Jump to content

mail() issues


wdcockrell89
 Share

Recommended Posts

hi i am in a bit of a time crunch developing this basic web page for my mother. i am new to php (like hours new) but feel like i shouldnt be having this problem.

 

what i want the page to do is this: take the information that the visitor entered into a form and email it to me upon pressing the "submit" button.

 

where the problem is is here: when you hit submit, the browser takes me to a page that chrome warns me has had malware detected on it. something like verygoods-2014.ru, which i have never seen before nor can i find it anywhere in my coding. also, the email does not send.

 

i feel like the php coding should be fine, as i have tested several pre-written form referencing mail() scripts as well as using the most basic mail() script possible, all with the same result.

 

i have also wondered where the email that is supposed to be sent comes from. will it just be a "noreply" email sent by the website the script is run on? do i need to set up a server or email that can be accessed by my php script? i feel like this may be part of my problem.

 

any help constructing a script or tips on building a php script for this would be greatly appreciated.

below is the form that i am trying to gather information with. as i said earlier i have tried many mail() scripts of varying complexity, all to no avail, so i will not include one here. the email i want the information to be sent to is wdcockrell89@gmail.com

 

<form name="contactform" method="post" action="send_contact_info.php">

<table width="450px">

 

<tr>

<td valign="top">

  <label for="name">Name *</label>

</td>

<td valign="top">

  <input  type="text" name="name" maxlength="50" size="30">

</td>

</tr>

<tr>

<td valign="top"">

  <label for="Practice_Name">Practice Name *</label>

</td>

<td valign="top">

  <input  type="text" name="Practice_Name" maxlength="50" size="30">

</td>

</tr>

<tr>

<td valign="top">

  <label for="Email">Email Address *</label>

</td>

<td valign="top">

  <input  type="text" name="Email" maxlength="80" size="30">

</td>

</tr>

<tr>

<td valign="top">

  <label for="Mailing_address">Mailing address</label>

</td>

<td valign="top">

  <input  type="text" name="Mailing_address" maxlength="30" size="30">

</td>

</tr>

<tr>

<td colspan="2" style="text-align:center">

  <input type="submit" value="Submit">

</tr>

</table>

</form>

    <p> </p>

    <p>  </p>

    <!-- end .content --></div>

  <!-- end .container --></div>

</body>

</html>

 

 

i dont know how you guys do things here, but i realize my own ignorance and if you feel the need to berate me for it, i'm sure it is deserved. but help is more appreciated ;)

Link to comment
Share on other sites

send_contact_info.php has been changed many times.

 

it has been as simple as:

 

<?php

mail("wdcockrell89@gmail.com", "test", "test body");

?>

 

and has changed to:

 

<?php

if(isset($_POST['email'])) {

   

    $email_to = "wdcockrell89@gmail.com";

    $email_subject = "Pinnacle contact info";

   

   

    function died($error) {

        echo "We are very sorry, but there were error(s) found with the form you submitted. ";

        echo "These errors appear below.<br /><br />";

        echo $error."<br /><br />";

        echo "Please go back and fix these errors.<br /><br />";

        die();

    }

   

    if(!isset($_POST['name']) ||

        !isset($_POST['Practice_Name']) ||

        !isset($_POST['Email']) ||

        !isset($_POST['Mailing_address'])) {

        died('We are sorry, but there appears to be a problem with the form you submitted.');     

    }

   

    $name = $_POST['name'];

    $Practice_Name = $_POST['Practice_Name'];

    $email_from = $_POST['Email'];

    $Mailing_address = $_POST['Mailing_address'];

   

   

    $error_message = "";

    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';

  if(!preg_match($email_exp,$email_from)) {

    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';

  }

    $string_exp = "/^[A-Za-z .'-]+$/";

  if(!preg_match($string_exp,$name)) {

    $error_message .= 'The Name you entered does not appear to be valid.<br />';

  }

  if(!preg_match($string_exp,$Practice_Name)) {

    $error_message .= 'The Practice Name you entered does not appear to be valid.<br />';

 

  }

  if(strlen($error_message) > 0) {

    died($error_message);

  }

    $email_message = "Form details below.\n\n";

   

    function clean_string($string) {

      $bad = array("content-type","bcc:","to:","cc:","href");

      return str_replace($bad,"",$string);

    }

   

    $email_message .= "Name: ".clean_string($name)."\n";

    $email_message .= "Practice Name: ".clean_string($Practice_Name)."\n";

    $email_message .= "Email: ".clean_string($email_from)."\n";

    $email_message .= "Mailing Address: ".clean_string($Mailing_address)."\n";

   

   

$headers = 'From: '.$email_from."\r\n".

'Reply-To: '.$email_from."\r\n" .

'X-Mailer: PHP/' . phpversion();

@mail($email_to, $email_subject, $email_message, $headers); 

?>

 

<www.pinnacleeducationservices.com>

 

Thank you for contacting us. We will be in touch with you very soon.

 

<?php

}

?>

 

perhaps it should be said that i did not write this code but edited it to reference the form more correctly. it is entirely possible my editing was the root of my problem, but i do not see why it redirects me to verygoods-2014.ru

Link to comment
Share on other sites

send_contact_info.php has been changed many times.

