I've had something strange happen lately with php script I use to send emails from an online contact form and just wondered if any one could shed a little light on the issue.
I've had a php script which I use on multiple websites and it has always worked fine, but for some strange reason, I tried using in on one site and it just wasn't working.
I tried fiddleing with it and eventually realised that it was something to do with the following section of code:
this is the original section of code that usually works fine, but wasn't working for some reason:
$to = 'My Name <info#mydomain.com>';
I then removed the name bit, so that the code looked like this:
$to = 'info#mydomain.com';
and now it sends the email through ok.
As I say, the top code usually works fine, so any ideas why this time I had to alter the code to get it to work?
Any possible explanations would be great :o)
Here's the full code:
<?php
require("is_email.php"); // email validation function
//Retrieve form data.
//GET - user submitted data using AJAX
//POST - in case user does not support javascript, we'll use POST instead
$name = ($_GET['name']) ?$_GET['name'] : $_POST['name'];
$email = ($_GET['email']) ?$_GET['email'] : $_POST['email'];
$telephone = ($_GET['telephone']) ?$_GET['telephone'] : $_POST['telephone'];
$address = ($_GET['address']) ?$_GET['address'] : $_POST['address'];
$enquiry = ($_GET['enquiry']) ?$_GET['enquiry'] : $_POST['enquiry'];
$calculation = ($_GET['calculation']) ?$_GET['calculation'] : $_POST['calculation'];
//flag to indicate which method it uses. If POST set it to 1
if ($_POST) $post=1;
//Server side validation for POST data
if (!$name) $errors[count($errors)] = 'Please click back and enter your name.';
if (!$email) $errors[count($errors)] = 'Please click back and enter your email.';
else if (!is_email($email)) $errors[count($errors)] = 'Please click back as you may have entered an invalid email address.';
if (!$telephone) $errors[count($errors)] = 'Please click back and enter your telephone number.';
if (!$address) $errors[count($errors)] = 'Please click back and enter your address.';
if (!$enquiry) $errors[count($errors)] = 'Please click back and enter your enquiry.';
if ($calculation != '14') $errors[count($errors)] = 'Please click back and check you have correctly answered the simple calculation (in number format).';
//if the errors array is empty, send the mail
if (!$errors) {
//recipient - change this to your name and email
$to = 'info#mydomain.com';
//sender
$from = $name . ' <' . $email . '>';
//subject and the html message
$subject = 'Website Enquiry: ' . $name;
$email_body = '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body>
<table cellpadding="5" style="color:#757575;">
<tr><td style="color:#3b5998;">Name: </td><td>' . $name . '</td></tr>
<tr><td style="color:#3b5998;">Email: </td><td>' . $email . '</td></tr>
<tr><td style="color:#3b5998;">Telephone: </td><td>' . $telephone . '</td></tr>
<tr valign="top"><td style="color:#3b5998;">Address: </td><td>' . nl2br($address) . '</td></tr>
<tr valign="top"><td style="color:#3b5998;">Enquiry: </td><td>' . nl2br($enquiry) . '</td></tr>
</table>
</body>
</html>';
//send the mail
$result = sendmail($to, $subject, $email_body, $from);
//if POST was used, display the message straight away
if ($_POST) {
if ($result) echo 'Thank you! We have received your message.<br /><br />OK';
else echo 'Sorry, unexpected error. Please try again later';
//else if GET was used, return the boolean value so that
//ajax script can react accordingly
//1 means success, 0 means failed
} else {
echo $result;
}
//if the errors array has values
} else {
//display the errors message
for ($i=0; $i<count($errors); $i++) echo $errors[$i] . '<br />';
exit;
}
//Simple mail function with HTML header
function sendmail($to, $subject, $email_body, $from) {
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: ' . $from . "\r\n";
$result = mail($to,$subject,$email_body,$headers);
if ($result) return 1;
else return 0;
}
?>
Hosts can vary on their requirements for sendmail and depending on what sendmail software they are using. You may take this up with your hosting company and see if there are any caveats to making it work or if they know a better format.
Use this:
$mailFrom = '"My Name" <info#mydomain.com>';
the FROM label is double quoted and a space and <email>
I edited my initial question to explain how I overcame the problem.
Related
php novice back again with some minor issues, I've researched for hours but can't find the solution.
I already use this form for another form and it works fine, but this time I added the Input fields of nric, rate and a checkbox "agree". These are the 3 fields that don't validate and stop the form from sending. Any help would be appreciated
Here is the code:
//Retrieve form data.
