dawndmd Posted February 3, 2008 Share Posted February 3, 2008 Hi, I have some knowledge of php. I just created a form, but for some reason when I hit submit, I get no errors, but the info is not coming to my email either. I am not getting an email. URL of form is www.savethedatebridal.com/form.php and below is my php. Any help would be appreciated. I am sure I am overlooking something here. Dawn <?php $options = array("75", "150", "200"); // set up options array, may be easier ways depending on data. $footer = "</body>\n</html>"; function RemoveXSS($val) { if (ini_get('magic_quotes_gpc')) { $val = stripslashes($val); } // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[x|X]0{0,8}([9][a]);?)?'; $pattern .= '|(�{0,8}([9][10][13]);?)?'; $pattern .= ')?'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } if (isset($_POST['submit'])) { $errors = array(); // Initialize error array. //Check for brides name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname']))) || !$_POST['bridesname']) { $bridesname = $_POST['bridesname']; } else { $errors[] = 'Please enter your full name.'; } //Check for grooms name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['groomsname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['groomsname']))) || !$_POST['groomsname']) { $groomsname = $_POST['groomsname']; } else { $errors[] = 'Please enter your full name.'; } //Check for wedding date $weddingdate = nl2br(htmlspecialchars(RemoveXSS($_POST['weddingdate']))); if($_POST['weddingdate']) { $weddingdate = nl2br(htmlspecialchars(RemoveXSS($_POST['weddingdate']))); } else { $errors[] = 'Please enter wedding date.'; } //Check for envelope color $matteglossy = nl2br(htmlspecialchars(RemoveXSS($_POST['matteglossy']))); if($_POST['matteglossy']) { $matteglossy = nl2br(htmlspecialchars(RemoveXSS($_POST['matteglossy']))); } else { $errors[] = 'Please enter whether you want a matte or glossy finish to the product.'; } //Check for address $streetaddress = nl2br(htmlspecialchars(RemoveXSS($_POST['streetaddress']))); if($_POST['streetaddress']) { $streetaddress = nl2br(htmlspecialchars(RemoveXSS($_POST['streetaddress']))); } else { $errors[] = 'Please enter street address'; } //Check for city if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['city'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['city']))) || !$_POST['city']) { $city = $_POST['city']; } else { $errors[] = 'Please enter your city.'; } //Check for phone number if(preg_match('/^\(?[0-9]{3}\)?[\- ]?[0-9]{3}\-?[0-9]{4}$/', stripslashes(trim($_POST['telephone'])))) { $telephone = $_POST['telephone']; } else { $errors[] = 'Please enter a valid, 10 digit, phone number.'; } //Check for e-mail address if(eregi('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['emailaddress'])))) { $emailaddress = $_POST['emailaddress']; } else { $errors[] = 'Please enter a valid email address.'; } //Check for Paypal e-mail address if(eregi('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['paypalemailaddress'])))) { $paypalemailaddress = $_POST['paypalemailaddress']; } //Clean comments $comments = nl2br(htmlspecialchars(RemoveXSS($_POST['comments']))); /*Comments were optional, to make them required use: if($_POST['comments']) { $comments = nl2br(htmlspecialchars(RemoveXSS($_POST['comments']))); } else { $errors[] = 'Please enter comments.'; } */ if (empty($errors)) { //No errors, send e-mail $todayis = date("l, F j, Y, g:i a") ; $subject = "Save the Date Order Form"; $message = "Date: $todayis [EST] From: $name ($emailaddress) Bride's Full Name: $bridesname Groom's Full Name: $groomsname Wedding Date: $weddingdate Where Wedding will take place: $weddingplace Matte or Glossy finish: $matteglossy Street Address: $streetaddress City: $city State: $state Telephone Number: $telephone Email Address: $emailaddress Paypal Email Address: $paypalemailaddress How did you find us?: $CHECKBOX"; $from = "From: $emailaddress\r\n"; //send the message. @mail("dawndmd@charter.net", $subject, $message, $from); echo '<h2><font color="red">Thank You for your order</font></h2>' . $footer; //display confirmation exit; } else { // oh dear, there were some errors echo '<h1>Error!</h1> <p>The following error(s) occured:<br />'; foreach ($errors as $msg) { // Print each error. echo " - <font color=\"red\">$msg</font><br />\n"; } echo '</p><p>Please try again.</p><p><br /></p>'; } } ?