I did a webpage for a client that involved a series of text boxes asking for specific information such as a person's name, e-mail address, company, etc. Along with a button that would e-mail the information to my client. Whenever I tested the button it seemed to work perfectly, I uploaded the page and thought I was done. But, the other day my client got this email from the site:
Name: rfhopzdgmx rfhopzdgmx
Email: envlxw#lnlnsm.com
Company: zUDXatAfoDvQrdH
Mailing Address:
AaSsXklqpHIsoCNcei
gXsimMPRBYZqq
vGLvZraZNdpOAV, ChsmuibE PoKzaSCubXPRI
Home Phone: CIJbIfjMfjIaTqAlD
Work Phone: JFLZBOvru
Cell Phone: XlFJTTFGiTTiiFQfy
Fax: UEJMOVZodWPkKxew
Comments:
sPvSCE hgetwoguderu,*
[url=http://atyktjlxcznl.com/]atyktjlxcznl[/url],
[link=http://nudvfcehwpyg.com/]nudvfcehwpyg[/link], http://lvvwkbzbhnzp.com/
Note: The * line contained HTML link code, I just don't know how to get this site to show it.
Here is the PHP code in the site for the e-mail button.
<?php
//This Sends A Formatted Text Email Using The Text Boxes
if ($_POST['submit']){
//This Gets The Form Data
$fname = $_POST['fName'];
$lname = $_POST['lName'];
$email = $_POST['email'];
$company = $_POST['co'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$homep = $_POST['homeP'];
$workp = $_POST['workP'];
$cellp = $_POST['cellP'];
$fax = $_POST['fax'];
$comments = $_POST['txaOutputField'];
//echo "<script language = 'javascript'>alert('YAY');</script>";
if ($fname && $lname && $email && $comments){ //Check If Required Fields Are Filled
//This Sets The SMTP Configuration In php.ini
ini_set("SMTP", "smtp.2ndsourcewire.com");
//This Replaces Any Blank Fields With 'None's
if ($company == ""){
$company = "None";
}
if ($address1 == ""){
$address1 = "None";
}
if ($city == ""){
$city = "None";
}
if ($state == ""){
$state = "None";
}
if ($zip == ""){
$zip = "None";
}
if ($homep == ""){
$homep = "None";
}
if ($workp == ""){
$workp = "None";
}
if ($cellp == ""){
$cellp = "None";
}
if ($fax == ""){
$fax = "None";
}
//This Creates The Variables Necessary For The Email
$to = "CLIENT EMAIL WHICH I'M CENSORING";
$subject = "Email from 2ndSourceWire.com";
$from = "From: noreply#2ndsourcewire.com";
$secondEmail = "MY EMAIL WHICH I'M ALSO CENSORING";
if ($address2 == ""){
$body = "Name: $fname $lname\n".
"Email: $email\n".
"Company: $company\n\n".
"Mailing Address:\n".
"$address1\n".
"$city, $state $zip\n\n".
"Home Phone: $homep\n".
"Work Phone: $workp\n".
"Cell Phone: $cellp\n".
"Fax: $fax\n\n".
"Comments:\n".
"$comments";
}
else {
$body = "Name: $fname $lname\n".
"Email: $email\n".
"Company: $company\n\n".
"Mailing Address:\n".
"$address1\n".
"$address2\n".
"$city, $state $zip\n\n".
"Home Phone: $homep\n".
"Work Phone: $workp\n".
"Cell Phone: $cellp\n".
"Fax: $fax\n\n".
"Comments:\n".
"$comments";
}
//This Sends The Email
mail($to, $subject, $body, $from);
mail($secondEmail, $subject, $body, $from);
echo "<script language = 'javascript'>alert('The email was sent successfully.');</script>";
}
else {
//The Required Fields Are Not Filled
echo "<script language = 'javascript'>alert('Please fill your first name, last name, email address, and your comment or question.');</script>";
}
}
?>
I'm a little dumbfounded on how this happened, the client mentioned a couple e-mails of this, so I don't think it is a random glitch. Also, the e-mail address was formatted like an e-mail address, so someone or some program was interpreting the labels next to each text box. I also noticed that the first and last names entered are the same word, even though they were in different text boxes, I'm thinking its some spam program, but wouldn't they try to advertise something and make money, rather than just spouting out random text? Also, the comments section makes no sense to me at all, the links goto nowhere and they're all perfectly formatted, a random person just screwing around wouldn't know those tags, and a programmer doing it wouldn't bother with it, but also neither would a program.
