[webdesigner93]

Below you may download Rizo Contact v2.5


MAIN FEATURES

1.Known Robot Blocker
2.Spamword Filtering
3.Badword Filtering
4.Scanned with exploit scanner returns no vulnerabilities
5.5 fields included
6.Optional captcha included(Default is set to off)
7.Hidden bot trap
8.Validates AS (X)HTML 1.0 STRICT


 contact.png (72.89K)
Number of downloads: 139
 contact.zip (186.82K)
Number of downloads: 145

[TATA]

Is it good?

[webdesigner93]

TATA, on 20 April 2010 - 02:44 AM, said:

Is it good?

yes very simple to use yet secure

[TATA]

OK, I will try

[webdesigner93]

TATA, on 20 April 2010 - 04:18 AM, said:

OK, I will try

If u need any help let me know

[Ashley Byrom]

--Edit--

It wouldn't let me download but it just did - ignore this post

[webdesigner93]

Ok i have not posted to this post in along time but i decided to do one final version of Rizo contact which will be version 2.5 i'd like your input on what features u think should be added and what fields you would like to see added on this version

[junior]

Rather than the pop up boxes could it possibly go to another page etc?

Regards,
Junior

[webdesigner93]

junior, on 07 June 2010 - 06:56 PM, said:

Rather than the pop up boxes could it possibly go to another page etc?

Regards,
Junior

Yes i will consider doing this thanks for ur reply

[webdesigner93]

I have updated Rizo contact v1.9 with 10 cross site scripting fixes where people could inject things like javascript into fields ect... i've fixed this problem now enjoy

[TylerCollins]

Have you got an online demo?

[webdesigner93]

TylerCollins, on 15 July 2010 - 02:42 PM, said:

Have you got an online demo?

CUrrently no but if u scroll to the bottom of this site My link you will see a contact form of mine that Rizo contact v1.9 is built off of Mrsminkie though has customized my form to suit her needs but all in all thats a rough idea

[mrsminkie]

webdesigner93, on 15 July 2010 - 08:00 PM, said:

CUrrently no but if u scroll to the bottom of this site My link you will see a contact form of mine that Rizo contact v1.9 is built off of Mrsminkie though has customized my form to suit her needs but all in all thats a rough idea

I wondered why I had a sudden flurry of visits!!!

[webdesigner93]

mrsminkie, on 15 July 2010 - 10:14 PM, said:

I wondered why I had a sudden flurry of visits!!!

Ohh oops sorry i prob should of asked u to post that link first i hope u did not mind

[terydinho]

Nice script - topic pinned

[webdesigner93]

New Update

Ok i updated Rizo contact by getting rid of the dropdown list and inplace of that adding 2 extra form fields a zip code field that allows only numbers 0-9 to be used and a Phone number field that allows only numbers. Cheers

[SniderDK]

there are a few problems with this contact form, the main one i will point out is the dataClean actually aids code injection

function dataClean($data) {

 $data = stripslashes(trim(rawurldecode(strip_tags($data))));

 return $data;

}

echo dataClean('%3Cscript%3Ealert%28%27hacked%27%29%3B%3C%2Fscript%3E');

fixed:

function dataClean($data) {

 $data = addslashes(strip_tags(trim(rawurldecode($data))));

 return $data;

}

echo dataClean('%3Cscript%3Ealert%28%27hacked%27%29%3B%3C%2Fscript%3E');

you are currently striping tags, then converting url encoded entity's and even striping slashes... very handy

there are other problems with the script that i wont mention here, PM me if you like...

sorry to say all in all i would NOT use this script

[webdesigner93]

SniderDK, on 25 July 2010 - 09:33 PM, said:

there are a few problems with this contact form, the main one i will point out is the dataClean actually aids code injection

function dataClean($data) {

 $data = stripslashes(trim(rawurldecode(strip_tags($data))));

 return $data;

}

echo dataClean('%3Cscript%3Ealert%28%27hacked%27%29%3B%3C%2Fscript%3E');

fixed:

function dataClean($data) {

 $data = addslashes(strip_tags(trim(rawurldecode($data))));

 return $data;

}

echo dataClean('%3Cscript%3Ealert%28%27hacked%27%29%3B%3C%2Fscript%3E');

you are currently striping tags, then converting url encoded entity's and even striping slashes... very handy

there are other problems with the script that i wont mention here, PM me if you like...

sorry to say all in all i would NOT use this script

Thanks for your reply im constantly fixing new security issues with my scripts and i will take look into your finds and as for not using the script that's your option. However i've scanned this script several times with a vulnerability scanner and it came up with no finds, but like i said i'll still have a look cheers.

