[SOLVED] Help!! I'm a PHP virgin.

[email protected] · April 23, 2007

Hi there,

I'm very new to this whole web building thing and PHP. I've created a site with a contact form which uses PHP to send the info via email.

The problem I have is that although the email is sent with the data, I get an error appear after submission instead of the confirmation page I have generated.

The code for the form I'm using is:

<?php

?>

<html>

<head>

<title>Email_Us</title>

<!--

function FP_swapImg() {//v1.0

var doc=document,args=arguments,elm,n; doc.$imgSwaps=new Array(); for(n=2; n<args.length;

n+=2) { elm=FP_getObjectByID(args[n]); if(elm) { doc.$imgSwaps[doc.$imgSwaps.length]=elm;

elm.$src=elm.src; elm.src=args[n+1]; } }

}

function FP_preloadImgs() {//v1.0

var d=document,a=arguments; if(!d.FP_imgs) d.FP_imgs=new Array();

for(var i=0; i<a.length; i++) { d.FP_imgs=new Image; d.FP_imgs.src=a; }

}

function FP_getObjectByID(id,o) {//v1.0

var c,el,els,f,m,n; if(!o)o=document; if(o.getElementById) el=o.getElementById(id);

else if(o.layers) c=o.layers; else if(o.all) el=o.all[id]; if(el) return el;

if(o.id==id || o.name==id) return o; if(o.childNodes) c=o.childNodes; if©

for(n=0; n<c.length; n++) { el=FP_getObjectByID(id,c[n]); if(el) return el; }

f=o.forms; if(f) for(n=0; n<f.length; n++) { els=f[n].elements;

for(m=0; m<els.length; m++){ el=FP_getObjectByID(id,els[n]); if(el) return el; } }

return null;

}

// -->

</script>

</head>

<body background="images/background.jpg" onload="FP_preloadImgs(/*url*/'images/button57.jpg', /*url*/'images/button56.jpg')">

<form id="form" method="post" action="emailus.php">

<table border="0" width="100%">

<tr>

<td align="left" valign="top">

<font color="#CC9900" style="font-size: 20pt; font-weight: 700" face="Times New Roman">

Email Us</font></td>

<td>

<p align="right">

<a href="index.htm">

</tr>

</table>

<table border="0" width="100%">

<tr>

<td>Company Name</td>

<td width="796">

<input type="text" name="Company" value="" size="46" style="background-color: #FFFF99"/></td>

</tr>

<tr>

<td>Contact Name*</td>

<td width="796">

<input type="text" name="Name" value="" size="46" style="background-color: #FFFF99"/></td>

</tr>

<tr>

<td>Location </td>

<td width="796">

<input type="text" name="Location" value="" size="46" style="background-color: #FFFF99"/></td>

</tr>

<tr>

<td>Telephone </td>

<td width="796">

<input type="number" name="Telephone" value="" size="46" style="background-color: #FFFF99"/></td>

</tr>

<tr>

<td>Your Email* </td>

<td width="796">

<input type="text" name="Email" value="" size="46" style="background-color: #FFFF99" /></td>

</tr>

<tr>

<td> </td>

<td width="796"> </td>

</tr>

<tr>

<td align="left" valign="top" rowspan="2">Enquiry Detail*</td>

<td width="796">

<textarea name="Comments" rows="8" cols="60" style="background-color: #FFFF99"></textarea></td>

</tr>

<tr>

<td width="796">

<br>

Please feel free to supply a picture relating to your enquiry.

Click '<b>Browse</b>' to attach file.<br>

<p>

<input type="file" name="attachment" style="background-color: #FFFF99; width: 541px;" size="58" /></p>

<p> </td>

</tr>

</table>

<p> * = required fields <input type="submit" name="submit" value="Submit" style="background-color: #FFCC66" />

<input type="reset" name="Clear Form" value="Reset" style="background-color: #FFCC66" />

<input type="hidden" name="config" value="0" />

</p>

</form>

<form id="form" method="post" action="emailus.php" enctype="multipart/form-data">

</html>

The code for the PHP is:

<?php

////////////////////////////////////////////////////////////////////////////

// FormMailer comes with ABSOLUTELY NO WARRANTY

// Licensed under the AGPL

// See license.txt and readme.txt for details

////////////////////////////////////////////////////////////////////////////

// General Variables

$check_referrer="no";

$referring_domains="http://domain.com/,http://www.domain.com/,http://subdomain.domain.com/";