I have no idea what caused this or how to fix it, I'm drawing a blank here. Anyone have any ideas?
A spammer/bot entered duff data into your page and you dutifully sent it on in your application.
Why do you think this is a mystery?
add a CAPTCHA to stop it happening. If you dont what to write your own you can use reCAPTCHA
even a simple question like "are you a human Y/n?" or "2+2?" will stop the bot,
also using some js to set an hidden value on submit and check for that on the server.
some validation on $email and $phone would be nice to have.
Instead of making people try to read CAPTCHAs, I like to have four text boxes in a row and ask the user to check two random ones (e.g. "Please check the first and third boxes") and make sure those are the only two checked in the validation.
Related
i wrote a relatively simple but usable php query logging software a couple of years back and my setup was "plain vanilla" where a form, with a POST method has a separate page that processes the form like below
1) input form displays with a submit button that calls process-form.php
2) process-form.php then processes the form (e.g. enters the data onto a database)
3) process-form.php displays a message if everything is fine or not.
now, when i go through some php tutorials, they are teaching having the form submit upon itself by using $_SERVER
<?php
//use the $_SERVER function to decipher if the POST method has been triggered
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
//TODO: Send email, etc.
}
?>
i can see the benefits of of this method as the code remains compact as you just have to go to 1 page only instead of going to other pages if you need to fix something. Is this the prevalent method now? just asking as i am trying to learn. thank you!
You can use isset() or sizeof() or empty()
if (isset($_POST))
{
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
//TODO: Send email, etc.
}
OR
if (sizeof($_POST) > 0)
{
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
//TODO: Send email, etc.
}
OR
if (!empty($_POST))
{
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
//TODO: Send email, etc.
}
So I created a custom contact form in WordPress, using PHP. The form sends, and I am receiving emails. The problem I'm having is that once you hit submit, it goes to a post page, and doesn't stay on the original page.
I've tried using a session and header location (didn't work)
I also tried putting this in my action"<?php echo $_SERVER['PHP_SELF']; ?>", doesn't work either. (mail just doesn't send it and sends me to 404 page.
So I'm a little stuck, as to fix this problem. Normally I would have no problems if this was a static web page, but because I'm using WordPress, this task seems to be more troublesome.
Here is a link to the website http://www.indianpointresort.ca/
Here is the php validation:
<?php
/*session_start();
if(!isset($_SESSION['afaisfjisjfijfjiwaefjawsefijef'])){
$url = 'http://www.indianpointresort.ca/';
header("Location:home.php?url=$url");
}*/
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$phone = trim($_POST['phone']);
$subject = trim($_POST['subject']);
$message = trim($_POST['message']);
echo "$name | $email | $phone | $subject | $message";
if(isset($_POST['submit'])){
$boolValidationOK = 1;
$strValidationMessage = "";
//validate first name
//validate last name
if(strlen($name)<3){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in a proper first and last name </br>";
}
//email validation:
$emailValidate = validate_email( $email );// calls the function below to validate the email addy
if(!$emailValidate ){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in proper email address </br>";
}
//validate phone
$phone = checkPhoneNumber($phone);
if(!$phone){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill proper phone number </br>";
}
//validate subject
if(strlen($subject)<3){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in a proper subject description </br>";
}
//validate description
if(strlen($message)<3){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in a proper message </br>";
}
if($boolValidationOK == 1){
//$strValidationMessage = "SUCCESS";
//MAIL SECURITY !!!!!!!
// WE MUST VALIDATE AGAINST EMAIL INJECTIONS; THE SPAMMERS BEST WEAPON
$badStrings = array("Content-Type:",
"MIME-Version:",
"Content-Transfer-Encoding:",
"bcc:",
"cc:");
foreach($_POST as $k => $v){// change to $_POST if your form was method="post"
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
// In case of spam, all actions taken here
//header("HTTP/1.0 403 Forbidden");
echo "<script>document.location =\"http://www.bermuda-triangle.org/\" </script>";
exit; // stop all further PHP scripting, so mail will not be sent.
