Mailer wont work correctly - php

I'm trying to use this mailer and have it redirect to a success/fail page depending on the fields a user enters. It works and sends the mail and also redirects to a success page when all the fields are entered, but when nothing is entered it just goes to a blank page but still sends the mail?
How could I make this work as intended? Ideally I would like it to just direct to the same page and show a success or error message within the page but I don't know how to do it.
My code for my mailer is below:
<?php
$name = $_POST['name'];
$company = $_POST['company'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$website = $_POST['website'];
$features = $_POST['features'];
$budget = $_POST['budget'];
$timeline = $_POST['timeline'];
$content = $_POST['content'];
$additional = $_POST['additional'];
$to = "hello#phnx-creative.co";
$subject = "Project Req: $company";
$body = "Name: $name \n\n Company Name: $company \n\n Email: $email \n\n Phone Number: $phone \n\n Website: $website \n\n Features: $features \n\n Budget: $budget \n\n Timeline: $timeline \n\n Content: $content \n\n Additional Info: $additional";
$from = $email;
if(!empty($_POST['name']) || !empty($_POST['email']) || !empty($_POST['phone']) || !empty($_POST['features']) || !empty($_POST['budget']) || !empty($_POST['timeline']) || !empty($_POST['content'])){
if (mail($to, $subject, $body, $headers)) {
header("Location: success.php");
} else {
header("Location: error.php");}
}
?>


You don;'t appear to have $headers set. That may be the issue, set it up so that it sends it with $headers


In your if statement where you check that you received everything through POST , you should use the "and" comparator && and not the "or" comparator ||. In your case, the condition will be true if only one of the POST variable is not empty - unless this is what you want?
You should also check the content of the POST variables before assigning their value to your variables at the top. You could do something like suggested by Tibbers.

Related

Send e-mail with page name in it

I currently have a contact form, from which e-mails are composed and sent using php. I use a separate php file for that.
$errors = '';
$myemail = 'mail#gmail.com';//
if(empty($_POST['name']) ||
empty($_POST['email']) ||
empty($_POST['phone']))
{
$errors .= "\n Будь ласка, заповніть усі поля";
}
$name = $_POST['name'];
$email_address = $_POST['email'];
$message = $_POST['phone'];
$page = getRequestURI();
if (!preg_match(
"/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i",
$email_address))
{
$errors .= "Некоректна адреса e-mail";
}
if( empty($errors))
{
$to = $myemail;
$email_subject = "Contact form submission: $name";
$email_body = "Нове замовлення туру: $page".
"Деталі:\n Ім'я: $name \n Email: $email_address \n Телефон \n $message";
$headers = "From: $myemail\n";
$headers .= "Reply-To: $email_address";
mail($to,$email_subject,$email_body,$headers);
//redirect to the 'thank you' page
header('Location: contact-form-thank-you.html');
}
I need to put such forms on different pages. And there should be information about the page on which form was submitted in the message sent by e-mail.
Is there a possibility to do that without creating separate php files for every page?
In other words how can I get the name (or url) of the page, on which form was submitted?

You can get the current request URI by using $_SERVER['REQUEST_URI'].
Assuming your script is located at http://example.com/some/page-here/more, $_SERVER['REQUEST_URI'] would be /some/page-here/more.

Weeding out spammers/bots via php

I am trying to create a hidden email field in my contact form that, when filled out, will not send me an email (meaning a spammer filled in the hidden email field), instead, just sending the spammer to a confirmation page saying that the email was sent.
I can't get it to work properly.
Test site - http://www.webexplosive.com/s1/contact.html
Here is my php script for the contact form:
<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST ['email1'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$testBot = $_POST ['email2'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'beefjelly69#yahoo.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
if(email2 == "") { //If email2 form section is blank then...
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST ['email1'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$testBot = $_POST ['email2'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'beefjelly69#yahoo.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
}
else {
header("Location: thankyou.html");
}
?>

Code Technique
The best way, I've seen for weeding out bots and spammers in conmment and public forms, without captcha. Is to generate a random md5 hash (each refresh, should render the previous hash useless), store said hash in a cookie (for POST retrieval). Then append the hash string to each input[name=username_d109770c2788b022deb0fac1182c9e19] (I'd also POST the hash on the form, and validate the POST against the cookie).
The benefit to hashing input fields is.. it will increase the difficulty of bots being able to hard code to specific inputs (plus passive server validation).
Once you've done this simply add input validation such as email regular expressions and so fourth.
Security Technique
Install the honeypot project to your server, it has 101,130,389 spam servers identified as of 8:48 PM, 19/02/2014 (UTC+12:00).
Project Honey Pot is a web based honeypot network which uses software embedded in web sites to collect information about IP addresses used when harvesting e-mail addresses for spam

This is because you always call the mail form first. You need to validate it before you call it. Call the mail function after you have checked that the email2 field is empty.
As it is, it will always send the mail, before hitting the if statement.
Suggestion: Look into implementing a captcha or something similar than that.

