Been stuck on this for a few days. I'm trying to reproduce an example of mail header injection I found (http://www.phpsecure.info/v2/article/MailHeadersInject.en.php). A post on the matter already exists (email header injection - example not working) but it didn't have any solution. I got a basic contact form using the POST method with three fields (From, Subject and Message) which are then used to send a mail. I need the user to be able to enter Unicode/Hexa characters in the fields.
For example if the user enters address%40gmail%2ecom I want the output in the SMTP payload to be From: address#gmail.com
If I hardcode $from = "address%40gmail%2ecom" the output is the wanted one.
However if I use the user input in the 'from' field of the form ie $from = $_POST['from'] the output I get when I check the debug log of my SMTP client is From: address%40gmail%2ecom. Am I doing something wrong with the encoding or is there some protection activated I have to get rid of ?
If that's relevant I'm using WAMPserver and PHP 7.1.
My code :
<html>
<head>
<meta http-equiv="content-type" content="text/html" />
<title>Vulnerable contact page</title>
<link rel="stylesheet" href="email.css"/>
</head>
<body>
<form method="POST" action="">
<fieldset>
<legend>Send us a mail</legend>
<label for="sender">From : </label>
<input type="text" name="from" id="sender">
</br>
<label for="subject">Subject : </label>
<input type="text" name="subject" id="subject">
</br>
<label for="message">Your message : </label>
<input type="text" name="message" id="message">
</fieldset>
<p>
<input type="submit" value="Send"/>
<input type="reset" value="Cancel"/>
</p>
</form>
<?php
if(isset($_POST['from'])) {
$to = "*********#gmail.com";
$from = $_POST['from'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$headers = "From: $from\n";
mail($to, $subject, $message, $headers);
}
?>
</body>
</html>
Related
I have created a web site and need to create a contact form that sends an email. I have created a contact.php form and my index.html file refers to it in the top menu under Contact Us. When you click on "Contact Us" it gives me an error of "This page isn’t working www.drjenniferjill.net is currently unable to handle this request.
HTTP ERROR 500".
I have tried a simpler test form and I received the same error. I have tried other examples with similar results.
<?php
if($_POST["submit"]) {
$recipient="drjennif#drjenniferjill.net";
$subject="Form to email message";
$sender=$_POST["sender"];
$senderEmail=$_POST["senderEmail"];
$message=$_POST["message"];
$mailBody="Name: $sender\nEmail: $senderEmail\n\n$message";
mail($recipient, $subject, $mailBody, "From: $sender
<$senderEmail>");
$thankYou="<p>Thank you! Your message has been sent.</p>";
}
<html>
<head>
<meta charset="utf-8">
<title>Contact form to email</title>
</head>
<body>
<?=$thankYou ?>
<form method="post" action="contact.php">
<label>Name:</label>
<input name="sender">
<label>Email address:</label>
<input name="senderEmail">
<label>Message:</label>
<textarea rows="5" cols="20" name="message"></textarea>
<input type="submit" name="submit">
</form>
When you click on "Contact Us" it gives me an error of "This page isn’t working www.drjenniferjill.net is currently unable to handle this request.
HTTP ERROR 500". I expected a form that can be completed to send an email.
<?php
if ($_POST["submit"]) {
$recipient = "drjennif#drjenniferjill.net";
$subject = "Form to email message";
$sender = $_POST["sender"];
$senderEmail = $_POST["senderEmail"];
$message = $_POST["message"];
$mailBody = "Name: $sender\nEmail: $senderEmail\n\n$message";
mail($recipient, $subject, $mailBody, "From: $sender <$senderEmail>");
$thankYou = "<p>Thank you! Your message has been sent.</p>";
}
?>
<html>
<head>
<meta charset="utf-8">
<title>Contact form to email</title>
</head>
<body>
<?=$thankYou ?>
<form method="post" action="contact.php">
<label>Name:</label>
<input name="sender">
<label>Email address:</label>
<input name="senderEmail">
<label>Message:</label>
<textarea rows="5" cols="20" name="message"></textarea>
<input type="submit" name="submit">
</form>
You need to close PHP tag ?> before starting your HTML markup
Also, please add these 3 lines at the beginning of your PHP script
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
It will start to display PHP errors instead of just This page isn’t working www.drjenniferjill.net is currently unable to handle this request. HTTP ERROR 500 and you can understand where do you have an error.
