Contact form errors

[jeffcampbell]

Hello all,

 

New to php and this website, just started with trying to create a contact form as my first project, all seemed to be going well until I put the form online. When the form is filled in, it does no keep the data put into the form rather it send me a email like the example below:

 

Name: name

 

Email :email

 

Comments: comments

 

I have try and research all I can but now I'm running out of energy on this, if any experienced phpfreaks (pun intended) could help me by looking over my code I would be very grateful for any advice given.

 

Many thanks in advance Jeff.

 

<?php
$errors = array();
$missing = array();
if (isset ($_POST['send'])) {
 $to = 'myemail';
 $subject = 'Feedback from contact form';
 $expected = array('name', 'email', 'comments');
 $required = array('name', 'email', 'comments');
 $headers = "From: \r\n";
 $headers .= "Content-type: text/plain: charset=utf-8";
 $authenticate = '-myemail';
 require './mailprocess.php';
 if ($mailSent) {
 header('Location:thankyou.php');
 exit;
 }
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Contact Form</title>
</head>

<body>
<h1>Contact Form</h1>
<?php if (($_POST && $suspect) || ($_POST && isset($errors['mailfail']))) { ?>
<p class="warning"> Your mail was not sent.</p>
<?php } elseif ($errors || $missing) { ?>
<p class="warning"> Please fix highlighted item(s).</p>
<?php }?>
<form name="contact" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
 <p>
 <label for="name">Name:
 <?php if ($missing && in_array('name', $missing)) { ?>
 <span class="warning">Please enter your name</span>
 <?php } ?>
 </label>
    <input type="text" name="name" id="name"
    <?php
 if ($errors || $missing) {
  echo 'value="' . htmlentities($name, ENT_COMPAT, 'utf-8') . '"';
 }
 ?>
    >
 </p>
 <p>
 <label for="email">Email:
    <?php if ($missing && in_array('email', $missing)) { ?>
    <span class="warning">Please enter your email address</span>
    </label>
    <?php } elseif (isset ($errors['email'])) { ?>
    <span class="warning">Invalid email address</span>
    <?php } ?>
 <input type="text" name="email" id="email"
    <?php
 if ($errors || $missing) {
  echo 'value="' . htmlentities($email, ENT_COMPAT, 'utf-8') . '"';
 }
 ?>
    >
 </p>
 <p>
 <label for="comments">Message:
    <?php if ($missing && in_array('comments', $missing)) { ?>
    <span class="warning">Please enter your message</span> 
 <?php } ?>
    </label>
 <textarea name="comments" id="comments"><?php
 if ($errors || $missing) {
  echo htmlentities($comments, ENT_COMPAT, 'utf-8');
 }
    ?></textarea>
 </p>
 <p>
 <input type="submit" name="send" id="send" value="Send Message">
 </p>
</form>
</body>
</html>

 

And the mail process code is below here :

 

<?php
$suspect = false;
$pattern = '/Content-Type:|Bcc:|Cc:/i';

function isSuspect($val, $pattern, &$suspect) {
 if (is_array($val)) {
  foreach ($val as $item) {
   isSuspect($item, $pattern, $suspect);
  }
 } else {
  if (preg_match($pattern, $val)) {
   $suspect = true;
  }
 }
}
isSuspect($_POST, $pattern, $suspect);

if (!$suspect) {
 foreach ($_POST as $key => $value) {
  $temp = is_array($value) ? $value :trim($value);
  if (empty($temp) && in_array($key, $required)) {
   $missing[] = $key;
   $$key = '';
  } elseif(in_array($key, $expected)) {
   $$key = $temp;
  }
 }
}
if (!$suspect && !empty($email)) {
 $validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
 if ($validemail) {
 $headers .= "\r\nReply-to: $validemail"; 
 } else {
  $errors['email'] = true;
 }
}

if (!$suspect && !$missing && !$errors) {
 $message = '';
  foreach ($expected as $item) {
     if (isset($$item) && !empty($$item)) {
        $val = $item;
 } else {
  $val = 'Not selected';
 }
 if (is_array($val)) {
  $val = implode(', ', $val);
 }
 $item = str_replace(array('_', '-'), ' ', $item);
 $message .= ucfirst($item) . ": $val\r\n\r\n";
 }
 $message = wordwrap($message, 70);
 
 $mailSent = mail($to, $subject, $message, $headers, $authenticate);
 if (!$mailSent) {
 $errors['mailfail'] = true; 
 }
}

[cyberRobot]

Sorry, I'm not sure what you're asking. Is the form not being re-populated after the submit button is clicked? Is there a problem with the email message being sent? Or are you having problems with the error messages not displaying as expected?

 

 

Side note: I would recommend checking out the following article with regard to using PHP_SELF as the form action:

http://seancoates.com/blogs/xss-woes

 

 

Also, please surround code blocks with

tags in the future. They improve the readability of your posts. 

[jeffcampbell]

Hello,

CyberRobot

 

Thank you for the link I will check it out (fingers crossed it will help,) sorry if for not explaining the problem better.

 

When I submit the form instead of receiving the filled in data I receive a email with the name of each value instead.

 

For example it should send something like this:

 

Name: John Smith

 

Email: johnsmith@example.com

 

comments: Hi it's John Smith

 

This is what I actually receive below:

 

Name:name

 

Email:email

 

Comments:comments

 

for some reason it sends the id value instead of the data submitted in the form, and for the life of me I can not see or find any errors

 

p.s will use code tags in future