Changelog for PHP Script Version

Download the newest Fast Secure Contact Form – PHP Script Version
Tip: How to upgrade Fast Secure Contact Form PHP Script version

Version: 3.2.1 – 13-Feb-2017
– Fix error about missing temp folder during first time installation.

Version: 3.2.0 – 09-Feb-2017
– Upgrade phpmailer to latest version 5.2.22
– Added Google No CAPTCHA reCAPTCHA. By default, the original Secure Image CAPTCHA is enabled, but you can enable Google reCAPTCHA if you want. Just go to the form edit page – CAPTCHA Settings. Check the setting “Enable reCAPTCHA”, enter your Google reCAPTCHA keys for the site. Included is a link to get new free keys. Some users have reported a recent increase of spam on their forms, if you are having this problem, I suggest enabling Google reCAPTCHA.
– removed a couple old settings for the CAPTCHA, and the old captcha test page.
– make compatible with PHP 7.

Version: 3.1.4 – 03-Jan-2017
– Upgrade phpmailer to latest version 5.2.21
– Apply similar patch to CVE 2016 10033 and CVE 2016 10045 vulnerabilities. SECURITY Critical security update for CVE-2016-10045 please update now!

Version: 3.1.3 – 01-Nov-2016
– Upgrade phpmailer to latest version 5.2.16
– Upgrade Akismet PHP API to latest version 0.5

Version: 3.1.2 – 18-Sep-2014
– Fix the validate email function is updated for new generic top-level domains (gTLDs) released in 2014 and beyond. Allows up to 12 characters like .training, .photography, .company, etc.

Version: 3.1.1 – 21-Jun-2014
– fixed a bug that could cause your forms to reset to defaults(this is a critical recommended update).
– Upgrade phpmailer to latest version 5.2.7
– add better email setting descriptions for DMARC compliance.
To prevent email delivery problems, is now suggested to set your form email settings like solution 2 on this page:

Version: 3.1 – 21-Feb-2012
– Fix to use separate CC: email header.
– Extra field tags can be used in subject setting. For available field tags, click ‘help’ next to the ‘E-mail Subject Prefix:’ setting.
– Fix calendar week number bug.
– Fix possible error: preg_match() expects parameter to be string.
– Added German language translated by kruegermj03

Version: 3.0.5 – 18-Nov-2011
– Harden security for CAPTCHA by limiting the number of created cache files. This condition could only be realized with a script. Found by [Brian St. Pierre](
– HTML validation fix, added unique id for submit and reset buttons.

Version: 3.0.4 – 09-Oct-2011
– Fix default text could not be 0.
– Fix HTML validation with date field.
– Fix rows and cols extra field attributes.
– Fix javascript console error on date calendar popup.

Version: – 27-Jul-2011
– Fixed medium XSS HTB23036 – as advised by High-Tech Bridge SA Security Research Lab.
– Fix, added missing 00 to 24 hour time select.

Version: – 06-Jul-2011
– Fix for apos entity showing for single quotes on IE7, IE8
– Fix for CAPTCHA input field out of position on IE7 with labels left CSS setting.
– Fixed admin login cookie bug in IE browsers when the web server is in a timezone in the past. Some users were logged out as soon as they clicked something after logging in.

Version: 3.0.3 – 16-Jun-2011
– “Number of available extra fields” setting is now for each form # instead of all forms.
– CAPTCHA audio feature removed.
– Misc. admin Fixes.
– Another fix for empty autoresponder field tags were showing.
– If you downloaded between 06/13 and 06/14 and have error: “Could not read CAPTCHA token file.”, or you add more extra fields then cannot populate them, please update to 3.0.3 or higher, sorry.
– Calendar style improvements.

Version: 3.0.2 – 08-Jun-2011
– Fixed error: Undefined variable: securimage_url
– Added id tags to submit and reset buttons.