Regards

Steve

[SniderDK]

have you fixed the security hole i pointed out yet?

i wouldn't trust automated software unless your making pages to view the out that it can check to see if in fact it did break something.

anyway there are notices on the form (its an idea to have error reporting on full on your local machine), notices are there to inform you of problems.. take note of them and sort them.

your also better of using the ctype_* extension (http://php.net/ctype) its bundled with PHP5 so no need to deal with pecl and its done in C so you can be sure its fast.

there's also the filter extension, again part of PHP5 http://php.net/manua...rs.sanitize.php

also try adding a flaw to your script that the automated software will pick up because i bet you your using it wrong... seeing it dint pick-up url_encoded values weren't getting handled correctly or that your script totally fails the checks with UTF-8 chars as your not using the "u" modifier in the regex making them multi-byte aware... the lack of it picking that up means ether A) your using it wrong or putting it frankly its ****e.... i use http://w3af.sourceforge.net/ as its open source meaning you can make custom mods to it todo all kinds of crazy crap for you.

i appreciate in your last reply your trying to keep face but you just brushed over my post really with a "for the press" response rather than trying to fix your script which was the intention... and not to be funny it's not like i don't know what im doing ether and in my opinion this contact script is not ready for people to use, its close but needs more work to be soild and i am voicing that to not only the people using this now who are at RISK but the ones who are thinking about using it.

the only reason im bothering here is because this is a sticky'ed script and as such it should not have silly misstakes that it has in fact the moderator should not of sticked a script with a easy to spot security flaw as by doing so other people would assume that it has been reviewed by said moderator...

i just hope this can get taken in the way it was intended without a "flame war" i mean if someone posted like this to me when i was learning php in 01 i would of burnt them to the ground (yeah we were all stupid at one point)... so here it goes... im only trying to help!!

[webdesigner93]

Thank u for ur reply and i have indeed just now fixed that fixed the security hole u have pointed out, as for some of the extra things in php 5 i have left out because i was wanting this script to work with php 4 and 5 do u think this was a bad idea? thanks again for ur reply and i will continue to make this script sail worthy so to speak lol, hopefully with ur help and the help of the community cheers.

ps.I never believe in flaming someone who's trying to help i welcome all suggestions, well unless that person is just rude about it

Kind regards

Steve

[webdesigner93]

SCRIPT UPDATED

Ok i have now fixed the notices that appeared in the textboxs and textarea if ERROR_REPORTING(E_ALL); was set, i am currently fixing someother security problems that was so kindly pointed out so i urge anyone who has a non-current version of this script to download the updated one, download attachment has been updated to the current script. Cheers

Ps. u can download the script as i make the updates or u can wait to download it once i've made all the security updates which i will make a post when i have.

[SniderDK]

Hey,

It would be a good plan not to support PHP 4 its no longer officially supported by the php group http://www.php.net/a...hp#2007-07-13-1 ... really anyone who is using php4 at the moment should defiantly upgrade to version 5.. which is good because we can all stop making scripts with php4 compatibility and take advantage of php5's features like a better Object modal

[webdesigner93]

SniderDK, on 01 August 2010 - 11:21 PM, said:

Hey,

It would be a good plan not to support PHP 4 its no longer officially supported by the php group http://www.php.net/a...hp#2007-07-13-1 ... really anyone who is using php4 at the moment should defiantly upgrade to version 5.. which is good because we can all stop making scripts with php4 compatibility and take advantage of php5's features like a better Object modal

Ok thank u i was worried about compatibility issues, but i will start worrying more about php 5 now, u have helped so much imma give u credit in the script

[experience]

It would be good to include an example html page in the source files all ready to go so the user can upload and test before modding the files to their needs

[ayoungh]

experience, on 17 August 2010 - 11:17 AM, said:

It would be good to include an example html page in the source files all ready to go so the user can upload and test before modding the files to their needs

I think this would be good to, especially for noobz.

