I am trying to troubleshoot this form. It is not sending reservation requests from the form on the website. Despite showing a message that the form was sent.
I tried editing email and the headers.
<?
//print_r($_POST);
$to = “email#emaildomain.com, {$posting['email']}";
function msg($text){
echo "
<script type='text/javascript'>
alert('".$text."');
top.location.href = 'http://www.aribbq.com';
</script>
";
exit;
}
function error($text){
echo "
<script type='text/javascript'>
alert('".$text."');
history.go(-1);
</script>
";
exit;
}
if (!$_POST[date]) {error('Please, insert Date.');}
if (!$_POST[time]) {error('Please, insert Time.');}
if (!$_POST[party]) {error('Please, insert Party.');}
if (!$_POST[reservation_name]) {error('Please, insert Name.');}
if (!$_POST[reservation_email]) {error('Please, insert Email.');}
if (!$_POST[reservation_phone]) {error('Please, insert Phone.');}
if(isset($_POST['submit'])){
// then send the form to your email
//$from = ('Reservation from AriBBQ.com'); // sender
$mailheaders = "From: contact#aribbq.com" . "\r\n"; // . "CC:
design#youremail.com"
$mailheaders .= 'Reply-To: ' . $posting['Email'] . "\r\n";
$subject = "AriBBQ.com Online Reservation";
$body = "\n Contact Name: ".$_POST[reservation_name]." \r\n\n";
//
$body .= " Email: ".$_POST[reservation_email]." \r\n\n"; //
$body .= " =================================================== \r\n\n"; //
$body .= " Book a table \r\n\n
Date: ".$_POST[date]." \r\n\n
Time: ".$_POST[time]." \r\n\n
Party: ".$_POST[party]." \r\n\n
Contact Details \r\n\n
Name: ".$_POST[reservation_name]." \r\n\n
Email: ".$_POST[reservation_email]." \r\n\n
Phone: ".$_POST[reservation_phone]." \r\n\n
Message: ".$_POST[reservation_message]." \r\n\n"; //
$body .= " =================================================== \r\n\n"; //
$result = mail($to , $from , $subject , $body , $mailheaders);
if($result) {msg('Thank you, your reservation has been sent. We
will send you a confirmation text or call in person.');} //
else{error('Sending mail is failed. Please try again');} //
} else {
error('No submitted. Please try again');
}
?>
You see the form online at http://aribbq.com/. Click on reservations. Once the email is received, we want to be able to reply to the sender's email address.
Alright, essentially, you need to turn on error reporting because your script threw about 20 errors at me which you would see with error reporting on. As my comment above said, add error_reporting(E_ALL); to the top of your script while you debug.
The issues I came across are as follows:
Parse error: syntax error, unexpected '#' in /mail.php on line 4 caused by an incorrect double quote character, not " but “. Subtle, but problematic.
Next up, Multiple or malformed newlines found in additional_header in /mail.php because as of PHP 5.5.2, a bug was fixed to prevent mail header injection, so all of your \n\n within the $mailheaders should be removed, I recommend appending PHP_EOL to the end of each line instead.
You have your $from variable included in the mail() call, this presents 2 issues. One, the mail() function does not have a from parameter, you include it within the headers. Two - your variable is actually commented out.
As I mentioned in the comment above, again, your email address variable to send to is typed as $posting['email']', and $posting['Email'] within $mailheaders. The problem here is $posting doesn't exist. Secondly, your form, which you should include the HTML for in future questions for self-contained examples for people to more easily help you (see https://stackoverflow.com/help/how-to-ask), doesn't post email at all, it posts reservation_email.
Finally, the majority of your $_POST references do not include quotes so PHP doesn't know what to do with the words in between the square brackets. $_POST[date] should be $_POST['date'], for example.
I've made all the above changes and managed to successfully email myself with the script and email form provided, the only thing that I didn't look at was your msg() which didn't show me a success message. I did, however, put an echo statement before this function call which printed out fine.
