Hey I have this code that sends an email with some data sent by a form:
<?php
if (isset($_POST['submit'])) {
error_reporting(E_NOTICE);
function valid_email ($str) {
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*#([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}
if ($_POST['name'] != '' && $_POST['email'] != '' && $_POST['tel'] != '' && valid_email($_POST['email']) == TRUE && strlen($_POST['comment']) > 1) {
$to = preg_replace("([\r\n])", "", $_POST['receiver']);
$from = preg_replace("([\r\n])", "", $_POST['name']);
$subject = 'Online Message';
$message = $_POST['comment'];
$match = "/(bcc:|cc:|content\-type:)/i";
if (preg_match($match, $to) || preg_match($match, $from) || preg_match($match, $message) || preg_match($match, $subject)) {
die("Header injection detected.");
}
$headers = "From: \"".$_POST['name']."\" <".$_POST['email'].">\n";
$headers .= "Reply-to: ".$_POST['email']."\r\n";
if (mail($to, $subject, $message, $headers)) {
echo 1; //SUCCESS
} else {
echo 2; //FAILURE - server failure
}
} else {
echo 3; //FAILURE - not valid email
}
} else {
die("Direct access not allowed!");
}
I want to add the $_POST['tel'] to the $message variable so in the body of the email I can get the message plus the telephone that people type into the form. In the first part of the code I think I made the telephone input obligatory.
I tried doing $message = $_POST['comment'] && $_POST['tel']; but the only thing I recieve is a 1 in the body of the mail that is the first number of the telephone entered.
$message = 'Comment: ' . $_POST['comment'] . ' Tel: ' . $_POST['tel'];
&& means AND (the logical version) so you're actually getting "true".
Use the period, ., to concotenate strings.
$str = 'Hello'.' world'; print $str;
Outputs Hello world
Related
I want to redirect to a webpage if a condition is met.
I'm already using meta to redirect if the condition is not met.
<meta http-equiv="refresh" content="4; url=form3.html" />
<?php
$to = "example#example.at";
$subject = "School Info";
$headers = "From: Free Project Day";
$field_school = $_POST['school'];
$field_email = $_POST['email'];
$date = date('d/m/Y');
$forward = "1";
$forward2 ="0";
$location = "index.html";
if (empty($field_school) || empty($field_email) && empty($field_tel) ) {
echo 'Please correct the fields';
return false;
if ($forward == 1) {
header ("Location:$location");
}
}
$msg = "TEXT $date.\n\n";
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
mail($to, $subject, $msg, $headers);
if ($forward2 == 1) {
header ("Location:$location");
}
else {
echo ("TEXT>");
}
?>
I tried to use the $forward but it did not work. Are the other ways to redirect without using Meta or $forward?
Thanks
Check if this works according your posted codes. I made just few edits. Check if all conditions are as you intend as well
if ((empty($field_school) || empty($field_email)) && empty($field_tel) )
{
echo 'Please correct the fields';
//return false; No need for this as there's not function here
if ($forward == 1)
{
header('refresh:4;url='.$location);
exit();
}
}
$msg = "TEXT $date.\n\n";
foreach ($_POST as $key => $value)
{
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
mail($to, $subject, $msg, $headers);
if ($forward2 == 1)
{
header('refresh:4;url='.$location);
exit();
}
else {
echo "your messages here";
}
After:
header ("Location:$location");
You need to add exit();
So, the code will be:
header ("Location:$location");
exit();
How do you stop an email being sent to you before the form is fully completed. Currently when submit is clicked even though there are validation errors present that have been picked up via the PHP checks that I have in place:
