email form data

[sigma213]

will be collecting FORM data and emailing the values.

code and email attached...

 

ISSUE: look at the email text.

 

on the line "What is the purpose....."

there is NO line break before the word "How..."

if I put two "\n" in....  then I get a double line feed.

 

 

 

( not sure why.... but cannot seem to be able to paste).

 

 

 

 

 

email.txt

php.txt

[Jacques1]

First the standard decontamination procedure:

• Your code is wide open to mail header injections, which effectively turns your server into an open mail relay. Anybody can use the form to send spam, malware or other illegal content to arbitrary addresses, and the e-mails will have your IP addresses attached to them. As you can imagine, this will quickly get you into legal trouble and the server's IP address on all kinds of spam blacklists -- which your hoster won't find very funny. Don't try to assemble e-mails yourself. Use a high-level library like PhpMailer which does that for you.
• You're forging the From header and pretending the e-mail has been sent by the user. This is a common spammer tactic, so many systems will flag the mails as spam or reject them altogether. Even if you've been lucky so far, this can change at any time. The From header is for the sender which is you. If you additionally want to provide the user's address, use the Reply-To header.
• The success message is vulnerable to cross-site scripting and allows anybody to attack your users.

Maybe you aren't aware of this, but the Internet is open to everyone, not just your friends. So if you want to run a website, then it's your responsibility to make sure it cannot be abused for attacks.

 

When you've fixed all this and the problem persists, check the raw source code of the e-mail. Mail clients don't always manage to render the text correctly.

Edited July 14, 2017 by Jacques1