Jump to content


Photo

contact form issue

contact form

Best Answer cyberRobot, 13 November 2013 - 08:39 AM

Well these guys class can check if the domain from which the email address is online.

It can provide some advanced email validation if he decides to take the visitor email, anyway never mind.

 

To be honest, I was thinking your comment was spam. Perhaps my sensors are set too high. :)

 

Based on the code posted, the email address which comes from the user ($_POST['Email']) is only used in the message body. The problem is caused by the hard-coded value used for $EmailFrom. The headers argument for "From:" requires an email address. Since one wasn't provided, it uses an address defined by the server.

Go to the full post


  • Please log in to reply
9 replies to this topic

#1 gardencat

gardencat

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 12 November 2013 - 10:01 AM

I've made a web site (for a client) that has a contact form. The form works fine, but the email that arrives shows a long weird address, which I assume is the hosting server name: Visitor@p3nlhgxxxxxxxxxsecureserver.net.  These emails look scary to my website client, and she's afraid to open them. 
 
Is there some code I can add to the php file that will change who the email appears to be from in my client's inbox?
 
This is part of what's in the php file: 

$EmailFrom = "Visitor";
$EmailTo = "MyClient@HerAddress.com";
$Subject = "Message from BusinessName website";
$Name = Trim(stripslashes($_POST['Name'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Message = Trim(stripslashes($_POST['Message']));

Disclaimer . . . I know nothing about writing PHP.

 

TIA - gardencat

 



#2 keloa

keloa

    Member

  • Members
  • PipPip
  • 13 posts

Posted 12 November 2013 - 10:16 AM

First, can you show us the full code so that will be able to help you.Another thing is a suggestion,which is why don't you give the visitor the ability to write his name instead of "visitor".



#3 gardencat

gardencat

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 12 November 2013 - 10:23 AM

I do have a Name field in the form, but can't figure out how to get that to show up in the $EmailFrom area either.  Here's everything in the PHP file:

 

<?php


$EmailFrom = "Website visitor";
$EmailTo = "MyClient@HerAddress.com";
$Subject = "Message from BusinessName website";
$Name = Trim(stripslashes($_POST['Name'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Message = Trim(stripslashes($_POST['Message'])); 


// validation
$validationOK=true;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
  exit;
}


// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";


// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");


// redirect to success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.php\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>


#4 cyberRobot

cyberRobot

    Advanced Member

  • Gurus
  • 1,593 posts

Posted 12 November 2013 - 04:55 PM

Try changing $EmailFrom to an email address. More information about the mail() function (including some examples) can be found here:

http://php.net/manua...nction.mail.php


Blogging about PHP and other web development topics at ScorpBytes.com

#5 JIXO

JIXO

    Advanced Member

  • Members
  • PipPipPip
  • 61 posts

Posted 12 November 2013 - 08:46 PM

Try to validate the emails first before displaying them, PEAR has a validation class here.



#6 cyberRobot

cyberRobot

    Advanced Member

  • Gurus
  • 1,593 posts

Posted 13 November 2013 - 06:43 AM

Try to validate the emails first before displaying them, PEAR has a validation class here.

 

I'm not sure how this applies directly to the topic at hand, but PHP can also handle validation:

http://php.net/manua....validation.php


Blogging about PHP and other web development topics at ScorpBytes.com

#7 JIXO

JIXO

    Advanced Member

  • Members
  • PipPipPip
  • 61 posts

Posted 13 November 2013 - 08:13 AM

Well these guys class can check if the domain from which the email address is online.

It can provide some advanced email validation if he decides to take the visitor email, anyway never mind.



#8 cyberRobot

cyberRobot

    Advanced Member

  • Gurus
  • 1,593 posts

Posted 13 November 2013 - 08:39 AM   Best Answer

Well these guys class can check if the domain from which the email address is online.

It can provide some advanced email validation if he decides to take the visitor email, anyway never mind.

 

To be honest, I was thinking your comment was spam. Perhaps my sensors are set too high. :)

 

Based on the code posted, the email address which comes from the user ($_POST['Email']) is only used in the message body. The problem is caused by the hard-coded value used for $EmailFrom. The headers argument for "From:" requires an email address. Since one wasn't provided, it uses an address defined by the server.


Blogging about PHP and other web development topics at ScorpBytes.com

#9 gardencat

gardencat

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 13 November 2013 - 10:53 AM

Thank you, cyberRobot . . . . using ($_POST['Email']) fixed the problem.  Thanks for the validation info, too.   



#10 cyberRobot

cyberRobot

    Advanced Member

  • Gurus
  • 1,593 posts

Posted 13 November 2013 - 05:05 PM

Thank you, cyberRobot . . . . using ($_POST['Email']) fixed the problem.  Thanks for the validation info, too.   

 

Just keep in mind that this could open your script up to email injection attacks:

https://www.google.c...njection attack

 

Information from the user, such is what you get from forms, should not be trusted. If you're not doing so already, the email address should be validated using something like the following:

http://php.net/manua....validation.php

 

Personally, I prefer to use a standard email as the from address such as the webmaster email for the website. It helps distinguish that the information came from an online form. Plus, it's easier to set up rules in an email client for filtering incoming mail.


Blogging about PHP and other web development topics at ScorpBytes.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com