I'm trying to get the user ip address from a php contact form, i have the following code, but i want to know is it valid to use clean_string in this way to email myself the ip address?
<?php
session_start();
if(isset($_POST['fullname'])) {
include 'freecontact2formsettings.php';
function died($error) {
echo "Sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['fullname']) ||
!isset($_POST['Address1']) ||
!isset($_POST['city']) ||
!isset($_POST['Postcode']) ||
!isset($_POST['contactnum']) ||
!isset($_POST['emailaddress'])
) {
died('Sorry, there appears to be a problem with your form submission.');
}
$ip = $_SERVER['HTTP_CLIENT_IP'];
$ansb0_from = $_POST['fullname']; // required
$ansb1_from = $_POST['Address1']; // required
$ansb3_from = $_POST['city']; // required
$ansb4_from = $_POST['Postcode']; // required
$ansb5_from = $_POST['contactnum']; // required
$ansb6_from = $_POST['emailaddress']; // required
$error_message = "";
$email_message = "PHP CONTACT FORM:\r\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:");
return str_replace($bad,"",$string);
}
$email_message .= "Forename: ".clean_string($ansb0_from)."\r\n";
$email_message .= "Address 1: ".clean_string($ansb1_from)."\r\n";
$email_message .= "City: ".clean_string($ansb3_from)."\r\n";
$email_message .= "Postcode: ".clean_string($ansb4_from)."\r\n";
$email_message .= "Contact Number: ".clean_string($ansb5_from)."\r\n";
$email_message .= "Email Address: ".clean_string($ansb6_from)."\r\n";
$email_message .="IP Address: ".clean_string($ip)."\n\n";
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
header("Location: $thankyou");
?>
<script>location.replace('<?php echo $thankyou;?>')</script>
<?php
}
die();
?>
Also,
$ip = $_SERVER['HTTP_CLIENT_IP'];
is on the contact form script page, not the actual form.php which the user enters information on, i think thats where im going wrong right?
You don't want the IP in the form itself. That way it can be displayed, edited, and messed with. Instead, simply capture it server-side using:
$_SERVER['REMOTE_ADDR'];
Googling this question should by the way return half a billion results that are all valid. Just a quick reminder.
You want to check for both $_SERVER["REMOTE_ADDR"] and $_SERVER["HTTP_X_FORWARDED_FOR"], as the latter may be necessary if a user is behind a proxy server.
You can read more here: https://stackoverflow.com/a/3003233/666468
Related
I am trying to make a contact form using HTML and PHP. The PHP for the form is below:
<?php
if(isset($_POST['email'])) {
// Email to information
$email_to ="personalemail#email.com";
$email_subject ="Contact";
$email_from ="Person";
// Error code
function died($error) {
echo "We are sorry, but there were error(s) found with the form you submitted.";
echo "These errors appear below.<br/><br/>";
echo $error. "<br/><br/>";
echo "Please go back and fix these errors.<br/>";
die();
}
// Validation
if(!isset($_POST['fname']) || !isset($_POST['lname']) || !isset($_POST['email']) || !isset($_POST['message'])) {
died('We are sorry but there appears to be a problem with the form you submitted.');
}
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$message = $_POST['message'];
$error_message = "";
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_message .= 'The email address you entered does not appear to be valid.<br/>';
}
$string_exp = "/^[A-Za-z.'-]+$/";
if(!preg_match($string_exp, $fname)) {
$error_message .= 'The first name you entered does not appear to be valid.<br/>';
}
if(!preg_match($string_exp, $lname)) {
$error_message .= 'The last name you entered does not appear to be valid.<br/>';
}
if(strlen($message) < 2) {
$error_message .= 'The message you entered does not appear to be valid.<br/>';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "", $string);
}
$email_message .= "Name:" . clean_string($fname) . clean_string($lname) . "\n";
$email_message .= "Email:" . clean_string($email) . "\n";
$email_message .= "Message:" . clean_string($message) . "\n";
// Create email headers
$headers = 'From: ' .$email_From . "\r\n". 'Reply-To:' . $email. "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
?>
Thankyou for contacting me. I will be in contact with you shortly. <br/>
Please click here to go back to the main website
<?php
}
?>
The issue is that when the form is submitted, it never sends an email to my own personal email. Is there something more I have to set up with the web hosting or is the problem purely in the code? I did some research about the appropriate code to put in and have tried many different options but none seem to work.
Forms that send email are errorprone, and worse yet, if something goes wrong neither you nor the end user usually get an error message. They will just think your customer service is not responding. Things that do go wrong: webserver email server down or malconfigured, recieving mailbox full, spamfilter eat email, rules on webserver's emailserver change and throws away your mails.
I recommend a cloud hosted form, that stores the form submissions and notify you by email, but email is not the primary data storage.