//GET - user submitted data using AJAX
//POST - in case user does not support javascript, we'll use POST instead
$name = ($_GET['name']) ? $_GET['name'] : $_POST['name'];
$phone = ($_GET['phone']) ? $_GET['phone'] : $_POST['phone'];
$email = ($_GET['email']) ?$_GET['email'] : $_POST['email'];
$nric = ($_GET['nric']) ?$_GET['nric'] : $_POST['nric'];
$rate = ($_GET['rate']) ?$_GET['rate'] : $_POST['rate'];
$comment = ($_GET['comment']) ?$_GET['comment'] : $_POST['comment'];
$agree = ($_GET['agree']) ?$_GET['agree'] : $_POST['agree'];
//flag to indicate which method it uses. If POST set it to 1
if ($_POST) $post=1;
//Simple server side validation for POST data, of course, you should validate the email
if (!$name) $errors[count($errors)] = 'Please enter your Full name Surname in UPPERCASE.';
if (!$phone) $errors[count($errors)] = 'Please enter your contact number - e.g. +6012345678.';
if (!$email) $errors[count($errors)] = 'Please enter your email.';
if (!$nric) $errors[count($errors)] = 'Please enter your Business No or NRIC if not a business.';
if (!$rate) $errors[count($errors)] = 'Please enter the rate you wish to pay (in RM)';
if (!$comment) $errors[count($errors)] = 'Please describe what you require this person for and when.';
if (!$agree) $errors[count($errors)] = 'Please agree to the Booking Fee.';
//if the errors array is empty, send the mail
if (!$errors) {
//recipient - replace your email here
$to = 'me#myemail.com';
//sender - from the form
$from = $name . ' <' . $email . '>';
//subject and the html message
$subject = 'Message from ' . $name;
$message = 'Name: ' . $name . '<br/><br/>
Phone: ' . $phone . '<br/><br/>
Email: ' . $email . '<br/><br/>
NRIC: ' . $nric . '<br/><br/>
Rate: ' . $rate . '<br/><br/>
Agree: ' . $agree . '<br/><br/>
Message: ' . nl2br($comment) . '<br/>';
//send the mail
$result = sendmail($to, $subject, $message, $from);
//if POST was used, display the message straight away
if ($_POST) {
if ($result) echo 'Thank you! We have received your message.';
else echo 'Sorry, unexpected error. Please try again later';
//else if GET was used, return the boolean value so that
//ajax script can react accordingly
//1 means success, 0 means failed
} else {
echo $result;
}
//if the errors array has values
} else {
//display the errors message
for ($i=0; $i<count($errors); $i++) echo $errors[$i] . '<br/>';
echo 'Back';
exit;
}
//Simple mail function with HTML header
function sendmail($to, $subject, $message, $from) {
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: ' . $from . "\r\n";
$result = mail($to,$subject,$message,$headers);
if ($result) return 1;
else return 0;
}
Are you sure it isn't as simple as a missing quote.
Look at
$to = me#myemail.com';
It should be
$to = 'me#myemail.com'; // ** Missing leading quote on string
I have written a php mail function to allow a user on my website to fill in a form and send the form to my email. as the question says the email is working once the user send the form however it only appear in my junk email folder instead, i am not a php developer but after doing some research i have noticed a lot people mentione about PHPMailer which i never heard of or used before.
i would much appreciate with a bit oh help.
$to="myemail.com";
//Errors
$nameError="";
$emailError="";
$errMsg="";
$errors="";//counting errors
$name="";
$email="";
$message="";
if(isset($_POST['send'])){
if(empty($_POST['yourname'])){ //name field empty
$nameError="Please enter your name";
$errors++; // increament errors
}else{
$name= UserInput($_POST['yourname']);
if(!preg_match("/^[a-zA-Z ]*$/", $name)){
$nameError="Only letters and white space accepted";
$errors++;
}
}
if(empty($_POST['email'])){
$emailError="Enter email";
$errors++;
}else{
$email = UserInput($_POST['email']);
if(!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email)){
$emailError="Invalid Email";
$errors++;
}
}
if(empty($_POST['msg'])){
$errMsg="Enter message";
$errors++;
}else{
$message=UserInput($_POST['msg']);
}
if($errors <=0){//No errors lets setup our email and send it
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: <' . $email . '>' . "\r\n";
$text = "<p>New Message from $name </p>";
$text .= "<p>Name : $name</p>";
$text .= "<p>Email : $email</p>";
$text .= "<p>Message : $message</p>";
mail($to, "Website Contact", $text, $headers);
$success="Thank your message was submitted";
$_POST= array(); //clearing inputs fields after success
}
}
//Filter user input
function UserInput($data){
$data = trim($data);
$data = stripcslashes($data);
$data = htmlspecialchars($data);
return $data;
}
Your using the email from their posted variable in your header. When your email server receives this it's going to look like it is spoofed because it is. Your site isn't going to be one of the mail servers setup for that domain.