Code:
if (isset($_POST['submitButton'])) {
$fullName = $_POST['fullName'];
$myGender = isset($_POST['myGender']) ? $_POST['myGender'] : '';
$email = $_POST['email'];
$age = $_POST['age'];
$myDate = isset($_POST['myDate']) ? $_POST['myDate'] : '';
$streetNum = $_POST['streetNum'];
$streetName = $_POST['streetName'];
$city = $_POST['city'];
$state = $_POST['state'];
$postCode = $_POST['postCode'];
$movie = $_POST['movie'];
//You need to se the $var
if (empty($fullName))
{
$errorfullName .= 'Please Enter Your Name';
}
if (!ctype_alpha(str_replace(array(" ", "-"), "",$fullName))) {
$errorfullName .= 'Your name should contain alpha characters only.';
}
if (strlen($fullName) < 3 OR strlen($fullName) > 40) {
$errorfullName .= 'First name should be within 3-40 characters long.';
}
/* Check Gender) */
if ($myGender != 'male' && $myGender != 'female') {
$errormyGender .= 'Please select your gender.';
}
/* Check Email */
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$erroremail .= 'Enter a valid email address.';
}
/* Age */
if (intval($age) == '') {
$errorage .= 'Please enter your current age';
}
if (intval($age) < 3 OR intval($age) > 200){
$errorage .= 'Age must be less than 200 years';
}
if(intval($age) == "/^[0-9]$/" ){
$errorage .= 'Must be numeric numbers';
}
/* check date using explode (breaks a string into an array.)if day is not 1-31, throw error*/
if(empty($myDate))
{
$errormyDate.= 'Please enter a current date';
}
$date_arr = explode ("-", $myDate);
$dateSplit = array_slice($date_arr, 0,1);
$dateYear = current($dateSplit);
if($dateYear > date('Y'))
{
$errormyDate .= 'Sorry your not born in the future';
}
/* Check Address House Number if its not numeric, throw error */
if (intval($streetNum) == '') {
$errorstreetNum .= 'Please add street Number';
}
/* Street Name */
if (strlen($streetName) < 3 OR strlen($streetName) > 200) {
$errorstreetName .= 'Street must be filled out and within 200 characters';
}
/*City Name */
if (strlen($city) < 3 OR strlen($city) > 200) {
$errorcity .= 'City must be filled out and within 200 characters';
}
/*State Name */
if (strlen($state) < 3 OR strlen($state) > 200) {
$errorstate .= 'State must be filled out and within 200 characters';
}
/* Check postCode */
if(intval($postCode) == "/^[0-9]$/" ){
$errorpostCode .= 'Post Code must be numeric numbers';
}
/* Check movie selection */
if (trim($movie) === "select") {
$errormovie .= 'Please select a favourite movie';
}
if ($fullName, $myGender, $email, $age, $myDate, $streetNum, $streetName, $city, $state, $postCode, $movie, == " "){
echo '$errorsuccess .= 'Please complete all sections of the form'';
}
else {
$success = "Thank you for submitting your form; We will be in contact soon";
//send mail
$to = "#yahoo.co.nz";
$subject = "Php form data";
$message = "<p>".$fullName."</p><p>".$myGender."</p><p>".$email."</p><p>".$age."</p><p>".$myDate."</p><p>".$streetNum."</p><p>".$streetName."</p><p>".$city."</p><p>".$state."</p><p>".$postCode."</p><p>".$movie."</p>";
$from = "#yahoo.co.nz";
mail($to,$subject,$message);
}
}
The reason being is that you even though you have several validations completed in the above, none of them are later checked to see if they failed/passed, your only sanity check is here:
if ($fullName, $myGender, $email, $age, $myDate, $streetNum, $streetName, $city, $state, $postCode, $movie, == " "){
Which its self is pretty useless all together, by the way.
A simpler way for this would be to first create an array to hold all the errors.
