Can I get some php help?

Report · Dec 23, 2010

Hello Everyone.

I have created a contactUs.html page in dreamweaver. I created a .php form as well and both are setting on the server.

I created a form in Dreamweaver, put in text fields and gave them their respective ids (name, email, phoneNumber, comments) they are exactly the same ids that I use in the php.

Everything looks ok. I have uploaded everything to the server.

When I test it and click on the submit button everything seems to work correctly. However, I never get the email. I've set up the .php to email me the contents of the form.

I've created a handful of contact us pages and they all work except this one.

I've been banging my head against the keyboard all day trying to figure it out. I finally gave up and decided to ask for some help here.

Thanks in advance.

You can visit the contact us page here.

http://www.dentempire.com/pages/contactPage.html

-Drew

(.php code is below.)

<?php

/* Email Variables */

$emailSubject = 'contactformprocess!';

$webMaster = 'email@drewwimages.com';

/* Data Variables */

$email = $_POST['email'];

$name = $_POST['name'];

$phoneNumber = $_POST['phoneNumber'];

$comments = $_POST['comments'];

$body = <<<EOD

Name: $name <br>

Email: $email <br>

Comments: $comments <br>

EOD;

$headers = "From: $email\r\n";

$headers .= "Content-type: text/html\r\n";

$success = mail($webMaster, $emailSubject, $body,

$headers);

/* Results rendered as HTML */

$theResults = <<<EOD

<html>

<head>

<title>sent message</title>

<!--

body {

background-color: #444;

font-family: Verdana, Arial, Helvetica, sans-serif;

font-size: 20px;

font-style: normal;

line-height: normal;

font-weight: normal;

color: #fec001;

text-decoration: none;

padding-top: 200px;

margin-left: 150px;

width: 800px;

}

-->

</style>

</head>

<div align="center">Your email will be answered as soon as possible! <br />

You will be redirected back to Dent Empire in 4 seconds.

</div>

</body>

</html>

EOD;

echo "$theResults";

?>

Report · Dec 23, 2010

As a top-level check, change this -

<?php

to this -

<?php

echo "<pre>";exit(print_r($_POST));

Let's make sure things are being posted properly first.

What do you get?

Report · Dec 23, 2010

Thanks for the reply.

If I change the code on my php to what you suggested I get this.

Array
(
    [name] => Drew
    [email] => email@drewwimages.com
    [phoneNumber] => 000 000 0000
    [comments] => Work damn you! Enter your comments
    [submit] => Submit
)
1

Report · Dec 23, 2010

Moved to the Dreamweaver Application Development forum, which deals with PHP and other server-side issues.

A quick glance at your script reveals one minor error. On the contact form you use phonNumber, but the PHP script uses phoneNumber. However, that wouldn't prevent the script from working.

You say your script has worked before. On the same server? Or is this a different one? Most hosting companies now require the From header to use a valid email address that belongs to the same domain name. This is to prevent the mail server from being used as a spam relay. Your script is using the value from the email input field in the contact form. This is extremely insecure, because it lays your script wide open to an exploit known as email header injection (Google it).

The From header must be a valid email address on the same domain as the website. If you want to use the sender's email address in the headers, you must validate it to make sure it doesn't contain illegal characters, and use it in the Reply-to header, not the From header.

Report · Dec 23, 2010

This is a different server.

I'm just using my email to test the form.

I could put in the clients address and send them an email from the contact us page. I can call them to follow up.

Email Header Injection?

"Most hosting companies now require the From header to use a valid email address that belongs to the same domain name. "

-So, if I use an email from the same domain I can avoid the Email Header Injection?

- I will read up as well.

Thank you both.

-Drew

Report · Dec 23, 2010

dweinin wrote:
-So, if I use an email from the same domain I can avoid the Email Header Injection?
- I will read up as well.

Using an email from the same domain will protect you against email header injection if it's hard coded into the headers. However, you need to be careful about incorporating any user input into the headers. As I said before, it must be validated first.

If you're using PHP 5.2 or later, you can validate an email address like this:

$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);

Report · Dec 23, 2010

David.

Thanks again. I've been reading up.

Sorry to be such a novice. But how do I know what php version I am using?

Also, my client's email is not associated with his host. My client is using a .gmail.

What are my options?