[webdesigner93]

ayoungh, on 17 August 2010 - 11:26 AM, said:

I think this would be good to, especially for noobz.

I've been so busy lately have not had time to work on this script anymore but i have the time now so i will deff do that thank u

PS, Thank u for everyone who does support this script and who has replied rather it be negative or positive anyone who would like to be added to the credits just ask and i will add u however u must have at least contributed something useful to the project rather it be an idea that gets added or a fix for certain parts of the form also anyone who would like to contribute a template for the forms look feel free to do so and u will also be added to the credits.

[Hubby]

I have to say: The script is nice.

There is only one thing.

<form method='POST' action='<?php echo "".dataClean($_SERVER['PHP_SELF']).""; ?>'>

Do not use the $_SERVER[PHP_SELF] array. The adress in this arry can be manipulate. Use instead the filename where the script should send the data to.

[webdesigner93]

Hubby, on 31 August 2010 - 04:48 PM, said:

I have to say: The script is nice.

There is only one thing.

<form method='POST' action='<?php echo "".dataClean($_SERVER['PHP_SELF']).""; ?>'>

Do not use the $_SERVER[PHP_SELF] array. The adress in this arry can be manipulate. Use instead the filename where the script should send the data to.

Thank u for the suggestion I will change this now

[webdesigner93]

NEW UPDATE:

Ok now i have fixed a few issues which include checking if the name field has just numbers 0-9 and letters A-Z before u could not have no spaces otherwise it would flag it as having invalid characters i overlooked this flaw, just found it the other day anyways its now fixed. I've also added a nice javascript refresh captcha feature on the captcha for this form so hope u enjoy

[headintheshed]

For some reason this bit doesnt work for me. (I get no captcha text to copy!!!)


<p>
<img id="captcha" src='captcha/captcha.php' title='Are you human?' /><br /><br />
* Are you human?<br />
<input type='text' name='spam' size='10' />
&nbsp;<a href="JavaScript: refresh_captcha();"><img style="border:none;" src="captcha/refresh.png" title="Generate new image" /></a>
</p>

Also, how do you adjust the Zip code instructions for UK users??
Thanks.

[webdesigner93]

headintheshed, on 19 September 2010 - 03:14 PM, said:

For some reason this bit doesnt work for me. (I get no captcha text to copy!!!)


<p>
<img id="captcha" src='captcha/captcha.php' title='Are you human?' /><br /><br />
* Are you human?<br />
<input type='text' name='spam' size='10' />
&nbsp;<a href="JavaScript: refresh_captcha();"><img style="border:none;" src="captcha/refresh.png" title="Generate new image" /></a>
</p>

Also, how do you adjust the Zip code instructions for UK users??
Thanks.

More then likly the captcha bit is something to do with server settings hard to tell what may be causing it not to show on ur server, for one make sure u have the GD library installed and enabled and idk what u mean by the zip code instrustions?

[rallport]

Just a suggestion, but why not convert this to use classes? Would be a lot easier for people to understand (even those who don't know PHP too well) and easier to manage for yourself/others.

E.g. you could cut down the amount of code in contact.php massively and simply include a couple of class files at the top.

Just a suggestion

Also, a lot of your data filtering could be done a lot easier using phps built in data filtering functions.

[webdesigner93]

rallport, on 13 October 2010 - 03:01 PM, said:

Just a suggestion, but why not convert this to use classes? Would be a lot easier for people to understand (even those who don't know PHP too well) and easier to manage for yourself/others.

E.g. you could cut down the amount of code in contact.php massively and simply include a couple of class files at the top.

Just a suggestion

Also, a lot of your data filtering could be done a lot easier using phps built in data filtering functions.

Hey thank you for the reply i plan on rewriting version 1.9 to utilize php's built in filtering functions, however if u want and have the time u could rewrite it into a class ect.. and include the filtering, and i will give u full credit just as long as i have credit for the original code ect.. it's up to u though thanks again for the suggestions.

