Ok, so I made a form using HTML, and I'd like to get it to submit the information to my email, so I found and modified this PHP script:
<?php
$to = "me#myemail.com";
$subject = "R&R Form";
$firstname1 = $_REQUEST['firstname1'] ;
$lastname1 = $_REQUEST['lastname1'] ;
$firstname2 = $_REQUEST['firstname2'] ;
$lastname2 = $_REQUEST['lastname2'] ;
$department1 = $_REQUEST['department1'] ;
$department2 = $_REQUEST['department2'] ;
$reason = $_REQUEST['reason'] ;
$behaviour1 = $_REQUEST['behaviour1'] ;
$behaviour2 = $_REQUEST['behaviour2'] ;
$behaviour3 = $_REQUEST['behaviour3'] ;
$behaviour4 = $_REQUEST['behaviour4'] ;
$behaviour5 = $_REQUEST['behaviour5'] ;
$behaviour6 = $_REQUEST['behaviour6'] ;
$behaviour7 = $_REQUEST['behaviour7'] ;
$message = "Nominee: $firstname1 $lastname1 /n Department: $department1 /n /n Nominator: $firstname2 $lastname2 /n Department: $department2 /n /n Reason for nomination: $reason /n /n Additional reasons: $behaviour1 /n $behaviour2 /n $behaviour3 /n $behaviour4 /n $behaviour5 /n $behaviour6 /n $behaviour7 /n";
$headers = "Recognition and Reward Request for $firstname1 $lastname1";
$sent = mail($to, $subject, $message, $headers,) ;
if($sent)
{print "Your nomination was submitted successfully"; }
else
{print "We encountered an error submitting your nomination"; }
?>
It's not very well written, I know (I only started learning php today, and I just modified a script I copy and pasted.), but it doesn't seem to have any syntax errors or any other errors I can see. I'm not asking for someone to fix my code for me, I'm just asking for some pointers as to why the script isn't working as it should.
I uploaded it to a server with PHP installed, so that's not the problem. I've been trying to figure this out all day, and it's getting kinda frustrating. Someone please help?
Well, the script is using this for the headers, which is invalid:
$headers = "Recognition and Reward Request for $firstname1 $lastname1";
Maybe you meant for that to be the subject line?
The headers should be valid SMTP headers, like this:
$headers = 'From: webmaster#example.com' . "\r\n";
Look at the examples for the mail function for more info.
$sent = mail($to, $subject, $message, $headers,) ;
should look like this:
$sent = mail($to, $subject, $message, $headers) ;
(without the comma)
hope i helped
Since you are a starter I recommend you to use PEAR as much as possible.
Look at: pear html quickform
It will really make your life easier.
And for sending e-mails, I suggest you to use: PHPMailer
It comes with a lot of e-mail features just right out-of-the-box
The first problem I see is that $headers doesn't contain valid headers. Headers are things like From: name#example.com or CC: someoneelse#example.com, but you're treating it as part of the email.
Here's some info on email headers.
It does have syntax errors. Since you cannot see them, I suggest you enable full error reporting. There're many ways to do it; the simplest is probably adding this code on top of your script:
<?php
ini_set('display_errors', true);
error_reporting(E_ALL);
?>
Related
I'm trying to send a message to the email a user provides in the contact form. The problem is the message never gets sent, but I always arrive at a blank page where my php code is located. Nothing warns me of any error in my code. Can anyone explain why this is happening and offer a solution to the problem?
<form action="site.php" method="POST">
<input
type="text"
class="form"
name="email"
placeholder="Your email address"
/>
<button class="submit" type="submit">Join Waitlist</button>
</form>
<?php
if (isset($_POST["submit"]))
{
$mailTo = $_POST["email"];
$mailFrom = "Dumele";
$message = "https://docs.google.com/forms/d/1lpj2XnKW4HT_qHFfGwpUxcvzPmK2USZ0MGSDP0XCqfg/edit";
$subject = "Welcome to Dumele";
$txt = "Thank you for your interest in Dumele. We're glad to have
you join our network and mission to enhance the technological
innovation of our African diaspora. Below is a link to a survey
we would like you to answer so we can better assist you.\n\n".message;
$headers = "From: ".mailFrom;
(mail($mailTo, $subject, $txt, $headers));
header("Location: index.php?mailsend");
}
?>
First of all make sure you enabled error reporting. You can check another Stackoverflow question and it's answers here about it.
