|
PHP - Email Form Security
I'm using the following to clean up input from my contact form,
but I got header injection attacked anyway. What am I doing wrong? $trail_section_mile = strip_tags(stripslashes($trail_section_mile)) //this is repeated for several other fields, then: $email_message .= "Trail Section Mile Markers: ".clean_string($trail_section_mile)."\n"; //this is repeated for several other fields, then: /* see isInjected function below */ function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href","/n",""); return str_replace($bad,"",$string); } // send the mail Similar TutorialsHello, I have coded a contact form in PHP and I want to know, if according to you, it is secure! I am new in PHP, so I want some feedback from you. Moreover, I have also two problems based on the contact form. It is a bit complicated to explain, thus, I will break each of my problem one by one. FIRST:The first thing I want to know, is if my contact form secure according to you: The HTML with the PHP codes: Code: [Select] <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Assigning variables to elements $first = htmlentities($_POST['first']); $last = htmlentities($_POST['last']); $sub = htmlentities($_POST['subject']); $email = htmlentities($_POST['email']); $web = htmlentities($_POST['website']); $heard = htmlentities($_POST['heard']); $comment = htmlentities($_POST['message']); $cap = htmlentities($_POST['captcha']); //Declaring the email address with body content $to = 'alithebestofall2010@gmail.com'; $body ="First name: '$first' \n\n Last name: '$last' \n\n Subject: '$sub' \n\n Email: '$email' \n\n Website: '$web' \n\n Heard from us: '$heard' \n\n Comments: '$comment'"; //Validate the forms if (empty($first) || empty($last) || empty($sub) || empty($email) || empty($comment) || empty($cap)) { echo '<p class="error">Required fields must be filled!</p>'; header ('refresh= 3; url= index.php'); return false; } elseif (filter_var($first, FILTER_VALIDATE_INT) || filter_var($last, FILTER_VALIDATE_INT)) { echo '<p class="error">You cannot enter a number as either the first or last name!</p>'; return false; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo '<p class="error">Incorrect email address!</p>'; return false; } elseif (!($cap === '12')){ echo '<p class="error">Invalid captcha, try again!</p>'; return false; } else { mail ($to, $sub, $body); echo '<p class="success">Thank you for contacting us!</p>'; } } ?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <p>Your first name: <span class="required">*</span></p> <p><input type="text" name="first" size="40" placeholder="Ex: Paul"/></p> <p>Your last name: <span class="required">*</span></p> <p><input type="text" name="last" size="40" placeholder="Ex: Smith"/></p> <p>Subject: <span class="required">*</span></p> <p><input type="text" name="subject" size="40" placeholder="Ex: Contact"/></p> <p>Your email address: <span class="required">*</span></p> <p><input type="text" name="email" size="40" placeholder="Ex: example@xxx.com"/></p> <p>Website:</p> <p><input type="text" name="website" size="40" placeholder="Ex: http//:google.com"/></p> <p>Where you have heard us?: <span class="required">*</span></p> <p><select name="heard"> <option>Internet</option> <option>Newspapers</option> <option>Friends or relatives</option> <option>Others</option> </select></p> <p>Your message: <span class="required">*</span></p> <p><textarea cols="75" rows="20" name="message"></textarea></p> <p>Are you human? Sum this please: 5 + 7 = ?: <span class="required">*</span></p></p> <p><input type="text" name="captcha" size="10"/></p> <p><input type="submit" name="submit" value="Send" class="button"/> <input type="reset" value="Reset" class="button"/></p> </form> SECOND PROBLEM:If a user has made a mistake, he gets the error message so that he can correct! However, when a mistake in the form occurs, all the data the user has entered are disappeared! I want the data to keep appearing so that the user does not start over again to fill the form. THIRD: When the erro message is displayed to notify the user that he made a mistake when submitting the form, the message is displaying on the top of the page. I want it to appear below each respective field. How to do that? In JQuery it is simple, but in PHP, I am confusing! i want to make a form that has a name, subject, email and comment input box... this is all done and working. the