Coolidge Posted October 15, 2019 Share Posted October 15, 2019 Hello - I am very new to PHP. I have a simple form that uses gmail SMTP. The form works, but the sender always comes across as the email address from the gmail SMTP account. We need the sender to be the email address filled in on the form. Here is the form: <table width="50%" border="0"> <tr> <td>Name:</td> <td><INPUT maxLength="60" size="60" name="Applicant" required="yes" message="Please fill in your Name."></td> </tr> <tr> <td>Email Address:</td> <td><INPUT maxLength="60" size="60" name="EmailAddress" required="yes" message="Please fill in your Email Address."></td> </tr> </table> </p> <p><input type="submit" value="Submit" name="B1"></p> </form> Here is the PHP to send the form: <?php require_once "Mail.php"; $from = '<Form Submitter>'; $to = "me@webmaster.com"; $subject = "Application Access Request"; $body = "The following person has requested access to the Foundation:\r\n" . $_POST['Applicant'] . "\r\n" . $_POST['EmailAddress']; $headers = array( 'From' => $from, 'To' => $to, 'Subject' => $subject ); $smtp = Mail::factory('smtp', array( 'host' => 'ssl://smtp.gmail.com', 'port' => '465', 'auth' => true, 'username' => 'me@gmail.com', 'password' => 'xxxxx' )); $mail = $smtp->send($to, $headers, $body, $Applicant, $EmailAddress); if (PEAR::isError($mail)) { echo('<p>' . $mail->getMessage() . '</p>'); } else { echo('<p>Thank you. Your information has been successfully submitted.</p>'); } ?> How can I get the email to come from the address that's filled in on the form? I would be very grateful for any help...thank you so much!! Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 16, 2019 Share Posted October 16, 2019 (edited) What is this line doing for you? $from = '<Form Submitter>'; I don't recognize this syntax. Apparently you are just setting your header to show a string as the from argument and not an email address. Edited October 16, 2019 by ginerjm Quote Link to comment Share on other sites More sharing options...
Coolidge Posted October 16, 2019 Author Share Posted October 16, 2019 OK, thanks. Again, brand new to PHP dev and this forum. I'm using code from a PHP reference, so not entirely sure what the From line is doing. I know that the value does not impact how the form behaves - it consistently comes from the gmail address. All I need is for the email to come from the address that's filled in on the form. Thanks again. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 16, 2019 Share Posted October 16, 2019 The "from" address is used by the mail program as the legitimate "from address" of the email being sent. So - you have to set that header value to the address you want. But - you must use an address that your mail server recognizes, usually one from the same domain and not one that an anonymous user provides to you in a form field. Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 16, 2019 Share Posted October 16, 2019 What you are wanting to do is "spoof" the from address. While there can be some legitimate business needs to do this, it can create problems that are difficult/impossible to resolve. Spoofing the from address is rather simple and is something that spammers/scammers have been doing for many years now. E.g. you might be sent an email from representative@yourbank.com as a phishing attempt. The fact that the from address looks to be a legitimate email from your bank gives the email some credibility. Because of this, there are an array of different protections that can be in place to prevent/hinder this. The crux of the issue is that you want to send an email from "user@usersdomain.com" but it is being sent though your form which is going to send it through the email server that you have configured for your form - in this case gmail.com and using the credentials of a gmail account. Generally, an email should be sent through the SMTP server that is responsible for the domain of the sending user (or through an SMTP server that has been identified as an authoritative server for that domain). You cannot control the authoritative servers for domains you do not own. Then, there can be protections on the receiving end: either in the SMTP servers or in third-party services. When an email comes in the system may do a reverse-lookup to ensure the email came from an authoritative server. If not, it gets dropped. To put it simply, you can try it. It may not work for all emails (especially if they are being sent to different domains) and there is no guarantee that it won't stop working one day because you are performing the same action as a scammer would. Having said all that, when sending an email you can specify the sender information within the headers. Here is an example of the header in a sample script of mine using PHP's mail function (this uses a "friendly" name :in addition to a specified from email address $to = 'recipient@recipientdomain.com'; $subject = "Subject of the email"; $message = "Here is body of the email message"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; //From info $headers .= 'From: Bob Smith <bob.smith@bobsmithsdomain.com>' . "\r\n"; $headers .= 'Reply-To: Bob Smith <bob.smith@bobsmithsdomain.com>' . "\r\n"; $headers .= 'X-Mailer: PHP/' . phpversion(); $message = "Here is the message"; mail($to, $subject, $message, $headers); For your function, I suspect you would do it like this: $headers = array( 'From' => $_POST['EmailAddress'], 'To' => $to, 'Subject' => $subject ); But, for the reasons stated above, I would not advise this. "System" emails should be coming from the system/application. There are other ways to allow the recipient to respond to the requester. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.