I have a simple form with a simple mail function:
$name = $_REQUEST['name'] ;
$email = $_REQUEST['email'] ;
$company = $_REQUEST['company'] ;
$phone = $_REQUEST['phone'] ;
$message= $_REQUEST['message'] ;
mail( "$webmaster_email", "Website Form", "From: noreply#mysite.com",
"From: $email \n
Name: $name \n
Phone: $phone\n
Message: $message\n ");
header( "Location: $thankyou_page" );
However, when I test I only rarely receive mail from it and it seems to get stuck - ie: it does not redirect to the thankyou page.
I have placed echos for testing and everything works right up to the mail() function.
I have checked with my hosting provider and there is no mail queue and PHP Apache is working as normal. Obviously, I have also checked my spam folders as well.
Would anyone know why this would only be working some of the time?
You have mixed up the 3rd and 4th parameter of the mail() function. The third parameter should contain the message and the fourth the additional headers. As you are sending the message and all (user provided...) variables in the 4th parameter, that is likely to lead to the problems you are having.
You should be able to change it swapping the parameters:
mail($webmaster_email, "Website Form",
"From: $email \n
Name: $name \n
Phone: $phone\n
Message: $message\n ",
"From: noreply#mysite.com");
You should also add error handling; the mail() function returns true or false depending on successful acceptance for delivery so you could simply log the times it returns false to troubleshoot.
Related
I am trying to troubleshoot this form. It is not sending reservation requests from the form on the website. Despite showing a message that the form was sent.
I tried editing email and the headers.
<?
//print_r($_POST);
$to = “email#emaildomain.com, {$posting['email']}";
function msg($text){
echo "
<script type='text/javascript'>
alert('".$text."');
top.location.href = 'http://www.aribbq.com';
</script>
";
exit;
}
function error($text){
echo "
<script type='text/javascript'>
alert('".$text."');
history.go(-1);
</script>
";
exit;
}
if (!$_POST[date]) {error('Please, insert Date.');}
if (!$_POST[time]) {error('Please, insert Time.');}
if (!$_POST[party]) {error('Please, insert Party.');}
if (!$_POST[reservation_name]) {error('Please, insert Name.');}
if (!$_POST[reservation_email]) {error('Please, insert Email.');}
if (!$_POST[reservation_phone]) {error('Please, insert Phone.');}
if(isset($_POST['submit'])){
// then send the form to your email
//$from = ('Reservation from AriBBQ.com'); // sender
$mailheaders = "From: contact#aribbq.com" . "\r\n"; // . "CC:
design#youremail.com"
$mailheaders .= 'Reply-To: ' . $posting['Email'] . "\r\n";
$subject = "AriBBQ.com Online Reservation";
$body = "\n Contact Name: ".$_POST[reservation_name]." \r\n\n";
//
$body .= " Email: ".$_POST[reservation_email]." \r\n\n"; //
$body .= " =================================================== \r\n\n"; //
$body .= " Book a table \r\n\n
Date: ".$_POST[date]." \r\n\n
Time: ".$_POST[time]." \r\n\n
Party: ".$_POST[party]." \r\n\n
Contact Details \r\n\n
Name: ".$_POST[reservation_name]." \r\n\n
Email: ".$_POST[reservation_email]." \r\n\n
Phone: ".$_POST[reservation_phone]." \r\n\n
Message: ".$_POST[reservation_message]." \r\n\n"; //
$body .= " =================================================== \r\n\n"; //
$result = mail($to , $from , $subject , $body , $mailheaders);
if($result) {msg('Thank you, your reservation has been sent. We
will send you a confirmation text or call in person.');} //
else{error('Sending mail is failed. Please try again');} //
} else {
error('No submitted. Please try again');
}
?>
You see the form online at http://aribbq.com/. Click on reservations. Once the email is received, we want to be able to reply to the sender's email address.
Alright, essentially, you need to turn on error reporting because your script threw about 20 errors at me which you would see with error reporting on. As my comment above said, add error_reporting(E_ALL); to the top of your script while you debug.
The issues I came across are as follows:
Parse error: syntax error, unexpected '#' in /mail.php on line 4 caused by an incorrect double quote character, not " but “. Subtle, but problematic.
Next up, Multiple or malformed newlines found in additional_header in /mail.php because as of PHP 5.5.2, a bug was fixed to prevent mail header injection, so all of your \n\n within the $mailheaders should be removed, I recommend appending PHP_EOL to the end of each line instead.
You have your $from variable included in the mail() call, this presents 2 issues. One, the mail() function does not have a from parameter, you include it within the headers. Two - your variable is actually commented out.