I hope this helps you get your script up and running, good luck and remember, error_reporting(); is your friend!
Related
I am creating my own contact form and sending all the inputs through variable to the mail function
But there is one error in it......my code is like this in the below...
$from = $_POST["from"];
// sender
$name = $_POST["name"];
$subject = $_POST["subject"];
$message = $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
$phone = $_POST["phone"];
$mytour = $_POST["select1"];
$howmany = $_POST["select2"];
$arrival = $_POST["arrival"];
$departure = $_POST["departure"];
$accommodation = $_POST["select3"];
$company = $_POST["company"];
// send mail
$messagecontent = "Name:$name , " . "Email:$from ," . "Nature of Enquiry:$subject ," . "Message:$message ," . "Phone No:$phone, " . "My Tour Wish List: $mytour, " . "How many days do you have available:$howmany, " . "Arrival Date:$arrival ," . "Departure Date:$departure ," . "My Preferred Accommodation:$accommodation, " . "Company Name:$company ,";
// $messagewithbreak=str_replace(',',', <br/>;',$messagecontent); // code replaces all your commas with , and a <br> tag
mail("abc#gmail.com", " Contact form Filled", "$messagewithbreak", "From: $from\n");
echo "Thank you for sending us feedback";
}
But when I receive it in the my email...there is not break tag <br> tag...and it receives as....
Name: , Email:abc#gmail.com ,Nature of Enquiry:none ,Message:none ,Phone No:none,My Tour Wish List: Heritage Tour of Kells,How many days do you have available:Half a Day, Arrival Date:2014-09-10 ,Departure Date:2014-09-10 ,My Preferred Accommodation:Hostel,Company Name:none
But I want it to view proper in the email.... as that is not the professional way... to see the email moreover it is difficult to read the email like this.....
what should I do please help me on it....
I will really appreciate your help.
Please answer my question nothing is helping me out here.I have tried..the methods given to me by jenz and rakesh but still the form when receive in the email shows as the paragraph without line breaks....it is getting frustrating
why you concat message string again and again. Also remove double quotes from variables in mail()
$messagecontent="Name:$name , Email:$from , Nature of Enquiry:$subject , Message:$message , Phone No:$phone, My Tour Wish List: $mytour, How many days do you have available:$howmany, Arrival Date:$arrival , Departure Date:$departure , My Preferred Accommodation:$accommodation, Company Name:$company ,";
$messagewithbreak=str_replace(',',',<br>',$messagecontent);
mail("abc#gmail.com"," Contact form Filled", $messagewithbreak, $from);
Properly add formatting to your message. Any HTML tags placed inside double quotes will be converted to the tag when you echo it. So you just need to add <br> in proper places inside the message content. Also all PHP variables inside double quotes will get replaced by its value. So no need of appending each string with double quotes.
$messagecontent="Name:$name <br> Email:$from <br>Nature of Enquiry:$subject
<br>Message:$message<br>Phone No:$phone<br>
My Tour Wish List: $mytour<br>How many days do you have available:$howmany<br> Arrival Date:$arrival <br> Departure Date:$departure <br> My Preferred
Accommodation:$accommodation<br>Company Name:$company ";
To send HTML email you have to add headers which is optional by default where we pass Content-Type type declaration telling mail services that parse this email as HTML.
$headers = "From: " . strip_tags($from) . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
and pass $headers in mail() like,
mail("abc#gmail.com", " Contact form Filled", $messagecontent, $headers);
You are trying to use HTML in a plain text email. If all you want to do is have line breaks, then use \n instead of the br tag.
If you want to use HTML in an email you must add a content-type header. See the PHP mail docs for an example.
// send mail
$messagecontent = "Name:$name \n ";
$messagecontent.= "Email:$from \n";
$messagecontent.= "Nature of Enquiry:$subject \n";
............
...............
Set all the variables like that.
