Page 1 of 1

Form not sending email

Posted: Fri Nov 15, 2013 2:59 am
by clonemaster
Hi all,

I have a form which uses forms.js and MailHandler.php.
Mail is not send, and I see the message in the browser so it's partially ok..
Need an expert look on all parts to find out what is hoing wrong..
The code (I know it's a lot.. sorry)
Html:

Code: Select all

<form id="ContactForm" action="mail/MailHandler.php">
<div>
<div class="wrapper"><input class="input" type="text" value="Naam"  onblur="if(this.value=='') this.value='Naam'" onFocus="if(this.value =='Naam' ) this.value=''" ></div>
<div class="wrapper"><input class="input" type="text" value="Email"  onblur="if(this.value=='') this.value='Email'" onFocus="if(this.value =='Email' ) this.value=''" ></div>
<div class="textarea_box"><textarea cols="1" rows="1" onBlur="if(this.value=='') this.value='Bericht'" onFocus="if(this.value =='Bericht' ) this.value=''"  >Bericht</textarea></div>
<a href="#" class="color1" onClick="document.getElementById('ContactForm').submit()">Verstuur</a>
<a href="#" class="color1" onClick="document.getElementById('ContactForm').reset()">Wissen</a>
</div>
</form>
forms.js script:

Code: Select all

(function($){
	$.fn.extend({
		forms:function(opt){
			if(opt===undefined)
				opt={}
			this.each(function(){
				var th=$(this),
					data=th.data('forms'),
					_={
						errorCl:'fout',
						emptyCl:'leeg',
						invalidCl:'ongeldig',
						successCl:'geslaagd',
						successShow:'4000',
						mailHandlerURL:'http://website.nl/mail/MailHandler.php',
						ownerEmail:'emailadres@gmail.com',
						stripHTML:true,
						smtpMailServer:'localhost',
						targets:'input,textarea',
						controls:'a[data-type=reset],a[data-type=submit]',
						validate:true,
						rx:{
							".Naam":{rx:/^[a-zA-Z'][a-zA-Z-' ]+[a-zA-Z']?$/,target:'input'},
							".state":{rx:/^[a-zA-Z'][a-zA-Z-' ]+[a-zA-Z']?$/,target:'input'},
							".E-mail":{rx:/^(("[\w-\s]+")|([\w-]+(?:\.[\w-]+)*)|("[\w-\s]+")([\w-]+(?:\.[\w-]+)*))(@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$)|(@\[?((25[0-5]\.|2[0-4][0-9]\.|1[0-9]{2}\.|[0-9]{1,2}\.))((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){2}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\]?$)/i,target:'input'},
							".phone":{rx:/^\+?(\d[\d\-\+\(\) ]{5,}\d$)/,target:'input'},
							".fax":{rx:/^\+?(\d[\d\-\+\(\) ]{5,}\d$)/,target:'input'},
							".Bericht":{rx:/.{20}/,target:'textarea'}
						},
						preFu:function(){
							_.labels.each(function(){
								var label=$(this),
									inp=$(_.targets,this),
									defVal=inp.val()
								label.data({defVal:defVal})
								inp
									.bind('focus',function(){
										if(inp.val()==defVal)
											inp.val('')
									})
									.bind('blur',function(){
										if(!inp.val())
											inp.val(defVal)
										else
											(_.isValid(label)
												?_.showErrorFu(label)
												:_.hideErrorFu(label)),
											(_.isEmpty(label)
												?_.showEmptyFu(label)
												:_.hideEmptyFu(label))
									})
								label.find('.'+_.errorCl+',.'+_.emptyCl).css({display:'block'}).hide()
							})
							_.success=$('.'+_.successCl,_.form).hide()
						},
						isValid:function(el){
							var ret=true
							if(_.isEmpty(el))
								ret=false,
								el.addClass(_.invalidCl)
							else
							$.each(_.rx,function(k,d){
								if(el.is(k))
									d.rx.test(el.find(d.target).val())
										?(el.removeClass(_.invalidCl),ret=false)
										:el.addClass(_.invalidCl)
							})
							return ret
						},
						isEmpty:function(el){
							var ret=false,
								field=el.find(_.targets).val()
							if(field==''||field==el.data('defVal'))
								ret=true
							return ret
						},
						validateFu:function(){							
							_.labels.each(function(){
								var th=$(this)								
								_.isEmpty(th)
									?_.showEmptyFu(th)
									:_.hideEmptyFu(th)
								_.isValid(th)
									?_.showErrorFu(th)
									:_.hideErrorFu(th)
							})
						},
						submitFu:function(){
							_.validateFu()
							if(!_.form.has('.'+_.invalidCl).length)
								$.ajax({
									type: "POST",
									url:_.mailHandlerURL,
									data:{
										Naam:$('.Naam input',_.form).val(),										
										Email:$('.Email input',_.form).val(),
										phone:$('.phone input',_.form).val()||'nope',
										fax:$('.fax input',_.form).val()||'nope',
										state:$('.state input',_.form).val()||'nope',
										Bericht:$('.Bericht textarea',_.form).val(),
										owner_email:_.ownerEmail,
										stripHTML:_.stripHTML
									},
									success: function(){
										_.showFu()
									}
								})			
						},
						showFu:function(){
							_.success.slideDown(function(){
								setTimeout(function(){
									_.success.slideUp()
									_.form.trigger('reset')
								},_.successShow)
							})
						},
						controlsFu:function(){
							$(_.controls,_.form).each(function(){
								var th=$(this)
								th
									.bind('click',function(){
										_.form.trigger(th.data('type'))
										return false
									})
							})
						},
						showErrorFu:function(label){
							label.find('.'+_.errorCl).slideDown()
						},
						hideErrorFu:function(label){
							label.find('.'+_.errorCl).slideUp()
						},
						showEmptyFu:function(label){
							label.find('.'+_.emptyCl).slideDown()
							_.hideErrorFu(label)
						},
						hideEmptyFu:function(label){
							label.find('.'+_.emptyCl).slideUp()
						},
						init:function(){
							_.form=this
							_.labels=$('label',_.form)
							