As I mentioned in the comment above, again, your email address variable to send to is typed as $posting['email']', and $posting['Email'] within $mailheaders. The problem here is $posting doesn't exist. Secondly, your form, which you should include the HTML for in future questions for self-contained examples for people to more easily help you (see https://stackoverflow.com/help/how-to-ask), doesn't post email at all, it posts reservation_email.
Finally, the majority of your $_POST references do not include quotes so PHP doesn't know what to do with the words in between the square brackets. $_POST[date] should be $_POST['date'], for example.
I've made all the above changes and managed to successfully email myself with the script and email form provided, the only thing that I didn't look at was your msg() which didn't show me a success message. I did, however, put an echo statement before this function call which printed out fine.
I hope this helps you get your script up and running, good luck and remember, error_reporting(); is your friend!
I have a strange problem with my PHP contact form, every 15 minutes or so I get a blank email and receive them though the day?! When I fill out the form I get the details sent to me at once and all of the fields are filled out fine.
I use PHP for the form and the jQuery validate for the validation, the form works and so does the validation but since I am not strong with PHP maybe it's the process that's not right?
form.php - from: https://1stwebdesigner.com/php-contact-form-html/
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$call = $_POST['call'];
$website = $_POST['website'];
$priority = $_POST['priority'];
$type = $_POST['type'];
$message = $_POST['message'];
$formcontent=" From: $name \n Phone: $phone \n Call Back: $call \n Website: $website \n Priority: $priority \n Type: $type \n Message: $message";
$recipient = "youremail#here.com";
$subject = "Contact Form";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo "Thank You!";
?>
I had to take the form down as I receive so many mails a day. The $recipient was set to my email but left it as a dummy address for this post.
As per your code snippet. It's nothing to do with 15 mins blank email issue. Your form might been targeted with some bot or malicious script. However, it's really simple form. There are several standard practices for forms but for starters, you may be looking into following links to get the whole idea.
https://www.w3schools.com/php/php_form_complete.asp
https://www.w3schools.com/php/showphp.asp?filename=demo_form_validation_complete
When you are done with this reading, you should be looking into javascript Form Validation and Capcha integration. Once you are comfortable with Javascipt Validation, you migh jump to Jquery Validation or jQuery Validation plugins.
Above links are not really end of the world but you shall at least get the idea for basic form submission process.
Hope this helps.
I have a problem when sending a form via email using the PHP Mail function. This is the code that I'm using:
$name = $_POST['name'];
$last_name = $_POST['last_name'];
$company = $_POST['company'];
$email = $_POST['email'];
$country = $_POST['country'];
$phone = $_POST['phone'];
$message = $_POST['message']); //This comes from the form
$formcontent="Name: $name $last_name <br> Company: $company <br> Email: $email <br> Country: $country <br> Telephone: $phone <br><br> Message: $message";
$mailheader = 'MIME-Version: 1.0' . "\r\n";
$mailheader .= 'Content-type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable' . "\r\n";
$mailheader .= 'From: ' . $email . "\r\n";
mail("my#email.com", "subject", $formcontent, $mailheader) or die("Error!");
This is a form that will be sending spanish and special characters, like ñ, accents, ç, etc...
The problem is that, if I use it like this, it works fine in Firefox 3.6.3, but when using the form in Internet Explorer 8, the special characters that sends are all messed up (like ç instead of a ç). However, if I add utf8_encode to the variables in the $formcontent, then it works in IE, but it stops working in Firefox, showing stuff like η instead of ç.
What can I do to make it work regardless of the browser? Any help would be much appreciated!
EDIT:
I've noticed that, if I echo the $formcontent variable before sending it with mail, if I'm using Firefox, the special characters are already messed-up. How can I avoid the browsers interfering with what's being sent? Please I'm totally clueless right now!!! I don't know what to change to have something working. Even if it's a dumbed down version, is there any alternative to have PHP Mail working with special characters in both browsers?
Basically you need to make sure that every charset on your page is the same. Make sure the page has a utf-8 charset aswel. Since you're sending it in utf8 the input must come from utf8 aswell.
Could you perhaps show us the code of the page (or a live demo) where the mail is being made?
I'm building a simple order system and want to send an email after the form is submitted. My PHP code looks similar to this:
$name=$_POST["orderName"];
$company=$_POST["orderCompany"];
$email=$_POST["orderEmail"];
$phone=$_POST["orderPhone"];
$headers = "From: $email\r\n" .