// options to use if hidden field "config" has a value of 0

// recipient info

$charset[0]="iso-8859-1";

$tomail[0]="[email protected]";

$cc_tomail[0]="";

$bcc_tomail[0]="";

// Mail contents config

$subject[0]="Conservation Enquiry";

$reply_to_field[0]="Email";

$reply_to_name[0]="Name";

$required_fields[0]="Name,Comments";

$required_email_fields[0]="Email";

$attachment_fields[0]="attachment";

$return_ip[0]="yes";

$mail_intro[0]="The following person submitted an enquiry, the details are as follows:";

$mail_fields[0]="Company,Name,Location,Telephone,Email,Comments";

$mail_type[0]="text";

$mail_priority[0]="1";

$allow_html[0]="no";

// Send back to sender config

$send_copy[0]="no";

$send_copy_format[0]="vert_table";

$send_copy_fields[0]="Company,Name,Location,Telephone,Email,Comments";

$send_copy_attachment_fields[0]="";

$copy_subject[0]="Subject of Copy Email";

$copy_intro[0]="Thanks for your inquiry, the following message has been delivered.";

$copy_from[0]="[email protected]";

$copy_tomail_field[0]="Email";

// Result options

$header[0]="";

$footer[0]="";

$error_page[0]="";

$thanks_page[0]="";

// Default Error and Success Page Variables

$error_page_title[0]="Error - Missed Fields";

$error_page_text[0]="Please use your browser's back button to return to the form and complete the required fields.";

$thanks_page[0]="confirmation.htm";

// options to use if hidden field "config" has a value of 1

// recipient info

$charset[1]="";

$tomail[1]="";

$cc_tomail[1]="";

$bcc_tomail[1]="";

// Mail contents config

$subject[1]="";

$reply_to_field[1]="";

$reply_to_name[1]="";

$required_fields[1]="";

$required_email_fields[1]="";

$attachment_fields[1]="";

$return_ip[1]="";

$mail_intro[1]="";

$mail_fields[1]="";

$mail_type[1]="";

$mail_priority[1]="";

$allow_html[1]="";

// Send back to sender config

$send_copy[1]="";

$send_copy_format[1]="";

$send_copy_fields[1]="";

$send_copy_attachment_fields[1]="";

$copy_subject[1]="";

$copy_intro[1]="";

$copy_from[1]="";

$copy_tomail_field[1]="";

// Result options

$header[1]="";

$footer[1]="";

$error_page[1]="";

$thanks_page[1]="";

// Default Error and Success Page Variables

$error_page_title[1]="";

$error_page_text[1]="";

$thanks_page_title[1]="";

$thanks_page_text[1]="";

/////////////////////////////////////////////////////////////////////////

// Don't muck around past this line unless you know what you are doing //

/////////////////////////////////////////////////////////////////////////

ob_start();

$config=$_POST["config"];

$debug=0;

$reply_to_field=$reply_to_field[$config];

$copy_tomail_field=$copy_tomail_field[$config];

// fix for Windows email server security

ini_set("sendmail_from",$tomail[$config]);

// email validation regular expression

$regex = "^[-a-z0-9!#$%&\'*+/=?^_`{|}~]+(\.[-a-z0-9!#$%&\'*+/=?^_`{|}~]+)*@(([a-z]([-a-z0-9]*[a-z0-9]+)?){1,63}\.)+([a-z]([-a-z0-9]*[a-z0-9]+)?){2,63}$";

$header_injection_regex = "(\r|\n)(to:|from:|cc:|bcc:)";

if($header[$config]!="")

include($header[$config]);

if($_POST["submit"] || $_POST["Submit"] || $_POST["submit_x"] || $_POST["Submit_x"])

{

////////////////////////////

// begin global functions //

////////////////////////////

// get visitor IP

function getIP()

{

if(getenv(HTTP_X_FORWARDED_FOR))

$user_ip=getenv("HTTP_X_FORWARDED_FOR");

else

$user_ip=getenv("REMOTE_ADDR");

return $user_ip;

}

// get value of given key

function parseArray($key)

{

$array_value=$_POST[$key];

$count=1;

extract($array_value);

foreach($array_value as $part_value)

{

if($count > 1){$value.=", ";}

$value.=$part_value;

$count=$count+1;

}

return $value;

}

// stripslashes and autolink url's

function parseValue($value)

{

$value=preg_replace("/(http:\/\/+.[^\s]+)/i",'<a href="\\1">\\1</a>', $value);

return $value;