}
}
}
$ip = $_SERVER['REMOTE_ADDR'];
//echo $ip;
/* Spammer List: IP's that have spammed you before ***********/
$spams = array (
"static.16.86.46.78.clients.your-server.de",
"87.101.244.8",
"144.229.34.5",
"89.248.168.70",
"reserve.cableplus.com.cn",
"94.102.60.182",
"194.8.75.145",
"194.8.75.50",
"194.8.75.62",
"194.170.32.252"
//"S0106004005289027.ed.shawcable.net" Phil's IP as test
); // array of evil spammers
foreach ($spams as $site) {// Redirect known spammers
$pattern = "/$site/i";
if (preg_match ($pattern, $ip)) {
// whatever you want to do for the spammer
echo "logging spam activity..";
exit();
}
}
$to = "";
//$subject = " Indian Point";
// compose headers
$headers = "From: Indian Point Resort.\r\n";
$headers .= "Reply-To: $email\r\n";
$headers .= "X-Mailer: PHP/".phpversion();
$message = wordwrap($message, 70);
// send email
mail($to, $subject, $message, $headers);
}
}//end of submit
//validate phone number
function checkPhoneNumber($number){
$number = str_replace("-", "", $number);
$number = str_replace(".", "", $number);
$number = str_replace(" ", "", $number);
$number = str_replace(",", "", $number);
$number = str_replace("(", "", $number);
$number = str_replace(")", "", $number);
if((strlen($number) != 10) || (!is_numeric($number))){
return false;
}else{
return $number;
}
}
//email validation
function validate_email( $senderemail ){ // this is a function; it receives info and returns a value.
$email = trim( $senderemail ); # removes whitespace
if(!empty($email) ):
// validate email address syntax
if( preg_match('/^[a-z0-9\_\.]+#[a-z0-9\-]+\.[a-z]+\.?[a-z]{1,4}$/i', $email, $match) ):
return strtolower($match[0]); # valid!
endif;
endif;
return false; # NOT valid!
}
?>
Here is the form:
<div id="msgForm" class=" msgForm five columns">
<h4>Questions?</h4>
<h5>Send us a message!</h5>
<form id="contactForm" name="contactForm" method="post" action="<?php the_permalink(); ?>">
<p><input type="text" name="name" value="<?php echo $name; ?>" placeholder="name*"/></p>
<p><input type="email" name="email" placeholder="E-mail*"/></p>
<p><input type="text" name="phone" placeholder="Phone #*"/></p>
<p><input type="text" name="subject" placeholder="subject*"/></p>
<p><textarea name="message" placeholder="Message*"></textarea></p>
<p><input type="submit" name="submit" placeholder="Submit"/></p>
<div class="error">
<?php
if($strValidationMessage){
echo $strValidationMessage;
}
?>
</div>
</form>
</div><!--end of form-->
Well, to start off I would remove that gmail account from your info (just to be safe).
Secondly I would advise you to use the sendmail scripts provided by Wordpress.
There are plugins like gravityforms which allow you to make a form and decide all these options without making a static form, nor a new template file for that matter.
You can only change to which page the form will redirect after the refresh (the action will decide that)
If you want it to stay on the same page you can put the page itself in the action and on top put an if statement like
if(isset($_POST['submit'])){
//validation, sendmail, and possibly errors here
}
else{
//show the form
}
anyway, a refreshing webform is as standard as it gets. It's just how it submits things. The only way you could prevent a page is by using jquery or javascript like so: (give your submit an id)
$('#submit').on("click", function(e){
//this prevents any submit functionality (like refresh)
e.preventDefault();
//custom code to get values here and put them in the sendmail function like so:
var message = $('$message').text();
}
Try ajax form submission. And add the insert query in a separate file.
im getting the "invalid email address"
all is hardcoded for testing, what is missing? thanks!