My Problem:
I have a Contact Form that gets sent to an email address. It normally works fine, but the form will not send if spaces are included in the 'Email' Text Field (where the person sending the mail would enter their email). If any other form has spaces the form will still send.
I know spaces aren't allowed in email addresses, but if the message is sent with spaces in the email field, users are still taken to a different page stating the message has been sent, when it actually hasn't. So if someone accidentally puts a space while entering the email, the website will not send the form but it will say it did.
Here's how I have it set up:
On the form the email field is automatically populated by what the user has stored as their User Account email. This variable is then passed using POST to a different page 'wl_process.php' where the fields are sent to an email address. However, even though it automatically fills the email field in for The User, they may want to have their response sent back to a different email.
What I'm trying to do, and not to do:
I'm not sure why including spaces would stop the mail from being sent. I want it to send the form even if spaces are included. I'm looking for a PHP tag or method where all spaces are stripped from the text field. I'm not sure if that exists. I think another solution may be to check for spaces in the email, and if spaces are there have something pop-up and say "Invalid Email Entered, please try again." But ideally, I just want it to send the email. And also, if anyone knows why it's doing this, that would be very beneficial for future use.
Additional Info
Keep in mind that the form works perfectly until spaces are entered into the Email field. If spaces are entered in any of the other fields, the form will still send!
Also: $var_email is pulled from a <? include?> that is located at the top of the page. The include has some $_SESSION information, and also the MYSQLI call that grabs the email out of the databse and turns into a PHP variable. I doubt this has anything to do with the problem though. My problem is the spaces will stop the mail from being sent.
What Doesn't Matter
My naming conventions. Don't get thrown off and think my variable named $email is ever treated like an Email Address in any manner. It could be renamed anything. It is only a variable and text-field here, being posted then Emailed.
My Code
Page 1 (Where the form is)
<div class="form_box">
...
<div class="field clearfix">
<label>Email <span>*</span></label>
<input id="element_1_email" name="element_1_email" value="<? echo $var_email;?>" size="30" class="validate[optional]" type="text" onClick="(this).value=''"/>
</div>
Page 2 (Where the data is sent and mailed out)
<?
$name = $_POST['element_0_name'];
$email = $_POST['element_1_email'];
$company = $_POST['element_2_company'];
$date = $_POST['element_3_date'];
$comment = $_POST['element_4_comment'];
$list = $_POST['element_5_list'];
$email_to = "contact#website.com";
$email_subject = "Online Form";
$email_message = "\n\n";
function clean_string($string) {
$bad = array ("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "",$string);
}
$email_message .= '<div style="font-family:Arial, Helvetica, sans-serif;padding-left: 90px;font-weight: 100;font-size: 14px;color: #2a2a2a;"><table width="1070px" height="685px;"border="0" cellspacing="0" background="http://www.website/image.jpg">
<tr>
<td style="vertical-align:top;padding-left:88px;">
<h2 style="padding-top:150px;padding-left:90px;">Form Information:</h2>';
$email_message .= "Name: ".clean_string($name)."<br>";
$email_message .= "Email: " .clean_string($email). "<br>";
$email_message .= "Company: " .clean_string($company). "<br>";
$email_message .= "Date Required: " .clean_string($date). "<br>";
$email_message .= "Comment: " .clean_string($comment). "<br>";
$email_message .= '<u>List Of Things:<style> tr:nth-child(2n) {background-color:#d6d6d6;}</style> </u><br><table cellspacing="0" style="margin-top:10px;min-width:390px;border:1px solid #cccccc;">' .clean_string($list). '</table>';
$email_message .= "</div>";
$headers = 'From: '.$email."\r\n".
'Reply-To: '. $email."\r\n" .
'X-Mailer: PHP/' .phpversion();
$headers .= "MIME-Version:1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
#mail($email_to, $email_subject, $email_message, $headers);
//
?>
Why not just strip out the spaces from the $_POST variable on Page 2?