thing i am having trouble with is making the comment box not allow links in it. i thought it would be something like: if("comments" == "<a href=''></a>"){ echo "You have Entered the Wrong Information"; }else{ Insert Record Code.. } the "comments" name is the name of the comment text box. is this anywhere near what it should be ? Hello, I am working with a SMTP class to send an email. It's all working perfectly fine, but when the email is received (sent from the online form), and I open my email and click reply, there are two email addresses. The correct one (which I entered when I sent the email), and my ftp username for the site?? I've got three files that could effect this, but I was unable to locate any problems: mailer.php ( smtp send mail class) mail.php ( submission data: title, subject, etc. ) contact_form.php ( form for submission ) I am only including the file which I think is applicable (mail.php), but let me know if you would also like to see the mailer.php class. Current output: reply-to ftpusername@domainname.com, correct_from_email@fromemail.com mail.php: <?php set_time_limit(120); function sendHTMLmail($from, $to, $subject, $message) { $message = wordwrap($message, 70); // To send HTML mail, the Content-type header must be set $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Additional headers $headers .= "From: $from\r\n"; // Mail it mail($to, $subject, $message, $headers); } function sendHTMLmail2($fromid, $to, $subject, $message) { echo $fromid; echo $to; echo $subject; echo $message; include_once("mailer.php"); $mail = new PHPMailer(); $mail->IsMail(); // SMTP servers $mail->Host = "localhost"; $mail->From = $fromid; $mail->FromName = $fromid; $mail->IsHTML(true); $mail->AddAddress($to, $to); $mail->Subject = $subject; $mail->Body = $message; $mail->AltBody = "Please enable HTML to read this"; $mail->Send(); exit; } function isValidEmail($email) { return eregi("^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,3}$", $email); } class smtp_mail { var $host; var $port = 25; var $user; var $pass; var $debug = false; var $conn; var $result_str; var $charset = "utf-8"; var $in; var $from_r; //mail format 0=normal 1=html var $mailformat = 0; function smtp_mail($host, $port, $user, $pass, $debug = false) { $this->host = $host; $this->port = $port; $this->user = base64_encode($user); $this->pass = base64_encode($pass); $this->debug = $debug; $this->socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if ($this->socket) { $this->result_str = "Create socket:" . socket_strerror(socket_last_error()); $this->debug_show($this->result_str); } else { exit("Initialize Faild,Check your internet seting,please"); } $this->conn = socket_connect($this->socket, $this->host, $this->port); if ($this->conn) { $this->result_str = "Create SOCKET Connect:" . socket_strerror(socket_last_error()); $this->debug_show($this->result_str); } else { exit("Initialize Faild,Check your internet seting,please"); } $this->result_str = "Server answer:<font color=#cc0000>" . socket_read($this->socket, 1024) . "</font>"; $this->debug_show($this->result_str); } function debug_show($str) { if ($this->debug) { echo $str . "<p>\r\n"; } } function send($from, $to, $subject, $body) { if ($from == "" || $to == "") { exit("type mail address please"); } if ($subject == "") $sebject = "none title"; if ($body == "") $body = "none content"; $All = "From:$from;\r\n"; $All .= "To:$to;\r\n"; $All .= "Subject:$subject;\r\n"; if ($this->mailformat == 1) { $All .= "Content-Type:text/html;\r\n"; } else { $All .= "Content-Type:text/plain;\r\n"; } $All .= "Charset:" . $this->charset . ";\r\n\r\n"; $All .= " " . $body; $this->in = "EHLO HELO\r\n"; $this->docommand(); $this->in = "AUTH LOGIN\r\n"; $this->docommand(); $this->in = $this->user . "\r\n"; $this->docommand(); $this->in = $this->pass . "\r\n"; $this->docommand(); if (!eregi("235", $this->result_str)) { $this->result_str = "smtp auth faild"; $this->debug_show($this->result_str); return 0; } $this->in = "MAIL FROM: $from\r\n"; $this->docommand(); $this->in = "RCPT TO: $to\r\n"; $this->docommand(); $this->in = "DATA\r\n"; $this->docommand(); $this->in = $All . "\r\n.