PHP form Scripts & Windows IIS

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
bluecube
Forum Newbie
Posts: 4
Joined: Tue Nov 07, 2006 9:31 pm

PHP form Scripts & Windows IIS

Post by bluecube »

I'm creating some forms with PHP and the recepient e-mail is running on Windows Server, how comes they don't receive the e-mail? I receive it on any other server running Apache. How do I go about this?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

....code?
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

seriously, how could we possibly know the answer with that little information??
bluecube
Forum Newbie
Posts: 4
Joined: Tue Nov 07, 2006 9:31 pm

Post by bluecube »

I'm actually using a php CMS and it has a form which lets you select the recepients. If I put in two recipients one which is a Yahoo e-mail and another second e-mail, I get the inputed information from the form at the yahoo e-mail but not on the other e-mail. So the code is working somehow :? . This second e-mail (bluecube@site.com) is on a windows server. I was assuming that could be the reason I'm not receiving the information because it's not appearing in my junk folder. Also this site (site.com) is hosted on GoDaddy BUT the e-mail client for this same domain name is on a different server. I'm also not sure if that's the other issue. I was using a perl script to process the form before and I was receiving the feedback just fine. So I was hoping someone would know if this is a PHP issue.

Code: Select all

<?php

if(!defined('PHP CMS'))
{
	die("Hacking attempt!");
}

if(!defined('EMAIL_CRLF')) 
{
   define('EMAIL_CRLF', "\r\n");
}

// Field Types
define('FIELD_TEXT', 1);
define('FIELD_TEXTAREA', 2);
define('FIELD_SELECT', 3);
define('FIELD_CHECKBOX', 4);
define('FIELD_EMAIL', 5);

// Submit Type
define('SUBMIT_EMAIL', 1);
define('SUBMIT_DB', 2);
define('SUBMIT_EMAIL_DB', 3);

// Validators
define('VALIDATOR_NOT_EMPTY', 1);
define('VALIDATOR_NUMBER', 2);
define('VALIDATOR_EMAIL', 3);
define('VALIDATOR_URL', 4);

// For versions prior to 2.3.6

if(!function_exists('SendEmail'))
{
  function SendEmail($toAddress, $subject, $message, $sendername = null, $senderemail = null)
  {
    global $mainsettings;

    $replyname  = isset($sendername) && !empty($sendername) ? $sendername : $mainsettings['websitetitle'];
    $replyemail = isset($senderemail) && !empty($senderemail) ? $senderemail : $mainsettings['technicalemail'];

    $headers  = "MIME-Version: 1.0" . EMAIL_CRLF;
    $headers .= "Content-type: text/plain; charset=iso-8859-1" . EMAIL_CRLF;

    if (strtoupper(substr(PHP_OS,0,3)=='WIN'))
    {
      $headers .= "From: \"" . $mainsettings['technicalemail'] . "\"" . EMAIL_CRLF;
      $headers .= "Reply-To: \"$replyemail\"" . EMAIL_CRLF;
    }
    else
    {
      $headers .= "From: \"" . $replyname . "\" <" . $mainsettings['technicalemail'] . ">" . EMAIL_CRLF;
      $headers .= "Reply-To: \"$replyname\" <$replyemail>" . EMAIL_CRLF;
    }

    $headers .= "X-Mailer: PHP v" . phpversion() . EMAIL_CRLF;          // This can help avoid spam-filters

    // No HTML emails (yet)
    $subject = strip_tags(unhtmlspecialchars($subject));
    $message = strip_tags(unhtmlspecialchars($message));

    return @mail($toAddress, $subject, $message, $headers);
  }
}

?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Have you tried removing the @ from the mail() call?
bluecube
Forum Newbie
Posts: 4
Joined: Tue Nov 07, 2006 9:31 pm

Post by bluecube »

That didn't work.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

bluecube wrote:That didn't work.
It wasn't supposed to change the outcome, but expose any errors that the mail() function may be trying to tell you which your code has covered up.

How are you adding multiple recipients? The function in your code provides for a single recipient. Adding more than one requires editing the headers.

It may be easier, better or simply beneficial to look at emailing library solutions such as Swift.
bluecube
Forum Newbie
Posts: 4
Joined: Tue Nov 07, 2006 9:31 pm

Post by bluecube »

OK, Thanks I'll look at it.
Post Reply