}

// html header if used

function htmlHeader()

{

$htmlHeader="<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=".$charset[$config]."\"></head>\n<body>\n<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"600\">\n";

return $htmlHeader;

}

// html footer if used

function htmlFooter()

{

$htmlFooter="</table>\n</body>\n</html>\n";

return $htmlFooter;

}

// build verticle table format

function buildVertTable($fields, $intro, $to, $send_ip)

{

$message=htmlHeader();

if($intro != "")

$message.="<tr>\n<td align=\"left\" valign=\"top\" colspan=\"2\">".$intro."</td>\n</tr>\n";

$fields_check=preg_split('/,/',$fields);

$run=sizeof($fields_check);

for($i=0;$i<$run;$i++)

{

$cur_key=$fields_check[$i];

$cur_value=$_POST[$cur_key];

if(is_array($cur_value))

{

$cur_value=parseArray($cur_key);

}

$cur_value=parseValue($cur_value);

if($allow_html[$config]=="no")

$cur_value=htmlspecialchars(nl2br($cur_value));

else

$cur_value=nl2br($cur_value);

$message.="<tr>\n<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>".$cur_key."</b></td>\n<td align=\"left\" valign=\"top\" width=\"100%\">".$cur_value."</td>\n</tr>\n";

}

if($send_ip=="yes" && $to=="recipient")

{

$user_ip=getIP();

$message.="<tr>\n<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>Sender IP</b></td>\n<td align=\"left\" valign=\"top\" width=\"100%\">".$user_ip."</td>\n</tr>\n";

}

$message.=htmlFooter();

return $message;

}

// build horizontal table format

function buildHorzTable($fields, $intro, $to, $send_ip)

{

$message=htmlHeader();

$fields_check=preg_split('/,/',$fields);

$run=sizeof($fields_check);

if($intro != "")

$message.="<tr>\n<td align=\"left\" valign=\"top\" colspan=\"".$run."\">".$intro."</td>\n</tr>\n";

$message.="<tr>\n";

for($i=0;$i<$run;$i++)

{

$cur_key=$fields_check[$i];

$message.="<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>".$cur_key."</b></td>\n";

}

if($send_ip=="yes" && $to=="recipient")

$message.="<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>Sender IP</b></td>\n";

$message.="</tr>\n";

$message.="<tr>\n";

for($i=0;$i<$run;$i++)

{

$cur_key=$fields_check[$i];

$cur_value=$_POST[$cur_key];

if(is_array($cur_value))

{

$cur_value=parseArray($cur_key);

}

$cur_value=parseValue($cur_value);

if($allow_html[$config]=="no")

$cur_value=htmlspecialchars(nl2br($cur_value));

else

$cur_value=nl2br($cur_value);

$message.="<td align=\"left\" valign=\"top\">".$cur_value."</td>\n";

}

$message.="</tr>\n";

$message.="<tr>\n";

if($send_ip=="yes" && $to=="recipient")

{

$user_ip=getIP();

$message.="<td align=\"left\" valign=\"top\">".$user_ip."</td>\n";

}

$message.="</tr>\n";

$message.=htmlFooter();

return $message;

}

// build plain text format

function buildTextTable($fields, $intro, $to, $send_ip)

{

$message="";

if($intro != "")

$message.=$intro."\n\n";

$fields_check=preg_split('/,/',$fields);

$run=sizeof($fields_check);

for($i=0;$i<$run;$i++)

{

$cur_key=$fields_check[$i];

$cur_value=$_POST[$cur_key];

if(is_array($cur_value))

{

$cur_value=parseArray($cur_key);

}

$cur_value=parseValue($cur_value);

if($allow_html[$config]=="no")

$cur_value=htmlspecialchars($cur_value);

else

$cur_value=$cur_value;

$message.="".$cur_key.": ".$cur_value."\n";

}

if($send_ip=="yes" && $to=="recipient")

{

$user_ip=getIP();

$message.="Sender IP: ".$user_ip."\n";

}

return $message;

}

// get the proper build fonction

function buildTable($format, $fields, $intro, $to, $send_ip)

{

if($format=="vert_table")

$message=buildVertTable($fields, $intro, $to, $send_ip);

else if($format=="horz_table")

$message=buildHorzTable($fields, $intro, $to, $send_ip);

else

$message=buildTextTable($fields, $intro, $to, $send_ip);

return $message;

}

// referrer checking security option

function checkReferer()

{

if($check_referrer=="yes")

{

$ref_check=preg_split('/,/',$referring_domains);

