PHPackages nomadcode/simple-mailform - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. nomadcode/simple-mailform ActiveLibrary nomadcode/simple-mailform ========================= Simple one-page mailform utility 077[3 issues](https://github.com/angusmci/simple-mailform/issues)[1 PRs](https://github.com/angusmci/simple-mailform/pulls)PHPCI failing Since Dec 21Pushed 6y ago1 watchersCompare [ Source](https://github.com/angusmci/simple-mailform)[ Packagist](https://packagist.org/packages/nomadcode/simple-mailform)[ RSS](/packages/nomadcode-simple-mailform/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependenciesVersions (3)Used By (0) Simple Mailform =============== [](#simple-mailform) This is a minimalistic implementation of a mailform utility, designed to be used to provide a contact form for simple websites. Installation ------------ [](#installation) > composer require nomadcode/simple-mailform Usage ----- [](#usage) To use the mailform, add a `Nomadcode\Component\Mailform\Mailform` object to your page, then call the object's `process()` method. The object is initialized with three arguments. The first is a settings object, that contains configuration information for the script. The second is a greeting message to be displayed with the form. The third is the number of text lines to show in the message area of the form. All three arguments are optional, although it is very strongly recommended that you pass a settings object to configure the form. The settings object will contain the following entries: nameexampledescriptionsaltHelloWorld99!String used as salt when hashing messagesrecipientEmail address of the message recipientprefixMy WebsitePrefix added to Subject line of messagesloglogs/mailform.logPath to logfilecheck\_failure\_loglogs/failure.logPath to file for logging failed attemptshash\_algorithmsha256Algorithm used to generate message digestplaceholderstrueShow placeholders in message fields?capture\_dump\_filelogs/dumps.txtPath to file for dumping unsent messagesThe `salt` setting should be a (very) complex string. If you're not sure what to put, you could use a value from WordPress's handy [salt generator](https://api.wordpress.org/secret-key/1.1/salt/). The message will be sent to `recipient`, and the Subject line of the message will be prefixed with `prefix`. Log activity will be written to the logfile at `log` (make sure that the log exists, and that it is writeable by your webserver). If you want to keep track of attempts to send spam through your mailform, you can also specify a path for `checksum_failure_log`. If `placeholders` is `true`, then the message fields on the form will use HTML5 placeholders. This option is off by default, as studies have shown that users may find placeholders confusing. The `capture_dump_file` setting is provided for debugging purposes. If this is set to a file path, then the contents of the message will be written out to a text file before the message is sent. This provides a record of the message even if it is never sent. By default, this setting is not enabled. Example ------- [](#example) ``` // settings.php $settings = [ 'mailform' => [ 'salt' => 'someverycomplicatedstring', 'recipient' => 'user@example.com', 'prefix' => 'My Website', 'log' => $_SERVER['DOCUMENT_ROOT'] . "/../logs/mailform.log", 'checksum_failure_log' => $_SERVER['DOCUMENT_ROOT'] . '/../logs/rejection.log', 'hash_algorithm' => 'sha256', 'placeholders' => true, 'capture_dump_file' => $_SERVER['DOCUMENT_ROOT'] . "/../logs/mailform-dumps.txt" ] ]; ``` ``` // mywebpage.html include('settings.php'); require __DIR__ . '/../phplib/autoload.php'; $greeting = process(); ``` Notes ----- [](#notes) The component implements a multi-step process for sending mail. Each of the steps uses the same webpage, but -- depending on the state of the interaction -- the component generates different content. In the first step, the component creates a simple HTML5 form that allows the visitor to enter their name, email address, subject and a message. In the second step, the message is displayed back to them for confirmation. In the third step, the message is sent and an acknowledgement message is displayed to indicate success or failure. The component implements a basic anti-spam technique. Messages submitted by the user are hashed using a secret salt defined in the settings file. During the third step, the hash is passed along with the message. If the hash passed does not match the content of the message, the submission will be rejected. This provides only a basic defense. An adversary who knows the technique can modify their spambot to handle multi-step submissions, bypassing the security by imitating an actual user. However, must spambots are probably designed to cope with single-step submissions, where clicking 'Submit' on the mailform causes an immediate send of the message. It's likely that the majority of spambots will fail to recognize that an additional action -- clicking 'Submit' on the second page -- is required in order for the message to be submitted. This approach may be somewhat less intrusive than a CAPTCHA. It's also not a bad thing to give the user a chance to review their message before sending, as it may reduce the number of ill-formed or ill-considered messages submitted. Tests ----- [](#tests) > ./vendor/bin/phpunit Known issues ------------ [](#known-issues) None Changelog --------- [](#changelog) 0.2.0 First public release 0.2.1 Minor bugfix for 'From' line 0.2.2 Support for debugging 0.3.0 Additional features and improvements ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community4 Small or concentrated contributor base Maturity42 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/c8dbfd33567b15d5d33f0959f12baded28a9342cf2f10701bd23953adb78265a?d=identicon)[nomadcode](/maintainers/nomadcode) ### Embed Badge ![Health badge](/badges/nomadcode-simple-mailform/health.svg) ``` [![Health](https://phpackages.com/badges/nomadcode-simple-mailform/health.svg)](https://phpackages.com/packages/nomadcode-simple-mailform) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)