new to the forum and trying my hand at some coding to help out a friend who cant seem to get this right..
with that being said, i was originally having issues with the contact form on a website not being able to send an email. after a bit of searching on the net and adding a few components here and there it is finally working, but now i have an additional problem..
when the email gets sent through (this is a business website and it sends an email from there to the relevant sales department etc) its all shoved into one line and looks terrible..
like this-
"Name: TEST EMAIL FROM WEBSITETel: 011 937 0572Email:
myemail#zmail.comMessage: TEST PLEASE CONFIRM
test 38"
what i have not been able to find is how to seperate the text so that it comes through in an email as seperate lines like this-
Name: Client
Tel: 011 000 0000
Email: myemail#zmail.com
Message: text here etc.
i have linked the contact form to a .php document, so i would presume that it is in this document that the change would need to take place?? i have tried to add in <br /> & <div> but neither do anything except give me an error message when i try send form from the site.
here is the code for the contactgenie.php linked to the contact form that works 100%
<?php
$EmailFrom = "myeamail#zmail.co.za";
$EmailTo = "myemail#zmail.co.za";
$Subject = "Company Name - Online Enquiry";
$Name = Trim(stripslashes($_POST['Name']));
$Tel = Trim(stripslashes($_POST['Tel']));
$Email = Trim(stripslashes($_POST['Email']));
$Message = Trim(stripslashes($_POST['Message']));
// validation
$validationOK=true;
if (!$validationOK) {
print "There has been an error, please make sure you entered a correct email address."; // You can edit this to your own error message
exit;
}
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "";
// send email
$success = mail($EmailTo, $Subject, $Body, $Headers = "From: <$EmailFrom\r\n");
// redirect to success page
if ($success){
print "Thank you, your email has been sent! We will be in touch shortly!"; // You can edit this to your own success message
}
else{
print "There has been an error, please make sure you have entered your details correctly."; // You can edit this to your own error message
}
?>
any help with this would be greatly appreciated, thanks
Dillon
You could pre-format the mail body using standard line breaks within double quotes like this:
$Body = "
Name: {$Name}
Tel: {$Tel}
Email: {$Email}
Message: {$Message}";
To achive the double line-height you insert another return between the lines:
$Body = "
Name: {$Name}
Tel: {$Tel}
Email: {$Email}
Message: {$Message}";
thanks for all your help guys! i got it to work, i added "\n" into the code and it works perfectly, i just need it to seperate the text so that it is easier to read when the email comes through from the site, thanks again really helped me out with this!
add <br/> tag to add new line space with your variables like this
$Body = "";
$Body .= "Name: ";
$Body .= $Name.'<br/>';
and wherever else you want to add new line space
for this your must be in HTML form
because there are two type of email html and richtext. takecare of that also.
Not sure if this works but if it's HTML email, this should work.
$Body .= '<html><body>';
$Body .= "Name: ";
$Body .= $Name;
$Body .= "<br>";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "<br>";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "<br>";
$Body .= "Message: ";
$Body .= wordwrap($Message, 50);
$Body .= '</body></html>';
The message may or may not work. Don't get your hopes up to high on that part.
add <br/> tag to add new line space with your variables like this
$Body = "Name : " $Name ."<br/>";
$Body .= "Tel : " $Tel ."<br/>";
$Body .= "Email : " $Email ."<br/>";
$Body .= "Message: " $Message ."<br/>";
Don't use break tag, it is not working.You can easily use "\r\n" as line break
$Body = "Name : ". $name ."\r\n"."Email : " . $email ."\r\n"."Contact : " . $contact;
Related
I have been self-learning about our office websites over the past couple years and recently our original web person became unable to work on or help with the sites she had set up. Several of our websites have error logs that are filling up from undefined variable notifications. From my research, I believe I need to declare whatever it is giving the error. The example below is from one site with a reference to body. I am a php noob so I appreciate any help. If I add $body = Trim(stripslashes($_POST['body'])); below the human line, will that fix it? I'm afraid to get carried away with changes that might not be necessary since she can't repair any mistake I might make.
PHP Notice: Undefined variable: Body in email.php on line 48
<?php
$emailTo = "email#email.com"; // Email address you want submitted forms to go to
$Subject = "Email Inquiry"; // subject line for emails
$name = Trim(stripslashes($_POST['name']));
$phone = Trim(stripslashes($_POST['phone']));
$email = Trim(stripslashes($_POST['email']));
$mailheader = "From: $email \r\n";
$message = Trim(stripslashes($_POST['message']));
$human = Trim(stripslashes($_POST['human']));
// prepare email body text
$Body .= "Name: "; (this is line 48)
$Body .= $name;
$Body .= "\n";
$Body .= "Phone: ";
$Body .= $phone;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $message;
$Body .= "\n";
This case.. Need to define the variable $Body before you doing String Concatenation.