$ref_run=sizeof($ref_check);

$referer=$_SERVER['HTTP_REFERER'];

$domain_chk="no";

for($i=0;$i<$ref_run;$i++)

{

$cur_domain=$ref_check[$i];

if(stristr($referer,$cur_domain)){$domain_chk="yes";}

}

else

{

$domain_chk="yes";

}

return $domain_chk;

}

// checking required fields and email fields

function checkFields($text_fields, $email_fields, $regex)

{

$error_message="";

if($debug==1)

$error_message.="<li>text_fields: ".$text_fields."<br />email_fields: ".$email_fields."<br />reply_to_field: ".$reply_to_field."<br />reply_to_name: ".reply_to_name."</li>";

if($text_fields != "")

{

$req_check=preg_split('/,/',$text_fields);

$req_run=sizeof($req_check);

for($i=0;$i<$req_run;$i++)

{

$cur_field_name=$req_check[$i];

$cur_field=$_POST[$cur_field_name];

if($cur_field=="")

{

$error_message.="<li>You are missing the <b>".$req_check[$i]."</b> field</li>\n";

}

if($email_fields != "")

{

$email_check=preg_split('/,/',$email_fields);

$email_run=sizeof($email_check);

for($i=0;$i<$email_run;$i++)

{

$cur_email_name=$email_check[$i];

$cur_email=$_POST[$cur_email_name];

if($cur_email=="" || !eregi($regex, $cur_email))

{

$error_message.="<li>You are missing the <b>".$email_check[$i]."</b> field or it is not a valid email address.</li>\n";

}

return $error_message;

}

// attachment function

function getAttachments($attachment_fields, $message, $content_type, $border)

{

$att_message="This is a multi-part message in MIME format.\r\n";

$att_message.="--{$border}\r\n";

$att_message.=$content_type."\r\n";

$att_message.="Content-Transfer-Encoding: 7bit\r\n\r\n";

$att_message.=$message."\r\n\r\n";

$att_check=preg_split('/,/',$attachment_fields);

$att_run=sizeof($att_check);

for($i=0;$i<$att_run;$i++)

{

$fileatt=$_FILES[$att_check[$i]]['tmp_name'];

$fileatt_name=$_FILES[$att_check[$i]]['name'];

$fileatt_type=$_FILES[$att_check[$i]]['type'];

if (is_uploaded_file($fileatt))

{

$file=fopen($fileatt,'rb');

$data=fread($file,filesize($fileatt));

fclose($file);

$data=chunk_split(base64_encode($data));

$att_message.="--{$border}\n";

$att_message.="Content-Type: {$fileatt_type}; name=\"{$fileatt_name}\"\r\n";

$att_message.="Content-Disposition: attachment; filename=\"{$fileatt_name}\"\r\n";

$att_message.="Content-Transfer-Encoding: base64\r\n\r\n".$data."\r\n\r\n";

}

$att_message.="--{$border}--\n";

return $att_message;

}

// function to set content type

function contentType($charset, $format)

{

if($format=="vert_table")

$content_type="Content-type: text/html; charset=\"".$charset."\"\r\n";

else if($format=="horz_table")

$content_type="Content-type: text/html; charset=\"".$charset."\"\r\n";

else

$content_type="Content-type: text/plain; charset=\"".$charset."\"\r\n";

return $content_type;

}

// header injection filter

function headerInjectionFilter($reply_to_field, $reply_to_name, $header_injection_regex)

{

$security_filter="";

if(strlen($reply_to_field) > 0)

{

if(eregi($header_injection_regex,$reply_to_field))

$security_filter.="<li>Header injection attempt detected in 'email' data, mail aborted.</li>\n";

if(eregi($header_injection_regex,$reply_to_name))

$security_filter.="<li>Header injection attempt detected in 'name' data, mail aborted.</li>\n";

}

return $security_filter;

}

//////////////////////////

// end global functions //

//////////////////////////

////////////////////////////////

// begin procedural scripting //

////////////////////////////////

$domain_chk=checkReferer();

if($domain_chk=="yes")

{

$security_filter=headerInjectionFilter($_POST[$reply_to_field[$config]], $_POST[$reply_to_name[$config]], $header_injection_regex);

$error_message=checkFields($required_fields[$config], $required_email_fields[$config], $regex);

if(strlen($error_message) < 1 && strlen($security_filter) < 1)

{

// build appropriate message format for recipient

$content_type=contentType($charset[$config], $mail_type[$config]);