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$email = $HTTP_POST_VARS['example#example.com'];
$subject = $HTTP_POST_VARS['subjectaaa'];
$message = $HTTP_POST_VARS['messageeeee'];
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*#\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
Change
$email = $HTTP_POST_VARS['jaaanman2324#gmail.com'];
$subject = $HTTP_POST_VARS['subjectaaa'];
$message = $HTTP_POST_VARS['messageeeee'];
to
$email ='jaaanman2324#gmail.com';
$subject ='subjectaaa';
$message = 'messageeeee';
I think you want it to be hardcoded like this:
$email = 'jaaanman2324#gmail.com';
Otherwise you are trying to get the value out of HTTP_POST_VARS with the key of jaaanman2324#gmail.com
First, don't use $HTTP_POST_VARS, it's $_POST now.
Second, by writing $HTTP_POST_VARS['jaaanman2324#gmail.com'] you're looking for table element with juanman234#gmail.com key.
That's not what you wanted to do.
If you want to hardcode it, write
$email = 'jaaanman2324#gmail.com';`
if not, write
$email = $_POST['email'];
to get email field from form.
I'm trying to get this contact form working and it doesn't seem to be able to send with headers saying it is from a gmail address I feel like yahoo addresses were also in the mix of ones that didn't work. Here is the code that seems like it would matter to this. If the host matters I am on Dreamhost. Let me know please.
if(!is_array($contact_information_type))
{
$contact_information_type = Array();
}
if($_POST){
$contact_name = trim(stripslashes($_POST["contact_name"]));
$contact_company = trim(stripslashes($_POST["contact_company"]));
$contact_address1 = trim(stripslashes($_POST["contact_address1"]));
$contact_address2 = trim(stripslashes($_POST["contact_address2"]));
$contact_city = trim(stripslashes($_POST["contact_city"]));
$contact_state = trim(stripslashes($_POST["contact_state"]));
$contact_zip = trim(stripslashes($_POST["contact_zip"]));
$contact_country = trim(stripslashes($_POST["contact_country"]));
$contact_phone = trim(stripslashes($_POST["contact_phone"]));
$contact_fax = trim(stripslashes($_POST["contact_fax"]));
$contact_email = trim(stripslashes($_POST["contact_email"]));
$contact_comments = trim(stripslashes($_POST["contact_comments"]));
if($contact_name == ""){ $errors_array[] = "Name is required."; }
if($contact_company == ""){ $errors_array[] = "Company name is required."; }
if($contact_city == "") { $errors_array[] = "City is required."; }
if($contact_state == ""){ $errors_array[] = "State is required."; }
if($contact_country == "") { $errors_array[] = "Country is required.";}
elseif($contact_country == "United States" )
{if($contact_zip != "" && !preg_match("/(^\d{5}$)|(^\d{5}-\d{4}$)/", $contact_zip)){ $errors_array[] = "Incorrect Zip. (e.g. 60660 or 60660-1234)"; };}
elseif($contact_country == "Canada" ){if($contact_zip != "" && !preg_match("/^[ABCEGHJ- NPRSTVXY]{1}[0-9]{1}[ABCEGHJ-NPRSTV-Z]{1}[ ]?[0-9]{1}[ABCEGHJ-NPRSTV-Z]{1}[0-9]{1}$/i", $contact_zip)){ $errors_array[] = "Incorrect Zip. (e.g. M4C 1B5 or M4C1B5)"; };}
else {;}
if($contact_phone == ""){ $errors_array[] = "Phone is required."; }
if($contact_phone != "" && !preg_match("/(^\d{3}-\d{3}-\d{4}$)| (^\d{10}$)/", $contact_phone)){ $errors_array[] = "Incorrect Phone. (e.g. 123-123-1234)"; }
if($contact_fax != "" && !preg_match("/(^\d{3}-\d{3}-\d{4}$)|(^\d{10}$)/", $contact_fax)){ $errors_array[] = "Incorrect Fax. (e.g. 123-123-1234)"; }
if($contact_email == ""){ $errors_array[] = "E-mail is required."; }
if($contact_email != "" && !preg_match("/^[a-zA-Z0-9_.-]+#[a-zA-Z0-9-]+\. [a-zA-Z0-9-.]+$/", $contact_email)){ $errors_array[] = "Incorrect E-mail. (e.g. youremail#domain.com)"; }
if($contact_comments == ""){ $errors_array[] = "Comments are required."; }
if(sizeof($errors_array) == 0){
$contact_information_type = implode(", ", $contact_information_type);
$email_message = <<<MESSAGE
The contact form on www.rotaryvalve.com has been filled out with the following information:
Name: ${contact_name}
Company: ${contact_company}
Address 1: ${contact_address1}
Address 2: ${contact_address2}