Just to post it. My .php is now reading as follows.

<?php

/* Email Variables */

$emailSubject = 'contactformprocess!';

$webMaster = 'email@drewwimages.com';

/* Data Variables */

$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);

$name = $_POST['name'];

$phoneNumber = $_POST['phoneNumber'];

$comments = $_POST['comments'];

$body = <<<EOD

Name: $name <br>

Email: $email <br>

Comments: $comments <br>

EOD;

$headers = "From: $email\r\n";

$headers .= "Content-type: text/html\r\n";

$success = mail($webMaster, $emailSubject, $body,

$headers);

/* Results rendered as HTML */

$theResults = <<<EOD

<html>

<head>

<title>sent message</title>

<!--

body {

background-color: #444;

font-family: Verdana, Arial, Helvetica, sans-serif;

font-size: 20px;

font-style: normal;

line-height: normal;

font-weight: normal;

color: #fec001;

text-decoration: none;

padding-top: 200px;

margin-left: 150px;

width: 800px;

}

-->

</style>

</head>

<div align="center">Your email will be answered as soon as possible! <br />

You will be redirected back to Dent Empire in 4 seconds.

</div>

</body>

</html>

EOD;

echo "$theResults";

?>

Report · Dec 24, 2010

dweinin wrote:
how do I know what php version I am using?

Create a file with the script <?php phpinfo(); ?>, upload it to the server, and view it in a browser. This displays a page containing details of the server's PHP configuration. The version number is at the top. This is normally one of the first things everyone learns in PHP, so if PHP is part of the services you're selling to a client, you really need to get up to speed on the basics.

Also, my client's email is not associated with his host. My client is using a .gmail.
What are my options?

You need to ask the hosting company what its policies are regarding the use of mail(). I suspect that you will need to use an email address associated with dentempire.com. It should be possible to forward dentempire.com emails to the gmail address.

$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body,
$headers);

As I said before, the most likely reason the email is not being received is because the From header is not associated with the website's domain.

This needs to be changed to something like this:

$headers = "From:webmaster@dentempire.com\r\n";
$headers .= "Reply-to: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);

Report · Dec 23, 2010

David.

Thanks again for the heads up on the email header injection.

I came across a few solutions for this.

I am not much of a coder so I have to cut/copy/paste. Sorry.

But I found this.

function heal($str) {

$injections = array('/(\n+)/i',

'/(\r+)/i',

'/(\t+)/i',

'/(%0A+)/i',

'/(%0D+)/i',

'/(%08+)/i',

'/(%09+)/i'

);

$str= preg_replace($injections,'',$str);

return $str;

}

Which supposedly stops the spammer and sends them an error page. Would I simply put this at the end of my .php, so that it reads like the following?

<?php

echo "<pre>";exit(print_r($_POST));

/* Email Variables */

$emailSubject = 'contactformprocess!';

$webMaster = 'email@drewwimages.com';

/* Data Variables */

$email = $_POST['email'];

$name = $_POST['name'];

$phoneNumber = $_POST['phoneNumber'];

$comments = $_POST['comments'];

$body = <<<EOD

Name: $name <br>

Email: $email <br>

Comments: $comments <br>

EOD;

$headers = "From: $email\r\n";

$headers .= "Content-type: text/html\r\n";

$success = mail($webMaster, $emailSubject, $body,

$headers);

/* Results rendered as HTML */

$theResults = <<<EOD

<html>

<head>

<title>sent message</title>

<!--

body {

background-color: #444;

font-family: Verdana, Arial, Helvetica, sans-serif;

font-size: 20px;

font-style: normal;

line-height: normal;

font-weight: normal;

color: #fec001;

text-decoration: none;

padding-top: 200px;

margin-left: 150px;

width: 800px;

}

-->

</style>

</head>

<div align="center">Your email will be answered as soon as possible! <br />

You will be redirected back to Dent Empire in 4 seconds.

</div>

</body>

</html>

EOD;

echo "$theResults";

function heal($str) {

$injections = array('/(\n+)/i',

'/(\r+)/i',

'/(\t+)/i',

'/(%0A+)/i',

'/(%0D+)/i',

'/(%08+)/i',

'/(%09+)/i'

);

$str= preg_replace($injections,'',$str);

return $str;

}

?>