Topic: Php Code problem (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=30801" title="Pages that link to Topic: Php Code problem (Page 1 of 1)" rel="nofollow" >Topic: Php Code problem <span class="small">(Page 1 of 1)</span>\

 
Lonestar
Neurotic (0) Inmate
Newly admitted

From:
Insane since: Jan 2009

posted posted 01-31-2009 21:23

Could someone look at these codes and possibly correct my errors?
I have the form on my site and I can not get the mails?
Please look!



PHP code

code:
<?PHP 

if($_POST['submit']) 

{ 

$recipient="Address removed, TP"; 

$subject="Contact from Shoals Bend Web Site"; 

$body=" 

$name 

$email 

  

"; 

$headers='From: '.$email."\r\n".'Reply-to: '.$email."\r\n"; 

mail($recipient, $subject, $body, $headers); 

echo " 

<script> 

alert('Your message has been submitted. Thank You!'); 

window.location='index.html'; 

</script>"; 

} 

else 

{ 

echo " 

<script> 

window.location='index.html'; 

</script>"; 

} 

?>




Form code below

code:
<title>Untitled Document</title>
<style type="text/css">
<!--
form {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight: normal;
	text-decoration: none;
}
button {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 10px;
	border: 1px solid #FFFFFF;
}
button {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 10px;
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px;
	border-top-style: solid;
	border-right-style: solid;
	border-bottom-style: solid;
	border-left-style: solid;
}
-->
</style>
</head>

<body>
<form action="sendmail2.php" method="post" name="untitled-3" id="untitled-3">
  <table width="63%" border="2" cellpadding="4">
    <tr>
      <td width="36%"><strong>Join Our Mailing List</strong> </td>
      <td width="64%">&nbsp;</td>
    </tr>
    <tr>
      <td>Name</td>
      <td><input name="name" type="text" id="name" /></td>
    </tr>
    <tr>
      <td>Email</td>
      <td><input name="email" type="text" id="email" /></td>
    </tr>
    <tr>
      <td>Comments</td>
      <td><p>
        <textarea name="comments" id="comments"></textarea>
      </p>
      <p>&nbsp; </p></td>
    </tr>
    <tr>
      <td height="34">&nbsp;</td>
      <td><input type="submit" name="Submit" value="Submit" />
      <input type="reset" name="Submit2" value="Clear" /></td>
    </tr>
  </table>
</form>



Any one tell me whats wrong?

(Edited by Tyberius Prime on 02-01-2009 12:51)

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 02-01-2009 12:54

There's a number of things wrong with that script, though I don't immediatly see why you wouldn't receive e-mails.

a) $name and $email are not set. You should not rely on php->register_globals , this will be off on sensible web hosts. Use $_POST['name'] instead
(enclose it it {} if replacing within a string).

b) You have a serious security issue by plugging $email straight into a header. It's called header injection and allows using your script to spam.
At the very least, you need to check whether there are any new lines in $_POST['email'] before using it. (And not send an e-mail if there are).

c) you will never see errors in that script. You need to turn on php erros with php->error_level(E_ALL) then remove the automatic redirection.
Then you might get a clue to what's wrong.

d) Personally, I'd remove the headers completly for the testing (might be your webhost is blocking setting the from header...)

e) I took the liberty of removing your e-mail address... spammers read web forums, you know.

f) A reset button is really really really 20st century, and bad user interface design. I'd suggest you remove it.

g) if($_POST['submit']) should read if(isset($_POST['submit']) )

h) you can see what's in post by doing var_dump($_POST);

i) you'll need to be more specific. "I can not get the mails" is not a complete description of the behaviour of this code. Does it say 'thank you', does it just redirect you directly (which would tell us if your php->mail function is actually returning success).

so long,

->Tyberius Prime

Lonestar
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jan 2009

posted posted 02-01-2009 17:01

Tyberius Prime-

Thank you so much for the info. I did, however, forget to mention that I did not write the PHP code and I have no clue what it all means. I did create the form.

'A' through 'D'... no idea how to fix (I am going to try though)

I will get rid of the reset botton.

'G' and 'H' ...still confused

'I' - When I click submit, no "Thank You" - just redirected to Home page and no email sent.

What would be the chances you would spoon feed me the required corrected code?

I need all the help I can get.

Thanks so much for looking!!!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 02-01-2009 19:13
quote:

Lonestar said:

What would be the chances you would spoon feed me the required corrected code?


Slim to none.
But I'll help you learn...

When a formular is submitted, it can be sent two ways: POST and GET. If it's send via POST,
it's fields will end up in the array $_POST. Now, they might end up being set in $_POST, but empty,
like in 'empty string'. Then if ($_POST['variable']) will still go into the else branch, even though
there is a $_POST['variable'] (don't get me started on the ways php messes up on boolean logic)

Now, in older php versions/installations every submited field would also be stored in a variable
called $field_name. But that leads to easy security holes.

So therefore,
a). Every $name should read $_POST['name']. Those within the body should read {$_POST['name'} (and same for e-mail)

b & d) remove the line that starts with $header, then the ',$header' in the call to mail()

c) put error_reporting(E_ALL); in a new line right after <?PHP

g) just replace as I wrote.

h) drop var_dump($_POST); right after the error_reporting - it'll tell you what's actually stored in $_POST (and whether the if ($_POST...) can actually decide anything.

I) remove the window.location... for now, and replace them with messages (outside of the <script> tags...

Lonestar
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jan 2009

posted posted 02-02-2009 21:51
quote:
Slim to none.



LOLOL

Okay...I will give it a go as soon as I get a chance...thanks so much for your time.

Arthurio
Paranoid (IV) Inmate

From: cell 3736
Insane since: Jul 2003

posted posted 02-02-2009 22:23

Tyberius Prime, have a cookie! :/

sethshoultes
Neurotic (0) Inmate
Newly admitted

From:
Insane since: Feb 2009

posted posted 02-02-2009 22:52

You wouldn't happen to be on a HostGator hosting account would you? If so they have made it so that email must be authenticated (to help prevent spamming) if sent from a script. I am sure most hosting providers will be following suit sooner or later.

Lonestar
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jan 2009

posted posted 02-12-2009 19:18

Okay ...I have "repaired" the code and now it works just fine. Thanks Tyberius Prime ( and everyone else) for your input and your help. This is the code that is working with my form.

code:
<?PHP

if($_POST['submit'])

{

$recipient="me@mysite.com";

$subject="Contact from my Web Site";

$body="

$name

$email

$comments

";

$headers='From: '.$email."\r\n".'Reply-to: '.$email."\r\n";

mail($recipient, $subject, $body, $headers);

echo "

<script>

alert('Your message has been submitted. Thank You!');

window.location='index.html';

</script>";

}

else

{

echo "

<script>

window.location='index.html';

</script>";

}

?>



(Edited by Lonestar on 02-12-2009 19:18)



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu