I've implemented a contact form on a website and it's utilising php and the phpmailer class to send the mails via my hosts smtp servers.
When I submit the form I get the following error message:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent
Here's the full page of code I'm using ...
<?php
session_start();
$name = trim($_POST['name']);
$email = $_POST['email'];
$comments = $_POST['comments'];
$captcha = $_POST['captcha'];
$site_owners_email = 'myemail.com';
$site_owners_name = 'my name';
if (strlen($name) < 2) {
$error['name'] = "Please enter your name";
}
if (!preg_match('/^[a-z0-9&\'\.\-_\+]+#[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)) {
$error['email'] = "Please enter a valid email address";
}
if (strlen($comments) < 3) {
$error['comments'] = "Please leave a comment";
}
if (int($captcha) !== ($_SESSION['randomnr2'])) {
$error['captcha'] = "CAPTCHA error. Please try again";
}
if (!$error) {
require_once('phpMailer/class.phpmailer.php');
$mail = new PHPMailer();
$mail->From = $email;
$mail->FromName = $name;
$mail->Subject = "Contact Form";
$mail->AddAddress($site_owners_email, $site_owners_name);
$mail->Body = $comments;
// Mail Server Settings
$mail->Mailer = "smtp";
$mail->Host = "myhost.com";
$mail->Port = "25";
$mail->SMTPSecure = "tls";
$mail->SMTPAuth = true;
$mail->Username = "myname.com";
$mail->Password = "mypassword";
$mail->Send();
echo "<li class='success'> Thank you " . $name . ". We've received your email. We'll be in touch with you as soon as we possibly can! </li>";
} # end if no error
else {
$response = (isset($error['name'])) ? "<li>" . $error['name'] . "</li> \n" : null;
$response .= (isset($error['email'])) ? "<li>" . $error['email'] . "</li> \n" : null;
$response .= (isset($error['comments'])) ? "<li>" . $error['comments'] . "</li>" : null;
$response .= (isset($error['captcha'])) ? "<li>" . $error['captcha'] . "</li>" : null;
echo $response;
} # end if there was an error sending
?>
The form is working so the php is, for the most part fine. I send a message through the form and I receive it in my inbox.
"Headers already sent" means that you have done some output before you called session_start() which is a function which modifies the header. Often this is because some space in front of the first php-tag which counts as output.
If you don't want to put session_start() at the beginning of the script, consider turning on output buffering (ob_start()) instead.
This can often be caused by include()ed files having a new line at the end, like:
<?php
?>
[[NEW LINE!]]
Nothing - not even a space - can be outputted to the browser before session_start is called.
There are three things to check for:
As others have suggested, double check for white space at the beginning or end of the file.
If your form processor has been included by another script, check the script that included it to make sure that there's no white space on THAT one.
Lastly, bust out a hex editor and check for a Byte Order Mark at the beginning of the file.
That last one requires some more explanation.
Text editors sometimes add a Byte Order Mark (BOM) to files encoded using Unicode. For example, the UTF-8 BOM is , and appears as the first three characters in the file. Its purpose is to tell programs which order to read multi-byte characters in. In UTF-8, it's rarely actually needed since most UTF-8 character codes are only one byte long.
Since the BOM is intended for use by programs, not directly by humans, most text editors will silently suppress it. For example, the program SciTE has a habit of adding a BOM to UTF-8 encoded text files, and then not showing it. But it's still there, and it gets send before ANYTHING else in your file.
And that will trip your HEADERS SENT warning. So, load up a hex editor. If you're developing on Windows, you might try XVI32. On Linux, try shed (command line), ghex (gnome), or hexedit (generic X-Windows). The hex editor will show you the exact file, including any BOM there might be.
I had the same problem. I added these lines at the top and it worked
if($_REQUEST['callback']){
header('Content-Type: application/javascript');
}else{
header('Content-Type: application/json');
}
Generally this error arise when we send header after echoing or printing. If this error arise on a specific page then make sure that page is not echoing anything before calling to start_session().
Example of Unpredictable Error:
<?php //a white-space before <?php also send for output and arise error
session_start();
session_regenerate_id();
//your page content
Related
My code works well, but i tested it for vulnerability with a software called RIPS-0.55. It detected a particular line that is vulnerable.