							_.preFu()
							
							_.controlsFu()
															
							_.form
								.bind('submit',function(){
									if(_.validate)
										_.submitFu()
									else
										_.form[0].submit()
									return false
								})
								.bind('reset',function(){
									_.labels.removeClass(_.invalidCl)									
									_.labels.each(function(){
										var th=$(this)
										_.hideErrorFu(th)
										_.hideEmptyFu(th)
									})
								})
						}
					}
				if(!data)
					(typeof opt=='object'?$.extend(_,opt):_).init.call(th),
					th.data({cScroll:_}),
					data=_
				else
					_=typeof opt=='object'?$.extend(data,opt):data
			})
			return this
		}
	})
})(jQuery)
And the MailHandler.php

Code: Select all

 <?php
    $owner_email = $_POST["mailadres@gmail.com"];
    $headers = 'Afzender:' . $_POST["Email"];
    $subject = 'Bericht van een website bezoeker ' . $_POST["Naam"];
    $messageBody = "";
    
    $messageBody .= '<p>Bezoeker: ' . $_POST["Naam"] . '</p>' . "\n";
    $messageBody .= '<br>' . "\n";
    $messageBody .= '<p>Email adres: ' . $_POST['Email'] . '</p>' . "\n";
    $messageBody .= '<br>' . "\n";
    $messageBody .= '<p>Phone Number: ' . $_POST['phone'] . '</p>' . "\n";
    $messageBody .= '<br>' . "\n";
    $messageBody .= '<p>Bericht: ' . $_POST['Bericht'] . '</p>' . "\n";
    
    if($_POST["stripHTML"] == 'true'){
        $messageBody = strip_tags($messageBody);
    }

    try{
        if(!mail($owner_email, $subject, $messageBody, $headers)){
            throw new Exception('E-mail sturen is mislukt');
        }else{
            echo 'E-mail is verstuurd';
        }
    }catch(Exception $e){
        echo $e->getMessage() ."\n";
    }
?> 

Re: Form not sending email

Posted: Fri Nov 15, 2013 7:37 pm
by Eric!
Is your form data getting submitted to your php code correctly? If so can you var_dump out each variable going to mail() and repost them here so we don't have wade through all that code and/or test it ourselves?

Also your form has several security problems because it is not filtering any of the user input. It is very easy to do an Email Insertion attack on several of your variables ($_POST["Email"] and $_POST["Naam"] and even the ones in your $messageBody section). The JavaScript can not protect you against this as spammers can post data directly to your php script.

It is very easy to leave a gaping hole in your code that some miscreant might find and bingo, you are no-one’s friend, potentially facing a big band-width bill, being blacklisted, being blocked by your own hosting provider etc. etc. as thousands of spam messages pour out from your email address every hour.

*Remove inserted CC: BCC: TO: FROM:
*Remove inserted \n \r 0x0a 0x0d %0d %0a
*Remove all high and low non-ascii characters
*Remove attempts at inserting mime-encoded headers
*Verify email address is valid

Handy generic functions:

Code: Select all

if(filter_var($email, FILTER_VALIDATE_EMAIL)===false) {
   //don't send the message as $email is not valid
}
$cleanString=filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
$cleanString= preg_replace(array("/\r/i","/\n/i", "/%0a/i", "/%0d/i", "/Content-Type:/i", "/bcc:/i", "/to:/i", "/cc:/i", "/Content\-Transfer\-Encoding\:/i", "/Mime\-Version\:/i" ), "", $string);