I'm getting the error in the title of this question. Help me find what's wrong in my contact form:
<?php
//Prefedined Variables
$to = "example#example.com";
$subject = "1";
if($_POST) {
// Collect POST data from form
$name = stripslashes($_POST['name']);
$email = stripslashes($_POST['email']);
$comment = stripslashes($_POST['comment']);
// Define email variables
$message = date('d/m/Y')."\n" . $name . " (" . $email . ") sent the following comment:\n" . $comment;
$headers = 'From: '.$email.'\r\n\'Reply-To: ' . $email . '\r\n\'X-Mailer: PHP/' . phpversion();
//Validate
$header_injections = preg_match("(\r|\n)(to:|from:|cc:|bcc:)", $comment);
if( ! empty($name) && ! empty($email) && ! empty($comment) && ! $header_injections ) {
if( mail($to, $subject, $message, $headers) ) {
return true;
}
else {
return false;
}
}
else {
return false;
}
}
?>
It seems the problem is here, but I don't understand whats wrong!
$header_injections = preg_match("(\r|\n)(to:|from:|cc:|bcc:)", $comment);
Try with:
$header_injections = preg_match("#(\r|\n)(to:|from:|cc:|bcc:)#", $comment);
You must provide a valid symbol at the begining and at the end of you regex, in this example is just #, but you can use / or whatever you want.
Take a look at this article: RegEx delimiters.
Try using this:
$header_injections = preg_match('/(\r|\n)(to:|from:|cc:|bcc:)/', $comment);
Also on your IF condition, you should check $header_injections this way:
if( ! empty($name) && ! empty($email) && ! empty($comment) && FALSE !== $header_injections ) {
As the preg_match can return value that can be casted to boolean and skip your validation.
Related
I have a ContactForm7 form which submits data to a CRM. All works fine but now I need to differentiate between mobile and landline numbers. If a number starts with 07 it will be accepted as a mobile number.
looking at other threads I've tried the following but now neither the mobile or telephone field are being populated in the crm or being passed to the log file?
function process_contact_form_data( $contact_form ) {
$title = $contact_form->title;
$submission = WPCF7_Submission::get_instance();
if ( $submission ) {
$posted_data = $submission->get_posted_data();
}
if ( 'Quote Form_Contact' || 'Quote Form_Product' || 'Quote Form' == $title ) {
$firstName = $posted_data['user_first_name'];
$lastName = $posted_data['user_last_name'];
$email= $posted_data['your-email'];
$phone = $posted_data['your-number'];
$message = $posted_data['your-message'];
$bp = $posted_data['BP'][0];
$phone = $pattern;
$pattern = "/^(\+44\s?7\d{3}|\(?07\d{3}\)?)\s?\d{3}\s?\d{3}$/";
$match = preg_match($pattern,$phone);
if ($match != false) {$mobile = $phone;} else {$mobile= '';};
}
$error = false;
try
{
$relationshipId = postRelationship($firstName,$lastName,$email,$phone,$bp);
$opportunityId = postOpportunity($relationshipId,$message);
postOpportunityNote($relationshipId,$opportunityId,$message);
// postTask($relationshipId);
}
catch (Exception $e)
{
$error=true;
}
if($error || !isset($relationshipId) || !isset($opportunityId) || $relationshipId <= 0 || $opportunityId <= 0)
{
$log->lfile(ABSPATH . 'quotevine.log');
$log->lwrite('ERROR: With Email Address ' . $email);
$log->lclose();
}
}
add_action( 'wpcf7_before_send_mail', 'process_contact_form_data');
Your are overwriting your $phone variable in this line $phone = $pattern; with an undefined variable which will cause $phone to be NULL.
But after commenting out that line, the value of $mobile will still not be correct because a mobile number starts with 07 and the regex matches both the landline and the mobile number, for example:
07123123123
+447123123123
What you could do is if the match succeeded, check if the string starts with +44 to verify it is a mobile number.
preg_match returns false if an error occurred but I think you want to verify if the match is correct.
$phone = "+447123123123";
$pattern = "/^(\+44\s?7\d{3}|\(?07\d{3}\)?)\s?\d{3}\s?\d{3}$/";
$mobile= '';
if (preg_match($pattern,$phone) && 0 === strpos($phone, '07')) {
$mobile = $phone;
}
You overwrite the phone with an undefined variable.