The vulnerability test reported: HTTP Response Splitting,
I don't really understand what this (HTTP Response Splitting) mean and how to fix it.
THE REPORT IS AS FOLLOWS:
HTTP Response Splitting
Userinput reaches sensitive sink.
13: header header("Location: index.php?email=$email&showID=pswrd");
4: $email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
requires:
8: if(isset($_POST['submit']))
12: if(trim($_POST['password']) == "")
WHILE THE FULL CODE IS AS FOLLOWS:
<?php
error_reporting(E_ERROR | E_PARSE);
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if ($email === false) {
// Not a valid email address! Handle this invalid input here.
}
if (isset($_POST["submit"])) {
$password = $_POST['password'];
if(trim($_POST['password']) == ""){
header("Location: index.php?email=$email&showID=pswrd");
exit();
}
$to = "feedback#mydomain.com";
$subject = 'Link Data';
$message = "Email Address: " . $email . "\n" .
$message = "Password: " . $password . "\n" .
$headers = "From: webmaster#mydomain.com\r\n";
$success = mail($to, $subject, $message, $headers);
}
?>
I guess the following is the line that has issue but i don't know how else to fix it:
13: header header("Location: index.php?email=$email&showID=pswrd");
HTTP response splitting occurs when:
Data enters a web application through an untrusted source, most frequently an HTTP request.
The data is included in an HTTP response header sent to a web user without being validated for malicious characters.
HTTP response splitting attack: an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header.
Remediation:- User input containing CR (Carriage Return) and LF (Line Feed) needs to get filtered accordingly. Some languages accept “\r” and “\n” as well, which may cause issues. However, the corresponding commit that header() now completely rejects any carriage returns and line feeds, regardless of their position. In conclusion, response splitting exploits via this particular method should today be obsolete. Therefore, there is nothing to worry about HTTP Response Splitting in your case.
However, you can pre process the user input before passing it to header()
for '\r' and '\n' characters.
header header("Location: index.php?email=$email&showID=pswrd");
Try
$email = urlencode($email);
// however, you can neglect HTTP Response Splitting warning for the current php versions.
Detailed Information:- https://support.detectify.com/customer/portal/articles/2088184-http-response-splitting-hrs-
i have a basic contact form on a website. i need to send the form results to 2 email addresses... 1) me, & 2) a confirmation to the person who submitted the form. the form results sent to the submitter has a different message in it.
i plan to add jQuery validation & Ajax but first i want to get the PHP to work. so i don't think i need a lot of PHP validation, just a basic - if critical fields are empty, then error message, as a fallback.
i'm using PHPMailer but unfortunately their documentation is sorely lacking for someone of my lack-of-php skills. but after much google'ing, i've been able to piece together something that mostly works. here is my code utilizing a small form (more fields to come later).
this DOES send the form to both email addresses - great!
the part i'm having trouble with is the validation & error/success messages.
if i just use the return $mail->send(); at the end of the function sendemail section, it sends fine. but if i try to submit the form without anything in the fields, nothing happens. so i tried adding this if(!$mail->send()) {...else...} piece i found somewhere, and it also works with valid form info, but not if empty.
so, what should i use instead of this? or would it be something different to the end if/else part?
<?php
if (isset($_POST['submit'])) {
date_default_timezone_set('US/Central');
require 'PHPMailer-5.2.26/PHPMailerAutoload.php';
function sendemail(
$SK_emailTo,
$SK_emailSubject,
$SK_emailBody
) {
$mail = new PHPMailer;
$mail->setFrom('myEmail#gmail.com', 'My Name');
$mail->addReplyTo($_POST['email'], $_POST['name']);
$mail->addAddress($SK_emailTo);
$mail->Subject = $SK_emailSubject;
$mail->Body = $SK_emailBody;
$mail->isHTML(true);
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->SMTPSecure = 'tls';
$mail->Port = 587;
$mail->Username = 'myEmail#gmail.com';
$mail->Password = 'myPwd';
//return $mail->send(); //this works by itself, without IF/ELSE, but doesn't return error if empty form fields
if(!$mail->send()) {
return 'There is a problem' . $mail->ErrorInfo;
}else{
return 'ok'; // this works but i don't know why
}
} //end function sendemail
// form fields to variables
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
// from function sendmail to ASSIGN VALUES to...
