tactik Posted May 4, 2007 Share Posted May 4, 2007 Hi, first time in here looking for help as I have not-very-much of a clue about my sites PHP scripting. It is in reference to the form that people fill out when they are interested in a particular service or just want to get in contact with the business in general. They fill out the form; name, email, location and message fields. All these fields are assigned a name/string.. these are then compiled by a php javascript file and sent as an email to the appropriate address. The delivery of the basic email works perfectly except the minor problem of ALL the fields being empty; we receive an email with this in it - Sender Name: Sender E-Mail: Sender Location: Message: note: the reply-to field is empty as well. The strange part is that it was working a few months ago. It was all done by my brother (in communicado atm) and worked for years until 6 months ago. I don't think I've changed anything in the relative files. Considering the mail is sent and it has the correct headings in it (as show above) but without any information. Is it a problem with their assigned name/string values? Or how they are being transferred for use in the PHP script? Here's a Input field piece of code; <INPUT type="text" name="sender_name" font="blahblahblah......."> </font><br> That is containd in this form <FORM name="myform" method="POST" action="eventpage-myemail.php"> And is executed by this <a href="javascript: submitform()"> which is this function submitform() { document.myform.submit(); } This is the contents of the PHP file; <?php $msg = "Sender Name:\t$sender_name\n"; $msg .= "Sender E-Mail:\t$sender_email\n"; $msg .= "Sender Location:\t$sender_location\n"; $msg .= "Message:\t$message\n\n"; $recipient = "quotes@acousticweaponry.com"; $subject = "AcWep Design Query"; $mailheaders = "From: From www.acousticweaponry.com <> \n"; $mailheaders .= "Reply-To: $sender_email\n\n"; mail($recipient, $subject, $msg, $mailheaders); echo "<html>\n"; echo "<head>\n"; echo "<title>sent successfully!</title>\n"; echo "<style type=\"text/css\">\n"; echo "<!--\n"; echo "BODY{\n"; echo "scrollbar-face-color: #1F72CE;\n"; echo "scrollbar-arrow-color: #2196F5;\n"; echo "scrollbar-track-color: #2196F5;\n"; echo "scrollbar-shadow-color: #1F72CE;\n"; echo "scrollbar-highlight-color: #1F72CE;\n"; echo "scrollbar-3dlight-color: #1F72CE;\n"; echo "scrollbar-darkshadow-Color: #1F72CE;\n"; echo "}\n"; echo "-->\n"; echo "<!--\n"; echo "A:link { text-decoration: none; color: \"#BCDFFC\" }\n"; echo "A:visited { text-decoration: none; color: \"#BCDFFC\" }\n"; echo "A:hover { text-decoration: underline; color: \"#BCDFFC\" }\n"; echo "-->\n"; echo "</style>\n"; echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"5; url=http://www.acousticweaponry.com/eventpage_thanks.htm\">\n"; echo "</head>\n"; echo "<body>\n"; echo "</body>\n"; echo "</html>"; ?> I can't see where it's gone awry? Anyone got any ideas? Cheers ps: Also, as a complete n00b, what is the effect of having things either in your www folder or public_html folder Quote Link to comment Share on other sites More sharing options...
nogray Posted May 4, 2007 Share Posted May 4, 2007 instead of using the variables name directly, use the $_POST array so instead of this $msg = "Sender Name:\t$sender_name\n"; You'll have this $msg = "Sender Name:\t".$_POST['sender_name']."\n"; Also you have a security problem in this line $mailheaders .= "Reply-To: $sender_email\n\n"; spammers could use your server to send tons of spam all over the place. You can find out more details on http://www.securephpwiki.com/index.php/Email_Injection Quote Link to comment Share on other sites More sharing options...
tactik Posted May 5, 2007 Author Share Posted May 5, 2007 Cheers for the info. & I'll definitely check out that security issue. thanks. Quote Link to comment Share on other sites More sharing options...
tactik Posted May 5, 2007 Author Share Posted May 5, 2007 I just implemented your code.. works beautifully! muy apreciado! Quote Link to comment Share on other sites More sharing options...
tactik Posted May 5, 2007 Author Share Posted May 5, 2007 As for the secuity issues. I changed it so that there was no user input-field that ended up in the mailheader. It only get's reproduced in the body of the email. Means we have to copy the email address from the email body when replying.. but it's a small concession. Does this seem ok? or is there still a security issue. Quote Link to comment Share on other sites More sharing options...
igor berger Posted May 7, 2007 Share Posted May 7, 2007 Do a referer check to make sure your email script gets called from your host Otherwise someone will use it to spam you with tons of xxx and viagra offers! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.