We are receiving empty emails from our site contact form, and we don't know why.
Our form is very simple and the validation is also not so advanced, but enough for our purpose.
We have 5 fields:
Name (text input)
mail (text input)
phone (text input)
reason (select, 3 values)
message (textarea)
Then with JS we validate all fields. Finally, with submit, we send the mail with php mail function:
<?php
$name = $_POST['name'];
$mail= $_POST['mail'];
$phone= $_POST['phone'];
$reason= $_POST['reason'];
$message= $_POST['message'];
$header = 'From: ' . $mail. " \r\n";
$header .= "X-Mailer: PHP/" . phpversion() . " \r\n";
$header .= "Mime-Version: 1.0 \r\n";
$header .= "Content-Type: text/plain";
$msg.= "Name: " . $name . " \r\n";
$msg.= "Mail: " . $mail. " \r\n";
$msg.= "Phone: " . $phone. " \r\n";
$msg.= "Reason: " . $reason. " \r\n";
$msg.= "Message: " . $message. " \r\n";
$for= "ourmail#ourserver.com";
$as= "Contact form";
mail($for, $as, $msg, $header);
?>
In general, works OK. But sometimes we receive an email with ALL (including reason... which is a select!) fields empty. Something like:
Subject: Contact form
Name:
Mail:
Phone:
Reason:
Message:
How can this be?
Asumming you are sending the data through POST:
Have you considered that the action url may be directly accesed from the browser without any kind of POST data?. That would make all the "fields" empty.
If that's the case You can try a server validation in several ways:
Add a referer validation so that the url may only be accesed from the form url. Your can use $_SERVER['HTTP_REFERER'] for that purpose but keep in mind that may not always be available.
Find out if the data is sent. You can use isset for that purpose like in if(isset($_POST['name']) && isset($_POST['email']) in order to add a server validation. You can always do this $name=isset($_POST['name']) ? $_POST['name'] : 'no_name_entered' and have the email sent anyway.
Add a hidden input like "contacting" within your form and check if it's set server side: if(!isset($_POST['contacting'])) die('ERROR: Form not sent');
Anyway, keep in mind that most data you recieve can be tainted, even the ones sent through a select field.
Create server side validation using php script.
Demostration
if($_POST['Name']=="") {
$err = "Enter the name";
}
if($_POST['mail']=="") {
.......
}
......
if($err=="") {
//mail function
}
else {
echo $err;
}
Related
I'm currently using a mailer.php file for a minimal contact form
However I have noticed recently then when submitting the form, I am getting the following error;
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
My mailer.php file is the following
<?php
$email_to = "admin#mydomain.co.uk";
$name = $_POST["name"];
$email_from = $_POST["admin#mydomain.co.uk"];
$message = $_POST["message"];
$email_subject = "Feedback from website";
$headers = "From: " . $email_from . "\n";
$headers .= "Reply-To: " . $email_from . "\n";
$message = "Name: ". $name . "\r\nMessage: " . $message;
ini_set("sendmail_from", $email_from);
$sent = mail($email_to, $email_subject, $message, $headers, "-f" .$email_from);
if ($sent)
{
header("Location: https://www.mydomain.co.uk/thankyou.html/");
} else {
echo "There has been an error sending your message. Please try later.";
}
?>
The form using this file has the following form tag
<form method="post" action="mailer.php">
PHP is not my strong point so I'm not sure why this maybe happening. The form itself does not have a captcha field. Could spam be the root of the issue?
I'd appreciate anyone who can shed this light on this for me
I have a simple POST script for PHP which sends an email, but when I click the submit button it executes and then goes to the script directory (ex: localhost/sendMail/test.php). Is it possible to post an alert box, and then stay on the page instead of going to the script and then redirecting back onto the submit page?
This is my script.
<?php
$subject = 'Your website: Contact'; // Subject of your email
$to = 'myemail'; // Enter recipient's E-mail address
$emailTo = $_REQUEST['email'];
$headers = "MIME-Version: 1.1";
$headers .= "Content-type: text/html; charset=iso-8859-1";
$headers .= "From: " . $emailTo . "\r\n"; // Sender's E-mail
$headers .= "Return-Path:". $emailTo;
$body = 'You have received a new inquiry!' . "\n\n";
$body .= 'Name: ' . $_REQUEST['name'] . "\n";
$body .= 'Email: ' . $_REQUEST['email'] . "\n";
$body .= 'Phone: ' . $_REQUEST['phone'] . "\n\n";
$body .= 'Message: ' . $_REQUEST['message'];
if($_REQUEST['name'] != "" && $_REQUEST['email'] != "" && $_REQUEST['phone'] != "" && $_REQUEST['message'] != "")
{
if (#mail($to, $subject, $body, $headers))
{
// Transfer the value 'sent' to ajax function for showing success message.
echo 'sents';
}
else
{
// Transfer the value 'failed' to ajax function for showing error message.
echo 'failed';
}
}
else
{
$message = "Invalid fields!";
echo "<script type='text/javascript'>alert('$message');</script>";
//header("Location: http://localhost/abtek/contact.html");
exit;
}
?>
So when the alert is executed, is it possible to stop it from going to the script, and instead staying on the page until the fields are all valid to submit? As well as when they are submitted to display an alert again and stay on the page instead of doing a bunch of redirects.
Any help would be greatly appreciated.
You can submit the form with ajax/jquery and stop the redirect. See here: Stackoverflow
You can use jQuery, like this:
$('#my-submit').on('click', function(e){
e.preventDefault(); // prevents regular form submission
$.ajax({
url: 'localhost/sendMail/test.php',
data: $('form').serialize(),
success: function(result){
alert('Message: ' + result );
},
error: function(err){
alert(err)
}
})
});
In your PHP you should just do echo $message; to handle error better.
