I don't know what I'm doing wrong. I am trying to use PHP to make a contact me form. Here is the code:
<?php
if($_POST["submit"]) {
$recipient="qdpicks#gmail.com";
$subject="Form to email message";
$Name=$_POST["Name"];
$Email=$_POST["Email"];
$Reason=$_POST["Reason"];
$Message=$_POST["Message"];
$mailBody="Name: $Name\nEmail: $Email\n\n$Reason $Message";
mail($recipient, $subject, $mailBody, "From: $Name <$Email>");
$thankYou="<p>Thank you! Your message has been sent.</p>";
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="QDPicks.css">
<title> QDPicks</title>
</head>
<body>
<header>
<a class="btn btn-primary btn-lg" href="QDPicks.html" role="button">Home</a>
<a class="btn btn-sample btn-lg active pull-right" href="QDPicksContactUs.html" role="button">Contact Us</a>
<a class="btn btn-sample btn-lg pull-right" href="QDPicksCompany.html" role="button">Company</a>
<a class="btn btn-sample btn-lg pull-right" href="QDPicksProducts.html" role="button">Products</a>
</header>
<header><p1>Contact Us</p1></header>
<form method="post" action="QDPicksContactUs.php >
<div class="form-group">
<label for="InputReason1"></label>
<input type="text" class="form-control" id="InputReason1" name="Name">
<label for="exampleInputEmail1"></label>
<input type="email" class="form-control" id="exampleInputEmail1" name="Email">
<label for="InputReason1"></label>
<input type="text" class="form-control" id="InputReason1" name="Reason">
</div>
<div class="form-group">
<textarea type="text" class="form-control" rows="3" name="Message"> </textarea>
<p3 class="help-block">Explain on the reason for contact.</p3>
</div>
<div class="checkbox">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<script src="https://code.jquery.com/jquery-1.12.0.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"> </script>
</body>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
</html>
When I put my info in and hit submit the data goes away like it has sent an email but no email has come in. Also sorry - for some reason some of the code got cut off but it isn't any crucial parts.
You forget to put " after action="QDPicksContactUs.php
Replace your tag with this line
<form method="post" action="QDPicksContactUs.php" >
May be your code works after this change
First of all there is a missing double quote here
<form method="post" action="QDPicksContactUs.php >
Also there is no need to give the page name in the action if you are posting at the same page.
Add name in tag like:
<button name="submit" type="submit" class="btn btn-default">Submit</button>
Finally replace if($_POST["submit"]) with if(isset($_POST["submit"]))
Also, are you running your code on localhost?
Let's focus on the code that sends the email. Please read my comments.
if($_POST["submit"]) {
// you probably shouldn't post a real email here on SO
$recipient="qdpicks#gmail.com";
$subject="Form to email message";
// you should validate this field if you are sticking it in your mail headers as you do below.
$Name=$_POST["Name"];
// you should DEFINITELY validate this before trying to send mail
$Email=$_POST["Email"];
$Reason=$_POST["Reason"];
$Message=$_POST["Message"];
$mailBody="Name: $Name\nEmail: $Email\n\n$Reason $Message";
// first, you don't even bother checking to see if this returns TRUE
// secondly, because you don't validate $Name or $Email, this command is vulnerable to Mail Header Injection
mail($recipient, $subject, $mailBody, "From: $Name <$Email>");
$thankYou="<p>Thank you! Your message has been sent.</p>";
}
So your form is bad because you don't validate anything, you don't check to see of the mail command actually returned a successful result, and it's vulnerable to Mail Header Injection.
First, validate the $Name:
$Name=$_POST["Name"];
if (!preg_match('/^[a-zA-Z_\-]+$/', $Name)) {
die("sorry! Name is not valid");
}
Second, validate $Email
$Email = $_POST["Email"];
if (!filter_var($Email, FILTER_VALIDATE_EMAIL)) {
die("Sorry, email is not valid");
}
Third, check the result of your mail function. If it returns FALSE or an otherwise empty value, something went wrong -- although we probably won't be able to find out what without asking a sysadmin to look at a mail log.
if (!mail($recipient, $subject, $mailBody, "From: $Name <$Email>")) {
die("OH NO. The mail function did not work.");
}
Consider reading the manual on the mail function:
Returns TRUE if the mail was successfully accepted for delivery, FALSE otherwise.
It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.