EDIT: But if u dont get the chance thats ok to, v2.5 will be built as a class though which im currently working on and it will also utilize php's built in filter functions. after that i will more then likly disregard v1.9 considering it would prob be pointless to rebuild it since v2.5 will be quite better, unless u have rebuilt v1.9 then i'll keep it updated

[daniel7912]

Hi,

I've installed the script and followed all of the instructions etc, but when I try to use the form I just get the message 'Sorry could not send your message'.

What am i doing wrong?

Thanks.

edit: dont worry ive fixed it, thanks for the great script!

[webdesigner93]

daniel7912, on 19 October 2010 - 10:27 AM, said:

Hi,

I've installed the script and followed all of the instructions etc, but when I try to use the form I just get the message 'Sorry could not send your message'.

What am i doing wrong?

Thanks.

Mmm it is hard to say considering all servers where the contact form may be hosted can be different setups for sending email, but i'd be happy to take alook at it just message me on here and i will see if i can help u out

[AndyDesigns]

Hi,

I am trying to get this script working on my local xampplite installation. When I press the submit button the fields clear but nothing seems to be have been submitted, and i get no errors reported, php.ini has error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED and display_errors = on.

Your help would be greatly appreciated.

cheers

[webdesigner93]

web-apprentice, on 06 November 2010 - 06:23 PM, said:

Hi,

I am trying to get this script working on my local xampplite installation. When I press the submit button the fields clear but nothing seems to be have been submitted, and i get no errors reported, php.ini has error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED and display_errors = on.

Your help would be greatly appreciated.

cheers

I revised the script some to make it simplified to read and use i may have an error somewhere in there i'll take a look for u

[webdesigner93]

web-apprentice, on 06 November 2010 - 06:23 PM, said:

Hi,

I am trying to get this script working on my local xampplite installation. When I press the submit button the fields clear but nothing seems to be have been submitted, and i get no errors reported, php.ini has error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED and display_errors = on.

Your help would be greatly appreciated.

cheers

Mmmm all looks ok u sure the form action is correct on ur html form? it has to point to the file that the php is in

[AndyDesigns]

webdesigner93, on 06 November 2010 - 06:50 PM, said:

Mmmm all looks ok u sure the form action is correct on ur html form? it has to point to the file that the php is in

Hi, I have posted my html and php code below, please take a look when you can, thankyou:

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>TITLE</title>
<meta name="keywords" content="KEYWORDS" />
<meta name="description" content="DESCRIPTION" />
<link rel="stylesheet" href="styles.css" type="text/css" media="all"  />
</head>
<body>
<div id="container">
   <div id="header">
      <div id="navigation">
         <ul id="menu">
	     <li><a href="index.html">HOME</a></li>
	     <li><a href="about.html">ABOUT</a></li>
	     <li class="wide"><a href="portfolio.html">PORTFOLIO</a></li>
	     <li class="wideb"><a href="services.html">SERVICES</a></li>
	     <li class="widec contact"><a href="contact.html">CONTACT</a></li>
	 </ul>
      </div>
   </div>
   <div id="content">
      <div id="aboutme">
	  </div>
	  <div id="contentright">
	    <h2 class="contactme">Contact Me.</h2>
	    <p>Please get in touch by filling in the form below and I will get back to you as soon as possible, thankyou.</p>   
	    <form method="POST" name="contactform" action="mail_send.php"> 
		<p>
		<label for='name'>Name:</label> <br>
		<input type="text" name="name">
		</p>
		<p>
		<label for='email'>Email:</label> <br>
		<input type="text" name="email"> <br>
		</p>
		<p>
		<label for='message'>Message:</label> <br>
		<textarea name="message"></textarea>
		</p>
		<p class="submit">
		<input type="submit" value="Submit"><br>
		</p>
		</form>

		<script language="JavaScript">
		// Code for validating the form
		// Visit http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
		// for details
		var frmvalidator  = new Validator("contactform");
		frmvalidator.addValidation("name","req","Please provide your name"); 
		frmvalidator.addValidation("email","req","Please provide your email"); 
		frmvalidator.addValidation("email","email","Please enter a valid email address"); 
		</script> 