// Phone is now a phone number I assume
$phone = $posted_data['your-number'];
$message = $posted_data['your-message'];
$bp = $posted_data['BP'][0];
// $pattern is as far as I can see undefined
// $phone =NULL
$phone = $pattern;
// You set pattern
$pattern = "/^(\+44\s?7\d{3}|\(?07\d{3}\)?)\s?\d{3}\s?\d{3}$/";
// Here you regex if the pattern matches NULL which it does not.
$match = preg_match($pattern,$phone);
I want to redirect to a webpage if a condition is met.
I'm already using meta to redirect if the condition is not met.
<meta http-equiv="refresh" content="4; url=form3.html" />
<?php
$to = "example#example.at";
$subject = "School Info";
$headers = "From: Free Project Day";
$field_school = $_POST['school'];
$field_email = $_POST['email'];
$date = date('d/m/Y');
$forward = "1";
$forward2 ="0";
$location = "index.html";
if (empty($field_school) || empty($field_email) && empty($field_tel) ) {
echo 'Please correct the fields';
return false;
if ($forward == 1) {
header ("Location:$location");
}
}
$msg = "TEXT $date.\n\n";
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
mail($to, $subject, $msg, $headers);
if ($forward2 == 1) {
header ("Location:$location");
}
else {
echo ("TEXT>");
}
?>
I tried to use the $forward but it did not work. Are the other ways to redirect without using Meta or $forward?
Thanks
Check if this works according your posted codes. I made just few edits. Check if all conditions are as you intend as well
if ((empty($field_school) || empty($field_email)) && empty($field_tel) )
{
echo 'Please correct the fields';
//return false; No need for this as there's not function here
if ($forward == 1)
{
header('refresh:4;url='.$location);
exit();
}
}
$msg = "TEXT $date.\n\n";
foreach ($_POST as $key => $value)
{
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
mail($to, $subject, $msg, $headers);
if ($forward2 == 1)
{
header('refresh:4;url='.$location);
exit();
}
else {
echo "your messages here";
}
After:
header ("Location:$location");
You need to add exit();
So, the code will be:
header ("Location:$location");
exit();
I've a contact form, and the last field is a math question to be answered from preventing spam emails. what is best way to check if its only a number, no other characters, & answer should be 15. Also ff possible, how make the form clear after its been submitted?
HTML code:
<p id="math">10 + 5 =<input type="text" name="answerbox" id="answerbox" value="<?= isset($_POST['answerbox']) ? $_POST['answerbox'] : '' ?>"/></p>
I've tried using ctype_digit function, but no luck, didn't work.
if(ctype_digit($answerbox != 15) === true){
$errors[] = "Math answer is not correct.";
}
Full php code:
<?php
if(empty($_POST) === false) {
$errors = array();
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$subject = trim($_POST["subject"]);
$message = trim($_POST["message"]);
$answerbox = trim($_POST["answerbox"]);
if(empty($name) === true || empty($email) === true || empty($subject) === true || empty($message) === true || empty($answerbox) === true){
$errors[] = '<p class="formerrors">Please fill in all fields.</p>';
} else {
if (strlen($name) > 25) {
$errors[] = 'Your name is too long.';
}
if (ctype_alpha($name) === false) {
$errors[] = "Your name only should be in letters.";
}
if(!preg_match("/^[_\.0-9a-zA-Z-]+#([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email)){
$errors[] = "Your email address is not valid, please check.";
}
if($answerbox != 15){
$errors[] = "Math answer is not correct.";
}
if(empty($errors) === true) {
$headers = 'From: '.$email. "\r\n" .
'Reply-To: '.$email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail('me#mymail.me',$subject,$message,$headers);
print "<p class='formerrors'>Thank you for your message, I'll get back to you shortly!</p>";
}
}
}
?>
<?php
if (empty($errors) === false){
foreach ($errors as $error) {
echo'<p class="formerrors">', $error, '</p>';
}
}
?>
Try this to check on the calc question:
if(!is_numeric($answerbox) || (int)$answerbox!=15){
$errors[] = "Math answer is not correct.";
}
!is_numeric checks if it's numeric. If not, the message is added to the errors array.
If it's numeric the second condition is checked. (int) casts the variable as integer, so you can check if it's 15 or not.
As for clearing the form: isn't the form automatically cleared when you submit, since you leave/reload the page?
