Page 1 of 1

PHP/EMAIL Question (I'm an amateur)

Posted: Fri Aug 25, 2006 10:01 am
by rgoins
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


How do you display an email address or name as the sender when you process an HTML form using PHP. Here is my PHP code:

Code: Select all

<?php


// get posted datalocal variables
$EmailTo = "email@address.com";
$Subject = "Comments from Site";
$name = Trim(stripslashes($_POST['name']));
$phone = Trim(stripslashes($_POST['phone']));
$email = Trim(stripslashes($_POST['email']));
$message = Trim(stripslashes($_POST['message']));



// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $name;
$Body .= "\n";
$Body .= "\n";
$Body .= "Phone: ";
$Body .= $phone;
$Body .= "\n";
$Body .= "\n";
$Body .= "Email: ";
$Body .= $email;
$Body .= "\n";
$Body .= "\n";
$Body .= "Comments:";
$Body .= "\n";
$Body .= $message;
$Body .= "\n";

// send email
$success = mail($EmailTo, $Subject, $Body, "From:<$Email>");

// redirect to success page
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=contact_confirmation.htm\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=contact_error.htm\">";
}
?>
Thanks for any input!


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Fri Aug 25, 2006 10:06 am
by feyd
Save yourself from torture, use a mailing library: Swift or phpMailer.

Posted: Fri Aug 25, 2006 10:10 am
by rgoins
Thanks for the repy. I'll check that out but for my own knowledge how do you do it?

Thanks again.

Posted: Fri Aug 25, 2006 10:52 am
by RobertGonzalez
How the sender name is displayed will be determined by the server. IIS/Windows servers usually croak when trying to use the format ' "Sender Name" <sender@email.com> ' while *nix servers seem to be OK with it. IIS/Windows server seem to be ok with '<sender@email.com>' however, and *nix handle that well, so if you are going to use either format, I would shoose the latter.

But I would more strongly suggest using a package mailer like Swift.

Posted: Fri Aug 25, 2006 11:20 am
by Chris Corbyn
You use the format: "Real Name" <email@address>
or Real Name <email@address> without the quotes.

mail() supports that for the $to field but seems to strip it down to just "<email@address>" for sending. You can add your own "To:" header in the additional headers for mail() but mail() isn't clever enough to know not to place it's own "To:" header their to prevent duplicates. I'm going through this headache at the moment to make a NativeMail connection for Swift. Urghh.

Posted: Fri Aug 25, 2006 1:33 pm
by rgoins
Thank you all for your input. I still haven't quite worked out the quirks but I'll get there hopefully. When the PHP code processes the HTML form and sends the email this is what shows:

FROM: Nobody [nobody@server6.hostinginsiders.com]
TO: Me
Subject: Comments from site

It's the FROM section that I would like to change. I want it to say something like FROM: Site.

I would prefer to use Swift or some tool like Swift but at this point my PHP knowledge is still green so I am just trying to get the form working properly util I have more time to try and implement Swift.

Thanks again for all the feedback.

Posted: Fri Aug 25, 2006 1:48 pm
by Obadiah
i think thats changed in your php.ini file under sendmail_from...heres something that feyd sent me a while ago when i posted a similar question...i think this might help you out

edited

right before that line youll see a line that says "for win32 only"
after that youll see

sendmail_from= me@example.com <-change that to reflect what your wanting it to say

i think

Posted: Fri Aug 25, 2006 1:58 pm
by RobertGonzalez
You can actually hardcode that into your code. Please note, this is purely for learning. There a lot of things to do with this if you want to actually use it in production.

Code: Select all

<?php
$to = $send_to_this_email_address;
$itsabout = 'Someone sent you an email';
$mcontent = "Yo,\n\n";
$mcontent .= "$sender_name has just sent an email. This is what they sent...\n";
$mcontent .= "============================================================\n\n";
$mcontent .= "Sender's name: $sender_name\n\n";
$mcontent .= "$sender_name's email address: $sender_email\n\n";
$mcontent .= "$sender_name's comment:\n" . stripslashes($sender_message) . "\n\n";
$mcontent .= "============================================================\n";
$mcontent .= "Regards,\nYour conscience speaking through the web\n";
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "From: Myfirstname Mylastname <me@email.com>\n";
        
mail($to, $itsabout, $mcontent, $headers);
?>

Posted: Fri Aug 25, 2006 4:26 pm
by rgoins
Worked like a charm...thanks so much!!!

Posted: Fri Aug 25, 2006 5:32 pm
by RobertGonzalez
You're welcome. Just make sure to not use the code I posted as is. It needs some security features in place (like injection preventing, XSS preventing and POST data validation). But I am glad you got your problem solved.

Posted: Sat Aug 26, 2006 7:58 am
by Chris Corbyn
A pretty broad-scoped way to prevent header injection is just to check the characters sent are only in the range which is *printable* 7bit ascii.

Code: Select all

if (preg_match('/[^\x20-\x7E]/', $header_stuff))
{
    //don't send as is
}
else
{
    //Okie doke, just send
}
That's extremely basic and prevents extended UTF-8 characters from being sent too which is not good. Many email servers still do not support 8bit characters in the email (they can't process them for relaying). In that case you need to encode the headers to make them 7bit (base64, or quoted-printable). I'm not going to get into that area if you're new to it but any mailing library worth it's salt will do it for you.