cc not working in email form

[SteveH]

Hello

 

I have a PHP script behind an online form which uses a contact.php file.

 

Unfortunately, when the site visitor ticks the box which says 'email me a copy' that facility does not work.

 

The code is as follows:

 

<?php

// User settings
$to = "[email protected]";

$subject = "Proofreading Contact Form";
// Include extra form fields and/or submitter data?
// false = do not include
$extra = array(
"form_subject"	=> true,
"form_cc"		=> true,
"ip"				=> true,
"user_agent"	=> true
);
$action = isset($_POST["action"]) ? $_POST["action"] : "";
if (empty($action)) {
// Send back the contact form HTML
$output = "<div style='display:none'>
<div class='contact-top'></div>
<div class='contact-content'>
	<h1 class='contact-title'>Send us a message:</h1>
	<div class='contact-loading' style='display:none'></div>
	<div class='contact-message' style='display:none'></div>
	<form action='#' style='display:none' enctype='multipart/form-data'>
		<label for='contact-name'>*Name:</label>
		<input type='text' id='contact-name' class='contact-input' name='name' tabindex='1001' />
		<label for='contact-email'>*Email:</label>
		<input type='text' id='contact-email' class='contact-input' name='email' tabindex='1002' />";

if ($extra["form_subject"]) {
	$output .= "
		<label for='contact-subject'>Subject:</label>
		<input type='text' id='contact-subject' class='contact-input' name='subject' value='' tabindex='1003' />";
}

$output .= "<label for='contact-subject'>Attachment:</label>
		<input type='file' name='documents' id='documents'   value=''  />
					<input type='hidden' name='documentsname' id='documentsname'    /><span id='documentnamedisplay'></span>";


$output .= "
		<label for='contact-message'>*Message:</label>
		<textarea id='contact-message' class='contact-input' name='message' cols='40' rows='4' tabindex='1005'></textarea>
		<br/>";


if ($extra["form_cc"]) {
	$output .= "
		<label> </label>
		<input type='checkbox' id='contact-cc' name='cc' value='1' tabindex='1006' /> <span class='contact-cc'>Send me a copy</span>
		<br/>";
}


$output .= "
		<label> </label>
		<button type='submit' class='contact-send contact-button' tabindex='1007'>Send</button>
		<button type='submit' class='contact-cancel contact-button simplemodal-close' tabindex='1008'>Cancel</button>
		<br/>
		<input type='hidden' name='token' value='" . smcf_token($to) . "'/>
	</form>
	<div id='loader' style='padding:10px;display:none;'><img src='images/ajax-loader.gif' /> Please wait</div>
</div>

</div>";

echo $output;
}
else if ($action == "send") {
// Send the email
$name = isset($_POST["name"]) ? $_POST["name"] : "";
$email = isset($_POST["email"]) ? $_POST["email"] : "";
$subject = isset($_POST["subject"]) ? $_POST["subject"] : $subject;
$message = isset($_POST["message"]) ? $_POST["message"] : "";
$cc = isset($_POST["cc"]) ? $_POST["cc"] : "";
$token = isset($_POST["token"]) ? $_POST["token"] : "";

// make sure the token matches
if ($token === smcf_token($to)) {
	smcf_send($name, $email, $subject, $message, $cc);
	echo "Your message was successfully sent.";
}
else {
	echo "Unfortunately, your message could not be verified.";
}
}

function smcf_token($s) {
return md5("smcf-" . $s . date("WY"));
}

// Validate and send email
function smcf_send($name, $email, $subject, $message, $cc) {
global $to, $extra;

// Filter and validate fields
$name = smcf_filter($name);
$subject = smcf_filter($subject);
$email = smcf_filter($email);
if (!smcf_validate_email($email)) {
	$subject .= " - invalid email";
	$message .= "<br /><br />Bad email: $email";
	$email = $to;
	$cc = 0; // do not CC "sender"
}

// Add additional info to the message
if ($extra["ip"]) {
	$message .= "<br /><br />IP: " . $_SERVER["REMOTE_ADDR"];
}
if ($extra["user_agent"]) {
	$message .= "<br /><br />USER AGENT: " . $_SERVER["HTTP_USER_AGENT"];
}

$attachment=trim($_POST['documentsname']);

require("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();
$mail->IsHTML(true);
$mail->FromName=$name;
$mail->From = $email;	
$mail->AddAddress($to);
$mail->AddCC($email);  

$mail->CharSet ="utf-8";

$mail->Subject = $subject;
$mail->Body = $message;	
if($attachment!='') $mail->AddAttachment('../upload/'.$attachment);
$x=$mail->Send();	
if($x==false) die("Unfortunately, a server issue prevented delivery of your message.");
}

// Remove any un-safe values to prevent email injection
function smcf_filter($value) {
$pattern = array("/\n/","/\r/","/content-type:/i","/to:/i", "/from:/i", "/cc:/i");
$value = preg_replace($pattern, "", $value);
return $value;
}