Something like this perhaps, has a free plan:
http://www.wufoo.com/features/
Everything on the form works but it will not redirect to another page. It continues to give a text message. I've added a header('Location: http://mywebsite.com/'); but no luck. I'm new at PHP and would really appreciate help in fixing this code.
Current code:
<?php
if(isset($_POST['email'])) {
$email_to = "me#email.com";
$email_subject = "Contact Request";
function died($error) {
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if( !isset($_POST['full_name']) ||
!isset($_POST['agency']) ||
!isset($_POST['title']) ||
!isset($_POST['email']) ||
!isset($_POST['phone']) ||
!isset($_POST['comments'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$full_name = $_POST['full_name']; // required
$agency = $_POST['agency']; // required
$title = $_POST['title']; // required
$email = $_POST['email']; // required
$phone = $_POST['phone']; // not required
$comments = $_POST['comments']; // required
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($full_name)."\n";
$email_message .= "Agency: ".clean_string($agency)."\n";
$email_message .= "Title: ".clean_string($title)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "phone: ".clean_string($phone)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
header('Location: http://mywebsite.com/');
?>
<?php } ?>
Is the last line of code a typo in your question or part of your code?
<?php } ?>
If it's really part of your code, php is going to try and execute '}' and most likely screw up.
You don't say what the text message is that you receive.
Just remove ?> after this line
header('Location: http://mywebsite.com/');
Hi Im trying to get a contact us page to get a email address and send it to an email. Everytime I click submit the php file just downloads. I have loaded php version file on the web server and its running php version 5.3.27 code below:
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "nishantrama#gmail.com";
$email_subject = "Sva Sva Spa Salon Coming Soon Notify Email";
function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if !isset($_POST['email']) ||
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$email_from = $_POST['email']; // required
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Email: ".clean_string($email_from)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
?>
Any everytime I click submit on my webpage it just downloads the file.
All of a sudden contact forms filled in on my website are coming into my inbox from the date 1/1/1970???
They are ending up at the bottom of my inbox and I have missed a few leads...
Any ideas how this can start happening all of a sudden?
The code I am using on my contact page is : -
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "my email address";
$email_subject = "Website Contact Enquiry";
function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if(!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['tel']) ||
!isset($_POST['message'])||
!isset($_POST['formtype'])
) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$tel = $_POST['tel']; // required
$message = $_POST['message']; // required
$formtype = $_POST['formtype'];
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Tel: ".clean_string($tel)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
$email_message .= "formtype: ".clean_string($formtype)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion().date();
#mail($email_to, $email_subject, $email_message, $headers);
?>
Add this to your headers:
'Date: ' . date('r'),
Also, make sure to sanitize $email_from. Right now, you are allowing spammers to send E-Mail to other recipients and change the header. Read more here: http://www.securephpwiki.com/index.php/Email_Injection
i have a script that i have modified to meet my requirements however i now need to send the email to more than one person, could someone point me in the right direction as to how i could modify the script to send to more than one person.
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "emailremoved#sample.com";
$email_subject = "Kro Catering Website Enquiry";
function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if(!isset($_POST['your_name']) ||
!isset($_POST['type']) ||
!isset($_POST['guests']) ||
!isset($_POST['date']) ||
!isset($_POST['phone']) ||
!isset($_POST['email'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$your_name = $_POST['your_name']; // required
$type = $_POST['type']; // required
$guests = $_POST['guests']; // required
$date = $_POST['date']; // not required
$phone = $_POST['phone']; // required
$email_from = $_POST['email']; // required
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Your Name: ".clean_string($your_name)."\n";
$email_message .= "Type: ".clean_string($type)."\n";
$email_message .= "Guests: ".clean_string($guests)."\n";
$email_message .= "Date: ".clean_string($date)."\n";
$email_message .= "Phone: ".clean_string($phone)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
?>
<!-- include your own success html here -->
<?php
header( 'Location: /thanks.aspx' ) ;
?>
<?php
}
?>
Search for the line:
$email_to = "emailremoved#sample.com";
And keep adding e-mails with a comma separating them:
$email_to = "emailremoved#sample.com,emailremoved#sample.com,emailremoved#sample.com";
PHP's mail() function is quite versatile when it comes to the "to" field. See the documentation here. Any one of the listed examples would be fine:
user#example.com
user#example.com, anotheruser#example.com
User <user#example.com>
User <user#example.com>, Another User <anotheruser#example.com>
So since your $email_to variable is not cleaned or otherwise modified after you set it on line 5, you should be able to just put 2 there separated by a comma (as in the examples above that I copied from the documentation I linked to.)
Try this!
It was the only code that worked for me.
$header .= 'Bcc: someaddress#email.com';