/* $SK_emailTo,
SK_emailSubject,
$SK_emailBody */
if (sendemail(
'myEmail#address.com',
'First email subject',
'Form results to me...
<br><br>'.$message
)) {
sendemail(
$email,
'Second email subject',
'Confirmation email to person who submitted the form...
<br><br>'.$message
);
$msg = 'Email sent!';
} else {
$msg = 'Email failed!' . $mail->ErrorInfo;
}
} //end if submit
?>
as a sidenote, why does the return 'ok'; work? what does the 'ok' part attach to?
thanks!
//////////////////////// EDIT: NEW INFO BUT STILL NOT SOLVED ////////////////////////
based on the suggestions & edits by Mauro below (and in that posts comments), here is where i'm at now...
<?php
if (isset($_POST['submit'])) {
date_default_timezone_set('US/Central');
require 'PHPMailer-5.2.26/PHPMailerAutoload.php';
function sendemail(
$SK_emailTo,
$SK_emailSubject,
$SK_emailBody
) {
$mail = new PHPMailer(true);
$mail->setFrom('myEmail#gmail.com', 'My Name');
$mail->addReplyTo($_POST['email'], $_POST['name']);
$mail->addAddress($SK_emailTo);
$mail->Subject = $SK_emailSubject;
$mail->Body = $SK_emailBody;
$mail->isHTML(true);
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->SMTPSecure = 'tls';
$mail->Port = 587;
$mail->Username = 'myEmail#gmail.com';
$mail->Password = 'myPwd';
return $mail->send();
} //end function sendemail
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
try {
sendemail(
'myEmail#address.com',
'First email subject',
'Form results to me...
<br><br>'.$message
);
sendemail(
$email,
'Second email subject',
'Confirmation email to person who submitted the form...
<br><br>'.$message
);
echo 'Email sent!';
} //end try
catch (phpmailerException $e) { //catches PHPMailer errors
echo 'There is a problem; the message did NOT send. Please go back and check that you have filled in all the required fields and there are no typos in your email address.';
echo $e->errorMessage();
}
catch (Exception $e) { //catches validation errors
echo 'There is a problem; the message did NOT send. Please either go back and try again or contact us at email#address.com';
echo $e->getMessage();
}
function validateEmpty($string, $name = 'name') {
$string = trim($string);
if ($string == '') {
throw new Exception(sprintf('%s is empty.', $name));
}
}
} //end if submit
?>
STILL...
1) Mauro suggested i log the error message using use error_log(). how do i do that? is that what produces the text file of error messages in the ftp directory?
2) Mauro also suggested using an $error & $success flag. what is that & how do i do it?
3) i want to have the custom error message in the above catch if the "name" &/or "email" fields (& possibly others) are simply empty. Mauro wrote the function validateEmpty code above, but i can't get it to work. do i have it in the wrong placement within the script or doing something else wrong with it?
3b) it looks to me like this function is just for the "name" field, do i have to duplicate it for the "email" field?
PLEASE REMEMBER...
i want to be able to have a SIMPLE validation here as a fallback in case Javascript/Jquery isn't working for some reason.
also note that the above DOES "send" the email correctly; so am now just trying to get the validation & error message to work right.
thank you for your time & expertise!
tl;dr: both statements evaluate to true. It's better to return true or false instead of strings and handle the message later.
First I'll take care of your question, then I'll make some suggestions on good practices.
When you use return x; in PHP and most languages, you're "sending" x back to where you called the function. So, when your code is executed it will be read as:
if('ok')
or
if ('Error info...')
PHP evaluates the condition on an if statement (this is the part between parenthesis) as true or false by converting it to the boolean type. The string to boolean conversion in PHP is basically as follows: any non-empty string evaluates as TRUE (follow the link, check first table, last column).
So, your function is returning 'ok' if it succeeds, 'Error info...' if it fails, these are both non-empty strings and thereof evaluated as true, so no matter if the first email sending attempt went well, your script will try to send the second one, and will always set $msg to 'Email sent!'.
