Page 1 of 1

Newbie needs help with form to email

Posted: Tue Jun 30, 2009 3:44 pm
by route66-harleyman
Hi everyone.

I have just started with php but need help!

I have a form on my site that I want to email me when completed but I am having problems getting the email to work?

When submitted the form calls in a file called contact.php which I have copied from a php book. The coding is below.

The form url is http://www.mdcomputertraining.co.uk/form.htm which seems to work as expected but no email actually gets delivered back to me?

Can someone please have a look - i am sure the code just needs tweaking but I dont know where to begin??

Grateful for any guidance.

Cheers

Mark

<?
if (($_POST[name] == "") ||
($_POST[email] == "") ||
($_POST[telnumber] == "") ||
($_POST[message] == "")) {
header ("Location: http://www.mdcomputertraining.co.uk/form.htm");
exit;
}

$msg .= "email sent from www site\n";
$msg .= "senders's name:\t$_POST[name]\n";
$msg .= "senders's email:\t$_POST[email]\n";
$msg .= "senders's tel number:\t$_POST[telnumber]\n";
$msg .= "message:\t$_POST[message]\n";

$to = 'md@mdavies7.plus.com';
$subject = "Web site message";
$mailheaders = "From: My Web site <mdcomputertraining.co.uk>\n";
$mailheaders .= "Reply-To: $_POST[email]\n";

mail ($to, $subject, $msg, $mailheaders);
?>

<html>
<head>
<title>Simple feedback form sent</title>
</head>

<body>
<H1>The following e-mail has been sent</H1>

<p><strong>Name:</strong><br>
<? echo "$_POST[name]"; ?>
<p><strong>Email:</strong><br>
<? echo "$_POST[email]"; ?>
<p><strong>Tel Number:</strong><br>
<? echo "$_POST[telnumber]"; ?>
<p><strong>Message:</strong><br>
<? echo "$_POST[message]"; ?>


</body>


</html>

Re: Newbie needs help with form to email

Posted: Tue Jun 30, 2009 3:56 pm
by phpcoder123
use headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "From: " .$enter name here. "\r\n";

Re: Newbie needs help with form to email

Posted: Tue Jun 30, 2009 4:05 pm
by Eric!
Also try an error check on mail() to see if you are connecting to your mail server ok or not.

In addition here is some advice to prevent you from getting your email hijacked or spammed.
If you have a simple contact form where you don't really want people sending you html or links then try these forceful methods of rejecting input. Filter your input variables through a function that checks for injection attempts so your mail doesn't get hijacked.

Code: Select all

function InjectionAttempt($input) // this detects any injection characters
{
    if (eregi("%0a", $input) ||
    eregi("%0d", $input) ||
    eregi("Content-Type:", $input) ||
    eregi("bcc:", $input) ||
    eregi("to:", $input) ||
    eregi("cc:", $input)) 
    {
        return 1;  // bastards
    } 
    else 
    {
        return 0;
    }
}
 
function InjectionAttempt2($input) // use this for fields that contain return codes and line feeds
{
    if (eregi("Content-Type:", $input) ||
    eregi("bcc:", $input) ||
    eregi("to:", $input) ||
    eregi("cc:", $input)) 
    {
        return 1;  // bastards
    } 
    else 
    {
        return 0;
    }
}
Use injectionattempt2 for fields that contain return characters like a message body. Use injectionattempt for anything going into your header fields like email addresses, subject, etc. If either function returns 1, then generate an error message and reload the contact form.

Here are some example calls to the injectionattempt functions. Excuse the old school printf, you can change these to echo.


Code: Select all

   if(InjectionAttempt($_POST["Username"]) ) {printf ("Problem with Name Field<br>"); errormsg(); return;}
    if(InjectionAttempt($_POST["UserEmail"]) ) {printf ("Problem with your Email Field<br>"); errormsg(); return;}
    if(InjectionAttempt2($_POST["Comments"]) ) {printf ("Problem with Comments<br>"); errormsg(); return;}
    if(InjectionAttempt($_POST["Subject"]) ) {printf ("Problem with the Subject field<br>"); errormsg(); return,
The errormsg() routine just tells them what can not be entered (non-alpha numeric characters and to: bcc: cc: etc)

Next for spam that is sent directly to you, just scan the message for links and reject the message.

Code: Select all

if(stristr($comments,"http")!=FALSE) // does http appear in the text?
{
    errormsg2();  // this is a spam attempt.  Tell user no links allowed and reload form
    return;
}
errormsg2() just does what the comments say.

Make sure your error messages are verbose, explaining to the user exactly what they did wrong in case it is a legitimate user who innocently entered to: in the subject or http://visit.my.page in the message body.