Version: 3.0.1 – 02-Jun-2011
– CAPTCHA Audio feature is disabled by Mike Challis until further notice because a proof of concept code CAPTCHA solving exploit was released – Security Advisory – SOS-11-007. CAPTCHA image is not involved.
– Security enhancements for possible low level XSS exploit in admin settings: thanks to [Julio Potier](
– Fix javascript error when CAPTCHA audio is disabled.
– Fixed missing width/height attributes for CAPTCHA images.
– Fixed backslash problem on Restore Settings tool.
– Fixed empty autoresponder field tags were showing.
– Fixed various style improvements for admin error messages.
– Added a popup alert for when changing the number of forms or extra fields.
– Added setting: CSS style for CAPTCHA input field on the contact form.
– Fixed syntax error in contact-form-admin.php on line 1140

Version: 3.0 – 25-Apr-2011
– Added (extra fields) default text can be set for text or textarea.
– Added (extra fields) max length can be set for password, text or textarea.
– Added (extra fields) attributes can be set for password, text or textarea.
– Added (extra fields) validation regex can be set for password, text or textarea.
– Added (extra fields) validation regex fail message can be set for password, text or textarea.
– Added (extra fields) label or input CSS can be set individually for any extra field.
– Added (extra fields) HTML before and after can be set.
– Added (extra fields) ’email’ extra field type with validation.
– Added (extra fields) ‘url’ extra field type with validation.
– Added (extra fields) first option of ‘select’ field type can be in brackets to indicate [Please select].
– Added ’email’ field pulls up proper keyboard on iphone/ipad.
– Added optional [form_label] tag for subject.
– Added time format option for ‘time’ extra field (select 12 or 24 hour).
– Improved extra fields admin GUI.
– Added Field labels are bold when HTML email is enabled.
– Fix – trim spaces on extra field multiple options.
– Fix – attached field allowed types separated by spaces.
– Fix – bug in restore tool that could cause data loss.
– Fix – autoresponder went to wrong email address when set to PHP mailer.
– Fix – CAPTCHA token was not being reset after form post.
– Email validate DNS check disabled by default because some servers have big delay.

Version: – 31-Mar-2011
– Fix error: Cannot redeclare class get_list_of_locales()
– Fix error: Cannot redeclare class phpmailerException()
– Fix error: Call to undefined function __()
– Email validate DNS check disabled by default.

Version: – 27-Mar-2011
– Fix extra fields not showing on multiple forms greater than 1.
– Fix some servers have error: undefined function mb_detect_encoding
– Fix HTML notes would not appear before a fieldset open.
– Fix horizontal display feature for radio and multiple checkbox after post.
– Fixed date calender on some sites by adding a high z-index to the CSS.
– Added ability to use comma in “Email To:” name. If you need to use a comma besides the one needed to separate the name and email, escape it with a back slash, like this: \,
– Added ability to specify cc and bcc in “Email To:”. Example: Webmaster,;[cc];[bcc]
– Added optional “Are you sure?” on form submit popup message.

Version: – 08-Mar-2011
– Fixed error when HTML autoresponder is enabled: Fatal Error: Call to undefined method PHPMailer::sHTML().
– Fixed cookie path for better login reliability.
– Fixed escaped comma bug in Restore Tool
– Added optional form “reset” button.

Version: – 25-Feb-2011
– Added hashed login passwords for better security.
– Improved lost password feature. Password can be reset by a verified email.
– Improved IIS server support.
– Fixed error when HTML email is enabled: Fatal error: Call to undefined method PHPMailer::sHTML()
– Fixed broken “fields to ignore” feature.
– File attach type and size labels can be changed.

Version: – 14-Feb-2011
– Improvement: javascript is only loaded on pages when it is conditionally needed.
– Fixed 2 label alignment problems with some themes.
– Fixed possible javascript conflict that can break the redirect feature.
– Fixed extra fields were not accepting zero.
– More name labels can be changed.
– Added new feature: Copy Settings Tool. This tool can copy your contact form settings from one form number to any of your other forms. Use to copy just the style settings, or all the settings from one form.
– Added more shortcode optional settings see FAQ page
– Added hidden field can accept query input. see FAQ page
– Other fixes and enhancements

Version: – 07-Feb-2011
– Added Silent Send feature: Use to send the posted data to another form or 3rd party API. See FAQ:Tip: Send the posted form data to another site.
– Fixed blank from email when email address was set to “not available”.
– The installation instructions in all prior versions was missing a step to add the contact-form.js to your web page. If you miss this step the CAPTCHA refresh button does not work. To fix it, perform Step 5 on the updated installation instructions How to install the PHP version.
– Added features: Now you can add tags to print posted data for the email subject, autoresponder subject, or the autoresponder message. To see instructions, just click “help” next to any of these fields on the form edit page.
– Fixed broken autoresponder since last update.