\r\n"; $this->docommand(); if (!eregi("250", $this->result_str)) { $this->result_str = "Send mail faild!"; $this->debug_show($this->result_str); return 0; } $this->in = "QUIT\r\n"; $this->docommand(); socket_close($this->socket); return 1; } function docommand() { socket_write($this->socket, $this->in, strlen($this->in)); $this->debug_show("Client command:" . $this->in); $this->result_str = "server answer:<font color=#cc0000>" . socket_read($this->socket, 1024) . "</font>"; $this->debug_show($this->result_str); } } ?> Hi the user fill details and then the email his sent to me the only problem is that the emails keeps going to my spam, can someone help me out please I looked already php website and email format looks the same. This is the link to my form. http://www.people.eurico.co.uk/ here my form script Code: [Select] <?php // Set email variables $email_to = 'xxxxx@xxxxxxx.co.uk'; $email_subject = 'Call back form'; // Set required fields $required_fields = array('fullname','email','telephone','comment'); // set error messages $error_messages = array( 'fullname' => 'Please enter a Name to proceed.', 'email' => 'Please enter a valid Email.', 'telephone' => 'Please telephone.', 'comment' => 'Please enter your Message to continue.' ); // Set form status $form_complete = FALSE; // configure validation array $validation = array(); // check form submittal if(!empty($_POST)) { // Sanitise POST array foreach($_POST as $key => $value) $_POST[$key] = remove_email_injection(trim($value)); // Loop into required fields and make sure they match our needs foreach($required_fields as $field) { // the field has been submitted? if(!array_key_exists($field, $_POST)) array_push($validation, $field); // check there is information in the field? if($_POST[$field] == '') array_push($validation, $field); // validate the email address supplied if($field == 'email') if(!validate_email_address($_POST[$field])) array_push($validation, $field); } // basic validation result if(count($validation) == 0) { // Prepare our content string $email_content = 'peoplesmartlearning.co.uk: ' . "\n\n"; // simple email content foreach($_POST as $key => $value) { if($key != 'submit') $email_content .= $key . ': ' . $value . "\n"; } // if validation passed ok then send the email mail($email_to, $email_subject, $email_content); // Update form switch $form_complete = TRUE; } } function validate_email_address($email = FALSE) { return (preg_match('/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $email))? TRUE : FALSE; } function remove_email_injection($field = FALSE) { return (str_ireplace(array("\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:"), '', $field)); } ?> The HTML Code: [Select] <div class="call_us_form"> <p class="title">WE'LL CALL YOU BACK</p> <?php if($form_complete === FALSE): ?> <form class="contact_form" id="fm-form" method="post" action="index.php" > <fieldset> <div class="fm-req"> <label for="fm-firstname">Name</label> <input type="text" id="fullname" class="detail" name="fullname" value="<?php echo isset($_POST['fullname'])? $_POST['fullname'] : ''; ?>" /> <?php if(in_array('fullname', $validation)): ?><script type="text/javascript">alert("Please enter a Name"); history.back();</script><?php endif; ?> </div> <div class="fm-req"> <label for="fm-firstname">Email</label> <input type="text" id="email" class="detail" name="email" value=" <?php echo isset($_POST['email'])? $_POST['email'] : ''; ?>" /> <?php if(in_array('email', $validation)): ?><script type="text/javascript">alert("Please enter a valid Email Address"); history.back();</script><?php endif; ?> </div> <div class="fm-req"> <label for="fm-firstname">Number</label> <input type="text" id="telephone" class="detail" name="telephone" value="<?php echo isset($_POST['telephone'])? $_POST['telephone'] : ''; ?>" /> <?php if(in_array('telephone', $validation)): ?><script type="text/javascript">alert("Please enter telephone number"); history.back();</script><?php endif; ?> </div> <div class="fm-req"> <label for="fm-lastname">Message</label> <textarea cols="40" rows="5" id="comment" name="comment" class="mess"><?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?></textarea> <?php if(in_array('comment', $validation)): ?><script type="text/javascript">alert("Please enter your message"); history.back();</script><?php endif; ?> </div> <input class="submit_button" type="submit" value="Call us" /> </fieldset> </form> <?php else: ?> <p>Thank you for your Message!</p> <p>We will get back to you as soon as we can</p> <script type="text/javascript"> setTimeout ('ourRedirect()', 5000) function ourRedirect () { location.href='index.php' } </script> <?php endif; ?