Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP Mailer Help

  • 18-11-2009 5:44pm
    #1
    Registered Users, Registered Users 2 Posts: 941 ✭✭✭


    I have set up the following form to send mail from a website I am working on. I have set it to redirect to a thank you page if it sends and also an error page (which I have designed) if it fails.

    However, it isn't working with the code below, I just get a blank page. If I remove the if (empty... parts it will send fine, but then I don't have error message if all the fields haven't been filled in.

    Here is the code:
    <?php
    if(isset($_POST['submit'])) {
    
    if (empty($_POST['name'])  || empty($_POST['phone'])  || empty($_POST['email'])  || empty($_POST['message']) ){
    
         header( "Location: form-error.php");
     }
    }
    
    $to = "me@website.ie";
    $subject = "Email from Website";
    $name_field = $_POST['name'];
    $phone_field = $_POST['phone'];
    $email_field = $_POST['email'];
    $message = $_POST['message'];
    
    foreach($_POST['check'] as $value) {
    
    $check_msg .= "\n$value\n";
    
    }
    
    $body = "Name: $name_field\n\n E-Mail: $email_field\n\n Phone: $phone_field\n\n Message:\n\n $message\n\n";
    
    $header="From: $email_field\r\n";
    
    mail($to, $subject, $body,$header);
    
    header("Location: thanks.php");
    
    } else {
    
    echo "!";
    
    }
    


Comments

  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    you're closing the first if statement after the variable check, that closing bracket shouldn't be there


  • Registered Users, Registered Users 2 Posts: 941 ✭✭✭CyberDave


    Adam wrote: »
    you're closing the first if statement after the variable check, that closing bracket shouldn't be there

    I'm not sure where you mean. Can you make the change in the code and post it back in a new post? Thanks


  • Registered Users, Registered Users 2 Posts: 2,793 ✭✭✭oeb


    CyberDave wrote: »
    I'm not sure where you mean. Can you make the change in the code and post it back in a new post? Thanks

    [PHP]
    <?php
    if(isset($_POST)) {

    if (empty($_POST) || empty($_POST) || empty($_POST) || empty($_POST) ){
    header( "Location: form-error.php");
    }

    $to = "me@website.ie";
    $subject = "Email from Website";
    $name_field = $_POST;
    $phone_field = $_POST;
    $email_field = $_POST;
    $message = $_POST;

    foreach($_POST as $value) {

    $check_msg .= "\n$value\n";

    }

    $body = "Name: $name_field\n\n E-Mail: $email_field\n\n Phone: $phone_field\n\n Message:\n\n $message\n\n";

    $header="From: $email_field\r\n";

    mail($to, $subject, $body,$header);

    header("Location: thanks.php");

    } else {

    echo "!";

    }
    [/PHP]


  • Registered Users, Registered Users 2 Posts: 941 ✭✭✭CyberDave


    OK. I have got it working, but with a little help, I have to add. How can I validate it to prevent Email header injection? Thanks
    <?php
    $error = array();
    if(isset($_POST['submit'])) {
     if (empty($_POST['name'])  || empty($_POST['phone'])  || empty($_POST['email'])  || empty($_POST['message']) ){
     $error[] = "Please fill in the all of the form fields";
     }
    }
    
    $to = "my email address";
    $subject = "Email from Website";
    $name_field = $_POST['name'];
    $phone_field = $_POST['phone'];
    $email_field = $_POST['email'];
    $message = $_POST['message'];
    //haven't got a clue why this loop is here so is commented out
    /*foreach($_POST['check'] as $value) {
    $check_msg .= "\n$value\n";
    }*/
    $body = "Name: $name_field\n\n E-Mail: $email_field\n\n Phone: $phone_field\n\n Message:\n\n $message\n\n";
    $header="From: $email_field\r\n";
    if(empty($error)){
     mail($to, $subject, $body,$header);
     header("Location: thanks.php");
     exit();
    } else {
     echo "The email has not been sent:<br />";
     foreach($error as $x=>$y){
     echo $y."<br />";
     }
     //and here you can show the form to be re-submited after fixing the issues.
    }
    ?>
    


  • Moderators, Politics Moderators Posts: 41,240 Mod ✭✭✭✭Seth Brundle


    I used a function before (copied from somewhere):
    //anti-email injection hack
    function sanitize($content){
    	$find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
    	$parsed = $content;
    	$parsed = preg_replace($find, " ", $parsed);
    	$parsed = htmlentities($parsed);
    	$parsed = strip_tags($parsed);
    	$parsed = stripslashes($parsed);
    	$parsed = trim($parsed);
    	return $parsed;
    	}
    
    $senderName = sanitize($_POST['name']);
    $email = $_POST['email'];
    	if (substr_count($email, 'mydomain.com') > 0)
    	{header( "Location: http://www.domain.com");}
    
    
    $email 			= sanitize($email);
    etc.
    
    all form fields are passed through the sanitize function


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 941 ✭✭✭CyberDave


    kbannon wrote: »
    I used a function before (copied from somewhere):
    //anti-email injection hack
    function sanitize($content){
        $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
        $parsed = $content;
        $parsed = preg_replace($find, " ", $parsed);
        $parsed = htmlentities($parsed);
        $parsed = strip_tags($parsed);
        $parsed = stripslashes($parsed);
        $parsed = trim($parsed);
        return $parsed;
        }
    
    $senderName = sanitize($_POST['name']);
    $email = $_POST['email'];
        if (substr_count($email, 'mydomain.com') > 0)
        {header( "Location: http://www.domain.com");}
    
    
    $email             = sanitize($email);
    etc.
    
    all form fields are passed through the sanitize function

    Where in my code do I add it though?


  • Moderators, Politics Moderators Posts: 41,240 Mod ✭✭✭✭Seth Brundle


    I guess before the line
    $body = "Name: $n....


    the two lines
    if (substr_count($email, 'mydomain.com') > 0)
    {header( "Location: http://www.domain.com");}
    were meant to see if the sender was trying to send email using your domain so change mydomain.com (and domain.com [typo]) to whatever your site is!


Advertisement