Here's a revised version of your code with basic form validation (but it only checks for empty fields, it doesn't check if the e-mail is valid - you can easily add that though) and more importantly, email header injection protection.
Note : I didn't test this code and it may fail miserably - feel free to downvote if that's the case
// Form validation, display errors
// in case of empty fields
$fields = ["firstname", "lastname", "email1", "phone", "comments"]
foreach ($fields as $field) {
if (!isset($_POST[$field]) || empty($_POST[$field])) {
die("Error, ".$field." can't be empty, please retry."); // if validation fails we stop the script
}
}
if (isset($_POST["email2"]) && !empty($_POST["email2"])) {
die(); // hidden field isn't empty, so it's spam, so we stop there
}
// e-mail header injection protection
$email1 = filter_var($_POST["email1"], FILTER_SANITIZE_EMAIL);
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'beefjelly69#yahoo.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");

(A late answer, but could prove to be useful down the road).
Generally, SPAMBOTS will look for a form element called email or contact or any visible input they can put their little spammy hands on.
What you could do is to show/mark an input stating "If you're human, DO NOT fill this".
For example:
If you're human, DO NOT fill this: <input type="text" name="email">
then check if the field is not empty. If it is not empty and (most likely) filled in by the SPAMBOT, then make it die(); or redirect.
For example: and using an if(isset... from a named submit button:
<input type="submit" name="soobmeet" value="Send">
Sidenote: I chose "soobmeet" because it's generally not a good idea to name it "submit" etc.
(Something I learned recently from one the BIG GUNS here on SO)
PHP
<?php
if(isset($_POST['soobmeet'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST ['email1'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$email = $_POST ['email'];
if(!empty($_POST['email'])){
header("Location: get_lost.html");
// or make it die();
}
else{
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'email#example.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
}
}
?>

First of all, I honestly don't recommend this as a spam/bot deterrent - there are many well tested third party libraries out there for you to use. Having said that, I've edited your code with some minor improvements. Hope this helps somewhat.
<?php
// Note: It is your own responsibility to validate user input!
if(isset($_POST['email2']) && $_POST['email2'] != "") {
$strFirstName = $_REQUEST['firstname'];
$strLastName = $_REQUEST['lastname'];
$strEmail = $_REQUEST['email1'];
$strPhone = $_REQUEST['phone'];
$strComments = $_REQUEST['comments'];
$strTestBot = $_REQUEST['email2'];
$strBody = "First name: ".$strFirstName." \nLast name: ".$strLastName." \nEmail: ".$strEmail." \nPhone: ".$strComments." \n";
mail('beefjelly69#yahoo.com', 'Contact Form Submitted - Virginia Subsite', $strBody, 'From: '.$strEmail);
header("Location: thankyou.html");
} else {
header("Location: thankyou.html");
}
?>
Is this what you're trying to achieve? Also, you should be validating each of the fields e.g. checking whether they're empty, of the right format and length etc. preg_match() is an awesome way of doing this, plus you can add some minor validation at the client side as well.

Adding security to PHP mail file

I've created a working contact form with a PHP file. I have read so many post about security, to the point I'm really confused about what code is needed to filter out potential spammers. Code below is what I have so far. Would you be so kind as to provide any code that would secure this php file so I can learn the correct way.
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website'];
$message = $_POST['message'];
$formcontent=" From: $name \n Phone: $phone \n Call Back: $call \n Website: $website \n Priority: $priority \n Type: $type \n Message: $message";
$recipient = "";
$subject = "Contact Form Enquiry";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
$homepage = file_get_contents('http://www.fashionablefondants.co.uk/response.html');
echo $homepage;
?>

When receiving email's I only get my email address as "sent from." although it was sent from another email address. What should I add or change?

So I'm using this code for php mail and I keep getting MY email address rather than the actualy senders email, when I test it on my website's contact form. Any help? By the way, I use my email in the recipients address.
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$call = $_POST['call'];
$website = $_POST['website'];
$priority = $_POST['priority'];
$type = $_POST['type'];
$message = $_POST['message'];
$formcontent=" From: $name \n Phone: $phone \n Call Back: $call \n Type: $type \n Message: $message";
$recipient = "myemail#address.com";
$subject = "Contact Form";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
?>

Have a look at php:mail manual in the example#3 you can see,
<?php
mail('nobody#example.com', 'the subject', 'the message', null,'-fwebmaster#example.com');
?>
You can see
The additional_parameters parameter can be used to pass an additional parameter to the program configured to use when sending mail using the sendmail_path.

Need a PHP email send script for HTML an form

I have a single page portfolio website that I'm building and I have a contact form that I need to process using php send script. I'm a novice when it comes to PHP so I'm having trouble getting this to work. I've done some searching but I can't find what I'm looking for.
Here's what I have done, I copied this from a PHP contact page that I had built but the PHP and form are on the same page and I need an external send.php to process my form.
<?php
$error = ''; // error message
$name = ''; // sender's name
$email = ''; // sender's email address
$company = ''; // company name
$subject = ''; // subject
$comment = ''; // the message itself
if(isset($_POST['send']))
{
$name = $_POST['name'];
$email = $_POST['email'];
$company = $_POST['company'];
$subject = $_POST['subject'];
$comment = $_POST['comment'];
if($error == '')
{
if(get_magic_quotes_gpc())
{
$message = stripslashes($message);
}
// the email will be sent here
// make sure to change this to be your e-mail
$to = "example#email.com";
// the email subject
// '[Contact Form] :' will appear automatically in the subject.
// You can change it as you want
$subject = '[Contact Form] : ' . $subject;
// the mail message ( add any additional information if you want )
$msg = "From : $name \r\ne-Mail : $email \r\nCompany : $company \r\nSubject : $subject \r\n\n" . "Message : \r\n$message";
mail($to, $subject, $msg, "From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n");
}
}
if(!isset($_POST['send']) || $error != '')
{
header("location: http://www.#.com/#contact");
}
?>
So for my form I want to have:
<form method="post" action="send.php" class="form">
I plan on using HTML5 and jQuery to validate the form, so I really only need the script to capture the info and send the email to a single address. After it sends I want the script to redirect back to the Contact page.
Edit:
I found a solution after spending a while on google.
http://www.website.com/#contact");
?>

For one thing, you haven't initialized the value for $message
$message = stripslashes($message);
You probably meant to use $comment instead of $message

Not sure what problem you're facing. Simply copy the PHP you have into a file called send.php and my first glance says it'll work if you change $message back to $comment and add error checking. If you still have issues, post back with more details.

Categories