	  </div>
   </div>
</div>
<div id="footer">
	<div id="footer_content">
	<p>
	Copyright 2010 Andrew Turner. All rights reserved.
	</p>
	<ul id="footer_menu">
	    <li class="current"><a href="index.html">Home</a></li>
	    <li><a href="about.html">About</a></li>
	    <li><a href="portfolio.html">Portfolio</a></li>
	    <li><a href="services.html">Services</a></li>
	    <li><a href="contact.html">Contact</a></li>
	</ul>
	</div>
</div>
</body>
</html>

PHP

<?php
/*
Rizo Contact Form Mailer v1.9-- is a free and secure form mailer that you may
use for your website.
(C) Copyright Steve Morgan 2010 all rights reserved.


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

To read the GNU General Public License, see http://www.gnu.org/licenses
*/
error_reporting(E_ALL);
//Check if the form was submitted or not
if (!isset ($_POST['submit'])) {
  header("Location:contact.html");
}
//BOTS TO BLOCK
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer|T8Abot|Syntryx|WinHttp|WebBandit|nicebot)/i";
//BADWORDS TO BLOCK
$badwords = "/(bitch|dick|pussy|pussies|ass|****|cum|cumshot|cum shot|
gangbang|gang bang|god dammit|goddammit|viagra|anus|analsex)/i";
//EXPLOITS TO BLOCK
$known_exploits = "/(content-type|bcc:|cc:|javascript|onclick|document.cookie|onload)/i";
//Check if known bot is visiting
if (preg_match($bots, $_SERVER["HTTP_USER_AGENT"])) {
  exit ("Sorry bots are not allowed here!");
}
/*
------------------------------------------------------------------------
--------------------------------------------------------------------------------
*/
//YOUR EMAIL ADDRESS
$YOUR_EMAIL = "feedback@top-titles.co.uk";
//Your email address
$YOURWEBSITE = "My website";
//Your website
$Badword_mask = "****";
//Characters u wanna replace sent badwords with
//CREATE INPUT FILTER FUNCTION
function mss($string) {
  return addslashes(trim(strip_tags(rawurldecode($string))));
}
//END OF INPUT FILTERING FUNCTION
//OUR MAIN PHP VARIABLES
$name = (isset ($_POST['name'])) ? mss($_POST['name']) : FALSE;
$email = (isset ($_POST['email'])) ? mss($_POST['email']) : FALSE;
$message = (isset ($_POST['message'])) ? mss($_POST['message']) : FALSE;
$email_check = "/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i";
$ip = (isset ($_SERVER['REMOTE_ADDR'])) ? mss($_SERVER['REMOTE_ADDR']) : FALSE;
//Error array
$errors = array();
//END OF VARIABLE CREATION
/*
INPUT VALIDATION STARTS
*/
if (!$name) {
  $errors[] = "Please enter your name!";
}
if (!$email) {
  $errors[] = "Please enter your email address!";
}
else
  if ($email) {
    if (!preg_match($email_check, $email)) {
      $errors[] = "You must enter a valid email address!";
    }
  }
  if (!$message) {
    $errors[] = "You must enter a message!";
  }
//Check if any errors exist if they do display the errors
  if (count($errors) > 0) {
    foreach ($errors as $error) {
      echo "&bull; $error<br />";
    }
  }
  else {
//Send the email
    $body = "";
    $body .= "You have received an email from $YOURWEBSITE\n\n";
/*
-----------------------------------------------------------------
Loop through post array
-------------------------------------
*/
    foreach ($_POST as $key => $value) {

