kevinkhan Posted July 31, 2009 Share Posted July 31, 2009 Hi Everyone, Just need a small bit of advice if anyone can help.. I have a contact form on my site and it sends all the input fields however when i get an email i want the persons name to come up as the sender.. At the moment wat comes up is userx100175... This is the script below <?php $to = "info@corkbouncingcastles.com"; $subject = "Cork Bouncing Castles Inquiry!"; $body = "First Name: " . $_POST['name'] . "\nEmail: " . $_POST['email'] . "\nPhone Number: " . $_POST['number'] . "\nMessage: " . $_POST['msg']; $headers = 'Reply-To: '. $_POST['email'] . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if (mail($to, $subject, $body, $headers)) { echo("<p>Thanks for submitting your enquiry. We will be in touch with you soon.</p> <p>If you would like any further assistance you can call us on 086-2430367 and we will be glad to answer any questions you might have.</p>"); } else { echo("<p>Message delivery failed. Please go back to the Contact Us page and fill out the contact form again or call us on 086-2430367 to get an instant quote to hire one of our bouncing castles.</p>"); } ?> Thanks to anyone that can help... Quote Link to comment Share on other sites More sharing options...
WolfRage Posted July 31, 2009 Share Posted July 31, 2009 Just remember it is not really from them. <?php $headers = 'From: '.$_POST['name']."\r\n". 'Reply-To: '. $_POST['email'] . "\r\n" . 'X-Mailer: PHP/' . phpversion(); ?> However this is extremly insecure code. You need to run htlmentities() on everything that is coming in from a form submitted by a outside user. Quote Link to comment Share on other sites More sharing options...
kevinkhan Posted July 31, 2009 Author Share Posted July 31, 2009 Thanks for your help.. This is a bit better.. However this is what its giving me now when i receive email Under sender it gives this Kevin.Khan@pemlinweb02.novara.ie I want it to be just Kevin Khan or what ever user puts into text field uner name Thanks for your time... Quote Link to comment Share on other sites More sharing options...
WolfRage Posted July 31, 2009 Share Posted July 31, 2009 The way that the script is setup is the way that want it to work, make sure you are putting just a name in the name field and not inserting an email in the name field. To test you can echo $_POST['name'].' & '.$_POST['email']; Quote Link to comment Share on other sites More sharing options...
kevinkhan Posted July 31, 2009 Author Share Posted July 31, 2009 yes its kind of weird All that i type into the input field is Kevin Khan but when i open email it gives kevin.khan@ (some weird name) I think its the name of the server im not sure.. i know novara.ie is where im hosting the site.. Quote Link to comment Share on other sites More sharing options...
WolfRage Posted July 31, 2009 Share Posted July 31, 2009 This is the thing about adding headers, you can add a header, but it may not be real. Which in your case it is not real it is really coming from the centeral mail server. So this is considered a spoof, one of two things may happen at that time. The sending mail server may provide it's on From header and overwrite the existing. Or recieving mail servers may delete this header from the email. Either way your email client is not getting spoofed. What you can do is put the user's name in the subject. That is what I do. Make it "User Whoever - Subject of my message". <?php subject=$_POST['name'].'- '.$subject; ?> As a final word please make sure that you are properly screening the incoming vars to protect yourself, your server, and clients if you have them. Quote Link to comment Share on other sites More sharing options...
kevinkhan Posted August 1, 2009 Author Share Posted August 1, 2009 As a final word please make sure that you are properly screening the incoming vars to protect yourself, your server, and clients if you have them. Yes i cant say that i know much about this... Would you know of any good site that i could learn more about this topic? Thanks in advance Kevin Quote Link to comment Share on other sites More sharing options...
WolfRage Posted August 3, 2009 Share Posted August 3, 2009 http://phpsec.org/ http://us2.php.net/manual/en/security.variables.php http://shiflett.org/articles/input-filtering http://shiflett.org/articles/sql-injection And in General this site has a lot of good security knowledge on it with pratical examples. http://shiflett.org/articles Specific things you can use to filter data. http://us2.php.net/manual/en/function.htmlentities.php http://us2.php.net/manual/en/function.htmlspecialchars.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.