Related
I'm trying to create a contact page for my portfolio, where the user could place in their email, subject, and their message and then click a button to send it. I already downloaded XAMPP and PHP and I have been checking the website on the localhost. However, every time I type in the necessary fields and send, it would open up my computers email app and place text into the message field. I don't want this - i'm trying to make the email send from the webpage.
Here is the code for my PHP file:
<?php
$subject = $_Post['subject'];
$visitor_email = $_Post['email'];
$message = $_Post['message'];
$email_body = $message;
$to = "randemail#gmail.com";
$headers= "From: $visitor_email\r\n";
$headers .= "Reply-To:$visitor_email\r\n";
mail($to, $subject,$message,$headers);
header("Location:index.html");
?>
here is the code to my contact page:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Game Design Projects | My Portfolio</title>
<link rel="stylesheet" href="css/styles.css">
<link href="https://fonts.googleapis.com/css2?family=Raleway:ital,wght#0,300;1,200;1,400;1,700&display=swap"
rel="stylesheet">
</head>
<body>
<div id = "MainBody">
<div class="contactmeborder">
<div class="PortObjname">
<h2>Reach Out</h2>
</div>
<form action="mailto:randemail#gmail.com" method="post" action = "PHP/contact-form-handler.php">
<input type="text" name="email" placeholder=" Email"><br>
<input type="text" name="subject" placeholder=" Subject"><br>
<textarea type="text" name="message" placeholder="Your Message"></textarea> <br>
<input type="submit">
</form>
</div>
</div>
<div class="Footer">
<p class="footinfo">footer</p>
</div>
</body>
</html>
The PHP/contact-form-handler.php holds what you see for the PHP part of this post.
The form action is using mailto:, but it should be pointed to the URL for your PHP script.
mailto: is for links on your site so that users can send emails a specific address.
I would also look into using an API service like SendGrid, MailGun, etc. to send emails instead of mail(). PHP's mail() function is very unreliable.
<form action="mailto:randemail#gmail.com" , action need to be the php_send_mail.php
It's open your mail client because that is the current settings. (mailto...)
Note: apparently you added twice action (just keep the proper one)
<form action="mailto:randemail#gmail.com" method="post" action = "PHP/contact-form-handler.php">
Been stuck on this for a few days. I'm trying to reproduce an example of mail header injection I found (http://www.phpsecure.info/v2/article/MailHeadersInject.en.php). A post on the matter already exists (email header injection - example not working) but it didn't have any solution. I got a basic contact form using the POST method with three fields (From, Subject and Message) which are then used to send a mail. I need the user to be able to enter Unicode/Hexa characters in the fields.
For example if the user enters address%40gmail%2ecom I want the output in the SMTP payload to be From: address#gmail.com
If I hardcode $from = "address%40gmail%2ecom" the output is the wanted one.
However if I use the user input in the 'from' field of the form ie $from = $_POST['from'] the output I get when I check the debug log of my SMTP client is From: address%40gmail%2ecom. Am I doing something wrong with the encoding or is there some protection activated I have to get rid of ?
If that's relevant I'm using WAMPserver and PHP 7.1.
My code :
<html>
<head>
<meta http-equiv="content-type" content="text/html" />
<title>Vulnerable contact page</title>
<link rel="stylesheet" href="email.css"/>
</head>
<body>
<form method="POST" action="">
<fieldset>
<legend>Send us a mail</legend>
<label for="sender">From : </label>
<input type="text" name="from" id="sender">
</br>
<label for="subject">Subject : </label>
<input type="text" name="subject" id="subject">
</br>
<label for="message">Your message : </label>
<input type="text" name="message" id="message">
</fieldset>
<p>
<input type="submit" value="Send"/>
<input type="reset" value="Cancel"/>
</p>
</form>
<?php
if(isset($_POST['from'])) {
$to = "*********#gmail.com";
$from = $_POST['from'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$headers = "From: $from\n";
mail($to, $subject, $message, $headers);
}
?>
</body>
</html>
So I'm in a web design class in school right now and I want to set up a contact page that will send the results to my email. I followed a really good tutorial and made sure I typed everything correct but it wont send. I'm using freehosting.com to host my pages.