As I see in your code you have syntax errors. You didn't place $ sign before variable names. For example you typed $headers = "From: ".mailFrom; instead of $headers = "From: ".$mailFrom; Let's fix it:
<?php
if (isset($_POST["submit"]))
{
$mailTo = $_POST["email"];
$mailFrom = "Dumele";
$message = "https://docs.google.com/forms/d/1lpj2XnKW4HT_qHFfGwpUxcvzPmK2USZ0MGSDP0XCqfg/edit";
$subject = "Welcome to Dumele";
$txt = "Thank you for your interest in Dumele. We're glad to have
you join our network and mission to enhance the technological
innovation of our African diaspora. Below is a link to a survey
we would like you to answer so we can better assist you.\n\n".$message;
$headers = "From: ".$mailFrom;
(mail($mailTo, $subject, $txt, $headers));
header("Location: index.php?mailsend");
}
Now with the mail() function of PHP; some servers disables mail() function for security purposes. If so; you can use SMTP to securely send your emails. To use SMTP in PHP of course you need additional processes but some free software packages and libraries like PHPMailer or SwiftMailer can help you about it.
This is looking for a form value with the name "submit":
if (isset($_POST["submit"]))
But there's no form element in the HTML with that name. So this will always be false. Give your submit button that name:
<button class="submit" type="submit" name="submit">Join Waitlist</button>
It shouldn't necessarily need a value, it would just default to an empty string. But it needs a name in order for the browser to send anything at all with that key.
As an aside, your mail server may reject the message since this is not really an email address:
$mailFrom = "Dumele";
For completeness... It looks like your PHP variables are also syntactically incorrect. Variable names need to begin with a $. For example, this:
$headers = "From: ".mailFrom;
Should be this:
$headers = "From: ".$mailFrom;
The same error would need to be corrected anywhere you're mis-using variable names.
Use value attribute in button tag. You are testing
if(isset($_post['submit']))
But what is submit? You should use value attribute and give a value submit i.e. Submit
I'm new to php, i just start to use mail function. I have a problem like below:
Suppose, i have more recipients than one that will get my email.
<?php
$to = $_POST['to']; //xxxxx#yahoo.com,yyyyy#yahoo.com,zzzzz#yahoo.com
$from = $_POST['from']; //aaaaa#yahoo.com
$from = "myinfo <$from>";
$subject = $_POST['subject']; //New campiagn
$content = $_POST['content'];
$headers = "From:" . $from;
mail($to,$subject,$content,$headers);
?>
The code above work correctly. But when user get this email, they will see:
To Me, yyyyy#yahoo.com, zzzzz#yahoo.com
I don't want all users that get this email show when user view this email. Below is what i want:
To myuser#info.com
Does it is possible to do like this? I'm appreciate to all of your answer :)
Thank in advance
If you use a list in the To: field of a regular mail client the list will appear to every recipient. This is normal behaviour. If you want to hide the list then your best option is to send each recipient their own individual copy.
A client recently got a spam warning from their host.
I think I have pin pointed the issue to an old contact us form. Simple html on the front end and a simple PHP script on the back end.
if ($_POST['submit'] == "Send"){
//START SEND MAIL SCRIPT
$mail = $_POST['email'];
$to = "me#gmail.com";
$subject = "Message from Website Contact Us Form";
$headers = "From: Contact us Form <webmaster#website.co.uk>";
$message = "Message from Contact Us Form\n\n";
$message .= "\nName: " . $_POST['contactname'];
$message .= "\nEmail: " . $_POST['contactemail'];
$message .= "\nTelephone: " . $_POST['contactphone'];
$message .= "\n\n\nMessage:\n" . $_POST['contactmessage'];
if(mail($to,$subject,$message,$headers)) {
header('Location: http://www.website.co.uk/contact-us/?action=success');
}else{
header('Location: http://www.webisite.co.uk/contact-us/?action=fail');
}//END IF MAIL
}//END SCRIPT
I know the remedies to fix it such as sanitizing post vars properly, using captchas, using a hidden 'honeypot' blank field, js tricks etc etc (I also like the look of this script too http://www.alt-php-faq.com/local/115/)
But to help me understand what was going on I want to know how this script is being manipulated. A foreign script posting vars to it but how do they send email to anyone apart from
'me#gmail.com' or if they are forcing cc / bcc fields somehow why do I not get all spam as well??
Thanks
Line like this $message .= "\nName: " . $_POST['contactname']; can be dangerous.
If $_POST['contactname']='MegaSteve4 \r\nCc: email1#mail.com, email2#mail.com'; are set, 2 uses will get spam mail.
See carefully. Its appending more headers. In this case Cc. I am not sure if Cc is a raw email header. But I hope you get the idea.
You're not doing any escaping of the post data. That means that this form is vulnerable to injection attacks.
I couldn't tell you how they did it, but that's probably what happened.
I am currently sending text email in PHP and doing something like this:
$from = "from: Hike Attendance Update#comehike.com";
$to_email_address = 'some email';
$subject = 'Some subject';
$contents = 'Blah';
mail($to_email_address, $subject, $contents, $from);
When I send it, it appears as sent from Hike.Attendance.Update which doesn't look very good. How can I make it appear with spaces instead of dots?
Thanks,
Alex
Try:
$from = "from: \"Hike Attendance\" <Update#comehike.com>";
I think that's specified in some RFC for email, namely RFC 5322.
When specifying the actual name, put the email address in <> chars:
$from = "from: Hike Attendance <Update#comehike.com>";
I'm building a simple order system and want to send an email after the form is submitted. My PHP code looks similar to this:
$name=$_POST["orderName"];
$company=$_POST["orderCompany"];
$email=$_POST["orderEmail"];
$phone=$_POST["orderPhone"];
$headers = "From: $email\r\n" .
$item1=$_POST["orderItem1"];
$qty1=$_POST["orderQty1"];
$item2=$_POST["orderItem2"];
$qty2=$_POST["orderQty2"];
$item3=$_POST["orderItem3"];
$qty3=$_POST["orderQty3"];
$date = date("l, F j Y, G:i") ;
$message="Message sent: $date \n\n
Name: $name\n
Company: $company\n
Email: $email\n
Phone: $phone\n\n
Order:\n
$item1 \tx$qty1\n
$item2 \tx$qty2\n
$item3 \tx$qty3\n";
mail("sales#company.com", "Order", $message, $headers);
That works fine, except in the body of the email I get the value of $item1 string at the very beginning, before the "Message sent..." - just like I added it to the $message (which I don't as far as I can see).
Where you have this:
$headers = "From: $email\r\n" .
you want this instead:
$headers = "From: $email\r\n";
Otherwise, you're concatenating whatever comes on the next line (which happens to be the definition for $item1) to the end of $headers. Although that's not technically valid (i.e., the content is part of the message headers and not body), most e-mail clients will effectively shrug and show it anyway.
Please, please, please add some sanitizing to your POST variables before going with this in production.
Let's see here:
$email=$_POST["orderEmail"];
$headers = "From: $email\r\n";
mail("sales#company.com", "Order", $message, $headers);
I could send a POST request where "orderEmail" contains:
"helo#helo.lv\r\n
From: viagra#farmacety.net\r\n
BCC: victim1#domain1.com, victom2#domain3.com"
etc. and your harmless form would work great for me sending spam to the whole world. This site suggects:
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
[... direct user to an error page and quit ...]
}