MSUK1 Posted September 23, 2010 Share Posted September 23, 2010 Okay, below is my mailer for a contact form i created. On one site it works fine. I even have it sending to several addresses from the othersite. However this site it doesnt want to work. PHP5 and mail() function is active. <?php $Name = Trim(stripslashes($_POST['fullname'])); $EmailFrom = Trim(stripslashes($_POST['email'])); $EmailTo = "james@jd-creations.co.uk"; $Subject = Trim(stripslashes($_POST['subject'])); $answer = Trim(stripslashes($_POST['answer'])); $Comments = Trim(stripslashes($_POST['message'])); $Subject = "The Reason - Contact Us"; // validation $validationOK=true; if (Trim($EmailFrom)=="") $validationOK=false; if (Trim($answer)!=="20") $validationOK=false; if (Trim($Name)=="") $validationOK=false; if (Trim($Comments)=="") $validationOK=false; if (Trim($Subject)=="") $validationOK=false; if (!$validationOK) { print "<meta http-equiv=\"refresh\" content=\"0;URL=../contact/error2.php\">"; exit; } // prepare email body text $Body = ""; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "Email: "; $Body .= $EmailFrom; $Body .= "\n"; $Body .= "Comments: "; $Body .= $Comments; $Body .= "\n"; // send email $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>"); // redirect to success page if ($success){ print "<meta http-equiv=\"refresh\" content=\"0;URL=../contact/sent.php\">"; } else{ print "<meta http-equiv=\"refresh\" content=\"0;URL=../contact/error.php\">"; } ?> now i know it is wroking because it takes me to the sent.php page. not error.php i think it worked once. now not at all. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 23, 2010 Share Posted September 23, 2010 The From: header should be a valid address on the sending server. It should not be an address a user fills in on the form, which is what it appears to be in your code. Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 23, 2010 Author Share Posted September 23, 2010 that works well on my other site? It basically acts exactly the same as the EmailTo variable? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 23, 2010 Share Posted September 23, 2010 Allow me to reiterate: The From: header should be a valid address on the sending server. It should not be an address a user fills in on the form, which is what it appears to be in your code. If you need the address the user input in the form sent as a header so you can hit "Reply" in your mail client, I'd suggest you use it as a Reply-To: header. You should also be sanitizing all the user input to filter out any header injection attempts. Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 23, 2010 Author Share Posted September 23, 2010 ok thankyou, what would you suggest to do to filter user input? and any idea on re-writing my mail funtion? [i am a noob] mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>") thankyou for your time Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 Regarding header injection, you'll be better off googling 'prevent php email header injection' than having me try to explain it. In a nutshell, it involves checking for or stripping out all characters used to allow a spammer to insert more email addresses in the 'To:' header. As far as your headers go, this should work. $Headers = 'From: valid_address@your_domain.com' . "\r\n";$Headers .= "Reply-To: $EmailFrom\r\n";mail($EmailTo, $Subject, $Body, $Headers); Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 24, 2010 Author Share Posted September 24, 2010 Thanks, emails are now sending! however, they are sending to and from the user. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 Not sure what you mean by that . . . Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 24, 2010 Author Share Posted September 24, 2010 all emails are being sent to matt@mattsolomon.co.uk when that is not stated anywhere in the php.. <?php $Name = Trim(stripslashes($_POST['fullname'])); $EmailFrom = Trim(stripslashes($_POST['email'])); $EmailTo = "james@jd-creations.co.uk"; $Subject = Trim(stripslashes($_POST['subject'])); $answer = Trim(stripslashes($_POST['answer'])); $Comments = Trim(stripslashes($_POST['message'])); $Subject = "The Reason - Contact Us"; $Headers = 'From: james@jd-creations.co.uk' . "\r\n"; $Headers .= "Reply-To: $EmailFrom\r\n"; // validation $validationOK=true; if (Trim($EmailFrom)=="") $validationOK=false; if (Trim($answer)!=="20") $validationOK=false; if (Trim($Name)=="") $validationOK=false; if (Trim($Comments)=="") $validationOK=false; if (Trim($Subject)=="") $validationOK=false; if (!$validationOK) { print "<meta http-equiv=\"refresh\" content=\"0;URL=../contact/error2.php\">"; exit; } // prepare email body text $Body = ""; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "Email: "; $Body .= $EmailFrom; $Body .= "\n"; $Body .= "Comments: "; $Body .= $Comments; $Body .= "\n"; // send email $success = mail($EmailTo, $Subject, $Body, $Headers); // redirect to success page if ($success){ print "<meta http-equiv=\"refresh\" content=\"0;URL=../contact/sent.php\">"; } else{ print "<meta http-equiv=\"refresh\" content=\"0;URL=../contact/error.php\">"; } ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 That makes no sense at all. I see nothing in the code that would cause that behavior. Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 24, 2010 Author Share Posted September 24, 2010 tell me about it :/ Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 This now sounds like a hosting company issue. I've seen default 'To:' addresses when using a hosting company's pre-built mail forms, but I've not seen it when using the mail() function in PHP. I suppose it's possible, though. Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 24, 2010 Author Share Posted September 24, 2010 i am the hoster.. msuk-hosting.com so even then it shouldnt be configured to matt@mattsolomon.co.uk it should be matt@msuk-hostt... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 Then I'd venture a guess you've got something misconfigured somewhere. What MTA are you using, and on what OS? That isn't my area of expertise, but maybe someone here has seen this before. Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted September 25, 2010 Author Share Posted September 25, 2010 if something was mis-configured then my other contact form would do the same. :/ its Linux based and all php / functions are configured in WHM / cPanel and is hard coded into the software. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.