/*
-----------------------------------------------------------------
Badword checking
-------------------------------------
*/
      if (preg_match($badwords, $value)) {
        $value = preg_replace($badwords, $Badword_mask, $value);
      }
/*
-----------------------------------------------------------------
End of badword checking
-------------------------------------
*/
/*
-----------------------------------------------------------------
Exploit checking & blocking
-------------------------------------
*/
      if (preg_match($known_exploits, $value)) {
        $value = preg_replace($known_exploits, "", $value);
      }
/*
-----------------------------------------------------------------
End Exploit checking & blocking
-------------------------------------
*/
      $body .= ucwords($key) . ":$value\n\n";
    }
/*
-----------------------------------------------------------------
End post array loop
-------------------------------------
*/
    $body .= "IP:$ip\n\n";
    $body .= "Browser:" . $_SERVER['HTTP_USER_AGENT'] . "\n\n";
//SET UP HEADERS
    if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
      $headers = "From:$YOUR_EMAIL\r\n";
      $headers .= "Reply-To:$email\r\n";
    }
    else {
      $headers = "From:$YOURWEBSITE <$YOUR_EMAIL>\r\n";
      $headers .= "Reply-To:$email\r\n";
    }
//SEND THE EMAIL
    if (mail($YOUR_EMAIL, $body, $headers)) {
      echo "Your email has successfully been sent!<br /><br />";
    }
    else {
      echo "We can not send the email at this time please try again later!";
      exit ();
    }
}
?>

Thanks again for your time, much appreciated.

[webdesigner93]

web-apprentice, on 06 November 2010 - 11:26 PM, said:

Hi, I have posted my html and php code below, please take a look when you can, thankyou:

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>TITLE</title>
<meta name="keywords" content="KEYWORDS" />
<meta name="description" content="DESCRIPTION" />
<link rel="stylesheet" href="styles.css" type="text/css" media="all"  />
</head>
<body>
<div id="container">
   <div id="header">
      <div id="navigation">
         <ul id="menu">
	     <li><a href="index.html">HOME</a></li>
	     <li><a href="about.html">ABOUT</a></li>
	     <li class="wide"><a href="portfolio.html">PORTFOLIO</a></li>
	     <li class="wideb"><a href="services.html">SERVICES</a></li>
	     <li class="widec contact"><a href="contact.html">CONTACT</a></li>
	 </ul>
      </div>
   </div>
   <div id="content">
      <div id="aboutme">
	  </div>
	  <div id="contentright">
	    <h2 class="contactme">Contact Me.</h2>
	    <p>Please get in touch by filling in the form below and I will get back to you as soon as possible, thankyou.</p>   
	    <form method="POST" name="contactform" action="mail_send.php"> 
		<p>
		<label for='name'>Name:</label> <br>
		<input type="text" name="name">
		</p>
		<p>
		<label for='email'>Email:</label> <br>
		<input type="text" name="email"> <br>
		</p>
		<p>
		<label for='message'>Message:</label> <br>
		<textarea name="message"></textarea>
		</p>
		<p class="submit">
		<input type="submit" value="Submit"><br>
		</p>
		</form>

		<script language="JavaScript">
		// Code for validating the form
		// Visit http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
		// for details
		var frmvalidator  = new Validator("contactform");
		frmvalidator.addValidation("name","req","Please provide your name"); 
		frmvalidator.addValidation("email","req","Please provide your email"); 
		frmvalidator.addValidation("email","email","Please enter a valid email address"); 
		</script> 

	  </div>
   </div>
</div>
<div id="footer">
	<div id="footer_content">
	<p>
	Copyright 2010 Andrew Turner. All rights reserved.
	</p>
	<ul id="footer_menu">
	    <li class="current"><a href="index.html">Home</a></li>
	    <li><a href="about.html">About</a></li>
	    <li><a href="portfolio.html">Portfolio</a></li>
	    <li><a href="services.html">Services</a></li>
	    <li><a href="contact.html">Contact</a></li>
	</ul>
	</div>
</div>
</body>
</html>

PHP

<?php
/*
Rizo Contact Form Mailer v1.9-- is a free and secure form mailer that you may
use for your website.
(C) Copyright Steve Morgan 2010 all rights reserved.


