Does anyone know how to send user Name in a form scipt?

[kevinkhan]

Hi Everyone,

 

Just need a small bit of advice if anyone can help..

 

I have a contact form on my site and it sends all the input fields however when i get an email i want the persons name to come up as the sender..

 

At the moment wat comes up is userx100175...

 

This is the script below

 

 

<?php

  $to = "info@corkbouncingcastles.com";

  $subject = "Cork Bouncing Castles Inquiry!";

  $body =

      "First Name: " . $_POST['name'] .

"\nEmail: " . $_POST['email'] .

"\nPhone Number: " . $_POST['number'] .

"\nMessage: " . $_POST['msg'];

 

$headers =

      'Reply-To: '. $_POST['email'] . "\r\n" .

          'X-Mailer: PHP/' . phpversion();

 

 

  if (mail($to, $subject, $body, $headers))

{

    echo("<p>Thanks for submitting your enquiry. We will be in touch with you soon.</p> <p>If you would like any further assistance you can call us on 086-2430367 and we will be glad to answer any questions you might have.</p>");

  } else {

    echo("<p>Message delivery failed. Please go back to the Contact Us page and fill out the contact form again or call us on 086-2430367 to get an instant quote to hire one of our bouncing castles.</p>");

  }

?>

 

 

Thanks to anyone that can help...

[WolfRage]

Just remember it is not really from them.

<?php
$headers = 'From: '.$_POST['name']."\r\n".
          'Reply-To: '. $_POST['email'] . "\r\n" .
              'X-Mailer: PHP/' . phpversion();
?>

However this is extremly insecure code. You need to run htlmentities() on everything that is coming in from a form submitted by a outside user.

[kevinkhan]

Thanks for your help..

 

This is a bit better..

 

However this is what its giving me now when i receive email

Under sender it gives this

 

Kevin.Khan@pemlinweb02.novara.ie

 

I want it to be just Kevin Khan

or what ever user puts into text field uner name

 

Thanks for your time...

[WolfRage]

The way that the script is setup is the way that want it to work, make sure you are putting just a name in the name field and not inserting an email in the name field.

To test you can echo $_POST['name'].' & '.$_POST['email'];

[kevinkhan]

yes its kind of weird

 

All that i type into the input field is Kevin Khan

 

but when i open email it gives kevin.khan@ (some weird name)

 

I think its the name of the server im not sure..

 

i know novara.ie is where im hosting the site..

 

 

[WolfRage]

This is the thing about adding headers, you can add a header, but it may not be real. Which in your case it is not real it is really coming from the centeral mail server. So this is considered a spoof, one of two things may happen at that time. The sending mail server may provide it's on From header and overwrite the existing. Or recieving mail servers may delete this header from the email. Either way your email client is not getting spoofed. What you can do is put the user's name in the subject. That is what I do. Make it "User Whoever - Subject of my message".

<?php
subject=$_POST['name'].'- '.$subject;
?>

As a final word please make sure that you are properly screening the incoming vars to protect yourself, your server, and clients if you have them.

[kevinkhan]

 

As a final word please make sure that you are properly screening the incoming vars to protect yourself, your server, and clients if you have them.

 

Yes i cant say that i know much about this...

 

Would you know of any good site that i could learn more about this topic?

 

Thanks in advance

 

Kevin

[WolfRage]

http://phpsec.org/

http://us2.php.net/manual/en/security.variables.php

http://shiflett.org/articles/input-filtering

http://shiflett.org/articles/sql-injection

 

And in General this site has a lot of good security knowledge on it with pratical examples.

http://shiflett.org/articles

 

 

Specific things you can use to filter data.

http://us2.php.net/manual/en/function.htmlentities.php

http://us2.php.net/manual/en/function.htmlspecialchars.php