Skip to main content
A
Anonymous
December 23, 2010
Question

Can I get some php help?

  • December 23, 2010
  • 2 replies
  • 875 views

Hello Everyone.

I have created a contactUs.html page in dreamweaver.  I created a .php form as well and both are setting on the server.

I created a form in Dreamweaver, put in text fields and gave them their respective ids (name, email, phoneNumber, comments) they are exactly the same ids that I use in the php.

Everything looks ok.  I have uploaded everything to the server.

When I test it and click on the submit button everything seems to work correctly.  However, I never get the email.  I've set up the .php to email me the contents of the form.

I've created a handful of contact us pages and they all work except this one. 

I've been banging my head against the keyboard all day trying to figure it out.  I finally gave up and decided to ask for some help here.


Thanks in advance.

You can visit the contact us page here.

http://www.dentempire.com/pages/contactPage.html

-Drew

(.php code is below.)

<?php

/* Email Variables */

$emailSubject = 'contactformprocess!';

$webMaster = 'email@drewwimages.com';

/* Data Variables */

$email = $_POST['email'];

$name = $_POST['name'];

$phoneNumber = $_POST['phoneNumber'];

$comments = $_POST['comments'];

$body = <<<EOD

<br><hr><br>

Name: $name <br>

Email: $email <br>

Comments: $comments <br>

EOD;

$headers = "From: $email\r\n";

$headers .= "Content-type: text/html\r\n";

$success = mail($webMaster, $emailSubject, $body,

$headers);

/* Results rendered as HTML */

$theResults = <<<EOD

<html>

<head>

<title>sent message</title>

<meta http-equiv="refresh" content="4;URL=http://www.dentempire.com">

<style type="text/css">

<!--

body {

background-color: #444;

font-family: Verdana, Arial, Helvetica, sans-serif;

font-size: 20px;

font-style: normal;

line-height: normal;

font-weight: normal;

color: #fec001;

text-decoration: none;

padding-top: 200px;

margin-left: 150px;

width: 800px;

}

-->

</style>

</head>

<div align="center">Your email will be answered as soon as possible! <br />

You will be redirected back to Dent Empire in 4 seconds.

</div>

</div>

</body>

</html>

EOD;

echo "$theResults";

?>

This topic has been closed for replies.

2 replies

David_Powers
David_Powers
Inspiring
December 23, 2010

Moved to the Dreamweaver Application Development forum, which deals with PHP and other server-side issues.

A quick glance at your script reveals one minor error. On the contact form you use phonNumber, but the PHP script uses phoneNumber. However, that wouldn't prevent the script from working.

You say your script has worked before. On the same server? Or is this a different one? Most hosting companies now require the From header to use a valid email address that belongs to the same domain name. This is to prevent the mail server from being used as a spam relay. Your script is using the value from the email input field in the contact form. This is extremely insecure, because it lays your script wide open to an exploit known as email header injection (Google it).

The From header must be a valid email address on the same domain as the website. If you want to use the sender's email address in the headers, you must validate it to make sure it doesn't contain illegal characters, and use it in the Reply-to header, not the From header.

A
Anonymous
December 23, 2010

This is a different server.

I'm just using my email to test the form.


I could put in the clients address and send them an email from the contact us page.  I can call them to follow up.

Email Header Injection?

"Most hosting companies now require the From header to use a valid email address that belongs to the same domain name. "

-So, if I use an email from the same domain I can avoid the Email Header Injection?

- I will read up as well.

Thank you both.

-Drew

David_Powers
David_Powers
Inspiring
December 23, 2010

dweinin wrote:

-So, if I use an email from the same domain I can avoid the Email Header Injection?

- I will read up as well.

Using an email from the same domain will protect you against email header injection if it's hard coded into the headers. However, you need to be careful about incorporating any user input into the headers. As I said before, it must be validated first.

If you're using PHP 5.2 or later, you can validate an email address like this:

$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
MurraySummers
MurraySummers
Inspiring
December 23, 2010

As a top-level check, change this -

<?php

to this -

<?php

echo "<pre>";exit(print_r($_POST));

Let's make sure things are being posted properly first.

What do you get?

A
Anonymous
December 23, 2010

Thanks for the reply.


If I change the code on my php to what you suggested I get this.

Array
(
    [name] => Drew
    [email] => email@drewwimages.com
    [phoneNumber] => 000 000 0000
    [comments] => Work damn you! Enter your comments
    [submit] => Submit
)
1

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices