Newbie needs help with form to email

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
route66-harleyman
Forum Newbie
Posts: 1
Joined: Tue Jun 30, 2009 3:29 pm

Newbie needs help with form to email

Post by route66-harleyman »

Hi everyone.

I have just started with php but need help!

I have a form on my site that I want to email me when completed but I am having problems getting the email to work?

When submitted the form calls in a file called contact.php which I have copied from a php book. The coding is below.

The form url is http://www.mdcomputertraining.co.uk/form.htm which seems to work as expected but no email actually gets delivered back to me?

Can someone please have a look - i am sure the code just needs tweaking but I dont know where to begin??

Grateful for any guidance.

Cheers

Mark

<?
if (($_POST[name] == "") ||
($_POST[email] == "") ||
($_POST[telnumber] == "") ||
($_POST[message] == "")) {
header ("Location: http://www.mdcomputertraining.co.uk/form.htm");
exit;
}

$msg .= "email sent from www site\n";
$msg .= "senders's name:\t$_POST[name]\n";
$msg .= "senders's email:\t$_POST[email]\n";
$msg .= "senders's tel number:\t$_POST[telnumber]\n";
$msg .= "message:\t$_POST[message]\n";

$to = 'md@mdavies7.plus.com';
$subject = "Web site message";
$mailheaders = "From: My Web site <mdcomputertraining.co.uk>\n";
$mailheaders .= "Reply-To: $_POST[email]\n";

mail ($to, $subject, $msg, $mailheaders);
?>

<html>
<head>
<title>Simple feedback form sent</title>
</head>

<body>
<H1>The following e-mail has been sent</H1>

<p><strong>Name:</strong><br>
<? echo "$_POST[name]"; ?>
<p><strong>Email:</strong><br>
<? echo "$_POST[email]"; ?>
<p><strong>Tel Number:</strong><br>
<? echo "$_POST[telnumber]"; ?>
<p><strong>Message:</strong><br>
<? echo "$_POST[message]"; ?>


</body>


</html>
phpcoder123
Forum Newbie
Posts: 11
Joined: Wed Jun 24, 2009 3:30 pm

Re: Newbie needs help with form to email

Post by phpcoder123 »

use headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "From: " .$enter name here. "\r\n";
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Newbie needs help with form to email

Post by Eric! »

Also try an error check on mail() to see if you are connecting to your mail server ok or not.

In addition here is some advice to prevent you from getting your email hijacked or spammed.
If you have a simple contact form where you don't really want people sending you html or links then try these forceful methods of rejecting input. Filter your input variables through a function that checks for injection attempts so your mail doesn't get hijacked.

Code: Select all

function InjectionAttempt($input) // this detects any injection characters
{
    if (eregi("%0a", $input) ||
    eregi("%0d", $input) ||
    eregi("Content-Type:", $input) ||
    eregi("bcc:", $input) ||
    eregi("to:", $input) ||
    eregi("cc:", $input)) 
    {
        return 1;  // bastards
    } 
    else 
    {
        return 0;
    }
}
 
function InjectionAttempt2($input) // use this for fields that contain return codes and line feeds
{
    if (eregi("Content-Type:", $input) ||
    eregi("bcc:", $input) ||
    eregi("to:", $input) ||
    eregi("cc:", $input)) 
    {
        return 1;  // bastards
    } 
    else 
    {
        return 0;
    }
}
Use injectionattempt2 for fields that contain return characters like a message body. Use injectionattempt for anything going into your header fields like email addresses, subject, etc. If either function returns 1, then generate an error message and reload the contact form.

Here are some example calls to the injectionattempt functions. Excuse the old school printf, you can change these to echo.


Code: Select all

   if(InjectionAttempt($_POST["Username"]) ) {printf ("Problem with Name Field<br>"); errormsg(); return;}
    if(InjectionAttempt($_POST["UserEmail"]) ) {printf ("Problem with your Email Field<br>"); errormsg(); return;}
    if(InjectionAttempt2($_POST["Comments"]) ) {printf ("Problem with Comments<br>"); errormsg(); return;}
    if(InjectionAttempt($_POST["Subject"]) ) {printf ("Problem with the Subject field<br>"); errormsg(); return,
The errormsg() routine just tells them what can not be entered (non-alpha numeric characters and to: bcc: cc: etc)

Next for spam that is sent directly to you, just scan the message for links and reject the message.

Code: Select all

if(stristr($comments,"http")!=FALSE) // does http appear in the text?
{
    errormsg2();  // this is a spam attempt.  Tell user no links allowed and reload form
    return;
}
errormsg2() just does what the comments say.

Make sure your error messages are verbose, explaining to the user exactly what they did wrong in case it is a legitimate user who innocently entered to: in the subject or http://visit.my.page in the message body.
Post Reply