When setting up MX and DNS records for email you use SPF or key signing to prove who sent the message and that it came from a trusted mail server for that domain. You may want to change the from to be an email and domain you control. You are getting their email in the body anyway.
Worst case if you don't have control over SPF records you could at least mark the from email, assuming it is something you control, as always trusted so it wouldn't go into your junk mail.
$headers .= 'From: <' . $to . '>' . "\r\n";
I know I'm being sent a status of '1' from this process file as my JavaScript resulting is functioning. Problem is that I'm not getting the email.
<?php
//Retrieve form data.
//GET - user submitted data using AJAX
//POST - in case user does not support javascript, we'll use POST instead
$name = ($_GET['name']) ? $_GET['name'] : $_POST['name'];
$email = ($_GET['email']) ?$_GET['email'] : $_POST['email'];
$comment = ($_GET['comment']) ?$_GET['comment'] : $_POST['comment'];
//flag to indicate which method it uses. If POST set it to 1
if ($_POST) $post=1;
//Simple server side validation for POST data, of course,
//you should validate the email
if (!$name) $errors[count($errors)] = 'Please enter your name.';
if (!$email) $errors[count($errors)] = 'Please enter your email.';
if (!$comment) $errors[count($errors)] = 'Please enter your comment.';
//if the errors array is empty, send the mail
if (!$errors) {
//recipient - change this to your name and email
$to = 'myemail#gmail.com';
//sender
$from = $name . ' <' . $email . '>';
//subject and the html message
$subject = 'Comment from ' . $name;
$message = '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body>
<table>
<tr><td>Name</td><td>' . $name . '</td></tr>
<tr><td>Email</td><td>' . $email . '</td></tr>
<tr><td>Comment</td><td>' . nl2br($comment) . '</td></tr>
</table>
</body>
</html>';
//send the mail
$result = sendmail($to, $subject, $message, $from);
//if POST was used, display the message straight away
if ($_POST) {
if ($result) echo 'Thank you! We have received your message.';
else echo 'Sorry, unexpected error. Please try again later';
//else if GET was used, return the boolean value so that
//ajax script can react accordingly
//1 means success, 0 means failed
} else {
echo $result;
}
//if the errors array has values
} else {
//display the errors message
for ($i=0; $i<count($errors); $i++) echo $errors[$i] . '<br/>';
echo 'Back';
exit;
}
//Simple mail function with HTML header
function sendmail($to, $subject, $message, $from) {
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: ' . $from . "\r\n";
$result = mail($to,$subject,$message,$headers);
if ($result) return 1;
else return 0;
}
?>
You mentioned you are using GoDaddy. GoDaddy requires you set the sender address legitimately to match the domain of the site it is sending from or use SMTP with Authentication.
There is a huge gaping hole with this method of sending email. Spammers can easily override the From: header by inserting additional recipients.
I'm not sure how mail centric your application plans to be, but I would recommend using a package like PHPMailer or PEAR::Mail as it takes care of email handling for you at a much higher level. This let's you focus on more important parts of your application. The built-in PHP mail() feature is very limited in its abilities and as you try to extend your mail capabilities you'll run into many road blocks that the base mail() function just cannot handle without a lot of additional logic on your behalf (attachments, MIME-types, etc come to mind).
when testing mails you can test it directly to your server, php mail has a function that already runs on it. if you test it on xampp locally it will not send , unless you have set the php mailer in localhost. but for me its better to test it on server than in localhost.
Might be easier to look at this fiddle: http://jsfiddle.net/pkAGz/ and the process.php code is shown below:
<?php
//Retrieve form data.