So I'm in a web design class in school right now and I want to set up a contact page that will send the results to my email. I followed a really good tutorial and made sure I typed everything correct but it wont send. I'm using freehosting.com to host my pages.
Here's my index.php:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<meta charset="UTF-8">
<title>Email Form</title>
</head>
<body>
<main>
<p class="header">E-MAIL FORM</p>
<form class="contact-form" action="contactform.php" method="post">
<p class="title">Your Name</p>
<input type="text" name="name" placeholer="Full Name"><br/>
<p class="title">Your E-Mail</p>
<input type="text" name="mail" placeholer="Your E-mail"><br/>
<p class="title">Subject</p>
<input type="text" name="subject" placeholer="Subject"><br/>
<p class="title">Message</p>
<textarea name="message" maxrows="10" placeholder="Message"></textarea><br/>
<button type="submit" name="submit"><h2>SUBMIT</h2></button><br/>
</form>
</main>
</body>
Here's my contactform.php:
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$subject = $_POST['subject'];
$mailFrom = $_POST['mail'];
$message = $_POST['message'];
$mailTo = "terryjtowell#terrytowell.com";
$headers = "From: ".$mailFrom;
$txt = "You have received an Email from ".$name.".\n\n".$message;
mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");
}
Any help would be great. I'm new to PHP but really familiar with html. the live link for the test contact form is terrytowell.com/test/index.php I've made sure to upload my code to a live hosting service so that I'll be able to use server-side scripting. Thanks
Your code is right. The problem comes from your hosting.
Freehosting.com won't allow you to use mail() function unless you pay for an addon. It's all explained here -> https://www.freehosting.com/client/knowledgebase.php?action=displayarticle&id=25
I'm new to PHP and having a hard time getting the PHP to mail when the contact form is filled out and submit is pressed. I've posted the PHP and HTML files. Any help is very much appreciated.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Jaza Solutions - Contact</title>
<link rel = "stylesheet"
type = "text/css"
href = "jazasolutions.css" />
</head>
<body>
<div id = "header">
<img src="jazasolutions.png" alt = "Jaza Solutions, LLC">
</div>
<div id="nav">
<ul>
<li><a href=JazaSolutionsContact.html>Contact</a></li>
<li><a href=JazaSolutionsAboutUs.html>About Us</a></li>
<li><a href=JazaSolutionsCourses.html>Courses</a></li>
<li><a href=JazaSolutions.html>Home</a></li>
</ul>
</div>
<div class="sideRight">
<p> Jaza Solutions</p>
<p> 9818 Ushers Place </p>
<p> Waldorf, MD 20601 </p>
<br>
<p>301-861-2133</p>
<p>info#jazasolutions.com</p>
</div>
<div class = "main">
<p> Get the Management Certification you need to make the next step in your career! </p>
<br>
<p>SEND A MESSAGE</p>
<form class="contact-form" action="contactform.php" method="post">;
<input type="text" name="name" placeholder="Full Name">
<input type="text" name="mail" placeholder="Email">
<input type="text" name="subject" placeholder="Subject">
<textarea name="message" placeholder="Message"></textarea>
<button type="submit" name="submit">SEND MAIL</button>
</form>
</div>
</body>
</html>
The PHP code is posted here. This should send an email, but I can't figure out why it's not working.
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$subject = $_POST['subject'];
$mailFrom = $_POST['mail'];
$message = $_POST['message'];
$mailTo = "pmckeown#jazasolutions.com";
$headers = "From: ".$mailFrom;
$txt = "You have received an email from ".$name.".\n\n".$message;
mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");
}
?>
I tried something similar a few years ago. After hours of searching I got a Tipp I'll never forget. The Mail RFC is so huge and has so many special cases that you don't do yourself a favor when you try to implement this on your own (Even if you get your Mail send it's most likely that it will be marked as spam from most of the Mail-Services out there because you missed some special handling or some tags). This becomes really funny when you try to send an attachment or even images in your mailer implementation. I'd recommend you try one of the proven Mail-Libraries for PHP like PHPMailer. You can expect that most of the common use-cases work out of the box without great problems.