> Hi all, I have heard stories that hackers/viruses or basically something that you don't want uploaded to a server through a website form have been able to type some sort of code in to a html form field to access information. I know how to control the length of fields, how to validate that an email address is in the correct format etc. - but when it comes to having a textfield for the user to add up to 2000 characters of their own words, how can I protect from malicious code being inserted? The textfield is located inside the user area but anyone can join, so anyone ultimately can enter code! Thanks for the help. I have a simple contact form I did a while ago for a small company. They emailed me saying they are getting bits of spam mail from the site occasionally and would like to get it stopped if possible. This is how my form looks: Code: [Select] <form method="post" action="mailer.php"> <div class="form_left"> <p>Name:<br> <input type="text" name="name" size="24" autofocus="true" placeholder="Type Here" required="true" /></p> </div> <div class="form_right"> <p>Email:<br> <input type="email" name="email" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_left"> <p>Company Name:<br /> <input type="text" name="company" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_right"> <p>Phone Number:<br /> <input type="text" name="phone" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_left"> <p>Your Message:<br /> <textarea rows="6" name="message" cols="55" placeholder="Type Here" ></textarea></p> </div> <p class="submit"><input type="submit" value="Send Mail" name="submit" /></p> </form> Code: [Select] <?php if(isset($_POST['submit'])) { // $to = "mail@mydomain.com"; $to = "mail@mydomain.com"; $subject = "Web Enquiry"; $name = $_POST['name']; $email = $_POST['email']; $company = $_POST['company']; $phone = $_POST['phone']; $message = $_POST['message']; if (strlen(trim($message)) > 0) { $body = "From: $name \n\n Email: $email \n \n Company: $company \n\n Phone Number: $phone \n\n Message: $message"; if (mail($to, $subject, $body)) { echo "<h3>Thanks! Your email has been sent <br />We will answer your enquiry as soon as possible.</h3>"; } else { echo 'Cannot sent mail'; } } else { echo "<h3>Error! <br />Please ensure that all fields are filled out correctly in order to email us.</h3>"; } } ?> Any help or pointers as to how I could add in a little security would be appreciated. Hi Guys I have built a simple form, which has text fields Name, Telephone Number, Best Time to Call and E-mail. For security purposes, I am testing each against the function shown below which looks for dangerous code snippets, in an effort to protect against email header injection attacks. When it comes to the E-mail field, I am not actually testing whether a valid e-mail address has been entered, as it is the telephone number which is essential, not the e-mail. My question is, do you think this is a security weakness? Many thanks Code: [Select] //http://www.tonyspencer.com/2005/12/15/email-injection-exploit-through-a-php-contact-form/ //preg_match string to match goes within forward slashes, i.e. /str/, and i at the end makes it case insensitive function containsInjectionAttempt($input) { if (preg_match("/\r/i", $input) || preg_match("/\n/i", $input) || preg_match("/%0a/i", $input) || preg_match("/%0d/i", $input) || preg_match("/Content-Type:/i", $input) || preg_match("/<script>/i", $input) || preg_match("/bcc:/i", $input) || preg_match("/to:/i", $input) || preg_match("/cc:/i", $input)) { return true; } else { return false; } } I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token? I read ages ago (and checked to see if it's true, it was and given how it works, it must still be) the end user can alter the value of any form field, using Firebug or similar, before submitting it. Two things I've figured out today: 1) a form input doesn't need a value - doesn't even need the attribute - if you're only checking whether the POST var isset and the actual value isn't important 2) Although it appears not to matter in the example I'm working on now, if the script doesn't check what the value is, and potentially sanitise it, the user could submit the form with any value, true, false, malicious, idk... So my question is: is this one of the ways malicious bad things can happen and do I *have to* specify a value, not because the script won't work without it, it does, but because in