Closed Thread Icon

Topic awaiting preservation: PHP mail form Pages that link to <a href="https://ozoneasylum.com/backlink?for=28293" title="Pages that link to Topic awaiting preservation: PHP mail form" rel="nofollow" >Topic awaiting preservation: PHP mail form\

 
Author Thread
Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted posted 08-03-2006 14:35

Currently i am working on my new site, and i want to use an php mail-form for the people to contact me.
However i want it to say something like "Your mail has been sended, Thank you."

Currently i use an if/else loop to do the checking but that seems to work but generate the next error:

quote:
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/rinswind/domains/rinswind.nl/public_html/process-mail.php:13) in /usr/home/rinswind/domains/rinswind.nl/public_html/process-mail.php on line 18



I want it to come back to the page first and then display the thank you message.

This is the php-code:

quote:
<?php
@extract($_POST); //extracting the POST information.

$from =stripslashes($from); //cleaning up the POST info.
$subject = stripslashes($subject);
$name = stripslashes($name);
$email = stripslashes($email);
$content = stripslashes($content);

$succes = mail('tomderks@xs4all.nl',$subject,$content,"From: $name <$email>"); //the actual mailing and loading the succes var

if($succes) //checking if the mail has been send, succes should be true if the mail was send.
echo "Je bericht is verstuurd, bedankt en je krijgt zo snel mogelijk antwoord";
else
echo "Helaas is er wat misgegaan, je bericht is NIET verstuurd";

header("location:contact.html"); //redirecting to the contact page.

?>



And here is the contact page : www.rinswind.nl/contact.html
On the working page the offending part is commented out.

btw i am aware off the table on the contact page, it is scheduled to be removed asap.

.........................................................................
:: Develop yourself, develop your life, develop the world ::
.........................................................................

(Edited by Rinswind 2th on 08-03-2006 14:41)

H][RO
Paranoid (IV) Inmate

From: Australia
Insane since: Oct 2002

posted posted 08-03-2006 15:45
code:
if($succes) //checking if the mail has been send, succes should be true if the mail was send.
echo "Je bericht is verstuurd, bedankt en je krijgt zo snel mogelijk antwoord";
else
echo "Helaas is er wat misgegaan, je bericht is NIET verstuurd";

header("location:contact.html"); //redirecting to the contact page.



You problem is you are doing the echo before the header.

You cannot output/print anything before you send header information, which is why you are getting the error.


Besides that doing the echo there is pointless since you are doing a header redirection straight away, so those messages would never be seen

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 08-03-2006 17:07

on a side node ,that script is wide open for a header injection in at least three ways ( seach this very forum ),
and a location: header requires a full url with http et al.

Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted posted 08-04-2006 12:26

In the current stituation the contact.php page is calling an file called "process-mail.php" then process-mail.php returns to contact.php and the $succes var is called. This returns the message that my mail is not send. Which is wrong since the mail has been send.
As far as i can see this is to be expected since the $succes var is empty now.
So here is what i want to do:

1) intergrate the complete code from the procces-mail.php file on the contact.php page. This probably means that the mail form button has to triger some php function.

1a) or the code in the process-mail script should succesfully load the $succes var on the contact page.

2)the code should be more secure thus making header injection impossible or at least hard to do. My best bet would be checking on special characters and simply not alow them to be send.

3)After the mail is send i want an pop-up or other disapearing message to notify the user that the mail has been send.


As i am still searching my way in php i would like some pointers to accomplish this.
page: www.rinswind.nl/contact.php

.........................................................................
:: Develop yourself, develop your life, develop the world ::
.........................................................................

(Edited by Rinswind 2th on 08-04-2006 12:27)

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 08-04-2006 13:15

1 ) Keep process-mail.php, but don't call it as a webpage, include it in your contacts.php.
Ie.

code:
if ( !empty ($_POST ) )
{
include ( "process-mail.php")
}



Then later on do a

code:
if ( isset ( $success ) )
{
  if ( $success ) 
    print "your mail has been sent successfully";
  else
    print "error";
}


in contact.php

2 ) you could parse out newlines ( $variable str_replace ( array ( "\r", "\n"), " ", $variable ).
2a ) You probably will want to trip at least some of the spam bots, less the receiver of the form mailer get's all that spam.
Heuristics to use: Don't send if you find a newline in a place it should not be. Have a hidden field with a 'magic value'. If you don't receive
the value (because a spam bot replaced every field! )=> don't send. If there's a "This is a multi-part message in MIME format." in any of the fields, don't send.

3 ) Popups don't work reliable anymore, and I guess it's easy to see why. (They do to work if the popup is directly opened by a link. But that wouldn't be the case here.
As for the disappearing message - which could easily be done by placing it in a div, having a javascript function that hides that div and doing a window.setTimeout("myHidingFunc()",number_of_miliseconds_before_hiding ) - I'd advice against it. The user would only have to be distracted by anything ( phone, other website, email, coworker, whatever ) to miss that message!

so long,

->Tyberius Prime

« BackwardsOnwards »

Show Forum Drop Down Menu