// prepare email body text
$Body = ''; // define first
$Body .= "Name: ";
$Body .= $name;
$Body .= "\n";
$Body .= "Phone: ";
$Body .= $phone;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $message;
$Body .= "\n";
Below is the code I'm using for a simple contact form. It seems our code is being manipulated and someone is using the contact form for email injection. I'm relatively new to PHP and I've tried researching online but currently I'm having no joy.
Does anyone have some advice?
<?php
// get posted data into local variables
$EmailFrom = Trim(stripslashes($_POST['EmailFrom']));
$EmailTo = "email#email.com";
$Subject = "subject";
//$Title = Trim(stripslashes($_POST['Title']));
$First = Trim(stripslashes($_POST['First']));
//$Surname = Trim(stripslashes($_POST['Surname']));
//$Company = Trim(stripslashes($_POST['Company']));
//$Address = Trim(stripslashes($_POST['Address']));
//$Address2 = Trim(stripslashes($_POST['Address2']));
//$Address3 = Trim(stripslashes($_POST['Address3']));
//$Area = Trim(stripslashes($_POST['Area']));
//$County = Trim(stripslashes($_POST['County']));
//$Postcode = Trim(stripslashes($_POST['Postcode']));
$Telephone = Trim(stripslashes($_POST['Telephone']));
//$Fax = Trim(stripslashes($_POST['Fax']));
$EmailFrom = Trim(stripslashes($_POST['EmailFrom']));
$AmountOwed = Trim(stripslashes($_POST['AmountOwed']));
$ip = Trim(stripslashes($_POST['ip']));
//$Marketing = Trim(stripslashes($_POST['Marketing']));
//$Contact = Trim(stripslashes($_POST['Contact']));
$Details = Trim(stripslashes($_POST['Details']));
// validation
$validationOK=true;
if (Trim($EmailFrom)=="Your email: (required)") $validationOK=false;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
exit;
};
if (Trim($Telephone)=="Your Telephone: (required)") $validationOK=false;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
exit;
};
if (Trim($First)=="Your name: (required)") $validationOK=false;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
exit;
}
// prepare email body text
$Body = "";
//$Body .= "Title: ";
//$Body .= $Title;
//$Body .= "\n";
$Body .= "First: ";
$Body .= $First;
$Body .= "\n";
//$Body .= "Surname: ";
//$Body .= $Surname;
//$Body .= "\n";
//$Body .= "Company: ";
//$Body .= $Company;
//$Body .= "\n";
//$Body .= "Address: ";
//$Body .= $Address;
//$Body .= "\n";
//$Body .= "Address2: ";
//$Body .= $Address2;
//$Body .= "\n";
//$Body .= "Address3: ";
//$Body .= $Address3;
//$Body .= "\n";
//$Body .= "Area: ";
//$Body .= $Area;
//$Body .= "\n";
//$Body .= "County: ";
//$Body .= $County;
//$Body .= "\n";
//$Body .= "Postcode: ";
//$Body .= $Postcode;
//$Body .= "\n";
$Body .= "Telephone: ";
$Body .= $Telephone;
$Body .= "\n";
//$Body .= "Fax: ";
//$Body .= $Fax;
//$Body .= "\n";
$Body .= "EmailFrom: ";
$Body .= $EmailFrom;
$Body .= "\n";
$Body .= "AmountOwed: ";
$Body .= $AmountOwed;
$Body .= "\n";
$Body .= "ip: ";
$Body .= $ip;
$Body .= "\n";
//$Body .= "Marketing: ";
//$Body .= $Marketing;
//$Body .= "\n";
//$Body .= "Contact: ";
//$Body .= $Contact;
//$Body .= "\n";
$Body .= "Details: ";
$Body .= $Details;
$Body .= "\n";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=thankyou.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
}
?>
I would start by looking over http://securephpwiki.com/index.php/Email_Injection#Using_php_mail.28.29_function to get an idea of what's actually happening.
On the input, validate that the inputs, for example check the input email is actually an email address:
if (!filter_var($EmailFrom, FILTER_VALIDATE_EMAIL)) {
// This isn't actually an email address
}
I suggest you to use a (simple?) regular expression to validate all the fields you accept from online modules.
Just as an example, you can check if a email address is conform to RFC822 using something like
if (!preg_match('^\S+#\S+\.\S+$/',$EmailFrom)) { # this is bad
You can also use this specific PECL function for that specific task:
http://php.net/manual/en/function.mailparse-rfc822-parse-addresses.php
The point is to avoid accepting control characters (e.g. newline) from the attacker, so define a strict regex and validate ALL the input against known patterns.
PHP's mail function is highly vulnerable to attack. There are a number of vectors to be aware of, but the most likely one is a header injection:
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
In the code above, you are specifying the headers field as "From: <$EmailFrom>".
If $EmailFrom contains a valid email address and nothing else, then this is perfectly fine. However, all a hacker needs to do is append line feeds to it, and he can start adding additional headers. And once you can insert arbitrary headers into an email, you can basically rewrite the entire email.
You currently aren't doing any kind of validation on the email address, so it would be trivially easy for a hacker to inject whatever he liked into this field.