Here's my index.php:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<meta charset="UTF-8">
<title>Email Form</title>
</head>
<body>
<main>
<p class="header">E-MAIL FORM</p>
<form class="contact-form" action="contactform.php" method="post">
<p class="title">Your Name</p>
<input type="text" name="name" placeholer="Full Name"><br/>
<p class="title">Your E-Mail</p>
<input type="text" name="mail" placeholer="Your E-mail"><br/>
<p class="title">Subject</p>
<input type="text" name="subject" placeholer="Subject"><br/>
<p class="title">Message</p>
<textarea name="message" maxrows="10" placeholder="Message"></textarea><br/>
<button type="submit" name="submit"><h2>SUBMIT</h2></button><br/>
</form>
</main>
</body>
Here's my contactform.php:
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$subject = $_POST['subject'];
$mailFrom = $_POST['mail'];
$message = $_POST['message'];
$mailTo = "terryjtowell#terrytowell.com";
$headers = "From: ".$mailFrom;
$txt = "You have received an Email from ".$name.".\n\n".$message;
mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");
}
Any help would be great. I'm new to PHP but really familiar with html. the live link for the test contact form is terrytowell.com/test/index.php I've made sure to upload my code to a live hosting service so that I'll be able to use server-side scripting. Thanks
Your code is right. The problem comes from your hosting.
Freehosting.com won't allow you to use mail() function unless you pay for an addon. It's all explained here -> https://www.freehosting.com/client/knowledgebase.php?action=displayarticle&id=25
I'm new to PHP and having a hard time getting the PHP to mail when the contact form is filled out and submit is pressed. I've posted the PHP and HTML files. Any help is very much appreciated.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Jaza Solutions - Contact</title>
<link rel = "stylesheet"
type = "text/css"
href = "jazasolutions.css" />
</head>
<body>
<div id = "header">
<img src="jazasolutions.png" alt = "Jaza Solutions, LLC">
</div>
<div id="nav">
<ul>
<li><a href=JazaSolutionsContact.html>Contact</a></li>
<li><a href=JazaSolutionsAboutUs.html>About Us</a></li>
<li><a href=JazaSolutionsCourses.html>Courses</a></li>
<li><a href=JazaSolutions.html>Home</a></li>
</ul>
</div>
<div class="sideRight">
<p> Jaza Solutions</p>
<p> 9818 Ushers Place </p>
<p> Waldorf, MD 20601 </p>
<br>
<p>301-861-2133</p>
<p>info#jazasolutions.com</p>
</div>
<div class = "main">
<p> Get the Management Certification you need to make the next step in your career! </p>
<br>
<p>SEND A MESSAGE</p>
<form class="contact-form" action="contactform.php" method="post">;
<input type="text" name="name" placeholder="Full Name">
<input type="text" name="mail" placeholder="Email">
<input type="text" name="subject" placeholder="Subject">
<textarea name="message" placeholder="Message"></textarea>
<button type="submit" name="submit">SEND MAIL</button>
</form>
</div>
</body>
</html>
The PHP code is posted here. This should send an email, but I can't figure out why it's not working.
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$subject = $_POST['subject'];
$mailFrom = $_POST['mail'];
$message = $_POST['message'];
$mailTo = "pmckeown#jazasolutions.com";
$headers = "From: ".$mailFrom;
$txt = "You have received an email from ".$name.".\n\n".$message;
mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");
}
?>
I tried something similar a few years ago. After hours of searching I got a Tipp I'll never forget. The Mail RFC is so huge and has so many special cases that you don't do yourself a favor when you try to implement this on your own (Even if you get your Mail send it's most likely that it will be marked as spam from most of the Mail-Services out there because you missed some special handling or some tags). This becomes really funny when you try to send an attachment or even images in your mailer implementation. I'd recommend you try one of the proven Mail-Libraries for PHP like PHPMailer. You can expect that most of the common use-cases work out of the box without great problems.
I am beginner in web developing, I am building a website which has contact form and when the details are entered the details has to be sent to my mail id. But I am not sure why the code is not working.