Change this
$email = $_POST['element_1_email'];
to this
$email = str_replace(' ','',$_POST['element_1_email']);
----------- UPDATE -----------
Your message is failing because of this code in your $headers variable:
$headers = 'From: '.$email."\r\n".'Reply-To: '. $email."\r\n" .
You are using $email here which did not go through your clean_string function (where you could also remove the spaces by adding a space to the $bad array), so essentially you are trying to send the email to whatever was received in $_POST['element_1_email'] without any sort of clean up or email validation.
I hope I'm missing something pretty basic here but: An empty form is getting submitted randomly, sometimes 3-8 times a day, then none for a few days and so on.
The empty submits always email with the subject as "[Website Contact Form]." Even though there is no validation in my php, in the html code the subject is chosen from a drop-down menu with the default as "General Enquiry." Notice in the php code below, there is no way for a human to submit an empty form with the above subject line, that is, it would always be "[Website Contact Form]General Enquiry" if I press submit without entering anything.
I have contact.html call this contact.php file:
<?
$email = 'info#mail.com';
$mailadd = $_POST['email'];
$headers = 'From: ' . $_POST['email'] . "\r\n";
$name = $_POST['name'];
$subject = '[Website Contact Form] ' . $_POST['subject'];
$message = 'Message sent from: ' . $name . '. Email: ' . $mailadd . '. Organization: ' . $_POST['company'] . '. Phone: ' . $_POST['phone'] . '. ';
$message .= 'Message: ';
$message .= $_POST['message'];
if (mail($email,$subject,$message, $headers)) {
echo "<p>Thank You! We'll get back to you shortly.</p>";
}
else {
echo "<p>Error...</p>";
}
?>
I use this code for many websites, but have never encountered this issue. Is there something so obviously wrong with this code that I'm missing? Any help would be greatly appreciated!
I suspect that you may not be checking that these variables are set before you send the email. Someone requesting contact.php directly (without any form data) may produce the results you have described. If this is the case, the following code should work like a charm:
<?php
if (isset($_POST['submit']) {
// form code
}
else {
// The form was not submitted, do nothing
}
?>
Even if that's not that case, such a simple check is always good practice.
Furthermore, you should always validate any user input just as a good habit. You don't want your server flooding your inbox with emails. I suggest using regexs to validate the input provided and possibly use a captcha service (such as ReCaptcha).
If you've been using this code and it's been working fine then I'd check what variables you changed with this case for example your submit form.
Try out your form with all common possibilities and see if it works. And empty Subject will give your form the subject "[Website Contact Form]". Check that your script actually get's the post variables and your form submits the right variables. Your dropdown might have an option with value of "" and the innerHTML "General Enquiry". The value is what will get submitted.
It's good to check inputs server-side as well
<?php
if(isset($_POST['subject'],$_POST['email'])){
}
?>
A client recently got a spam warning from their host.
I think I have pin pointed the issue to an old contact us form. Simple html on the front end and a simple PHP script on the back end.
if ($_POST['submit'] == "Send"){
//START SEND MAIL SCRIPT
$mail = $_POST['email'];
$to = "me#gmail.com";
$subject = "Message from Website Contact Us Form";
$headers = "From: Contact us Form <webmaster#website.co.uk>";
$message = "Message from Contact Us Form\n\n";
$message .= "\nName: " . $_POST['contactname'];
$message .= "\nEmail: " . $_POST['contactemail'];
$message .= "\nTelephone: " . $_POST['contactphone'];
$message .= "\n\n\nMessage:\n" . $_POST['contactmessage'];
if(mail($to,$subject,$message,$headers)) {
header('Location: http://www.website.co.uk/contact-us/?action=success');
}else{
header('Location: http://www.webisite.co.uk/contact-us/?action=fail');
}//END IF MAIL
}//END SCRIPT
I know the remedies to fix it such as sanitizing post vars properly, using captchas, using a hidden 'honeypot' blank field, js tricks etc etc (I also like the look of this script too http://www.alt-php-faq.com/local/115/)
But to help me understand what was going on I want to know how this script is being manipulated. A foreign script posting vars to it but how do they send email to anyone apart from
'me#gmail.com' or if they are forcing cc / bcc fields somehow why do I not get all spam as well??