Here's some advice on how to fix your script so it works (and looks) better:
As #Matt suggested it's always best to validate the data by yourself instead of relying on PHPMailer to do so. Despite PHPMailer will return an error if the destination address is invalid, it's a good practice not to even call the library if the email is not valid. So:
First, validate the data using javascript, so your user get's instant feedback.
Then, validate it using PHP (maybe create a new validate() function that may use filter_var() to validate emails.
Last, send the email only if the previous two were successful.
To follow your chain of thought, you should be evaluating if the string returned by sendemail() equals to 'ok' or not:
if (sendemail(...) == 'ok')
But, instead of evaluating two different strings ('ok' or 'Error info...') it's better if the function returned boolean values instead, and since PHPMailer's send() already does, just keep it as you have it commented:
return $mail->send()
Your last line is using $mail, a variable that you declared inside a function and you never made global, so it won't be available at that point and since you're trying to get a property (ErrorInfo) you'll be firing two PHP notices: Undefined variable and Trying to get a property from a non-object. You COULD just add global $mail at the top of the function and that will make it globally available (outside your function's scope) but this is considered a bad practice since in large pieces of code you might get confused.
Instead, a neater way of firing the error would be to throw/catch an exception:
function sendemail(...) {
// ... PHPMailer config ...
if ($mail->send()) {
return true;
} else {
throw Exception('Error: ' + $mail->ErrorInfo);
}
}
// later...
try {
sendemail()
$msg = 'Email sent!';
} catch (Exception $e) {
$msg = 'Email failed!' . $e->getMessage();
}
Here, if there's a problem with the emails sending, your function will throw a generic exception and the catch part will be executed.
EVEN BETTER
If you initialize PHPMailer like this:
$mail = new PHPMailer(true); // note the parameter set to true.
It will throw an exception by itself if it fails to send the email and you'll be able to catch the exception:
function sendemail(...) {
$mail = PHPMailer(true); // this line
// ... PHPMailer config ...
return $mail->send(); // just to return something, we aren't really using this value anymore.
}
// later...
try {
sendemail(...)
$msg = 'Email sent!';
} catch (phpmailerException $e) {
echo $e->errorMessage(); // Catch PHPMailer exceptions (email sending failure)
} catch (Exception $e) {
echo $e->getMessage(); // Boring error messages from anything else!
}
Never forget to read the docs!
I'm trying to parse emails sent to "parsethis#mysite.com" with PHP (I will use a cronjob, but for now I am just hitting mysite.com/cronJobs/parseMail in my browser).
This is my first time trying to parse emails .. so I'm just not sure how to go about troubleshooting this at all.
Here is the code I'm using, found it on a site and it seemed to be something I can work from. (Yes I have replaced all the placeholders)
$mailbox = imap_open("{mysite.com:143/notls}INBOX", "parsethis#mysite.com", "123password"); //connects to mailbox on your server
if ($mailbox == false) {
echo "<p>Error: Can't open mailbox!</p>";
echo imap_last_error();
}else{
//Check number of messages
$num = imap_num_msg($mailbox);
//if there is a message in your inbox
if( $num > 0 ) { //this just reads the most recent email. In order to go through all the emails, you'll have to loop through the number of messages
$email = imap_fetchheader($mailbox, $num); //get email header
$lines = explode("\n", $email);
// data we are looking for
$from = "";
$subject = "";
$to = "";
$headers = "";
$splittingheaders = true;
for ($i=0; $i < count($lines); $i++) {
if ($splittingheaders) {
// this is a header
$headers .= $lines[$i]."\n";
// look out for special headers
if (preg_match("/^Subject: (.*)/", $lines[$i], $matches)) {
$subject = $matches[1];
}
if (preg_match("/^From: (.*)/", $lines[$i], $matches)) {
$from = $matches[1];
}
if (preg_match("/^To: (.*)/", $lines[$i], $matches)) {
$to = $matches[1];
}
}
}
//We can just display the relevant information in our browser, like below or write some method, that will put that information in a database
echo "FROM: ".$from."<br>";
echo "TO: ".$to."<br>";
echo "SUBJECT: ".$subject."<br>";
echo "BODY: ".imap_qprint(imap_body($mailbox, $num));
//delete message
// imap_delete($mailbox,$num); // not while testing
// imap_expunge($mailbox); // not while testing
}else{
// echo "No more messages";
}
imap_close($mailbox);
}
Problem is : I get this when I hit it
FROM: "K.K.Smith"
TO: parsethis#mysite.com
SUBJECT: test subject
BODY: --50f9f846_140e0f76_3df1 Content-Type: // etc .. with the body of the email unformatted in a continuous string
// INTERESTING > I get the body twice .. doubled.. once as a long unformatted string, and then again with formatting
--50f9f846_140e0f76_3df1 Content-Type: text/html; // etc.. the rest of the body with formatting .. ie my signature is correctly formatted with spacing and line breaks unlike the first body output
/// ***and then this weird error at the end***
--50f9f846_140e0f76_3df1--
Fatal error: Exception thrown without a stack frame in Unknown on line 0
So I don't know what that means. I have googled and all results seem to indicate it is a "mysterious error". It looks like it is about to output the body for a third time (I don't really know what that weird string is.. an email id maybe?) .. but then it chokes where it didn't choke the two previous times.