I'm trying to make a very basic contact form using HTML and PHP. For some reason, however, when I click the "submit" button I get the error "405 Not Allowed". Why? How could I fix this? (I'm hosting my website on GitHub)
my HTML:
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form action="send_form_email.php" method="POST">
<input type="text" name="name" placeholder="Full Name">
<input type="text" name="mail" placeholder="Your e-mail">
<input type="text" name="subject" placeholder="Subject">
<textarea name="message" placeholder="Message"></textarea>
<button type="submit" name="submit">Send e-mail</button>
</form>
</body>
</html>
my PHP:
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$subject = $_POST['subject'];
$mailFrom = $_POST['mail'];
$message = $_POST['message'];
$mailTo = "example#gmail.com";
$headers = "From: ".$mailFrom;
$txt = "You have received an e-mail from ".$name.".\n\n".$message;
mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");
}
(PS. I wrote "example#gmail.com" just because I wanted to keep my personal e-mail private on here.
PPS. I have been trying to make a very simple contact form (you write your name mail and message and the owner of the website receives it in the inbox) but none of my (desperate) attempts seems to work. Can anyone help me out?)
Github is a hosting service for static web pages. PHP is not static. Deploying PHP to GitHub Pages - is it possible?
I need make this form send me a email like a contact form:
Script code:
<script type="text/javascript">
$(document).ready(function(){
$("#contactLink").click(function(){
if ($("#contactForm").is(":hidden")){
$("#contactForm").slideDown("slow");
}
else{
$("#contactForm").slideUp("slow");
}
});
});
function closeForm(){
$("#messageSent").show("slow");
setTimeout('$("#messageSent").hide();$("#contactForm").slideUp("slow")', 2000);
}
</script>
HTML CODE:
<div class="box">
<div id="contactFormContainer">
<div id="contactForm">
<fieldset>
<label for="Name">Nome: </label>
<input id="name" type="text" />
<label for="Telefone">Telefone Fixo: </label>
<input type="text" id="phone" maxlength="15" onkeypress="Mascara(this);" />
<label for="Message">Assunto:</label>
<textarea id="Message" rows="3" cols="20"></textarea>
<input id="sendMail" type="submit" name="submit" onclick="closeForm()" />
<span id="messageSent">Sua solicitação foi enviada com sucesso, por favor, aguarde...</span>
</fieldset>
</div>
<div id="contactLink"></div>
</div>
When click and close the form i need send me a email with the content of form, how to?
Some idea? thanks!
Firstly i can't see the form tags in your code. According to me you're doing this wrong and i'm sure many of our friends on stack will agree too.
Your question suggests that you basically want to receive an email with the data submitted through the form. Why don't you try the below method.
HTML
<form action="mail.php" method="POST">
<input type="text" name="fname"></input>
<input type="text" name="lname"></input>
<button>SUBMIT</button>
</form>
PHP
<?php
$firstname = $_POST['fname'];
$lastname = $_POST['lname'];
$to = "someone#example.com";
$subject = "Hello World";
$message = "Firstname: $firstname \n\n Lastname: $lastname";
$from = "sender#example.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>
The above example is the most simplest method of sending an email. You can go advance by adding more header information and graphically formatting the email.
Go through these tutorials if you get confused.
http://www.w3schools.com/php/php_mail.asp
http://www.phpeasystep.com/phptu/8.html
And since you mentioned that you want to perform the task via javascript you can try submitting the form via ajax, refer the below tutorials
http://teachingyou.net/php/simple-php-contact-form-using-ajax/
http://www.sitepoint.com/forums/showthread.php?1055068-Send-PHP-email-using-jQuery-AJAX
Since you've tagged the question php, have a look at php's mail function. http://php.net/manual/en/function.mail.php
$to = 'you#domain.com';
$subject = 'Contact Form';
$message = '...' //concatenate the $_POST (or $_GET) variables to create this message
mail($to, $subject, wordwrap($message, 70, "\r\n");
This function requires that your server has a properly configured to send mail - see the php documentation for requirements: http://www.php.net/manual/en/mail.requirements.php