$errors = array();
Then when you do your individual checks, make them a key, for example:
if (empty($fullName))
{
$errors['fullname'] .= 'Please Enter Your Name';
}
And
if (intval($age) == '') {
$errors['age'] .= ' Please enter your current age.';
}
if (intval($age) < 3 OR intval($age) > 200){
$errors['age'] .= ' Age must be less than 200 years.';
}
if(intval($age) == "/^[0-9]$/" ){
$errors['age'] .= ' Must be numeric numbers.';
}
Then later you can do:
if($errors){
echo 'There are errors in the form. Please observe each of the errors and try again.'. PHP_EOL;
foreach($errors as $idx => $error){
echo ucfirst($idx). ': ' .$error;
}
}
Set something like $err to false at the beginning of the code. Set it to true when an error is detected. (Even if it's already true; just setting it is easier than checking.)
Then, you can condition the final result on $err.
It looks like that in order to send the email, you only need to have a value for each of your input fields (from $fullName to $movie).
Where you are validating the form (for example, when you use if (empty($fullName))..., the error that is produced if the form isn't filled out correctly always differs. Unless you have some kind of reason for this, I would just stick to a generic error variable of $formerror.
Then in the final section of your code, where you use if($fullName...$movie == ''), you could change this to if($fullName...$movie === '' AND !empty($formerror)) so that if any errors were picked up during the validating of the form, you would be able to echo $formerror and if not, the email would send.
I've a contact form, and the last field is a math question to be answered from preventing spam emails. what is best way to check if its only a number, no other characters, & answer should be 15. Also ff possible, how make the form clear after its been submitted?
HTML code:
<p id="math">10 + 5 =<input type="text" name="answerbox" id="answerbox" value="<?= isset($_POST['answerbox']) ? $_POST['answerbox'] : '' ?>"/></p>
I've tried using ctype_digit function, but no luck, didn't work.
if(ctype_digit($answerbox != 15) === true){
$errors[] = "Math answer is not correct.";
}
Full php code:
<?php
if(empty($_POST) === false) {
$errors = array();
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$subject = trim($_POST["subject"]);
$message = trim($_POST["message"]);
$answerbox = trim($_POST["answerbox"]);
if(empty($name) === true || empty($email) === true || empty($subject) === true || empty($message) === true || empty($answerbox) === true){
$errors[] = '<p class="formerrors">Please fill in all fields.</p>';
} else {
if (strlen($name) > 25) {
$errors[] = 'Your name is too long.';
}
if (ctype_alpha($name) === false) {
$errors[] = "Your name only should be in letters.";
}
if(!preg_match("/^[_\.0-9a-zA-Z-]+#([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email)){
$errors[] = "Your email address is not valid, please check.";
}
if($answerbox != 15){
$errors[] = "Math answer is not correct.";
}
if(empty($errors) === true) {
$headers = 'From: '.$email. "\r\n" .
'Reply-To: '.$email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail('me#mymail.me',$subject,$message,$headers);
print "<p class='formerrors'>Thank you for your message, I'll get back to you shortly!</p>";
}
}
}
?>
<?php
if (empty($errors) === false){
foreach ($errors as $error) {
echo'<p class="formerrors">', $error, '</p>';
}
}
?>
Try this to check on the calc question:
if(!is_numeric($answerbox) || (int)$answerbox!=15){
$errors[] = "Math answer is not correct.";
}
!is_numeric checks if it's numeric. If not, the message is added to the errors array.
If it's numeric the second condition is checked. (int) casts the variable as integer, so you can check if it's 15 or not.
As for clearing the form: isn't the form automatically cleared when you submit, since you leave/reload the page?
I'm getting the error in the title of this question. Help me find what's wrong in my contact form:
<?php
//Prefedined Variables
$to = "example#example.com";
$subject = "1";
if($_POST) {
// Collect POST data from form
$name = stripslashes($_POST['name']);
$email = stripslashes($_POST['email']);
$comment = stripslashes($_POST['comment']);
// Define email variables
$message = date('d/m/Y')."\n" . $name . " (" . $email . ") sent the following comment:\n" . $comment;
$headers = 'From: '.$email.'\r\n\'Reply-To: ' . $email . '\r\n\'X-Mailer: PHP/' . phpversion();
//Validate
$header_injections = preg_match("(\r|\n)(to:|from:|cc:|bcc:)", $comment);
if( ! empty($name) && ! empty($email) && ! empty($comment) && ! $header_injections ) {
if( mail($to, $subject, $message, $headers) ) {
return true;
}
else {
return false;
}
}
else {
return false;
}
}
?>
It seems the problem is here, but I don't understand whats wrong!
