Jump to content

PHP form - get email address of submitter


Coolidge

Recommended Posts

Hello - I am very new to PHP.  I have a simple form that uses gmail SMTP.  The form works, but the sender always comes across as the email address from the gmail SMTP account.  We need the sender to be the email address filled in on the form.

Here is the form:
<table width="50%" border="0">
  <tr>
    <td>Name:</td>
    <td><INPUT maxLength="60" size="60" name="Applicant" required="yes" message="Please fill in your Name."></td>
  </tr>
  <tr>
    <td>Email Address:</td>
    <td><INPUT maxLength="60" size="60" name="EmailAddress" required="yes" message="Please fill in your Email Address."></td>
  </tr>
</table>
</p>
<p><input type="submit" value="Submit" name="B1"></p>
</form>

 

Here is the PHP to send the form:
 

<?php


require_once "Mail.php";


$from = '<Form Submitter>';
$to = "me@webmaster.com";
$subject = "Application Access Request";
$body = "The following person has requested access to the Foundation:\r\n"  . $_POST['Applicant'] . "\r\n" . $_POST['EmailAddress'];

$headers = array(
    'From' => $from,
    'To' => $to,
    'Subject' => $subject
);

$smtp = Mail::factory('smtp', array(
        'host' => 'ssl://smtp.gmail.com',
        'port' => '465',
        'auth' => true,
        'username' => 'me@gmail.com',
        'password' => 'xxxxx'
    ));
    
    
$mail = $smtp->send($to, $headers, $body, $Applicant, $EmailAddress);

if (PEAR::isError($mail)) {
    echo('<p>' . $mail->getMessage() . '</p>');
} else {
    echo('<p>Thank you.  Your information has been successfully submitted.</p>');
}    

?>

How can I get the email to come from the address that's filled in on the form?  I would be very grateful for any help...thank you so much!!

Link to comment
Share on other sites

OK, thanks.  Again, brand new to PHP dev and this forum.

I'm using code from a PHP reference, so not entirely sure what the From line is doing.  I know that the value does not impact how the form behaves - it consistently comes from the gmail address.  All I need is for the email to come from the address that's filled in on the form.  Thanks again.

Link to comment
Share on other sites

The "from" address is used by the mail program as the legitimate "from address" of the email being sent.  So - you have to set that header value to the address you want.  But - you must use an address that your mail server recognizes, usually one from the same domain and not one that an anonymous user provides to you in a form field.   

Link to comment
Share on other sites

What you are wanting to do is "spoof" the from address. While there can be some legitimate business needs to do this, it can create problems that are difficult/impossible to resolve. Spoofing the from address is rather simple and is something that spammers/scammers have been doing for many years now. E.g. you might be sent an email from representative@yourbank.com as a phishing attempt. The fact that the from address looks to be a legitimate email from your bank gives the email some credibility. Because of this, there are an array of different protections that can be in place to prevent/hinder this.

The crux of the issue is that you want to send an email from "user@usersdomain.com" but it is being sent though your form which is going to send it through the email server that you have configured for your form - in this case gmail.com and using the credentials of a gmail account. Generally, an email should be sent through the SMTP server that is responsible for the domain of the sending user (or through an SMTP server that has been identified as an authoritative server for that domain). You cannot control the authoritative servers for domains you do not own. Then, there can be protections on the receiving end: either in the SMTP servers or in third-party services. When an email comes in the system may do a reverse-lookup to ensure the email came from an authoritative server. If not, it gets dropped.

To put it simply, you can try it. It may not work for all emails (especially if they are being sent to different domains) and there is no guarantee that it won't stop working one day because you are performing the same action as a scammer would.

Having said all that, when sending an email you can specify the sender information within the headers. Here is an example of the header in a sample script of mine using PHP's mail function (this uses a "friendly" name :in addition to a specified from email address

$to      = 'recipient@recipientdomain.com';
$subject = "Subject of the email";
$message = "Here is body of the email message";
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
//From info
$headers .= 'From: Bob Smith <bob.smith@bobsmithsdomain.com>' . "\r\n";
$headers .= 'Reply-To: Bob Smith <bob.smith@bobsmithsdomain.com>' . "\r\n";
$headers .= 'X-Mailer: PHP/' . phpversion();
$message = "Here is the message";

mail($to, $subject, $message, $headers);

For your function, I suspect you would do it like this:

$headers = array(
    'From' => $_POST['EmailAddress'],
    'To' => $to,
    'Subject' => $subject
);

But, for the reasons stated above, I would not advise this. "System" emails should be coming from the system/application. There are other ways to allow the recipient to respond to the requester.

  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.