mail() issues

[wdcockrell89]

hi i am in a bit of a time crunch developing this basic web page for my mother. i am new to php (like hours new) but feel like i shouldnt be having this problem.

 

what i want the page to do is this: take the information that the visitor entered into a form and email it to me upon pressing the "submit" button.

 

where the problem is is here: when you hit submit, the browser takes me to a page that chrome warns me has had malware detected on it. something like verygoods-2014.ru, which i have never seen before nor can i find it anywhere in my coding. also, the email does not send.

 

i feel like the php coding should be fine, as i have tested several pre-written form referencing mail() scripts as well as using the most basic mail() script possible, all with the same result.

 

i have also wondered where the email that is supposed to be sent comes from. will it just be a "noreply" email sent by the website the script is run on? do i need to set up a server or email that can be accessed by my php script? i feel like this may be part of my problem.

 

any help constructing a script or tips on building a php script for this would be greatly appreciated.

below is the form that i am trying to gather information with. as i said earlier i have tried many mail() scripts of varying complexity, all to no avail, so i will not include one here. the email i want the information to be sent to is wdcockrell89@gmail.com

 

<form name="contactform" method="post" action="send_contact_info.php">

<table width="450px">

 

<tr>

<td valign="top">

  <label for="name">Name *</label>

</td>

<td valign="top">

  <input  type="text" name="name" maxlength="50" size="30">

</td>

</tr>

<tr>

<td valign="top"">

  <label for="Practice_Name">Practice Name *</label>

</td>

<td valign="top">

  <input  type="text" name="Practice_Name" maxlength="50" size="30">

</td>

</tr>

<tr>

<td valign="top">

  <label for="Email">Email Address *</label>

</td>

<td valign="top">

  <input  type="text" name="Email" maxlength="80" size="30">

</td>

</tr>

<tr>

<td valign="top">

  <label for="Mailing_address">Mailing address</label>

</td>

<td valign="top">

  <input  type="text" name="Mailing_address" maxlength="30" size="30">

</td>

</tr>

<tr>

<td colspan="2" style="text-align:center">

  <input type="submit" value="Submit">

</tr>

</table>

</form>

    <p> </p>

    <p>  </p>

    <!-- end .content --></div>

  <!-- end .container --></div>

</body>

</html>

 

 

i dont know how you guys do things here, but i realize my own ignorance and if you feel the need to berate me for it, i'm sure it is deserved. but help is more appreciated

[NomadicJosh]

Can you post the contents of send_contact_info.php?

[wdcockrell89]

send_contact_info.php has been changed many times.

 

it has been as simple as:

 

<?php

mail("wdcockrell89@gmail.com", "test", "test body");

?>

 

and has changed to:

 

<?php

if(isset($_POST['email'])) {

   

    $email_to = "wdcockrell89@gmail.com";

    $email_subject = "Pinnacle contact info";

   

   

    function died($error) {

        echo "We are very sorry, but there were error(s) found with the form you submitted. ";

        echo "These errors appear below.<br /><br />";

        echo $error."<br /><br />";

        echo "Please go back and fix these errors.<br /><br />";

        die();

    }

   

    if(!isset($_POST['name']) ||

        !isset($_POST['Practice_Name']) ||

        !isset($_POST['Email']) ||

        !isset($_POST['Mailing_address'])) {

        died('We are sorry, but there appears to be a problem with the form you submitted.');     

    }

   

    $name = $_POST['name'];

    $Practice_Name = $_POST['Practice_Name'];

    $email_from = $_POST['Email'];

    $Mailing_address = $_POST['Mailing_address'];

   

   

    $error_message = "";

    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';

  if(!preg_match($email_exp,$email_from)) {

    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';

  }

    $string_exp = "/^[A-Za-z .'-]+$/";

  if(!preg_match($string_exp,$name)) {

    $error_message .= 'The Name you entered does not appear to be valid.<br />';

  }

  if(!preg_match($string_exp,$Practice_Name)) {

    $error_message .= 'The Practice Name you entered does not appear to be valid.<br />';

 

  }

  if(strlen($error_message) > 0) {

    died($error_message);

  }

    $email_message = "Form details below.\n\n";

   

    function clean_string($string) {

      $bad = array("content-type","bcc:","to:","cc:","href");

      return str_replace($bad,"",$string);

    }

   

    $email_message .= "Name: ".clean_string($name)."\n";

    $email_message .= "Practice Name: ".clean_string($Practice_Name)."\n";

    $email_message .= "Email: ".clean_string($email_from)."\n";

    $email_message .= "Mailing Address: ".clean_string($Mailing_address)."\n";

   

   

$headers = 'From: '.$email_from."\r\n".

'Reply-To: '.$email_from."\r\n" .

'X-Mailer: PHP/' . phpversion();

@mail($email_to, $email_subject, $email_message, $headers); 

?>

 

<www.pinnacleeducationservices.com>

 

Thank you for contacting us. We will be in touch with you very soon.

 

<?php

}

?>

 

perhaps it should be said that i did not write this code but edited it to reference the form more correctly. it is entirely possible my editing was the root of my problem, but i do not see why it redirects me to verygoods-2014.ru

[NomadicJosh]

send_contact_info.php has been changed many times.