$message=buildTable($mail_type[$config], $mail_fields[$config], $mail_intro[$config], "recipient", $return_ip[$config]);

// build header data for recipient message

$extra="From: ".$_POST[$reply_to_name[$config]]."<".$_POST[$reply_to_field[$config]].">\r\n";

if($cc_tomail[$config]!="")

$extra.="Cc: ".$cc_tomail[$config]."\r\n";

if($bcc_tomail[$config]!="")

$extra.="Bcc: ".$bcc_tomail[$config]."\r\n";

$extra.="X-Priority: ".$mail_priority[$config]."\r\n";

// get attachments if necessary

if($attachment_fields[$config]!="")

{

$semi_rand=md5(time());

$border="==Multipart_Boundary_x{$semi_rand}x";

$extra.="MIME-Version: 1.0\r\n";

$extra.="Content-Type: multipart/mixed; boundary=\"{$border}\"";

$message=getAttachments($attachment_fields[$config], $message, $content_type, $border);

}

else

{

$extra.="MIME-Version: 1.0\r\n".$content_type;

}

// send recipient email

if($debug==1)

echo "<p>Mail would have sent if not in debug mode.</p>";

else if($debug==0)

mail("".$tomail[$config]."", "".stripslashes($subject[$config])."", "".stripslashes($message)."", "$extra");

// autoresponse email if necessary

if($send_copy[$config]=="yes")

{

// build appropriate message format for autoresponse

$content_type=contentType($charset[$config], $send_copy_format[$config]);

$message=buildTable($send_copy_format[$config], $send_copy_fields[$config], $copy_intro[$config], "autoresponder", $return_ip[$config]);

// build header data for autoresponse

$copy_tomail=$_POST[$copy_tomail_field];

$copy_extra="From: ".$copy_from[$config]."\r\n";

// get autoresponse attachments if necessary

if($send_copy_attachment_fields[$config]!="")

{

$semi_rand=md5(time());

$border="==Multipart_Boundary_x{$semi_rand}x";

$copy_extra.="MIME-Version: 1.0\r\n";

$copy_extra.="Content-Type: multipart/mixed; boundary=\"{$border}\"";

$message=getAttachments($send_copy_attachment_fields[$config], $message, $content_type, $border);

}

else

{

$copy_extra.="MIME-Version: 1.0\r\n".$content_type;

}

// send autoresponse email

$send_copy = 1;

if($copy_tomail=="" || !eregi($email_regex,$copy_tomail))

$send_copy = 0;

if($send_copy == 1)

mail("$copy_tomail", "".$copy_subject[$config]."", "$message", "$copy_extra");

}

// showing thanks pages from a successful submission

if($thanks_page[$config]=="")

{

echo "<p>".$thanks_page_title[$config]."</p>\n";

echo "<p>".$thanks_page_text[$config]."</p>\n";

}

else

{

header("Location: ".$thanks_page[$config]);

}

else

{

// entering error page options from missing required fields

if($error_page[$config]=="")

{

echo "<p>".$error_page_title[$config]."</p>\n";

echo "<ul>\n";

echo $security_filter;

echo $error_message;

echo "</ul>\n";

echo "<p>".$error_page_text[$config]."</p>\n";

}

else

{

header("Location: ".$error_page[$config]);

}

else

{

// message if unauthorized domain trigger from referer checking option

echo "<p>Sorry, mailing request came from an unauthorized domain.</p>\n";

}

//////////////////////////////

// end procedural scripting //

//////////////////////////////

}

else

{

echo "<p>Error</p>";

echo "<p>No form data has been sent to the script</p>\n";

}

if($footer[$config]!="")

include($footer[$config]);

ob_end_flush();

?>

The error message is:

Warning: Cannot modify header information - headers already sent by (output started at \\NAS37ENT\domains\p\paintingsconservation.net\user\htdocs\emailus.php:1) in \\NAS37ENT\domains\p\paintingsconservation.net\user\htdocs\emailus.php on line 463

As I'm new to this, it's all foreign to me. If anyone can help it will be much appreciated.

As a separate issue, I have created a facility on the form to upload a file which is to accompany the email as an attachment.

This does not work, any thoughts.

Thanks in anticipation.

Jason

MadTechie · April 23, 2007

well im going to ignore this Whole post as you haven't read the rules..

USE [ CODE] TAGS.

Sign In

[SOLVED] Help!! I'm a PHP virgin.

Recommended Posts

[email protected]

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information