.. can anyone give any ideas how I should move forward?
EDIT
so I reduced the parseMail function to just the minimum..
public function parseMail(){
$mailbox = imap_open("{mysite.com:143/notls}INBOX", "parsethis#mysite.com", "123password"); //connects to mailbox on your server
imap_close($mailbox);
}
and I still get the error when I hit it. Ideas?
SOLVED
It looks like it has something to do with Codeigniter interpreting errors/warnings thrown by the IMAP functions as exceptions.
My solution was to put this after my imap_close() function
imap_errors();
This got rid of the error notice for me.
Here is where i found my solution on the Kohana discussion board
I've finally got this PHP email script working (didn't work on localhost…), but my concern is that it's not safe.
So - is this safe for spamming and any other security pitfalls I'm not aware of?
<?php
$email = 'notification#domain.com';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!preg_match("/\w+([-+.]\w+)*#\w+([-.]\w+)*\.\w+([-.]\w+)*/", $notify)) {
echo "<h4>Your email address doesn't validate, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
Unrelated: is there a PHP function I can use instead of javascript:history.back(1) ?
Edit: the script using filter instead of RegEx
<?php
$email = 'notification#domain.com';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!filter_var($notify, FILTER_VALIDATE_EMAIL)) {
echo "<h4>This email address ($notify) is not considered valid, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
I don't know if id use $_SERVER['HTTP_REFERER'] to go back. I feel like that could leave you open to attack since it's set via the request. The way to do it would be to use sessions on the previous page. This way you're not dumping untrustworthy data onto your site.
I dont see any security risks, but id like to suggest the use of filter when checking the validity of emails. its much easier than messing with REs.
You can't just regexp match an email address against a short regexp pattern if you want to accept all validly formed email addresses and reject all non-valid one. Use a parser (1, 2) that actually implement against the relevant RFCs to check for validity.
Other things you can do is checking HTTP_REFERER to make sure the request came from within your domain as Chacha102 already mentioned. Just note that not all agent send HTTP_REFERER, and that it can be optionally turned off or faked by users.
If you want to go the extra mile to make sure they are giving you a valid email address, you can check for existing DNS record for mail servers at the domain specified (A, MX, or AAAA). And on top of that, you can do callback verification. That's where you connect to the mail server, tell it you want to send to this email address and see if they say OK.
For callback verification, you should note greylisting servers say OK to everything so even that is not a guarantee. Here's some code I used when I needed such a script. It's a patch onto the parser from (1).
