Page 1 of 2

Contact form issue???

Posted: Mon Nov 06, 2006 8:44 am
by mikewooten
i have this form contact issue that is supposed to work, but for some reason it doesn't and when i contact the webhost, they have fixed this issue before and for some reason they cannot fix this issue now. is there anything wrong with this code that you can see or is there another email script that i can use that will work?? i have to get this email script or any other script working asap. the script that i am using is below. how can this be fixed so that it will work? thanks
this is what the webhost has came back at me saying:
Upon checking on your issue the option Prevent the user \"nobody\" from sending out mail to remote addresses is enabled on this server inorder to prevent spam mails. Because of this server settings, your mailing script doesn't work. Please do check and feel free to get back to us for further assistance.
This is the HTML form I am using

Code: Select all


<form action="contact.php" method="post" onsubmit="return submitIt2(this)" name="myForm2">
  <p><font color="#ff0000">*</font>Name:<br>
    <input type="text" name="name" size="35" id="name"> 
   </p>
  <p><font color="#ff0000">*</font>Email:<br>
    <input name="user_email2" type="text" size="35" id="user_email">
  </p>
  <p><font color="#ff0000">*</font>Message:<br>
    <textarea name="message" rows="10" cols="27" id="message"></textarea>
  </p>  
  <p>
    <input type="submit" name="submit2" value="Submit">
  </p>
</form> 




This is the PHP code that i am using on the form

Code: Select all


#catch and store the content from the form
$name = $_POST["name"];
$user_email2 = $_POST["user_email2"];
$message = $_POST["message"];   

#some variables storing info about you
$auth_name2 = "Name here";
$auth_email2 = "mikeswooten@yahoo.com";
$auth_site2 = "Website Name here";

#Auto-Resopnd to person sending mail indicating success
$autorespond = mail("$user_email2", "Thanks For Your Email Inquiry", "Your email was sent successfully to $auth_name2. We will respond as soon as possible.","From:$auth_email2\r\nReply-to:$auth_email2"); 

#Send the email to the author
if(mail("$auth_email2", "Email From $auth_site2", "From: $name
Email: $user_email2
Message: $message","From:$user_email2\r\nReply-to:$user_email2")){
        echo "Thank You <b>$name</b> for contacting <b>$auth_name2</b>, I will respond as soon as possible. <br>Your message has been successfully sent!";
    }else{
        echo "There was a problem sending your message. We applogize for the inconvenience.";
}  


Re: Contact form issue???

Posted: Mon Nov 06, 2006 8:57 am
by volka
mikewooten wrote:
Upon checking on your issue the option Prevent the user "nobody" from sending out mail to remote addresses is enabled on this server inorder to prevent spam mails. Because of this server settings, your mailing script doesn't work. Please do check and feel free to get back to us for further assistance.
Pull that option.

??

Posted: Mon Nov 06, 2006 9:02 am
by mikewooten
??
what does that quote from the webhost mean? also, that is what the webhost came back at me saying. how can this be fixed so that it will work on my webhost server?
thanks

Posted: Mon Nov 06, 2006 9:06 am
by volka
Each process is assigned to an account. Your php process seemingly to the account Nobody. And your provider configured the mail server/mta not to accept mail tasks from processes that are assigned to the account Nobody.
Therefore my advice is to feel free to get back to them for further assistance.

Posted: Mon Nov 06, 2006 9:17 am
by mikewooten
ok, i have asked them a few times about fixing this and i have told them that they have fixed this before, and for some reason they cannot fix this now and this is the same problem that i have had before, so what do i need to tell them now so that they will be able to fix this. i have asked them to disable "nobody" from the account, i realize that i will get spam emails, but they will not fix this and this contact form has to work so that i will be able to send emails using the form? what do i do now?

