Jump to content

Mail function stopped working

qwest

By qwest
in PHP Coding Help

 Share

Recommended Posts

qwest Newbie

qwest

Posted
Posted

Hi guys, i have a 'contact us' section on our website which has been working without issue for some time; however I have recently become aware that it has stopped sending emails. No error shows up when it is used, just nothing arrives where it is intended. We did change our domain name a little while ago and im not sure if these issues coincided with this event; however I don't see how that would have impacted this code. Any ideas? Thank you in advance!

 

if (isset($_REQUEST['btnSubmit']) || isset($_REQUEST['btnSubmit_x']))
 
{
 
 
 
if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{
 
 
$sendTo = "reception@ouremail.com.au";
 
$from = $txtEmail;
 
 
 
ob_start();
 
include("mail_contact.php");
 
$contents = ob_get_contents();
 
ob_end_clean();
 
$message = $contents;
 
 
 
//echo "<br>".$message;
 
 
 
$headers  = "MIME-Version: 1.0\r\n";
 
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
 
$headers .= "From: " . $from;
 
$subject = "Qwest - Contact Us";
 
mail($sendTo, $subject, $message, $headers);
 
                        header( 'Location: http://www.oursite.com.au/thankyou-contact.php' ) ;
 
}
 
else
$errmsg = "Permission Denied..";
 
}
$token = md5(uniqid(rand(), true));
$_SESSION['token'] = $token;
Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

Well, you have no error checking at all, so it's only natural that you don't get any feedback.

 

The second problem is that your From headers are lies: You send the mail from your server, but you claim it's coming from the user's mail server. Since this technique is commonly used for spam and other malicious purposes, some system won't accept such e-mails. Fix the headers. The From address is always the one which actually sends the mail, and you may add a Reply-To header with the user's address.

 

Third, your code is wide open to mail header injection attacks (and potentially cross-site scripting), because you just dump the raw user input straight into the message structure. This can easily be abused and get your server blacklisted.

 

Long story short: You should get rid of the mail() function altogether and switch to a proper libray like PHPMailer. This will fix many of the mistakes you've made, and it allows you to use an external mail server for testing and as a temporary workaround.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.