> </blockquote> <form action="form.php" method="post"> <CENTER> <p> </p> <TABLE BORDER="0" WIDTH="100%"> <TR> <TD WIDTH="38%">Bride's Full Name:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="bridesname" SIZE="25" value="<?php if (isset($_POST['bridesname'])) echo stripslashes($_POST['bridesname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Groom's Full Name:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="groomsname" SIZE="25" value="<?php if (isset($_POST['groomsname'])) echo stripslashes($_POST['groomsname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Wedding Date:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="weddingdate" SIZE="25" value="<?php if (isset($_POST['weddingdate'])) echo stripslashes($_POST['weddingdate']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Where will Wedding take place?</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="weddingplace" SIZE="25" value="<?php if (isset($_POST['weddingplace'])) echo stripslashes($_POST['weddingplace']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Matte or Glossy Finish</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="matteglossy" SIZE="25" value="<?php if (isset($_POST['matteglossy'])) echo stripslashes($_POST['matteglossy']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Street Address:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="streetaddress" SIZE="25" value="<?php if (isset($_POST['streetaddress'])) echo stripslashes($_POST['streetaddress']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">City:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="city" SIZE="25" value="<?php if (isset($_POST['city'])) echo stripslashes($_POST['city']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">State:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="state" SIZE="25" value="<?php if (isset($_POST['state'])) echo stripslashes($_POST['state']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Telephone Number:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="telephone" SIZE="25" value="<?php if (isset($_POST['telephone'])) echo stripslashes($_POST['telephone']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Email Address:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="emailaddress" SIZE="25" value="<?php if (isset($_POST['emailaddress'])) echo stripslashes($_POST['emailaddress']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%">Paypal Email Address:</TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="paypalemailaddress" SIZE="25" value="<?php if (isset($_POST['paypalemailaddress'])) echo stripslashes($_POST['paypalemailaddress']); ?>" /></TD> </TR> </TABLE> </P> <TABLE BORDER="0" WIDTH="100%"> <TR> <TD WIDTH="37%">How did yo hear about us?</TD> <TD WIDTH="63%"><INPUT TYPE="CHECKBOX" NAME="searchengine" VALUE="<?php if (isset($_POST['searchengine'])) echo stripslashes($_POST['searchengine']); ?>" />Search Engine <INPUT TYPE="CHECKBOX" NAME="telephonebook" VALUE="<?php if (isset($_POST['telephonebook'])) echo stripslashes($_POST['telephonebook']); ?>" />Telephone Book <INPUT TYPE="CHECKBOX" NAME="friend" value="<?php if (isset($_POST['friend'])) echo stripslashes($_POST['friend']); ?>" />Friend</TD> </TR> </TABLE> <br /> </P> <input type="submit" value="Submit your Request" name="submit"><input type="reset" value="Clear Form" name="reset"><br /> </CENTER> </FORM> <?php echo $footer; ?> Quote Link to comment Share on other sites More sharing options...
ratcateme Posted February 3, 2008 Share Posted February 3, 2008 do you have access to the sendmail logs to see if the email is getting to sendmail. and have you check your span box i a had a problem where my emails were going to my pan box Scott. Quote Link to comment Share on other sites More sharing options...
dawndmd Posted February 3, 2008 Author Share Posted February 3, 2008 Not sure where to find the sendmail logs, but I did check the spam it wasn't in there either Quote Link to comment Share on other sites More sharing options...
ratcateme Posted February 3, 2008 Share Posted February 3, 2008 if you have full server access look for you mail logs in /var/log/ and try removing the @ from in front of you mail() command Scott. Quote Link to comment Share on other sites More sharing options...
DonPatricio Posted February 3, 2008 Share Posted February 3, 2008 maybe the mail() function is deactivated on your server? Quote Link to comment Share on other sites More sharing options...
dawndmd Posted February 4, 2008 Author Share Posted February 4, 2008 I will look into the server thing. That is what I was thinking maybe it is on the server end. So the code does look correct to you guys? Dawn Quote Link to comment Share on other sites More sharing options...
dawndmd Posted February 4, 2008 Author Share Posted February 4, 2008 Is it possible just to get a thumbs up on the coding of this form? I have tried the suggestions and they don't seem to fix the problem. Dawn Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.