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

To read the GNU General Public License, see http://www.gnu.org/licenses
*/
error_reporting(E_ALL);
//Check if the form was submitted or not
if (!isset ($_POST['submit'])) {
  header("Location:contact.html");
}
//BOTS TO BLOCK
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer|T8Abot|Syntryx|WinHttp|WebBandit|nicebot)/i";
//BADWORDS TO BLOCK
$badwords = "/(bitch|dick|pussy|pussies|ass|****|cum|cumshot|cum shot|
gangbang|gang bang|god dammit|goddammit|viagra|anus|analsex)/i";
//EXPLOITS TO BLOCK
$known_exploits = "/(content-type|bcc:|cc:|javascript|onclick|document.cookie|onload)/i";
//Check if known bot is visiting
if (preg_match($bots, $_SERVER["HTTP_USER_AGENT"])) {
  exit ("Sorry bots are not allowed here!");
}
/*
------------------------------------------------------------------------
--------------------------------------------------------------------------------
*/
//YOUR EMAIL ADDRESS
$YOUR_EMAIL = "feedback@top-titles.co.uk";
//Your email address
$YOURWEBSITE = "My website";
//Your website
$Badword_mask = "****";
//Characters u wanna replace sent badwords with
//CREATE INPUT FILTER FUNCTION
function mss($string) {
  return addslashes(trim(strip_tags(rawurldecode($string))));
}
//END OF INPUT FILTERING FUNCTION
//OUR MAIN PHP VARIABLES
$name = (isset ($_POST['name'])) ? mss($_POST['name']) : FALSE;
$email = (isset ($_POST['email'])) ? mss($_POST['email']) : FALSE;
$message = (isset ($_POST['message'])) ? mss($_POST['message']) : FALSE;
$email_check = "/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i";
$ip = (isset ($_SERVER['REMOTE_ADDR'])) ? mss($_SERVER['REMOTE_ADDR']) : FALSE;
//Error array
$errors = array();
//END OF VARIABLE CREATION
/*
INPUT VALIDATION STARTS
*/
if (!$name) {
  $errors[] = "Please enter your name!";
}
if (!$email) {
  $errors[] = "Please enter your email address!";
}
else
  if ($email) {
    if (!preg_match($email_check, $email)) {
      $errors[] = "You must enter a valid email address!";
    }
  }
  if (!$message) {
    $errors[] = "You must enter a message!";
  }
//Check if any errors exist if they do display the errors
  if (count($errors) > 0) {
    foreach ($errors as $error) {
      echo "&bull; $error<br />";
    }
  }
  else {
//Send the email
    $body = "";
    $body .= "You have received an email from $YOURWEBSITE\n\n";
/*
-----------------------------------------------------------------
Loop through post array
-------------------------------------
*/
    foreach ($_POST as $key => $value) {

/*
-----------------------------------------------------------------
Badword checking
-------------------------------------
*/
      if (preg_match($badwords, $value)) {
        $value = preg_replace($badwords, $Badword_mask, $value);
      }
/*
-----------------------------------------------------------------
End of badword checking
-------------------------------------
*/
/*
-----------------------------------------------------------------
Exploit checking & blocking
-------------------------------------
*/
      if (preg_match($known_exploits, $value)) {
        $value = preg_replace($known_exploits, "", $value);
      }
/*
-----------------------------------------------------------------
End Exploit checking & blocking
-------------------------------------
*/
      $body .= ucwords($key) . ":$value\n\n";
    }
/*
-----------------------------------------------------------------
End post array loop
-------------------------------------
*/
    $body .= "IP:$ip\n\n";
    $body .= "Browser:" . $_SERVER['HTTP_USER_AGENT'] . "\n\n";
//SET UP HEADERS
    if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
      $headers = "From:$YOUR_EMAIL\r\n";
      $headers .= "Reply-To:$email\r\n";
    }
    else {
      $headers = "From:$YOURWEBSITE <$YOUR_EMAIL>\r\n";
      $headers .= "Reply-To:$email\r\n";
    }
//SEND THE EMAIL
    if (mail($YOUR_EMAIL, $body, $headers)) {
      echo "Your email has successfully been sent!<br /><br />";
    }
    else {
      echo "We can not send the email at this time please try again later!";
      exit ();
    }
}
?>

Thanks again for your time, much appreciated.

Ok i found ur prob i think u need to name this input field submit

<input type="submit" value="Submit"> 

so it should look like this

<input type="submit" name="submit" value="Submit">

otherwise it will keep redirecting back to contact.html