xonx Posted September 20, 2009 Share Posted September 20, 2009 Hi everybody, I could use a little help with this secure and simple email script i'm trying to write. It's just directing to mailscript.php when you hit submit in the form and it doesn't send any email. <?php // check for injection characters function injection_chars($s) { return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE; } // make output safe for the browser function safe($input) { return htmlspecialchars(stripslashes($input)); } // subject and email variables $to = 'youremail@mail.com'; $subject = 'Mail sent from contact form'; // gathering data variables $name = injection_chars(safe($_POST['name'])); $email = injection_chars(safe($_POST['email'])); $message = injection_chars(safe($_POST['message'])); $body = <<<END Name: $name Email: $email Message: $message END; $headers = "From: $email\r\n"; $headers .= "Content=type: text/html\r\n"; if (isset($_POST['submit'])) { if (empty($_POST['name'])) { // if sender hasn't entered a name echo"<p>You must enter a name.</p>"; } elseif (empty($_POST['email'])) { // if sender hasn't entered an email echo "<p>You must enter your e-mail.</p>"; } elseif (empty($_POST['message'])) { // if sender hasn't entered a message echo "<p>You must enter a message.</p>"; } } else { // sending the mail mail($to, $subject, $body, $headers); } // directing user to a thank-you page header('Location: thanks.php'); ?> I've looked at it for several hours now, but think I've gone blind on it by now. Quote Link to comment Share on other sites More sharing options...
RussellReal Posted September 20, 2009 Share Posted September 20, 2009 you put the mail function in the ELSE statement.. meaning if !isset($_POST['SUBMIT']) would be what the else translates to in this script.. so if they click the submit button.. the email won't get sent.. move the mail() function into the if not the else Quote Link to comment Share on other sites More sharing options...
xonx Posted September 21, 2009 Author Share Posted September 21, 2009 Okay, this is what I came up with but it still doesn't work. <?php // check for injection characters function injection_chars($s) { return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE; } // make output safe for the browser function safe($input) { return htmlspecialchars(stripslashes($input)); } // subject and email variables $to = 'aandersmj@gmail.com'; $subject = 'Mail sent from contact form'; // gathering data variables $name = injection_chars(safe($_POST['name'])); $email = injection_chars(safe($_POST['email'])); $message = injection_chars(safe($_POST['message'])); $body = <<<END Name: $name Email: $email Message: $message END; $headers = "From: $email\r\n"; $headers .= "Content=type: text/html\r\n"; if (isset($_POST['submit'])) { if (empty($_POST['name'])) { // if sender hasn't entered a name echo"<p>You must enter a name.</p>"; } elseif (empty($_POST['email'])) { // if sender hasn't entered an email echo "<p>You must enter your e-mail.</p>"; } elseif (empty($_POST['message'])) { // if sender hasn't entered a message echo "<p>You must enter a message.</p>"; } // sending the mail mail($to, $subject, $body, $headers); // directing user to a thank-you page header('Location: thanks.php'); } else { echo '<p>The email was not sent!</p>'; } ?> Quote Link to comment Share on other sites More sharing options...
ozestretch Posted September 21, 2009 Share Posted September 21, 2009 Weird, it should send an email regardless if you form fields validate or not, but will print an error. Quote Link to comment Share on other sites More sharing options...
ozestretch Posted September 21, 2009 Share Posted September 21, 2009 This should halt sending if not validated. <?php // check for injection characters function injection_chars($s) { return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE; } // make output safe for the browser function safe($input) { return htmlspecialchars(stripslashes($input)); } // subject and email variables $to = 'aandersmj@gmail.com'; $subject = 'Mail sent from contact form'; // gathering data variables $name = injection_chars(safe($_POST['name'])); $email = injection_chars(safe($_POST['email'])); $message = injection_chars(safe($_POST['message'])); $body = <<<END Name: $name Email: $email Message: $message END; $headers = "From: $email\r\n"; $headers .= "Content=type: text/html\r\n"; if (isset($_POST['submit'])) { if (empty($_POST['name'])) { // if sender hasn't entered a name echo"<p>You must enter a name.</p>"; } elseif (empty($_POST['email'])) { // if sender hasn't entered an email echo "<p>You must enter your e-mail.</p>"; } elseif (empty($_POST['message'])) { // if sender hasn't entered a message echo "<p>You must enter a message.</p>"; } else{ // sending the mail mail($to, $subject, $body, $headers); // directing user to a thank-you page header('Location: thanks.php'); } } else { echo '<p>The email was not sent!</p>'; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.