 

it has been as simple as:

 

 <?php 
mail("wdcockrell89@gmail.com", "test", "test body");
?> 

and has changed to:

<?php
if(isset($_POST['email'])) {
     
    $email_to = "wdcockrell89@gmail.com";
    $email_subject = "Pinnacle contact info";
     
     
    function died($error) {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }
     
    if(!isset($_POST['name']) ||
        !isset($_POST['Practice_Name']) ||
        !isset($_POST['Email']) ||
        !isset($_POST['Mailing_address'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }
     
    $name = $_POST['name'];
    $Practice_Name = $_POST['Practice_Name'];
    $email_from = $_POST['Email'];
    $Mailing_address = $_POST['Mailing_address'];
    
     
    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
  if(!preg_match($string_exp,$name)) {
    $error_message .= 'The Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$Practice_Name)) {
    $error_message .= 'The Practice Name you entered does not appear to be valid.<br />';
  
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.\n\n";
     
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "Name: ".clean_string($name)."\n";
    $email_message .= "Practice Name: ".clean_string($Practice_Name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Mailing Address: ".clean_string($Mailing_address)."\n";
     
     
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<www.pinnacleeducationservices.com>

Thank you for contacting us. We will be in touch with you very soon.

<?php
}
?>

 

perhaps it should be said that i did not write this code but edited it to reference the form more correctly. it is entirely possible my editing was the root of my problem, but i do not see why it redirects me to verygoods-2014.ru

 

First, I would change your first line to:

if(isset($_POST['submit'])) {

 

2nd, you should take your died function out of your submit statement.

 

And 3rd, update the bottom of your form to include the name attribute:

 

<input type="submit" name="submit" value="Submit">

Link to comment
Share on other sites

i changed the first line as you suggested as well as the last line of the form. i see "died" show up a few times throughout the script. where should it be removed? (sorry, like i said, i am quite new to this).

 

<form name="contactform" method="post" action="send.php">
<table width="450px">

<tr>
<td valign="top">
  <label for="name">Name *</label>
</td>
<td valign="top">
  <input  type="text" name="name" maxlength="50" size="30">
</td>
</tr>
<tr>
<td valign="top"">
  <label for="Practice_Name">Practice Name *</label>
</td>
<td valign="top">
  <input  type="text" name="Practice_Name" maxlength="50" size="30">
</td>
</tr>
<tr>
<td valign="top">
  <label for="Email">Email Address *</label>
</td>
<td valign="top">
  <input  type="text" name="Email" maxlength="80" size="30">
</td>
</tr>
<tr>
<td valign="top">
  <label for="Mailing_address">Mailing address</label>
</td>
<td valign="top">
  <input  type="text" name="Mailing_address" maxlength="30" size="30">
</td>
</tr>

<tr>
<td colspan="2" style="text-align:center">
  <input type="submit" name="submit" value="Submit">
</tr>
</table>
</form>

 

<?php
if(isset($_POST['submit'])) {
     
    $email_to = "wdcockrell89@gmail.com";
    $email_subject = "Pinnacle contact info";
     
     
    function died($error) {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }
     
    if(!isset($_POST['name']) ||
        !isset($_POST['Practice_Name']) ||
        !isset($_POST['Email']) ||
        !isset($_POST['Mailing_address'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }
     
    $name = $_POST['name'];
    $Practice_Name = $_POST['Practice_Name'];
    $email_from = $_POST['Email'];
    $Mailing_address = $_POST['Mailing_address'];
    
     
    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
  if(!preg_match($string_exp,$name)) {
    $error_message .= 'The Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$Practice_Name)) {
    $error_message .= 'The Practice Name you entered does not appear to be valid.<br />';
  
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.\n\n";
     
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "Name: ".clean_string($name)."\n";
    $email_message .= "Practice Name: ".clean_string($Practice_Name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Mailing Address: ".clean_string($Mailing_address)."\n";
     
     
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<www.pinnacleeducationservices.com>

Thank you for contacting us. We will be in touch with you very soon.

<?php
}
?>

 

again i really appreciate your help :)

Link to comment
Share on other sites

ok i have done that but now i am still getting the same error. no email is sent and upon clicking "submit" i am still redirected to http://verygoods-2014.ru/in.cgi?11&ur=1&HTTP_REFERER=statistic.com which i have never seen before in my life... how could this be happening and why?

 

the page/form we are working on is http://pinnacleeducationservices.com/PinnacleCR.html

Link to comment
Share on other sites

Here's what I got when I tried to visit the URL manually:

URL:	http://pinnacleeducationservices.com/send_contact_info.php
Method:	GET
Status:	302 Found
Request
GET /send_contact_info.php HTTP/1.1 
User-Agent:	Opera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.10.289 Version/12.00
Host:	pinnacleeducationservices.com
Accept:	text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language:	en-GB,en;q=0.9,nb;q=0.8,no;q=0.7
Accept-Encoding:	gzip, deflate
Connection:	Keep-Alive
Response
HTTP/1.1 302 Found 
Date:	Sat, 28 Jul 2012 22:47:16 GMT
Server:	Apache
Location:	http://verygoods-2014.ru/in.cgi?11&ur=1&HTTP_REFERER=statistic.com
Content-Length:	337
Keep-Alive:	timeout=10, max=30
Connection:	Keep-Alive
Content-Type:	text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://verygoods-2014.ru/in.cgi?11&ur=1&HTTP_REFERER=statistic.com">here</a>.</p>
<hr>
<address>Apache Server at pinnacleeducationservices.com Port 80</address>
</body></html>

 

I suspect an .htaccess (or something similar) lying hidden in that folder, or a parent folder. Either targeting that file in particular, or php files in general. Might even be that your web server have been compromised, mind you.

Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.