// Validate email address format in case client-side validation "fails"
function smcf_validate_email($email) {
$at = strrpos($email, "@");

// Make sure the at (@) sybmol exists and  
// it is not the first or last character
if ($at && ($at < 1 || ($at + 1) == strlen($email)))
	return false;

// Make sure there aren't multiple periods together
if (preg_match("/(\.{2,})/", $email))
	return false;

// Break up the local and domain portions
$local = substr($email, 0, $at);
$domain = substr($email, $at + 1);


// Check lengths
$locLen = strlen($local);
$domLen = strlen($domain);
if ($locLen < 1 || $locLen > 64 || $domLen < 4 || $domLen > 255)
	return false;

// Make sure local and domain don't start with or end with a period
if (preg_match("/(^\.|\.$)/", $local) || preg_match("/(^\.|\.$)/", $domain))
	return false;

// Check for quoted-string addresses
// Since almost anything is allowed in a quoted-string address,
// we're just going to let them go through
if (!preg_match('/^"(.+)"$/', $local)) {
	// It's a dot-string address...check for valid characters
	if (!preg_match('/^[-a-zA-Z0-9!#$%*\/?|^{}`~&\'+=_\.]*$/', $local))
		return false;
}

// Make sure domain contains only valid characters and at least one period
if (!preg_match("/^[-a-zA-Z0-9\.]*$/", $domain) || !strpos($domain, "."))
	return false;	

return true;
}

exit;

?>

 

Any help would be appreciated, thanks.

 

Steve

[PFMaBiSmAd]

The From: address in any email must be a valid mail box at the sending mail server. You should put any entered email address as the Reply-to: address.

 

You are putting the entered email address as the From: address. Most of the major ISPs will discard any email that contains a From: address that says the email came from that ISP's mail server but the actual sending mail server is not that ISP's mail server.

[mrMarcus]

you can just add cc: and Bcc: to your headers:

 

$headers = "From: [email protected]\r\n";
$headers .= "cc: [email protected]\r\n";
$headers .= "Bcc: [email protected]\r\n";

 

change out the hard-coded address for incoming $_POST variables, of course.

[SteveH]

Thank you to you both for your posts.

 

MrMarcus, do you mean that in this part of the script:

 

// Send the email
$name = isset($_POST["name"]) ? $_POST["name"] : "";
$email = isset($_POST["email"]) ? $_POST["email"] : "";
$subject = isset($_POST["subject"]) ? $_POST["subject"] : $subject;
$message = isset($_POST["message"]) ? $_POST["message"] : "";
$cc = isset($_POST["cc"]) ? $_POST["cc"] : "";
$token = isset($_POST["token"]) ? $_POST["token"] : "";

// make sure the token matches

 

I need to add, say:

 

$cc .= "cc: [email protected]\r\n";

 

Sorry, I am wholly new to PHP.

 

Please also note that for the sender to receive a copy of his message, he needs to check the box. The form is here:

 

A link to the form is here:

 

http://stevehigham59.7host.com/final...menu/index.htm

 

Thanks again for your post.

 

Steve

 

 

 

[mrMarcus]

you mail() function arguments are wrong .. see manual.

 

this is the order:

 

<?php
mail ('to_email_address', 'subject_of_email', 'body/message_of_email', 'optional_headers', 'optional_additional_arguments');
?>

 

try this:

 

<?php
// Send the email
$name = isset($_POST['name']) ? $_POST['name'] : '';
$email = isset($_POST['email']) ? $_POST['email'] : '';
$subject = isset($_POST['subject']) ? $_POST['subject'] : $subject;
$message = (isset($_POST['message']) ? wordwrap (nl2br ($_POST['message'], 70, '<br />')) : '');

#check for token;
$token = isset($_POST['token']) ? $_POST['token'] : '';

#headers;
$headers  = 'From: ' . $name . '<' . $email . '>' . "\r\n";
$headers .= ((isset ($_POST['cc']) && ($_POST['cc'] == 1)) ? 'cc: [email protected]' . "\r\n" : '');
#$headers .= "Bcc: [email protected]\r\n"; //optional Bcc;
$headers .= 'X-Mailer: PHP/' . phpversion();

// make sure the token matches
if ($token === smcf_token($to))
{
#send email;
$mail = smcf_send ($to, $subject, $message, $headers);
#$mail = smcf_send ($to, $subject, $message, $headers, "-f{$to}"); //if above $mail doesn't work, comment it out and umcomment this line;

if (($mail) ? 'Your message was successfully sent.' : 'There was an error sending your message.');
}
?>

 

not tested at all.

 

EDIT: you really need to do some error checking on the incoming variables, ie: user inputted criteria, email address, name, etc., so that in the case of a user not filling out all the fields, an email will not be dispatched, or you won't receive an error message.