//GET - user submitted data using AJAX
//POST - in case user does not support javascript, we'll use POST instead
$name = ($_GET['name']) ? $_GET['name'] : $_POST['name'];
$email = ($_GET['email']) ?$_GET['email'] : $_POST['email'];
//flag to indicate which method it uses. If POST set it to 1
if ($_POST) $post=1;
//Simple server side validation for POST data, of course,
//you should validate the email
if (!$name) $errors[count($errors)] = 'Please enter a name.';
//if the errors array is empty, send the mail
if (!$errors) {
$name = $name[array_rand($name)];
$to = '$name <$name email adress if set>';
//sender
$from = $name . ' <' . $email . '>';
//subject and the html message
$subject = 'Comment from ' . $name;
$message = '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body>
<table>
<tr><td>Name</td><td>' . $name . '</td></tr>
<tr><td>Email</td><td>' . $email . '</td></tr>
</table>
</body>
</html>';
//send the mail
$result = sendmail($to, $subject, $message, $from);
//echo "\n\n$name has been nominated to make the tea!\n\n";
//echo "\n\nThey will also be notified by e-mail if you entered their address.\n\n";
//if POST was used, display the message straight away
if ($_POST) {
if ($result) echo "\n\n$name has been nominated to make the tea!\n\nThey will also be notified by e-mail if you entered their address.\n\n";
else echo 'Sorry, unexpected error. Please try again later';
//else if GET was used, return the boolean value so that
//ajax script can react accordingly
//1 means success, 0 means failed
} else {
echo $result;
}
//if the errors array has values
} else {
//display the errors message
for ($i=0; $i<count($errors); $i++) echo $errors[$i] . '<br/>';
echo 'Back';
exit;
}
//Simple mail function with HTML header
function sendmail($to, $subject, $message, $from) {
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: ' . $from . "\r\n";
$result = mail($to,$subject,$message,$headers);
if ($result) return 1;
else return 0;
}
?>
Once the AJAX request is working the next step is simply work around the code to send an e-mail to the person chosen if their e-mail address was entered - a bit stuck on how to do that as I want the e-mail field to remain optional.
Then obviously, I want to return the name of the person that was picked at random and that will be it!
Thanks,
Martin
Use Firebug for Firefox, or watch the console in Chrome/Safari. So you would have seen that you have a javascript error:
Uncaught ReferenceError: comment is not defined
So the script:
//cancel the submit button default behaviours
return false;
isn't executed and the form is posted normally.
I have a contact form on my website, and everything works like a charm. I am using a anti-injection validation script, that I suspect is supposed to send a notification when somebody attempts to use header injection. I have tested this thouroghly and cannot determine why it will not notify me on the event of an abuse. The script is below.
<?php
/* Set e-mail recipient */
$myemail = "email#gmail.com";
/* Check all form inputs using check_input function */
$subject = check_input($_POST['subject'], "Please enter your name");
$email = check_input($_POST['email'], "Please enter your email");
$form = check_input($_POST['form'], "Please write your message");
function logbad($value)
{
// Start of validation; this is where the problem is
$report_to = "email#gmail.com";
$name = "Matt";
$mail = "$email";
// replace this with your own get_ip function...
$ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty'
: $_SERVER['REMOTE_ADDR'];
$rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty'
: $_SERVER['HTTP_REFERER'];
$ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty'
: $_SERVER['HTTP_USER_AGENT'];
$ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty'
: $_SERVER['REQUEST_URI'];
$rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty'
: $_SERVER['REQUEST_METHOD'];
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 1\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$nama."\" <".$mail.">\r\n\r\n";
#mail
(
$report_to
,"[ABUSE] mailinjection # " .
$_SERVER['HTTP_HOST'] . " by " . $ip
,"Stopped possible mail-injection # " .
$_SERVER['HTTP_HOST'] . " by " . $ip .
" (" . date('d/m/Y H:i:s') . ")\r\n\r\n" .
"*** IP/HOST\r\n" . $ip . "\r\n\r\n" .
"*** USER AGENT\r\n" . $ua . "\r\n\r\n" .
"*** REFERER\r\n" . $rf . "\r\n\r\n" .
"*** REQUEST URI\r\n" . $ru . "\r\n\r\n" .
"*** REQUEST METHOD\r\n" . $rm . "\r\n\r\n" .
"*** SUSPECT\r\n--\r\n" . $value . "\r\n--"
,$headers
);
}
// Check 1
//First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
if(!isset($_SERVER['HTTP_USER_AGENT']))
{
die('Forbidden - You are not authorized to view this page (0)');
exit;
}
// Cek 2
// Make sure the form was indeed POST'ed:
// (requires your html form to use: action="post")
if(!$_SERVER['REQUEST_METHOD'] == "POST")
{
die('Forbidden - You are not authorized to view this page (1)');
exit;
}
// Host names from where the form is authorized
// to be posted from:
$authHosts = array("cover.com");
// Where have we been posted from?
