Page 1 of 1

email practice

Posted: Tue Oct 19, 2010 12:40 pm
by the_cheat
Hi everyone, Right now I am trying to perfect creating a contact form and emailing the message. The two problems I am having right now is using preg_match()
for email address validation, and reporting user errors back to the user.

here is the current script I am using for the form's action

Code: Select all

<?php
    define(EMAIL, "rmccaffe1@gmail.com");
    
    if (!$_POST[txt_name]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txt_email_address]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txt_email_address]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txta_email_message]) {
        header("Location: email_practice.php");
    }
    
    $sender_name = $_POST[txt_name];
    $sender_address = $_POST[txt_email_address];
    $email_subject = $_POST[txt_email_message];
    $email_message = $_POST[txta_email_message];
    $headers[address] = $sender_address;
    
    $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
    
    if ($result) {
        echo "Message sent successfully";
    } else {
        echo "Message send was unsuccessful";
    }    
    
?>
when I try to place the mail() function inside of an if statement as such

Code: Select all

if (preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$^", $sender_address) {
        $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
        if ($result) {
            echo "Message sent successfully";
        } else {
            echo "Message send was unsuccessful";
        }    
    } else {
        echo "Address not valid";
    }
    
a blank page loads with the correct URL after pressing the submit button, and I am having trouble figuring out why.

I am also having trouble figuring out how to display to the user that they entered an invalid value in any of the form controls.
If anyone can tell me what to do, without really telling me how to do it, or telling me of any resources that will help with the problems I am having
I would really appreciate it. Thanks

Re: email practice

Posted: Tue Oct 19, 2010 1:58 pm
by MichaelR
Put this at the top of your code:

Code: Select all

ini_set('display_errors', 1);
You'll probably see an error. I'm guessing this will fix it (there was a missing closing parenthesis on the preg_match line):

Code: Select all

if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$/", $sender_address)) {
        $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
        if ($result) {
            echo "Message sent successfully";
        } else {
            echo "Message send was unsuccessful";
        }    
    } else {
        echo "Address not valid";
    }

Re: email practice

Posted: Tue Oct 19, 2010 3:21 pm
by VladSun
You must call exit() after every header('Location:.... you've ever used.

Re: email practice

Posted: Tue Oct 19, 2010 9:43 pm
by the_cheat
Thanks a lot for the help, everything is working fine now, it was just that missing closing parenthesis. Now I am just looking for a tutorial that will help me
relay user error messages back to the user and possibly writing the form and script on the same page.

Re: email practice

Posted: Sun Dec 19, 2010 2:57 am
by social_experiment
the_cheat wrote:Now I am just looking for a tutorial that will help me relay user error messages back to the user and possibly writing the form and script on the same page.
As your form action use $_SERVER['PHP_SELF'] to call the page on itself. You then have to check whether the submit button has been clicked so the form can be processed.

Re: email practice

Posted: Sun Dec 19, 2010 4:56 am
by VladSun
social_experiment wrote:
the_cheat wrote:Now I am just looking for a tutorial that will help me relay user error messages back to the user and possibly writing the form and script on the same page.
As your form action use $_SERVER['PHP_SELF'] to call the page on itself. You then have to check whether the submit button has been clicked so the form can be processed.
Don't use $_SERVER['PHP_SELF'], but rather leave the action param empty.
Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities:

Code: Select all

http://example.com/send.php/<script>alert('XSS');</script>

Re: email practice

Posted: Sun Dec 19, 2010 12:31 pm
by social_experiment
Vladsun wrote:Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities
Pretty interesting. Would you then say calling a form on itself is a bad idea and shouldn't be used?

Re: email practice

Posted: Sun Dec 19, 2010 1:07 pm
by VladSun
social_experiment wrote:
Vladsun wrote:Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities
Pretty interesting. Would you then say calling a form on itself is a bad idea and shouldn't be used?
VladSun wrote:... leave the action param empty...