Version: 2.9.8 – 29-Jan-2011
– Added lost password link to admin login page.
– Added phpmailer (replaces geekmail) so that I could add a SMTP mailer option.
– Added SMTP mailer option: See SMTP Mailer FAQ
– Added setting: “Enable to receive email as HTML instead of plain text.” Enable if you want the email message sent as HTML format. HTML format is desired if you want to avoid a 70 character line word wrap when you copy and paste the email message. Normally the email is sent in plain text word wrapped 70 characters per line to comply with most email programs.
– Added new settings in the “Redirect” section: You can Enable posted data to be sent as a query string on the redirect URL. This can be used to send the posted data via GET query string to a another form.
– New settings for redirect: “Query string fields to ignore”, “Query string fields to rename”, and “Disable email sending (use only when required while you have enabled query string on the redirect URL)”. See FAQ
– Fixed a multiple email problem if using the same form more than once in a page by accident.
– Fixed bug where form number was reset to 4 after trying to increase over 99.
– Fixed so now one CAPTCHA random position always has to be a number so that a 4 letter swear word could never appear.
– Many small fixes and enhancements.

Version: – 21-Jan-2011
– Added ability to pre-fill in form fields from a URL query string. see FAQ page

Version: 2.9.7 – 17-Jan-2011
– Added new Select-multiple extra field type.
– Added new feature to set the css style for Label and Field in the same row, or switch back to Label on Top see FAQ
– Added new Setting for “Form Label”. You can enter a label for your form to keep track of what you are using it for.
– Fixes and improvements for better mail delivery and to reduce the emails from going to the spam folder. If you are not getting email, set the setting “E-mail From” to an email address on the same domain as your web site. This will improve mail delivery. mail problem FAQ.
– Added new setting: “Enable when web host requires “Mail From” strictly tied to domain email account”. If your form does not send any email, then set the “E-mail From” setting to an address on the same web domain as your web site. If email still does not send, also check this setting. (ie: some users report this is required by yahoo small business web hosting) .
– Added ability to use comma in extra field labels for Checkbox, Radio, Select, or Select-multiple. If you need to use a comma besides the one needed to separate the label, escape it with a back slash, like this: \,
– Improved Akismet spam check API code.
– Fixed required option for checkbox multiple, now all field types can be required as needed.
– Fixed all fields with multiple options can have a default option: checkbox, radio, select, or select-multiple.
– Other small Fixes and improvements.

Version: 2.9.6 – 30-Dec-2010
– Removed advanced options link. Too many people could not find it. All options are now always available on the form edit page.
– Added new setting for “Autoresponder E-mail “From” address:”

Version: – 10-Dec-2010
– Fix English language file could not be selected on some servers.

Version: – 30-Nov-2010
– Fix – last update included an old file causing the new ‘hidden’ and ‘password’ fields not to show up on form.
– added French (fr_FR) – Translated by Patrick Theriault

Version: – 19-Nov-2010
– Added extra field types for ‘password’ and ‘hidden’ entry.
– Added option for preserving white space on message field.
– Added error message for when PHP 5.1 requirement is not met when installing.

Version: 2.9.5 – 05-Nov-2010
– Added extra field type for ‘time’ entry.
– Small code improvements for CAPTCHA function.

Version: – 27-Oct-2010
– Fixed Backup Settings tool download hang on Firefox.

Version: – 14-Oct-2010
– Fixed file attachment error: “Attachment upload failed while moving file.”

Version: 2.9.4 – 29-Sep-2010
– Added new option for what should happen if Akismet determines the message is spam.
If you select “block spam messages”. If Akismet determines the message is spam: An error will display “Invalid Input – Spam?” and the form will not send.
If you select “tag as spam and send anyway”. If Akismet determines the message is spam: The message will send and the subject will begin with “Akismet: Spam”. This way you can have Akismet on and be sure not to miss a message.
– Added more years for the extra fields date selector (1930 – 2037)
– fixed error if PHP has no gettext support: Fatal error: Call to undefined function _()
– added more calendar date format options
– fixed optional notes/help for extra form fields did not work

Version: – 12-Sep-2010
– fixed all known language translation bugs
– added ability to set language by two types of URL parameters: for Italian use ?lang=it or ?lang=it_IT

Version: 2.9.3. – 11-Sep-2010
– first pre-release PHP Script version

Do you need help?

Send us a Donation:

Donate to Mike Challis