$header_injections = preg_match("(\r|\n)(to:|from:|cc:|bcc:)", $comment);
Try with:
$header_injections = preg_match("#(\r|\n)(to:|from:|cc:|bcc:)#", $comment);
You must provide a valid symbol at the begining and at the end of you regex, in this example is just #, but you can use / or whatever you want.
Take a look at this article: RegEx delimiters.
Try using this:
$header_injections = preg_match('/(\r|\n)(to:|from:|cc:|bcc:)/', $comment);
Also on your IF condition, you should check $header_injections this way:
if( ! empty($name) && ! empty($email) && ! empty($comment) && FALSE !== $header_injections ) {
As the preg_match can return value that can be casted to boolean and skip your validation.
My e-mail processor is working... but how do I get the From e-mail address to show up instead of "myhost"? I'm getting anonymous#q0.xxxxxxxxxxxxx.com. So, when someone fills in the form, I want his e-mail to be the reply address.
<?php
if(!$_POST) exit;
$email = $_POST['email'];
//$error[] = preg_match('/\b[A-Z0-9._%-]+#[A-Z0-9.-]+\.[A-Z]{2,4}\b/i', $_POST['email']) ? '' : 'INVALID EMAIL ADDRESS';
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*" ."#"."([a-z0-9]+([\.-][a-z0-9]+)*)+"."\\.[a-z]{2,}"."$",$email )){
$error.="Invalid email address entered";
$errors=1;
}
if($errors==1) echo $error;
else{
$values = array ('name','email','telephone','company','message');
$required = array('name','email','telephone','message');
$your_email = "myemail#somehost";
$email_subject = "New Message: ".$_POST['subject'];
$email_content = "new message:\n";
foreach($values as $key => $value){
if(in_array($value,$required)){
if ($key != 'subject' && $key != 'company') { if( empty($_POST[$value]) ) { echo 'PLEASE FILL IN REQUIRED FIELDS'; exit; }
}
$email_content .= $value.': '.$_POST[$value]."\n";
}
}
if(#mail($your_email,$email_subject,$email_content)) {
echo 'Message sent!';
} else {
echo 'ERROR!';
}
}
?>
Add this to your file:
$headers = 'From: ' . $your_email . "\r\n" .
'Reply-To: ' . $your_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
Then when you call the mail command use this:
mail($your_email,$email_subject,$email_content,$headers);
By default, the email sent by PHP [ mail() function ] uses as sender your server.
To change the sender, you must modify the header of email.
You can do it this way:
$emailHeader = "From: theSender#yourdomain.com" . "\r\n" . "Reply-To: theSender#yourdomain.com" . "\r\n";
// add the header argument to mail function
mail($your_email,$email_subject,$email_content,$emailHeader);
Note that we added a fourth argument to the mail function.
okay... i'd say strip the whole $values = array.... line and replace is with
$values = array();
foreach($_POST as $k => $v) if(strtolower($k) != 'submit') $values[$k] = htmlspecialchars($v);
that add's ALL your POST data to the $values array
and your content generator should look like this
foreach($values as $key => $value){
if(in_array($key,$required) && trim($value)==''){
echo 'PLEASE FILL IN REQUIRED FIELDS'; exit;
}
$email_content .= $key.': '.$value."\n"; // makes more sense
}
hope i got your question right oO
Hey. Just by the way: from what i see here,
if ($key != 'subject' && $key != 'company') { if( empty($_POST[$value]) ) { echo 'PLEASE FILL IN REQUIRED FIELDS'; exit; }
does not make sense.
your key's will always be: 0 to count($values)... you don't have an associative array. or is this $values array just for testing purposes?