PHP code - something is wrong
Posted: Sun Feb 07, 2010 3:45 pm
Hi
I have a contact form which looks good but when i test the form by inputting my name, e-mail and a test message i get returned with this confirmation message.
'Thank You ick edwads
We will be in touch as soon as possible.'
Now my name is nick edwards and this is what i put into the name field of the form. I don't understand why it misses off the 'n' in my first name and the 'r' in my surname on the confirmation message?
And the e-mail I receive looks like this:
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: ick edwads
Email: ickedwads56@fsmail.et
Message: testig testig 1 2 3
My name is incomplete, my e-mail is missing the first letter of my name, the 'r' in edwards and the 'n' of .net.
My test message is missing the 'n' in testing (testig).
As I'm no coder I am at a loss with this. Could someone here take a quick look at the code and tell me if something needs to be changed to fix this problem?
This is the code:
<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
/******** START OF CONFIG SECTION *******/
$sendto = "nickedwards@tailoredpersonaltraining.co.uk";
$subject = "Website Contact Enquiry";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message printed if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious code content detected.</font><br><b> Your IP Number of </b>".getenv("REMOTE_ADDR")."<b> has been logged.</b></p>";
/******** END OF CONFIG SECTION *******/
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $emailn";
$headers . "MIME-Version: 1.0n"
. "Content-Transfer-Encoding: 7bitn"
. "Content-type: text/html; charset = \"iso-8859-1\";nn";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}
// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i'; // build the pattern match string
$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $message);
// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc:/i","/Content-Type:/i","/cc:/i","/to:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);
// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: $name
Email: $email
Message: $message
_______________________________________
End of Email
";
// Check the email address entered matches the standard email address format
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as soon as possible.</p>";
}
}
else {
?>
<p align="center">Please complete all details of your enquiry<br>and we will get back to you shortly.</p>
<br>
<form method="post"><input name="op" type="hidden" value="send" />
<table width="626">
<tr>
<td><p>Name:</p></td>
<td>
<input name="name" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td><p>E-mail:</p></td>
<td>
<input name="email" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td valign="top"><p>Message:</p></td>
<td><textarea name="message" cols="80" rows="6"></textarea></td>
</tr>
<tr><td></td>
<td><input name="submit" type="submit" value="Send Message" /></td>
</tr>
</table>
</form>
<?php } ?>
I have a contact form which looks good but when i test the form by inputting my name, e-mail and a test message i get returned with this confirmation message.
'Thank You ick edwads
We will be in touch as soon as possible.'
Now my name is nick edwards and this is what i put into the name field of the form. I don't understand why it misses off the 'n' in my first name and the 'r' in my surname on the confirmation message?
And the e-mail I receive looks like this:
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: ick edwads
Email: ickedwads56@fsmail.et
Message: testig testig 1 2 3
My name is incomplete, my e-mail is missing the first letter of my name, the 'r' in edwards and the 'n' of .net.
My test message is missing the 'n' in testing (testig).
As I'm no coder I am at a loss with this. Could someone here take a quick look at the code and tell me if something needs to be changed to fix this problem?
This is the code:
<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {
/******** START OF CONFIG SECTION *******/
$sendto = "nickedwards@tailoredpersonaltraining.co.uk";
$subject = "Website Contact Enquiry";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message printed if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious code content detected.</font><br><b> Your IP Number of </b>".getenv("REMOTE_ADDR")."<b> has been logged.</b></p>";
/******** END OF CONFIG SECTION *******/
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $emailn";
$headers . "MIME-Version: 1.0n"
. "Content-Transfer-Encoding: 7bitn"
. "Content-type: text/html; charset = \"iso-8859-1\";nn";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}
// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i'; // build the pattern match string
$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $message);
// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc:/i","/Content-Type:/i","/cc:/i","/to:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);
// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY
-----------------------------------------------------------------------------
Name: $name
Email: $email
Message: $message
_______________________________________
End of Email
";
// Check the email address entered matches the standard email address format
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as soon as possible.</p>";
}
}
else {
?>
<p align="center">Please complete all details of your enquiry<br>and we will get back to you shortly.</p>
<br>
<form method="post"><input name="op" type="hidden" value="send" />
<table width="626">
<tr>
<td><p>Name:</p></td>
<td>
<input name="name" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td><p>E-mail:</p></td>
<td>
<input name="email" type="text" size="40" maxlength="150"> </td>
</tr>
<tr>
<td valign="top"><p>Message:</p></td>
<td><textarea name="message" cols="80" rows="6"></textarea></td>
</tr>
<tr><td></td>
<td><input name="submit" type="submit" value="Send Message" /></td>
</tr>
</table>
</form>
<?php } ?>