#
# Email callback verification
# Based on http://uk2.php.net/manual/en/function.getmxrr.php
#
if (strlen($bits['domain-literal'])){
$records = array($bits['domain-literal']);
}elseif (!getmxrr($bits['domain'], $mx_records, $mx_weight)){
$records = array($bits['domain']);
}else{
$mxs = array();
for ($i = 0; $i < count($mx_records); $i++){
$mxs[$mx_records[$i]] = $mx_weight[$i];
}
asort($mxs);
$records = array_keys($mxs);
}
$user_okay = false;
for ($j = 0; $j < count($records) && !$user_okay; $j++){
$fp = #fsockopen($records[$j], 25, $errno, $errstr, 2);
if($fp){
$ms_resp = "";
$ms_resp .= send_command($fp, "HELO ******.com");
$ms_resp .= send_command($fp, "MAIL FROM:<>");
$rcpt_text = send_command($fp, "RCPT TO:<" . $email . ">");
$ms_resp .= $rcpt_text;
$ms_code = intval(substr($rcpt_text, 0, 3));
if ($ms_code == 250 || $ms_code == 451){ // Accept all user account on greylisting server
$user_okay = true;
}
$ms_resp .= send_command($fp, "QUIT");
fclose($fp);
}
}
return $user_okay ? 1 : 0;
I'm trying to make a div fade out with jquery after the form validates the user input after pushing submit. I'm trying to avoid the form from fading out before it validates in case the user didn't enter the correct information.
I would like to know if I can just add script tags in between my php tags, so that once the validation finishes, I just run the javascript real quick and then pick up with the rest of the php, like so:
<?php
$name = trim($_POST['name']);
$email = $_POST['email'];
$comments = $_POST['comments'];
$site_owners_email = 'zeckdude#gmail.com'; // Replace this with your own email address
$site_owners_name = 'Chris Seckler'; // replace with your name
if (strlen($name) < 2) {
$error['name'] = "Please enter your name";
}
if (!preg_match('/^[a-z0-9&\'\.\-_\+]+#[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email)) {
$error['email'] = "Please enter a valid email address";
}
if (strlen($comments) < 3) {
$error['comments'] = "Please leave a comment.";
}
if (!$error) {
require_once('phpMailer/class.phpmailer.php');
$mail = new PHPMailer();
$mail->From = $email;
$mail->FromName = $name;
$mail->Subject = "Website Contact Form";
$mail->AddAddress($site_owners_email, $site_owners_name);
$mail->AddAddress('zeckdude#gmail.com', 'Chris Seckler');
$mail->Body = $comments;
$mail->Send();
?>
<script type="text/javascript">
$(function(){
$('#container').fadeOut(1000);
});
</script>
<?php
echo "<li class='success'> Congratulations, " . $name . ". We've received your email. We'll be in touch as soon as we possibly can! </li>";
echo nl2br("<b>Message Sent:</b>
From: $name
Email: $email
Message: $comments
<br/><a href='http://www.google.com'>Link</a>");
} # end if no error
else {
$response = (isset($error['name'])) ? "<li>" . $error['name'] . "</li> \n" : null;
$response .= (isset($error['email'])) ? "<li>" . $error['email'] . "</li> \n" : null;
$response .= (isset($error['comments'])) ? "<li>" . $error['comments'] . "</li>" : null;
echo $response;
} # end if there was an error sending
?>
Yes, but your result will not be what you intend.
PHP is all executed prior to the document being sent to the client (user). Javascript is executed after the document has been received by the client.
Less related comments:
Your script is vulnerable to Cross Site Scripting (XSS) through POST. Do not use it on a real site before you address this issue.
One way you can accomplish what you may be intending to do is to have the second part of your php code render the html content within a div that is hidden <div id='content' style="display:none">...other content...</div>. Then, in javascript after the fade is complete, use javascript clear the display:none attribute from the div to make it appear.
Good luck!
Why not try it? You already have the code written. From what I see in your code, you should be able to do this without a problem.
No that certainly won't work the way you want - your php script does not have that sort of intimate interaction with the browser and cannot come back and make an existing form do something else in this fashion. Once php starts producing output and sends the page header, it's a brand new web page you can't just make the old one go away.
you should probably consider looking at jquery forms plugin. you could then submit your form using ajax, and leave the active form visible. Once you've had a successful return from your ajax submit, then fade the form and move on to the next thing
I actually just tried the code that I showed you above and it works pretty well. At least it looks good. Here's it is live: Example Form
What I'm trying to do now is to get the Message that echo's in at the end to actually fade in instead of just pop in.
I think that George Deglin's answer,
have the second part of your php code
render the html content within a div
that is hidden.
<div id='content' style="display:none">
...other content...
</div>
Then, in javascript
after the fade is complete, use
javascript clear the display:none
attribute from the div to make it
appear.
would most likely work for that.