Thanks
Line like this $message .= "\nName: " . $_POST['contactname']; can be dangerous.
If $_POST['contactname']='MegaSteve4 \r\nCc: email1#mail.com, email2#mail.com'; are set, 2 uses will get spam mail.
See carefully. Its appending more headers. In this case Cc. I am not sure if Cc is a raw email header. But I hope you get the idea.
You're not doing any escaping of the post data. That means that this form is vulnerable to injection attacks.
I couldn't tell you how they did it, but that's probably what happened.
I'm working on a PHP contact form, but I can't get it to work. I get the following error in the Apache server log, running on an Ubuntu Server VM:
PHP Parse error: syntax error, unexpected $end in /home/matthew/Sites/contactFormResponse.php on line 75, referer: http://192.168.1.4/contactForm.php
From googling this error, it sounds like it's normally caused by either using the short PHP tag when the server's not set up to recognise them, or by having a block of code that isn't closed correctly. But as far as I can see that isn't the case here - as far as I can see it's all closed correctly. The line it refers to is one line past the end of the file.
Here's the PHP code:
<?php
error_reporting(E_ALL);
// Define variables to hold the name, email address and message, and import the information into the variables
$name = $_POST['NameInput'];
$email = $_POST['EmailAddress'];
$telno = $_POST['ContactNumber'];
$querytype = $_POST['QueryType'];
$bookingstartdate = $_POST['BookingStartDay'] . $_POST['BookingStartMonth'] . $_POST['BookingStartYear'];
$bookingenddate = $_POST['BookingEndDay'] . $_POST['BookingEndMonth'] . $_POST['BookingEndYear'];
$message = $_POST['QueryText'];
// Validate the inputs - send it if it's OK
if(3 < strlen($name) && 3 < strlen($email))
{
$email_message = <<< EMAIL
Message from contact form at holidaychalet.co.uk
Name: $name
Email: $email
Contact Number: $telno
Query Type: $querytype
Booking Start Date: $bookingstartdate
Booking End Date: $bookingenddate
The message:
$message
EMAIL;
$headers = "cc:me#myemailaddress.com\r\n";
if(mail('matthew#localhost','Contact form email', $email_message, $headers))
{
echo "Thanks for completing the form! I'll be in touch shortly!";
}
else
{
echo "Something went wrong - please use the back button and try again";
}
}
else
{
echo "You didn't complete the form fully enough! Please use go back using your web browser's back button";
}
?>
The closing identifier for the here document syntax must be at the start of the line without any indentation:
It is very important to note that the line with the closing identifier must contain no other characters, except possibly a semicolon (;). That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon. It's also important to realize that the first character before the closing identifier must be a newline as defined by the local operating system.
So in your case:
$email_message = <<< EMAIL
Message from contact form at holidaychalet.co.uk
Name: $name
Email: $email
Contact Number: $telno
Query Type: $querytype
Booking Start Date: $bookingstartdate
Booking End Date: $bookingenddate
The message:
$message
EMAIL;
EMAIL;
cannot be indented. Heredoc syntax requires that the closing identifier be at the start of the line, and that includes no leading whitespace.
You are filling $email_message with a string which is marked to end with EMAIL;
This one must be in a single line.
Change it to:
$email_message = <<< EMAIL
Message from contact form at holidaychalet.co.uk
Name: $name
Email: $email
Contact Number: $telno
Query Type: $querytype
Booking Start Date: $bookingstartdate
Booking End Date: $bookingenddate
The message:
$message
EMAIL;