Posted: Mon Nov 06, 2006 9:48 am
by volka
mikewooten wrote:ok, i have asked them a few times about fixing this and i have told them that they have fixed this before, and for some reason they cannot fix this now
if that doesn't mean "we don't want to fix it anymore" what does it mean?
Askt hem what they've done before and why they can't do it anymore. And if in practice you cannot use mail() from any of your php scripts anymore.
mikewooten wrote:i realize that i will get spam emails
I believe it's about sending mails not receiving them.

Posted: Mon Nov 06, 2006 9:54 am
by timvw
Lookup email header injection attacks (eg: http://www.securephpwiki.com/index.php/Email_Injection)... Your script is wide open for such attacks...

Posted: Mon Nov 06, 2006 10:50 am
by RobertGonzalez
It might not make a difference, but have you looked into using a package, like Swiftmailer?

Posted: Mon Nov 06, 2006 1:05 pm
by mikewooten
ok, i have read email header injection attacks http://www.securephpwiki.com/index.php/Email_Injection,
what can i add to my script to make this work? i have tried a few of their example, but still nothing works??

Posted: Mon Nov 06, 2006 1:37 pm
by RobertGonzalez
Before you get to far into this, look at the PHP manual for mail() and see if you can run their basic example. Fixing what is sent at the moment may be redundant if you cannot even got an SMTP connection/outbound send.

Posted: Mon Nov 06, 2006 2:32 pm
by mikewooten
ok i have used 2 examples by themselves and they do work. the examples that i have used are:

Code: Select all


// The message
$message = "Line 1\nLine 2\nLine 3";

// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap($message, 70);

// Send
mail('caffinated@example.com', 'My Subject', $message);

and i have tried this

Code: Select all


$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
   'Reply-To: webmaster@example.com' . "\r\n" .
   'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);
they do work by themselves with no form added, just one page like the code is indicated, but when i try to modify it and add a variable in the $headers, it doesn't work. for example this is what i tried doing. im trying to use the below code with the HTML form that i have, but it doesn't work.

Code: Select all


$user_email2 = $_POST["user_email2"];
$message = $_POST["message"];
 
 $to      = 'mikewooten@wootenmedia.com';
$subject = 'subject here';
$headers = 'From: $user_email2' . "\r\n" .
   'Reply-To: mikewooten@wootenmedia.com' . "\r\n" .
   'X-Mailer: PHP/' . phpversion();
   
mail($to, $subject, $message, $headers);
echo '<font face="Arial">Your Email has been sent!</font>';


Posted: Mon Nov 06, 2006 2:49 pm
by volka
Maybe you post parameters are not what you want them to be.
What does

Code: Select all

$user_email2 = $_POST["user_email2"];
$message = $_POST["message"];
 
$to      = 'mikewooten@wootenmedia.com';
$subject = 'subject here';
$headers = 'From: $user_email2' . "\r\n" .
   'Reply-To: mikewooten@wootenmedia.com' . "\r\n" .
   'X-Mailer: PHP/' . phpversion();

echo "<pre>mail($to, $subject, $message, $headers);</pre>";
mail($to, $subject, $message, $headers);
echo '<font face="Arial">Your Email has been sent!</font>';
print?

Posted: Mon Nov 06, 2006 3:09 pm
by mikewooten
it prints this

mail(mikewooten@wootenmedia.com, subject here, test, From: $user_email2
Reply-To: mikewooten@wootenmedia.com
X-Mailer: PHP/4.4.2);
Your Email has been sent!

but when i get the email in my inbox, the email from the "from" user shows up like this: $user_email2@cdx28.winwebhosting.com.
i would like the "from" email address to show up as who ever has entered their email address into the form.
i would like their email address to show up in my inbox in the "from" field.

Posted: Mon Nov 06, 2006 3:15 pm
by feyd
hint: string types.

Posted: Mon Nov 06, 2006 3:15 pm
by volka
Variable substitution does not take place in single quoted strings. try

Code: Select all

"From: $user_email2"
instead.