simple php contact form leaving trailed code

[bmbc]

I have used this same php contact form many times and never had this problem. I just checked it in online php code checker and comes up with no errors but when uploaded to the site and I got to test the form it goes to mysite.com/contact.php stuck on trailing code

 

\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.03" ); header( "Location: $thankyouurl" ); exit ; ?>

 

It has me stumped I can't work it out.

 

The full code is:

<?
/*
    CHFEEDBACK.PHP Feedback Form PHP Script Ver 2.03
   

*/

$mailto = 'contact@gmail.com' ;


$subject = "Contact Form" ;


$formurl = "http://www.mysite.com/contact.html" ;
$errorurl = "http://www.mysite.com/error.html" ;
$thankyouurl = "http://www.mysite.com/thanks.html" ;


$name = $_POST['name'] ;
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$http_referrer = getenv( "HTTP_REFERER" );

if (!isset($_POST['email'])) {
	header( "Location: $formurl" );
	exit ;
}
if (empty($name) || empty($email) || empty($comments)) {
   header( "Location: $errorurl" );
   exit ;
}
if (get_magic_quotes_gpc()) {
	$comments = stripslashes( $comments );
}

$messageproper =

	"This message was sent from:\n" .
	"$http_referrer\n" .
	"------------------------- COMMENTS -------------------------\n\n" .
	$comments .
	"\n\n------------------------------------------------------------\n" ;

mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.03" );
header( "Location: $thankyouurl" );
exit ;

?>

But when I look at the source code in browser I can see all of it is in red except for the last trailing bit which appears in black .

Edited June 7, 2014 by bmbc

[paddy_fields]

You have opening PHP tags in there for some reason

 

change;

mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.03" );
header( "Location: $thankyouurl" );
exit ;

to something like this;

$headers = "From: $email" . "\r\n" .
"Reply-To: $email" . "\r\n" .
'X-Mailer: chfeedback.php 2.03';

mail($mailto, $subject, $messageproper, $headers);
header( "Location: $thankyouurl" );
exit;

[Jacques1]

The script allows anybody to use your server as a spam relay. By injecting a BCC header, an attacker can send the e-mail to arbitrary accounts.

 

You may have been lucky so far, but bots regularly scan websites for vulnerabilities like this. And once they find you, your server will quickly be blacklisted, which means you won't be able to send any mails -- your hoster also won't be happy about it.

 

Do not use random scripts you found somewhere on the Internet. You wouldn't download and run arbitrary .exe files on your PC, right? Then why do you download and run arbitrary PHP scripts? That stuff is at least 10 years old, and there's absolutely no reason to believe that it's credible. As we've just found out, it's not.

 

If you want to send e-mails, use an established library like PHPMailer. This will take care of the technical details and make sure you don't end up flooding innocent people with spam. Do not use the mail() function unless you have deep knowledge about the underlying mechanisms and a very good reason why you need low-level access to the raw SMTP message.

[bmbc]

Thanks, yes I didn't think it through because I don't obviously write php so I have been using the same script for a long time but actually not for a few years since using cms, then coming back to it was a mistake. I think I will try swiftmailer on my linux server.