<?php
if(isset($_POST["submit"])){
// Checking For Blank Fields..
if($_POST["name"]==""||$_POST["email"]==""||$_POST["note"]==""){
echo "Fill All Fields..";
}else{
// Check if the "Sender's Email" input field is filled out
$email=$_POST['email'];
// Sanitize E-mail Address
$email =filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate E-mail Address
$email= filter_var($email, FILTER_VALIDATE_EMAIL);
if (!$email){
echo "Invalid Sender's Email";
}
else{
$message = $_POST['note'];
$headers = 'From:'. $email2 . "\r\n"; // Sender's Email
$headers .= 'Cc:'. $email2 . "\r\n"; // Carbon copy to Sender
// Message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// Send Mail By PHP Mail Function
mail("[ email removed ]", $message, $headers);
echo "Your mail has been sent successfuly ! Thank you for your feedback";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hire-a-Tent</title>
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="css/style.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- jQuery -->
<script src="https://code.jquery.com/jquery-1.10.2.min.js"></script>
<!-- Javascript -->
<script src="js/jquery.placeholder.js"></script>
<script src="js/custom.js"></script>
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="favicon.ico">
</head>
<body>
<div class="background">
<div class="wrapper">
<header>
<div class="tel"><span>CALL US:</span> 9738479234 <br /><span style="padding-left:150px;">9731015469</span></div>
<div class="social">
<img src="images/facebook.png" alt="" />
<img src="images/twitter.png" alt="" />
</div>
</header>
<div class="sidebar">
<div class="order-form">
<div class="order-form-head">
<h1>Rent -a- Tent</h1>
</div>
<div class="taxi-line"></div>
<!-- Contact Form -->
<form action="email_code.php" id="form" method="post" name="form">
<div class="inp"><input type="text" class="required" name="name" id="name" placeholder="Name..." /></div>
<div class="inp"><input type="text" class="required" name="tel" id="tel" placeholder="Telephone..." /></div>
<div class="inp"><input type="text" class="required" name="email" id="email" placeholder="Email..." /></div>
<div class="inp"><textarea class="required" name="note" id="note" placeholder="Message..."></textarea></div>
<button type="submit"></button>
<div class="spacer"></div>
</form>
<?php include "email_code.php"?>
</div>
<div class="address-box">
<img src="images/icon.png" class="icon" alt="" />
<div class="text">
<span>We are located at</span><br />
85, 4th cross road,<br />
GKW layout, vijayanagar<br />
Bengaluru-40
</div>
</div>
</div>
<div class="character">
<!-- <img src="images/transparent2.png" class="taxi-driver" alt="" /> -->
<marquee behavior="alternate">T2 Tent: Rs 100/day --- T3 Tent: Rs 200/day -- Sleeping Bag: Rs 50/day --</marquee>
</div>
<div class="spacer"></div>
<footer>
<p><strong><br/><br/>Hire-a-tent</strong> © All Rights Reserved. <!--Developed by the Frequency Themes --></p>
</footer>
</div>
</div>
</body>
</html>
There are a few things wrong here, so please go over my entire answer carefully.
Firstly, your entire code's execution is relying on the conditional statement it's set in:
if(isset($_POST["submit"])){...}
where it is looking for and is relying on a named attribute of the same name, which would most likely be your submit button being:
<button type="submit"></button>
It needs to be named:
<button type="submit" name="submit"></button>
or use an input type with a name attribute:
<input type="submit" name="submit" value="Submit">
Then you have an undefined variable $email2 which would most likely need to be $email, as per:
$email=$_POST['email'];
Having used error reporting, would have both signaled an "Undefined index submit..." warning, as well as "Undefined variable email2...".
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
Now, this line:
mail("[ email removed ]", $message, $headers);
It is missing the "subject" parameter, which is an important parameter when using mail().
I.e.:
mail("[ email removed ]", $subject, $message, $headers);
therefore, you will need to add a variable for it.
I.e.:
$subject = "Form submission";
For more information on mail() and headers, visit:
http://php.net/manual/en/function.mail.php
From the manual:
bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )
To check if mail() has been in fact executed, change:
mail("[ email removed ]", $message, $headers);
to
if(mail("[ email removed ]", $message, $headers)){
echo "Mail has been sent.";
}
else{
echo "Error. Check your mail logs.";
}
If/when you see "Mail has been sent.", then mail() has done its job.
If you don't receive mail, then check your Spam or contact your hosting company if you're on a hosted site.
If you're running this from your own computer, then make sure that PHP and mail are in fact installed, running and configured properly.
Footnotes:
You're using the following twice, which one of them can be safely removed:
$email= filter_var($email, FILTER_VALIDATE_EMAIL);
EDIT:
To add other form variables to the message, first declare the POST variables:
$name=$_POST['name'];
$email=$_POST['email'];
$tel=$_POST['tel'];
Then change $message = $_POST['note']; to $comment = $_POST['note'];
and then do:
$message = "$name\n$email\n$tel\n$comment";
The \n adds line breaks.