourhost/yourpath/captchaid.php
to retrieve a captcha id. This will be in JSON format like so:
{ "captchaId": "4e320158cbffde426e2ba53ceccf9b9beec5638d" }
Put this captchaId into a hidden field called id
Create an image tag using this url as source: https://yourhost/yourpath/captcha.php?id=4e320158cbffde426e2ba53ceccf9b9beec5638d
using your captcha id. This will display the captcha.
To Update the image and slightly change it, just reload the image source.
Create a POST request to https://yourhost/yourpath/formtarget.php
with a formdata body using the following keys:
id
- Token idvalue
- User's input for token textname
- Name of the contact, format is sanitizedemail
- Email of the contact, format is validatedmessage
- Message, format is sanitizedphone
- Phone number, optional, sanitizedaccept
- Boolean value of (true, on, 1) to document the user has selected a checkbox accepting terms.
500
If something went really wrong.400
Bad request, form data invalid, or captcha id is too old / invalid.403
Captcha id correct, but solution wrong.200
All good.
Please be aware, that this took about 3 hours of work with few php skills, so feed free to optimize.