tactik Posted May 4, 2007 Share Posted May 4, 2007 Hi, first time in here looking for help as I have not-very-much of a clue about my sites PHP scripting. It is in reference to the form that people fill out when they are interested in a particular service or just want to get in contact with the business in general. They fill out the form; name, email, location and message fields. All these fields are assigned a name/string.. these are then compiled by a php javascript file and sent as an email to the appropriate address. The delivery of the basic email works perfectly except the minor problem of ALL the fields being empty; we receive an email with this in it - Sender Name: Sender E-Mail: Sender Location: Message: note: the reply-to field is empty as well. The strange part is that it was working a few months ago. It was all done by my brother (in communicado atm) and worked for years until 6 months ago. I don't think I've changed anything in the relative files. Considering the mail is sent and it has the correct headings in it (as show above) but without any information. Is it a problem with their assigned name/string values? Or how they are being transferred for use in the PHP script? Here's a Input field piece of code; <INPUT type="text" name="sender_name" font="blahblahblah......."> </font><br> That is containd in this form <FORM name="myform" method="POST" action="eventpage-myemail.php"> And is executed by this <a href="javascript: submitform()"> which is this function submitform() { document.myform.submit(); } This is the contents of the PHP file; <?php $msg = "Sender Name:\t$sender_name\n"; $msg .= "Sender E-Mail:\t$sender_email\n"; $msg .= "Sender Location:\t$sender_location\n"; $msg .= "Message:\t$message\n\n"; $recipient = "[email protected]"; $subject = "AcWep Design Query"; $mailheaders = "From: From www.acousticweaponry.com <> \n"; $mailheaders .= "Reply-To: $sender_email\n\n"; mail($recipient, $subject, $msg, $mailheaders); echo "<html>\n"; echo "<head>\n"; echo "<title>sent successfully!</title>\n"; echo "<style type=\"text/css\">\n"; echo "<!--\n"; echo "BODY{\n"; echo "scrollbar-face-color: #1F72CE;\n"; echo "scrollbar-arrow-color: #2196F5;\n"; echo "scrollbar-track-color: #2196F5;\n"; echo "scrollbar-shadow-color: #1F72CE;\n"; echo "scrollbar-highlight-color: #1F72CE;\n"; echo "scrollbar-3dlight-color: #1F72CE;\n"; echo "scrollbar-darkshadow-Color: #1F72CE;\n"; echo "}\n"; echo "-->\n"; echo "<!--\n"; echo "A:link { text-decoration: none; color: \"#BCDFFC\" }\n"; echo "A:visited { text-decoration: none; color: \"#BCDFFC\" }\n"; echo "A:hover { text-decoration: underline; color: \"#BCDFFC\" }\n"; echo "-->\n"; echo "</style>\n"; echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"5; url=http://www.acousticweaponry.com/eventpage_thanks.htm\">\n"; echo "</head>\n"; echo "<body>\n"; echo "</body>\n"; echo "</html>"; ?> I can't see where it's gone awry? Anyone got any ideas? Cheers ps: Also, as a complete n00b, what is the effect of having things either in your www folder or public_html folder Link to comment https://forums.phpfreaks.com/topic/49953-strange-mail-function-behaviour/ Share on other sites More sharing options...
nogray Posted May 4, 2007 Share Posted May 4, 2007 instead of using the variables name directly, use the $_POST array so instead of this $msg = "Sender Name:\t$sender_name\n"; You'll have this $msg = "Sender Name:\t".$_POST['sender_name']."\n"; Also you have a security problem in this line $mailheaders .= "Reply-To: $sender_email\n\n"; spammers could use your server to send tons of spam all over the place. You can find out more details on http://www.securephpwiki.com/index.php/Email_Injection Link to comment https://forums.phpfreaks.com/topic/49953-strange-mail-function-behaviour/#findComment-245497 Share on other sites More sharing options...
tactik Posted May 5, 2007 Author Share Posted May 5, 2007 Cheers for the info. & I'll definitely check out that security issue. thanks. Link to comment https://forums.phpfreaks.com/topic/49953-strange-mail-function-behaviour/#findComment-245973 Share on other sites More sharing options...
tactik Posted May 5, 2007 Author Share Posted May 5, 2007 I just implemented your code.. works beautifully! muy apreciado! Link to comment https://forums.phpfreaks.com/topic/49953-strange-mail-function-behaviour/#findComment-245998 Share on other sites More sharing options...
tactik Posted May 5, 2007 Author Share Posted May 5, 2007 As for the secuity issues. I changed it so that there was no user input-field that ended up in the mailheader. It only get's reproduced in the body of the email. Means we have to copy the email address from the email body when replying.. but it's a small concession. Does this seem ok? or is there still a security issue. Link to comment https://forums.phpfreaks.com/topic/49953-strange-mail-function-behaviour/#findComment-246006 Share on other sites More sharing options...
igor berger Posted May 7, 2007 Share Posted May 7, 2007 Do a referer check to make sure your email script gets called from your host Otherwise someone will use it to spam you with tons of xxx and viagra offers! Link to comment https://forums.phpfreaks.com/topic/49953-strange-mail-function-behaviour/#findComment-247227 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.