the real world it opens a security door if I don't check for malicious script by saying "if value not as expected, script has to die". Having formulated the question properly and thought about it I can't imagine simply making a form, without obvious connections to anything important, could be a problem in the way I'm asking about but I asked it now so Edited by appobs, 03 July 2014 - 12:08 PM. Hi all, What I am trying to achieve is, I thought quite simple! Basically, a user signs up and chooses a package, form is submitted, details added to the database, email sent to customer, then I want to direct them to a paypal payment screen, this is where I am having issues! Is their any way in php to submit a form without user interaction? Here is my code for the form process page Code: [Select] <?php include('config.php'); require('scripts/class.phpmailer.php'); $package = $_POST['select1']; $name = $_POST['name']; $email = $_POST['email']; $password = md5($_POST['password']); $domain = $_POST['domain']; $a_username = $_POST['a_username']; $a_password = $_POST['a_password']; $query=mysql_query("INSERT INTO orders (package, name, email, password, domain, a_username, a_password) VALUES ('$package', '$name', '$email', '$password', '$domain', '$a_username', '$a_password')"); if (!$query) { echo "fail<br>"; echo mysql_error(); } else { $id = mysql_insert_id(); $query1=mysql_query("INSERT INTO customers (id, name, email, password) values ('$id', '$name', '$email', '$password')"); if (!$query1) { echo "fail<br>"; echo mysql_error(); } if($package=="Reseller Hosting") { //email stuff here - all works - just cutting it to keep the code short if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } ?> <form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick-subscriptions"> <input type="hidden" name="business" value="subscription@jollyhosting.com"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="item_name" value="Jolly Hosting Reseller Packages"> <input type="hidden" name="no_shipping" value="1"> <!--1st month --> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="a3" value="3.00"> <input type="hidden" name="p3" value="1"> <input type="hidden" name="t3" value="M"> <input type="hidden" name="src" value="1"> <input type="hidden" name="sra" value="1"> </form>'; <?php } //last } //end ?> i wanting users to be able to update there email address and check to see if the new email already exists. if the email is the same as current email ignore the check. i have no errors showing up but if I enter a email already in the db it still accepts the new email instead of bringing the back the error message. Code: [Select] // email enterd from form // $email=$_POST['email']; $queryuser=mysql_query("SELECT * FROM members WHERE inv='$ivn' ") or die (mysql_error()); while($info = mysql_fetch_array( $queryuser )) { $check=$info['email']; // gets current email // } if($check!=$email){ // if check not equal to $email check the new email address already exists// $queryuser=mysql_query("SELECT * FROM members WHERE email='$email' "); //$result=mysql_query($sql); $checkuser=mysql_num_rows($queryuser); if($checkuser != 0) { $error= "0"; header('LOCATION:../pages/myprofile.php?id='.$error.''); } } cheers As the topis says, I need help with an email form. You must have valid email address to go further, so lets say you write asdada as email, you won't be able to register the account, you must have asdada@hotmai.com or something like that. If anyone knows it would be awesome! Hi all, My names Mike and i am currently working on a website for my University degree but have encountered a problem when creating an email form. I have the following form below which i have created via a tutorial but it's not working i just dont recieve any emails. I would really appreciate it if someone could take a look at this for me. I must stress i am new to PHP as well. The email form just needs to state who it comes from as well as an email address and subject. code below: Code: [Select] <html> <body> <?php if (isset($_REQUEST['email'])) //if "email" is filled out, send email { //send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("mike2fast135@hotmail.com", "$subject", $message, "From:" . $email); echo "Thank you for using our mail form"; } else //if "email" is not filled out, display the form { echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </body> </html> Thanks for any help or guidance. Mike Hi, Im sort of new to PHP. I currently have this code Code: [Select] if(!empty($myrow['email'])){ echo "<a href=\"mailto: ".