City: ${contact_city}
State: ${contact_state}
Zip: ${contact_zip}
Country: ${contact_country}
Phone: ${contact_phone}
Fax: ${contact_fax}
E-mail: ${contact_email}
Comments/Products of Interest: ${contact_comments}
MESSAGE;
$email_adds = array("sales-team#wmwmeyer.com", "dan#danbaran.com");
$email_from = $contact_email;
$email_subject = "Customer Request/Comment";
foreach($email_adds as $email_to){
mail ($email_to, $email_subject, $email_message, "From: ".$email_from." <".$email_from.">");
}
essentially if the contact_email filled out on the form(code not included sorry didn't think you'd need it but let me know if you do) is a gmail account it doesn't seem to send it please help me out on this one.
Is the problem not being sent, or not being received. I'm pretty sure that the problem is not the email being sent, but what happens when it gets received by the receiver's email service. It may be classed as spam, because they can see it is not sent from the GMail mailservers.
The email may be classed as spam by the receiving server or client, due to SPF records on the gmail.com domain that will most likely mark the emails as spam.
You would however be able to send the email with a 'Reply-To' header of the email entered in the contact form. This would give the email a better chance of getting past spam filters, and if the recipient hits the "Reply" button in their client, the email will default to being sent to this address.
So I recently made a basic site for a family members small company. I included a mail form, for enquiries etc.
here is the code i use:
<?php
function check_input($data){ // SANITIZE USER STRING INPUT
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$name = check_input($_POST['name']);
$surname = check_input($_POST['surname']);
$email = check_input($_POST['email']);
$telephone = check_input($_POST['telephone']);
$comments = check_input($_POST['message']);
$message = "From: $name $surname
Email: $email
Telephone: $telephone
--------------------------------------------------------------
Comments: $comments
";
mail("#############.com","Website Enquiry from www.#######.co.uk",$message,"From: webserver");
?>
now when I try it, it works absoloutely fine. However I have noticed sometimes it is realllllly slow and so we have been receiving blank emails through the form (the user input data is not present), so it appears someone has attempted to use it and given up perhaps because it is taking too long?
I am assuming this is to do with the mail server rather than php mail. But I wanted to see if anyone could highlight potential issues that I could take to the company hosting for her?
many thanks,
check if name and email fields are entered and then proceed with mail function..this reduces getting blank emails.
<?php
if (isset($_POST['name']) && isset($_POST['email'])) //check if name and email fields are entered and then proceed with mail function
{
//process the data and send mail.
}
else
{
echo "Error missing name or email field.please enter";
}
?>
Alternatively you can also use array_key_exists()
<?php
if (array_key_exists("name", $_POST) && $_POST["name"] != "" && array_key_exists("email", $_POST) && $_POST["email"] != "")
//check if name and email fields are entered and then proceed with mail function
{
//process the data and send mail.
}
else
{
echo "Error missing name or email field.please enter";
}
?>
Actually you are not checking if someone fill the form empty that's why you are getting blank fields
<?php
function check_input($data){ // SANITIZE USER STRING INPUT
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if(!empty($data))
{
$name = check_input($_POST['name']);
$surname = check_input($_POST['surname']);
$email = check_input($_POST['email']);
$telephone = check_input($_POST['telephone']);
$comments = check_input($_POST['message']);
$message = "From: $name $surname
Email: $email
Telephone: $telephone
--------------------------------------------------------------
Comments: $comments
";
mail("#############.com","Website Enquiry from www.#######.co.uk",$message,"From: webserver");
}
?>