Read all you can about jQuery/AJAX, as there are important options you can explode, like using JSON.
Strange issue - my sendmail.php is working perfectly on desktop and on mobile devices only when requesting desktop websites (in Chrome app), but when using mobile site he does not work at all.
Can someone help me figure this out?
here is the code:
<?php
if(isset($_POST['email'])) {
if (!check_email($_POST['email']))
{
echo 'Please enter a valid email address<br />';
}
else send_email();
}
exit;
function check_email($emailAddress) {
if (filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
function send_email() {
$message = "\nName: " . $_POST['name'] .
"\nEmail: " . $_POST['email'] ;
$message .= "\nMessage: " . $_POST['comment'] .
"\n\nBrowser Info: " . $_SERVER["HTTP_USER_AGENT"] .
"\nIP: " . $_SERVER["REMOTE_ADDR"] .
"\n\nDate: " . date("Y-m-d h:i:s");
$siteEmail = $_POST['receiver'];
$emailTitle = $_POST['subject'];
$thankYouMessage = "Thank you for contacting us, we'll get back to you shortly.";
if(!mail($siteEmail, $emailTitle, $message, 'From: ' . $_POST['name'] . ' <' . $_POST['email'] . '>'))
{
echo 'error';
}
else
{
echo 'success';
}
}
?>
You must make sure the mobile form has these two elements:
It is being submitted using method="POST".
Your email input has the attribute and value name="email".
I demonstrate where these things are set in the following code. This is incomplete, of course, it's just designed to show you where the two required parts must be.
<form ... method="POST">
...
<input type="text" name="email" ... >
...
</form>
I need to mention one more thing ...
That being said, what you're doing here is EXTREMELY INSECURE. You are allowing someone to set an email's from and two address on a web form. A (not so) clever hacker can easily write a script to turn your server into an open relay for spam or other evil activities. At minimum, you should remove $_POST['receiver'] and replace with with a hard-coded email address or at least not something that can be altered by an end-user when they POST to your form.
So I drilled down and found that the mobile form is directing submissions through this PHP file which was 404.
The issue now is, even when this file is avaiable, emails are not sent...
' . "\r\n"; $headers .=
'From: ' . "\r\n"; $headers = 'MIME-Version: 1.0' .
"\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
$message .= "Name: " . $name . ""; $message .= "Subject: "
. $subject . ""; $message .= "Email: " . $email . ""; $message .= "Message: " . $message_text . "";
mail($to, $subject, $message, $headers, "-f noreplay#info.com");
echo 1; }
if(isset($_POST['sendmail']) && $_POST['sendmail'] == 1){
send_mail(); } ?>
I want to sent 2 different E-Mails to 2 different persons on 'Send Message' Button. I have few questions regarding this.
Is it possible to send Multiple Emails from same Page.
I have written the following code but its not sending Any Email and returning Error Message in return.
<?php
include 'connect.php';
$subject = $_REQUEST['subject'] ; // Subject of your email
$personal_email= "abc#hotmail.com";
$message .= 'Name: ' . $_REQUEST['name'] . "<br>";
$message .= $_REQUEST['product_type']. "<br>";
$message .= $_REQUEST['message'];
$subject_to_sender= "Confirmation";
$message_to_sender = "Thanks for contacting us, Our representative will contact you shortly.";
$name= mysql_real_escape_string($_REQUEST['name']);
$email= mysql_real_escape_string($_REQUEST['email']);
$message= mysql_real_escape_string($_REQUEST['message']);
$product_type= mysql_real_escape_string($_REQUEST['product_type']);
$address= mysql_real_escape_string($_REQUEST['address']);
if($address== "")
{
$address= "No Address is given.";
}
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= "From: " . $_REQUEST['email'] . "\r\n"; // Sender's E-mail
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
if (#mail($email, $subject_to_sender, $message_to_sender, $headers))
{
mail($personal_email, $subject, $message, $headers);
// Transfer the value 'sent' to ajax function for showing success message.
echo 'sent';
To answer your former question, I can say Yes, its possible to use mail() function multiple times.
For the later question, the opening bracket on last if() statement is not closed. Add } after echo 'sent'; statement.
How do I send an email to the user with the data they submitted in the form that includes a little message using there name and thanking them on submit of php form.
Here is my current php code. It currently just shows them a message that says there name and that the message has been sent and then sends me an email to my email address.
<?php
if(isset($_POST['submit'])){
$to = "benlevygraphics#gmail.com";
$headers = "From: " . $_POST['email'];
$subject = "Ben, you have been contacted...";
$body = "Name: " . $_POST['name'] . "\nEmail: " . $_POST['email'] . "\nWebsite: " . $_POST['web'] . "\nMessage: " . $_POST['message'];
if(mail($to, $subject, $body, $headers)){
echo("<p class=contactformsent>".$_POST['name'].", your message has been sent!</p>");
}
else{
echo("<p class=contactformnotsent>".$_POST['name'].", Message delivery failed...</p>");
}
}
?>
I am new to php and I have read stuff online and I still don't understand so if you could be clear in your examples or help I would greatly appreciate it very much. Thanks!
Assuming your current code is already working fine, you can do this to send yourself an email together with the recipient:
Set $to to $_POST['email']
Set $headers to "From: {$_POST['email']}\r\nBcc: benlevygraphics#gmail.com"
Adjust $body and $subject to your needs.
Btw, I can't say this often enough; make sure that your page has some form of CSRF protection.
How to properly add CSRF token using PHP
The above is just one way, there are others, just search for it :)
Look into your php.ini beacuse you have to enter a SMTP Server.
At my file it begins in line 1087 with "[mail function]"