$myrow['email']."\">".$myrow['email']; echo "</a><br>";}Which just displays a email from the database and when clicked opens Outlook or some other email program. What i'm trying to do is hide the email and in its place put a link like "Contact" or a simple form that would send a email from my website to that email address. Does any one know any links to tutorials or at least a name for a script that would allow me to do this? Cheers! I have a simple form which when a person fills out will send the results to a specified email address and display a thank you page to the visitor and finally redirect to another page. Everything seems to work except the results do not get sent to the email - can anyone help? I think it might be to do with the checkboxes - how are these processed to email? Here is the Code: The Form - survey.html ---------------------------- Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1- transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <style type="text/css"> <!-- table { background-color: #9C9; } --> </style> </head> <body> <form id="form1" name="form1" method="post" action="check.php"> <table width="500" border="0" cellspacing="2" cellpadding="2"> <tr> <td><label for="name2">Name:</label></td> <td><input type="text" name="name" id="name2" /></td> </tr> <tr> <td>Continent</td> <td><p> <label> <input type="radio" name="continent" value="Asia" id="continent_0" /> Asia</label> <br /> <label> <input type="radio" name="continent" value="Europe" id="continent_1" /> Europe</label> <br /> <label> <input type="radio" name="continent" value="Africa" id="continent_2" /> Africa</label> <br /> <label> <input type="radio" name="continent" value="North America" id="continent_3" /> North America</label> <br /> <label> <input type="radio" name="continent" value="South America" id="continent_4" /> South America</label> <br /> <label> <input type="radio" name="continent" value="Antarctica" id="continent_5" /> Antarctica</label> <br /> <label> <input type="radio" name="continent" value="Australia" id="continent_6" /> Australia</label> <br /> </p></td> </tr> <tr> <td>Favourite Color</td> <td><p> <label> <input type="checkbox" name="color[]" value="Orange" id="color_0" /> Orange</label> <br /> <label> <input type="checkbox" name="color[]" value="Yellow" id="color_1" /> Yellow</label> <br /> <label> <input type="checkbox" name="color[]" value="Blue" id="color_2" /> Blue</label> <br /> <label> <input type="checkbox" name="color[]" value="Red" id="color_3" /> Red</label> <br /> <label> <input type="checkbox" name="color[]" value="Other (Please Specify)" id="color_4" /> Other (Please Specify)</label> <label for="othercolor"></label> <input type="text" name="othercolor" id="othercolor" /> <br /> </p></td> </tr> <tr> <td><label for="comments">Your Comments:</label></td> <td><textarea name="comments" id="comments" cols="45" rows="5"></textarea></td> </tr> <tr> <td><label for="submit"></label> <input type="submit" name="submit" id="submit" value="Submit" /></td> <td> </td> </tr> </table> <p> </p> </form> </body> </html> The PHP - check.php ---------------------- <?php /*Subject and Email Variables*/ $emailSubject = 'check.php'; $webMaster = 'substituteyouremailhere'; /*Gathering Data Variables*/ $name = $_POST['name']; $continent = $_POST['continent']; $color = $_POST['color']; $othercolor = $_POST['othercolor']; $comments = $_POST['comments']; $body = <<<EOD <br><hr><br> Visitors Name: $name<br> Visitors Continent: $continent<br> Visitors Favourite Color: $color<br> Other Favourite Color: $othercolor EOD; $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); /* Results rendered as HTML */ $theResults = <<<EOD <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Thanks - Survey Complete</title> <meta http-equiv="refresh" content="5;URL=http://www.google.com"> </head> <body> <p>Success - Thanks for completing the Form - We will get back to you soon!</p> </body> </html> EOD; echo "$theResults"; ?