So the short answer is to be much more careful to validate that the email addresses being submitted are actually valid email addresses.
However, as I said already, this isn't the only problem with PHP's mail() function, so longer term you should seriously consider replacing it with a more robust solution such as the phpMailer or SwiftMailer libraries. These libraries resolve the security issues with sending mail in PHP by adding a strong layer of security features. They also make it a lot easier to use more advanced email features like html email and attachments.
The other thing you should do if you're having a security issue in PHP is make sure that you are using an up-to-date version. If your PHP version is anything lower than 5.4.45 (as of the date of this answer), then you should consider it to have known security holes which could be expolited, regardless of how good your actual code is. You haven't mentioned what version you're on, but please check and consider upgrading if necessary.
Finally, I note that you are doing trim(stripslashes(...)) on your input data. Please note that this is completely useless. Newer versions of PHP do not need you to do this at all. Older versions of PHP had a setting that automatically added slashes to input data; stripslashes() was then used in your code to remove them. However this feature was removed from PHP a number of years ago, so if you're using a recent PHP version the stripslashes() function will not be achieving anything. But more significantly, even when it was necessary, it certainly doesn't do anything to validate the content of the field or make it safe from attack.
I have a contact form, when submitting on my page says 'Access denied.' There is nothing else, so I can't seem to figure out how to debug.
Here is the code :
<?php
$EmailFrom = "username#email.com";
$EmailTo = "username#email.com, username2#email.com";
$Subject = "Subject";
$Name = Trim(stripslashes($_POST['Name']));
$Company = Trim(stripslashes($_POST['Company']));
$Email = Trim(stripslashes($_POST['Email']));
$Tel = Trim(stripslashes($_POST['Tel']));
$Message = Trim(stripslashes($_POST['Message']));
// Validation
$validationOK = true;
if (! $validationOK)
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}
// Prepare Email Body Text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Company: ";
$Body .= $Company;
$Body .= "\n";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "\n";
$Body .= "Further comments: ";
$Body .= $Message;
$Body .= "\n";
// Send Email
$success = mail($EmailTo, $Subject, $Body, "From: <$Email>");
// Redirect To Success Page
if ($success)
{
echo '<script>alert("Thanks for your message, somebody will get in touch with your shortly.");</script>';
echo "<meta http-equiv=\"refresh\" content=\"0;URL=../contact\">";
}
else
{
echo '<script>alert("There has been an error, please try again later.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
?>
I'm not sure why it's not working, could someone shed some light on this?
The headers of the page you're submitting the form to are actually returning a HTTP 403 Forbidden error.
I'd suggest checking the file permissions & ownership of the contactengine.php file are correct as a first step.
I have a contact form on a html page. The form data is sent to a PHP page which sends the info to an email address. It works for addresses *#gmail, *#hotmail.com but the person who needs to receive it has Outlook set-up for their website.com address and it doesn't work. Is there another setting I need somewhere?
Here is PHP code:
<?php
$EmailFrom = "myname#website.com";
$EmailTo = "receiver#website.com";
$Subject = "Website Contact Form";
$Name = Trim(stripslashes($_POST['name']));
$Location = Trim(stripslashes($_POST['location']));
$Phone = Trim(stripslashes($_POST['phone']));
$Email = Trim(stripslashes($_POST['email']));
$Comments = Trim(stripslashes($_POST['comments']));
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Location: ";
$Body .= $Location;
$Body .= "\n";
$Body .= "Phone: ";
$Body .= $Phone;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Comments: ";
$Body .= $Comments;
$Body .= "\n";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.php\">";
?>
This question comes up quite a bit.
There is a strong possibility that the mail client (in this case outlook) is configured to filter messages that lack proper headers. This could be at the client point or at the server connection at smtp time. The main thrust of the issue is that the basic php mail() core function is almost universally mistrusted due to its potential for abuse by spammers.
You should try using a library like PHPMailer to help guide you to setting the reply-to and other headers properly.
I was testing this (nice) simple form from CSS Tricks. In a website hosted in Godaddy.
And I got the following warning:
Warning: mail() [function.mail]: SMTP server response: 451 See
http://pobox.com/~djb/docs/smtplf.html
in
D:\Hosting\4923367\html\test\contactengine
on line 32.
(I checked the page but i didn't see anything useful)
contactengine.php
<?php
$EmailFrom = "chriscoyier#gmail.com";
$EmailTo = "janoochen#gmail.com";
$Subject = "Nice & Simple Contact Form by CSS-Tricks";
$Name = Trim(stripslashes($_POST['Name']));
$Tel = Trim(stripslashes($_POST['Tel']));
$Email = Trim(stripslashes($_POST['Email']));
$Message = Trim(stripslashes($_POST['Message']));
// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
Any suggestions?
This link provides a solution. Try replacing your newlines with \r\n
In mail message headers and content, new lines are supposed to be denoted by both a carriage return (CR) and a line feed (LF)