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));
// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos($fromArray['host'], "www.");
// Make sure the form was posted from an approved host name.
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts))
{
logbad("Form was not posted from an approved host name");
die(' Forbidden - You are not authorized to view this page (2)');
exit;
}
// Attempt to defend against header injections:
$badStrings = array("content-type:",
"mime-version:",
"content-transfer-encoding:",
"multipart/mixed",
"charset=",
"bcc:",
"cc:");
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v)
{
foreach($badStrings as $v2)
{
if(strpos(strtolower($v), $v2) !== false)
{
logbad($v);
die('<strong>Form processing cancelled:<br /></strong> string
(`'.$v.'`)<strong> contains text portions that
are potentially harmful to this server. <br />Your input
has not been sent! <br />Please use your browser\'s
`back`-button to return to the previous page and try
rephrasing your input.</strong>');
exit;
}
}
}
// Made it past spammer test, free up some memory
// and continuing the rest of script:
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
/* If e-mail is not valid show error message */
$addr_spec = '([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
'\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|\\x22([^\\x0d'.
'\\x22\\x5c\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x22)'.
'(\\x2e([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e'.
'\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|'.
'\\x22([^\\x0d\\x22\\x5c\\x80-\\xff]|\\x5c\\x00'.
'-\\x7f)*\\x22))*\\x40([^\\x00-\\x20\\x22\\x28'.
'\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d'.
'\\x7f-\\xff]+|\\x5b([^\\x0d\\x5b-\\x5d\\x80-\\xff'.
']|\\x5c[\\x00-\\x7f])*\\x5d)(\\x2e([^\\x00-\\x20'.
'\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40'.
'\\x5b-\\x5d\\x7f-\\xff]+|\\x5b([^\\x0d\\x5b-'.
'\\x5d\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x5d))*';
if (!preg_match("!^$addr_spec$!", $email))
{
show_error("E-mail address not valid");
}
if (strtolower($_POST['code']) != 'rowingcover') {die('The following error occured: <br />Wrong anti-spam code. <br />
Go back');}
/* Let's prepare the message for the e-mail */
$message = "Cover.com Contact Form
From:
$subject
$email
Message
$form
";
/* Send the message using mail() function */
mail($myemail, $subject, $message, "From: $email");
/* Redirect visitor to the thank you page */
header('Location: contact_received.html');
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<b>Please correct the following error:</b><br />
<?php echo $myError; ?><br />
Go back
</body>
</html>
<?php
exit();
}
?>
I am relatively new to php, so any help would be much appreciated.
Thanks,
Matt
Your problem might be that you are using double quotes with # in your variable:
should be: $report_to = 'email#gmail.com'; or $report_to = "email\#gmail.com";
Just posting as answer from my comment since you got it solved by that.
The thing was that using an array inside a variable without scaping it will result in a empty array in your case which would give you a possible wrong email.
You welcome :)
I have found a few things that might contribute to that.
1)
$mail = "$email";
$email isn't defined (you're inside a function), and there is no reason to put quotes around a variable. This means $mail = "";
2)
$headers .= "From: \"".$nama."\" <".$mail.">\r\n\r\n";
You said $nama instead of $name, this means that line is actually:
$headers .= "From: <>\r\n\r\n";
It's a bit difficult to see the reason. Try defining your subject and message before your mail function (makes it much easier to read).
Don't use the "#mail" as that will NOT tell you any errors it runs into. While debugging, you definitely want error messages.
Try sending a normal text email before you send an HTML error (in that function), it might help make things simple. Then slowly implement HTML, see where it breaks.
This following lines looks wrong.
$mail = "$email"; should be $mail = $email;
#mail( should be just mail( This is probably the line preventing your mail being sent!
mail($myemail, $subject, $message, "From: $email"); should be
mail($myemail, $subject, $message, "From:".$email);
Hope that helps.
Thanks to Prix who answered my question in the comments:
$report_to = "email#gmail.com"; either
use single quote or scape the #
$report_to = 'email#gmail.com'; or
$report_to = "email\#gmail.com"; since
the # is treathed as an array it will
not read as email#gmail.com under
double quotes. – Prix 4 mins ago