> Any help would be great - thanks ;-) Please help me with this. I'm using this little PHP program to collect some information and get them emailed to me...everything is working but no messages in the body. The email comes to me but nothing in the body. I'm supposed to get the name, email, phone # and how soon but I receive a blank email. I have the script posted on celebritynosejobs.net if you would like to see it! Hi, My contact form is not sending all content. Specifically, the dates for 'birthday' and 'anniversary' is not coming through correctly. The day works fine, but the month and year is not working. This is the code I am using above head <?php //If the form is submitted if(isset($_POST['submit'])) { //Check to make sure that the name field is not empty if(trim($_POST['contactname']) == '') { $hasError = true; } else { $name = trim($_POST['contactname']); } //Check to make sure sure that a valid email address is submitted if(trim($_POST['email']) == '') { $hasError = true; } else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email']))) { $hasError = true; } else { $email = trim($_POST['email']); } //Check to make sure that the subject field is not empty if(trim($_POST['birthday']) == '') { $hasError = true; } else { $birthday = trim($_POST['']); } //Check to make sure comments were entered if(trim($_POST['anniversary']) == '') { $hasError = true; } else { $anniversary = trim($_POST['anniversary']); } //If there is no error, send the email if(!isset($hasError)) { $emailTo = 'info@mywebsite.co.uk'; //Put your own email address here $body = "Name: $name \n\nEmail: $email \n\nBirthday: $birthday \n\nAnniversary: $anniversary"; $headers = 'From: http://www.mywebsite.co.uk <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email; mail($emailTo, $subject, $body, $headers); $emailSent = true; } } ?> This is what I am using in the body <?php if(isset($hasError)) { //If errors are found ?> <p class="error">Please check if you've filled all the fields with valid information. Thank you.</p> <?php } ?> <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?> <p><strong>Email Successfully Sent!</strong></p> <p>Thank you <strong><?php echo $name;?></strong> for using my contacting mywebsiteco.uk Your email was successfully sent. We will be in touch with you soon.</p> <?php } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> <div> <label for="name"><strong>Name:</strong></label> <input type="text" size="50" name="contactname" id="contactname" value="" class="required" /> </div> <div> <label for="email"><strong>Email:</strong></label> <input type="text" size="50" name="email" id="email" value="" class="required email" /> </div> <div> <p><label for="birthday"><strong>Birthday:</strong></label> <select name="birthday" id="birthday"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="b_month" id="b_month"> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> </p> </div> <div> <label for="anniversary"><strong>Anniversary:</strong></label> <select name="anniversary" id="anniversary"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="anni_month" id="anni_month"> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="anni_year" id="anni_year"> <option value="1979">1979</option> <option value="1980">1980</option> <option value="1981">1981</option> <option value="1982">1982</option> <option value="1983">1983</option> <option value="1984">1984</option> <option value="1985">1985</option> <option value="1986">1986</option> <option value="1987">1987</option> <option value="1988">1988</option> <option value="1989">1989</option> <option value="1990">1990</option> <option value="1991">1991</option> <option value="1992">1992</option> <option value="1993">1993</option> <option value="1994">1994</option> <option value="1995">1995</option> <option value="1996">1996</option> <option value="1997">1997</option> <option value="1998">1998</option> <option value="1999">1999</option> <option value="2000">2000</option> <option value="2001">2001</option> <option value="2002">2002</option> <option value="2003">2003</option> <option value="2004">2004</option> <option value="2005">2005</option> <option value="2006">2006</option> <option value="2007">2007</option> <option value="2008">2008</option> <option value="2009">2009</option> </select> </div> <input type="submit" value="Send Message" name="submit" link="#"/> </form> Please help. Thanks Hello I've got this form that keeps messing up.
You can get to the link he http://alexis-apparel.host56.com/
Attached below are all the files. I must have this done by the end of the month please help
Attached Files
index.html 7.69KB
1 downloads
html_form_send.php 4.37KB
1 downloads
upload_file.php 879bytes
0 downloads |
|||||||