PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Oct 20, 2018 11:16 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: email practice
PostPosted: Tue Oct 19, 2010 12:40 pm 
Offline
Forum Newbie

Joined: Tue Oct 12, 2010 4:09 pm
Posts: 5
Hi everyone, Right now I am trying to perfect creating a contact form and emailing the message. The two problems I am having right now is using preg_match()
for email address validation, and reporting user errors back to the user.

here is the current script I am using for the form's action
Syntax: [ Download ] [ Hide ]
<?php
    define(EMAIL, "rmccaffe1@gmail.com");
   
    if (!$_POST[txt_name]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txt_email_address]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txt_email_address]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txta_email_message]) {
        header("Location: email_practice.php");
    }
   
    $sender_name = $_POST[txt_name];
    $sender_address = $_POST[txt_email_address];
    $email_subject = $_POST[txt_email_message];
    $email_message = $_POST[txta_email_message];
    $headers[address] = $sender_address;
   
    $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
   
    if ($result) {
        echo "Message sent successfully";
    } else {
        echo "Message send was unsuccessful";
    }    
   
?>


when I try to place the mail() function inside of an if statement as such
Syntax: [ Download ] [ Hide ]
if (preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$^", $sender_address) {
        $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
        if ($result) {
            echo "Message sent successfully";
        } else {
            echo "Message send was unsuccessful";
        }    
    } else {
        echo "Address not valid";
    }
   


a blank page loads with the correct URL after pressing the submit button, and I am having trouble figuring out why.

I am also having trouble figuring out how to display to the user that they entered an invalid value in any of the form controls.
If anyone can tell me what to do, without really telling me how to do it, or telling me of any resources that will help with the problems I am having
I would really appreciate it. Thanks


Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Tue Oct 19, 2010 1:58 pm 
Offline
Forum Contributor

Joined: Sat Jan 03, 2009 4:27 pm
Posts: 148
Put this at the top of your code:

Syntax: [ Download ] [ Hide ]
ini_set('display_errors', 1);


You'll probably see an error. I'm guessing this will fix it (there was a missing closing parenthesis on the preg_match line):

Syntax: [ Download ] [ Hide ]
if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$/", $sender_address)) {
        $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
        if ($result) {
            echo "Message sent successfully";
        } else {
            echo "Message send was unsuccessful";
        }    
    } else {
        echo "Address not valid";
    }
 


Last edited by MichaelR on Tue Oct 19, 2010 5:32 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Tue Oct 19, 2010 3:21 pm 
Offline
DevNet Master
User avatar

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria
You must call exit() after every header('Location:.... you've ever used.

_________________
There are 10 types of people in this world, those who understand binary and those who don't


Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Tue Oct 19, 2010 9:43 pm 
Offline
Forum Newbie

Joined: Tue Oct 12, 2010 4:09 pm
Posts: 5
Thanks a lot for the help, everything is working fine now, it was just that missing closing parenthesis. Now I am just looking for a tutorial that will help me
relay user error messages back to the user and possibly writing the form and script on the same page.


Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Sun Dec 19, 2010 3:57 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
the_cheat wrote:
Now I am just looking for a tutorial that will help me relay user error messages back to the user and possibly writing the form and script on the same page.

As your form action use $_SERVER['PHP_SELF'] to call the page on itself. You then have to check whether the submit button has been clicked so the form can be processed.

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Sun Dec 19, 2010 5:56 am 
Offline
DevNet Master
User avatar

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria
social_experiment wrote:
the_cheat wrote:
Now I am just looking for a tutorial that will help me relay user error messages back to the user and possibly writing the form and script on the same page.

As your form action use $_SERVER['PHP_SELF'] to call the page on itself. You then have to check whether the submit button has been clicked so the form can be processed.


Don't use $_SERVER['PHP_SELF'], but rather leave the action param empty.
Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities:
Code:
http://example.com/send.php/<script>alert('XSS');</script>

_________________
There are 10 types of people in this world, those who understand binary and those who don't


Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Sun Dec 19, 2010 1:31 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
Vladsun wrote:
Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities
Pretty interesting. Would you then say calling a form on itself is a bad idea and shouldn't be used?

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
 Post subject: Re: email practice
PostPosted: Sun Dec 19, 2010 2:07 pm 
Offline
DevNet Master
User avatar

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria
social_experiment wrote:
Vladsun wrote:
Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities
Pretty interesting. Would you then say calling a form on itself is a bad idea and shouldn't be used?


VladSun wrote:
... leave the action param empty...

_________________
There are 10 types of people in this world, those who understand binary and those who don't


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group