$item1=$_POST["orderItem1"];
$qty1=$_POST["orderQty1"];
$item2=$_POST["orderItem2"];
$qty2=$_POST["orderQty2"];
$item3=$_POST["orderItem3"];
$qty3=$_POST["orderQty3"];
$date = date("l, F j Y, G:i") ;
$message="Message sent: $date \n\n
Name: $name\n
Company: $company\n
Email: $email\n
Phone: $phone\n\n
Order:\n
$item1 \tx$qty1\n
$item2 \tx$qty2\n
$item3 \tx$qty3\n";
mail("sales#company.com", "Order", $message, $headers);
That works fine, except in the body of the email I get the value of $item1 string at the very beginning, before the "Message sent..." - just like I added it to the $message (which I don't as far as I can see).
Where you have this:
$headers = "From: $email\r\n" .
you want this instead:
$headers = "From: $email\r\n";
Otherwise, you're concatenating whatever comes on the next line (which happens to be the definition for $item1) to the end of $headers. Although that's not technically valid (i.e., the content is part of the message headers and not body), most e-mail clients will effectively shrug and show it anyway.
Please, please, please add some sanitizing to your POST variables before going with this in production.
Let's see here:
$email=$_POST["orderEmail"];
$headers = "From: $email\r\n";
mail("sales#company.com", "Order", $message, $headers);
I could send a POST request where "orderEmail" contains:
"helo#helo.lv\r\n
From: viagra#farmacety.net\r\n
BCC: victim1#domain1.com, victom2#domain3.com"
etc. and your harmless form would work great for me sending spam to the whole world. This site suggects:
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
[... direct user to an error page and quit ...]
}
I have a simple PHP mailer script that takes values from a form submitted via POST and mails them to me:
<?php
$to = "me#example.com";
$name = $_POST['name'];
$message = $_POST['message'];
$email = $_POST['email'];
$body = "Person $name submitted a message: $message";
$subject = "A message has been submitted";
$headers = 'From: ' . $email;
mail($to, $subject, $body, $headers);
header("Location: http://example.com/thanks");
?>
How can I sanitize the input?
Sanitize the post variable with filter_var().
Example here. Like:
echo filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
Since you're not building an SQL query or anything here, the only relevant validation that I can see for those inputs is an email validation for $_POST["email"], and maybe an alphanumeric filter on the other fields if you really want to limit the scope of what the message can contain.
To filter the email address, simply use filter_var:
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
As per Frank Farmer's suggestion, you can also filter out newlines in the email subject:
$subject = str_replace(array("\r","\n"),array(" "," "),$subject);
As others have noted, filter_var is great. If it's not available, add this to your toolchest.
The $headers variable is particularly bad security-wise. It can be appended to and cause spoofed headers to be added. This post called Email Injection discusses it pretty well.
filter_var is great, but another way to assure that something is an email address and not something bad is to use an isMail() function. Here's one:
function isEmail($email) {
return preg_match('|^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]{2,})+$|i', $email);
};
So to use this, you could do:
if (isset($_POST['email']) && isEmail($_POST['email'])) {
$email = $_POST['email'] ;
} else {
// you could halt execution here, set $email to a default email address
// display an error, redirect, or some combination here,
}
In terms of manual validation, limiting the length using substr(), running strip_tags() and otherwise limiting what can be put in.
You need to remove any newlines from input provided by users in $headers, which gets passed to mail() ($email in your case)! See Email injection.
PHP should take care of sanitizing $to and $subject, but there are versions of PHP with bugs (Affected are PHP 4 <= 4.4.6 and PHP 5 <= 5.2.1, see MOPB-34-2007).
You can use the code from artlung's answer above to validate email..
I use this kind of code to prevent header injection ..
// define some mail() header's parts and commonly used spam code to filter using preg_match
$match = "/(from\:|to\:|bcc\:|cc\:|content\-type\:|mime\-version\:|subject\:|x\-mailer\:|reply\-to\:|\%0a|\%0b)/i";
// check if any field's value containing the one or more of the code above
if (preg_match($match, $name) || preg_match( $match, $message) || preg_match( $match, $email)) {
// I use ajax, so I call the string below and send it to js file to check whether the email is failed to send or not
echo "failed";
// If you are not using ajax, then you can redirect it with php header function i.e: header("Location: http://example.com/anypage/");
// stop the script before it reach or executing the mail function
die();
}
The mail()'s header filtering above is too strict, since some users may be using the filtered strings in their message without any intention to hijack your email form, so redirect it to a page that is explaining what kind of strings that is not allowed in the form or explain it on your form page.