Hey I have this code that sends an email with some data sent by a form:
<?php
if (isset($_POST['submit'])) {
error_reporting(E_NOTICE);
function valid_email ($str) {
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*#([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}
if ($_POST['name'] != '' && $_POST['email'] != '' && $_POST['tel'] != '' && valid_email($_POST['email']) == TRUE && strlen($_POST['comment']) > 1) {
$to = preg_replace("([\r\n])", "", $_POST['receiver']);
$from = preg_replace("([\r\n])", "", $_POST['name']);
$subject = 'Online Message';
$message = $_POST['comment'];
$match = "/(bcc:|cc:|content\-type:)/i";
if (preg_match($match, $to) || preg_match($match, $from) || preg_match($match, $message) || preg_match($match, $subject)) {
die("Header injection detected.");
}
$headers = "From: \"".$_POST['name']."\" <".$_POST['email'].">\n";
$headers .= "Reply-to: ".$_POST['email']."\r\n";
if (mail($to, $subject, $message, $headers)) {
echo 1; //SUCCESS
} else {
echo 2; //FAILURE - server failure
}
} else {
echo 3; //FAILURE - not valid email
}
} else {
die("Direct access not allowed!");
}
I want to add the $_POST['tel'] to the $message variable so in the body of the email I can get the message plus the telephone that people type into the form. In the first part of the code I think I made the telephone input obligatory.
I tried doing $message = $_POST['comment'] && $_POST['tel']; but the only thing I recieve is a 1 in the body of the mail that is the first number of the telephone entered.
$message = 'Comment: ' . $_POST['comment'] . ' Tel: ' . $_POST['tel'];
&& means AND (the logical version) so you're actually getting "true".
Use the period, ., to concotenate strings.
$str = 'Hello'.' world'; print $str;
Outputs Hello world
My e-mail processor is working... but how do I get the From e-mail address to show up instead of "myhost"? I'm getting anonymous#q0.xxxxxxxxxxxxx.com. So, when someone fills in the form, I want his e-mail to be the reply address.
<?php
if(!$_POST) exit;
$email = $_POST['email'];
//$error[] = preg_match('/\b[A-Z0-9._%-]+#[A-Z0-9.-]+\.[A-Z]{2,4}\b/i', $_POST['email']) ? '' : 'INVALID EMAIL ADDRESS';
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*" ."#"."([a-z0-9]+([\.-][a-z0-9]+)*)+"."\\.[a-z]{2,}"."$",$email )){
$error.="Invalid email address entered";
$errors=1;
}
if($errors==1) echo $error;
else{
$values = array ('name','email','telephone','company','message');
$required = array('name','email','telephone','message');
$your_email = "myemail#somehost";
$email_subject = "New Message: ".$_POST['subject'];
$email_content = "new message:\n";
foreach($values as $key => $value){
if(in_array($value,$required)){
if ($key != 'subject' && $key != 'company') { if( empty($_POST[$value]) ) { echo 'PLEASE FILL IN REQUIRED FIELDS'; exit; }
}
$email_content .= $value.': '.$_POST[$value]."\n";
}
}
if(#mail($your_email,$email_subject,$email_content)) {
echo 'Message sent!';
} else {
echo 'ERROR!';
}
}
?>
Add this to your file:
$headers = 'From: ' . $your_email . "\r\n" .
'Reply-To: ' . $your_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
Then when you call the mail command use this:
mail($your_email,$email_subject,$email_content,$headers);
By default, the email sent by PHP [ mail() function ] uses as sender your server.
To change the sender, you must modify the header of email.
You can do it this way:
$emailHeader = "From: theSender#yourdomain.com" . "\r\n" . "Reply-To: theSender#yourdomain.com" . "\r\n";
// add the header argument to mail function
mail($your_email,$email_subject,$email_content,$emailHeader);
Note that we added a fourth argument to the mail function.
okay... i'd say strip the whole $values = array.... line and replace is with
$values = array();
foreach($_POST as $k => $v) if(strtolower($k) != 'submit') $values[$k] = htmlspecialchars($v);
that add's ALL your POST data to the $values array
and your content generator should look like this
foreach($values as $key => $value){
if(in_array($key,$required) && trim($value)==''){
echo 'PLEASE FILL IN REQUIRED FIELDS'; exit;
}
$email_content .= $key.': '.$value."\n"; // makes more sense
}
hope i got your question right oO
Hey. Just by the way: from what i see here,
if ($key != 'subject' && $key != 'company') { if( empty($_POST[$value]) ) { echo 'PLEASE FILL IN REQUIRED FIELDS'; exit; }
does not make sense.
your key's will always be: 0 to count($values)... you don't have an associative array. or is this $values array just for testing purposes?