 

it has been as simple as:

 

 <?php 
mail("wdcockrell89@gmail.com", "test", "test body");
?> 

and has changed to:

<?php
if(isset($_POST['email'])) {
     
    $email_to = "wdcockrell89@gmail.com";
    $email_subject = "Pinnacle contact info";
     
     
    function died($error) {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }
     
    if(!isset($_POST['name']) ||
        !isset($_POST['Practice_Name']) ||
        !isset($_POST['Email']) ||
        !isset($_POST['Mailing_address'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }
     
    $name = $_POST['name'];
    $Practice_Name = $_POST['Practice_Name'];
    $email_from = $_POST['Email'];
    $Mailing_address = $_POST['Mailing_address'];
    
     
    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
  if(!preg_match($string_exp,$name)) {
    $error_message .= 'The Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$Practice_Name)) {
    $error_message .= 'The Practice Name you entered does not appear to be valid.<br />';
  
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.\n\n";
     
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "Name: ".clean_string($name)."\n";
    $email_message .= "Practice Name: ".clean_string($Practice_Name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Mailing Address: ".clean_string($Mailing_address)."\n";
     
     
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<www.pinnacleeducationservices.com>

Thank you for contacting us. We will be in touch with you very soon.

<?php
}
?>

 

perhaps it should be said that i did not write this code but edited it to reference the form more correctly. it is entirely possible my editing was the root of my problem, but i do not see why it redirects me to verygoods-2014.ru

 

First, I would change your first line to:

if(isset($_POST['submit'])) {

 

2nd, you should take your died function out of your submit statement.

 

And 3rd, update the bottom of your form to include the name attribute:

 

<input type="submit" name="submit" value="Submit">

[wdcockrell89]

i changed the first line as you suggested as well as the last line of the form. i see "died" show up a few times throughout the script. where should it be removed? (sorry, like i said, i am quite new to this).

 

<form name="contactform" method="post" action="send.php">
<table width="450px">

<tr>
<td valign="top">
  <label for="name">Name *</label>
</td>
<td valign="top">
  <input  type="text" name="name" maxlength="50" size="30">
</td>
</tr>
<tr>
<td valign="top"">
  <label for="Practice_Name">Practice Name *</label>
</td>
<td valign="top">
  <input  type="text" name="Practice_Name" maxlength="50" size="30">
</td>
</tr>
<tr>
<td valign="top">
  <label for="Email">Email Address *</label>
</td>
<td valign="top">
  <input  type="text" name="Email" maxlength="80" size="30">
</td>
</tr>
<tr>
<td valign="top">
  <label for="Mailing_address">Mailing address</label>
</td>
<td valign="top">
  <input  type="text" name="Mailing_address" maxlength="30" size="30">
</td>
</tr>

<tr>
<td colspan="2" style="text-align:center">
  <input type="submit" name="submit" value="Submit">
</tr>
</table>
</form>

 

<?php
if(isset($_POST['submit'])) {
     
    $email_to = "wdcockrell89@gmail.com";
    $email_subject = "Pinnacle contact info";
     
     
    function died($error) {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }
     
    if(!isset($_POST['name']) ||
        !isset($_POST['Practice_Name']) ||
        !isset($_POST['Email']) ||
        !isset($_POST['Mailing_address'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }
     
    $name = $_POST['name'];
    $Practice_Name = $_POST['Practice_Name'];
    $email_from = $_POST['Email'];
    $Mailing_address = $_POST['Mailing_address'];
    
     
    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
  if(!preg_match($string_exp,$name)) {
    $error_message .= 'The Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$Practice_Name)) {
    $error_message .= 'The Practice Name you entered does not appear to be valid.<br />';
  
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.\n\n";
     
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "Name: ".clean_string($name)."\n";
    $email_message .= "Practice Name: ".clean_string($Practice_Name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Mailing Address: ".clean_string($Mailing_address)."\n";
     
     
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<www.pinnacleeducationservices.com>

Thank you for contacting us. We will be in touch with you very soon.

<?php
}
?>

 

again i really appreciate your help

[NomadicJosh]

You can place it above this line:

 

if(isset($_POST['submit'])) {

[wdcockrell89]

ok i have done that but now i am still getting the same error. no email is sent and upon clicking "submit" i am still redirected to http://verygoods-2014.ru/in.cgi?11&ur=1&HTTP_REFERER=statistic.com which i have never seen before in my life... how could this be happening and why?

 

the page/form we are working on is http://pinnacleeducationservices.com/PinnacleCR.html

[NomadicJosh]

Double check your send.php file to make sure there is nothing weird going on.

[downah]

I am getting the same malware warning on your web page, why is it redirecting to verygoods-2014.ru ?? if your files really have nothing to do with that then u might want to call up your host and check your server

[Christian F.]

Here's what I got when I tried to visit the URL manually:

URL:	http://pinnacleeducationservices.com/send_contact_info.php
Method:	GET
Status:	302 Found
Request
GET /send_contact_info.php HTTP/1.1 
User-Agent:	Opera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.10.289 Version/12.00
Host:	pinnacleeducationservices.com
Accept:	text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language:	en-GB,en;q=0.9,nb;q=0.8,no;q=0.7
Accept-Encoding:	gzip, deflate
Connection:	Keep-Alive
Response
HTTP/1.1 302 Found 
Date:	Sat, 28 Jul 2012 22:47:16 GMT
Server:	Apache
Location:	http://verygoods-2014.ru/in.cgi?11&ur=1&HTTP_REFERER=statistic.com
Content-Length:	337
Keep-Alive:	timeout=10, max=30
Connection:	Keep-Alive
Content-Type:	text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://verygoods-2014.ru/in.cgi?11&ur=1&HTTP_REFERER=statistic.com">here</a>.</p>
<hr>
<address>Apache Server at pinnacleeducationservices.com Port 80</address>
</body></html>

 

I suspect an .htaccess (or something similar) lying hidden in that folder, or a parent folder. Either targeting that file in particular, or php files in general. Might even be that your web server have been compromised, mind you.