PHP Mailer Help

CyberDave

I have set up the following form to send mail from a website I am working on. I have set it to redirect to a thank you page if it sends and also an error page (which I have designed) if it fails.

However, it isn't working with the code below, I just get a blank page. If I remove the if (empty... parts it will send fine, but then I don't have error message if all the fields haven't been filled in.

Here is the code:

<?php
if(isset($_POST['submit'])) {

if (empty($_POST['name'])  || empty($_POST['phone'])  || empty($_POST['email'])  || empty($_POST['message']) ){

     header( "Location: form-error.php");
 }
}

$to = "me@website.ie";
$subject = "Email from Website";
$name_field = $_POST['name'];
$phone_field = $_POST['phone'];
$email_field = $_POST['email'];
$message = $_POST['message'];

foreach($_POST['check'] as $value) {

$check_msg .= "\n$value\n";

}

$body = "Name: $name_field\n\n E-Mail: $email_field\n\n Phone: $phone_field\n\n Message:\n\n $message\n\n";

$header="From: $email_field\r\n";

mail($to, $subject, $body,$header);

header("Location: thanks.php");

} else {

echo "!";

}

Adam

you're closing the first if statement after the variable check, that closing bracket shouldn't be there

CyberDave

Adam wrote: »

you're closing the first if statement after the variable check, that closing bracket shouldn't be there

I'm not sure where you mean. Can you make the change in the code and post it back in a new post? Thanks

oeb

CyberDave wrote: »

I'm not sure where you mean. Can you make the change in the code and post it back in a new post? Thanks

[PHP]
<?php
if(isset($_POST)) {

if (empty($_POST) || empty($_POST) || empty($_POST) || empty($_POST) ){
header( "Location: form-error.php");
}

$to = "me@website.ie";
$subject = "Email from Website";
$name_field = $_POST;
$phone_field = $_POST;
$email_field = $_POST;
$message = $_POST;

foreach($_POST as $value) {

$check_msg .= "\n$value\n";

}

$body = "Name: $name_field\n\n E-Mail: $email_field\n\n Phone: $phone_field\n\n Message:\n\n $message\n\n";

$header="From: $email_field\r\n";

mail($to, $subject, $body,$header);

header("Location: thanks.php");

} else {

echo "!";

}
[/PHP]

CyberDave

OK. I have got it working, but with a little help, I have to add. How can I validate it to prevent Email header injection? Thanks

<?php
$error = array();
if(isset($_POST['submit'])) {
 if (empty($_POST['name'])  || empty($_POST['phone'])  || empty($_POST['email'])  || empty($_POST['message']) ){
 $error[] = "Please fill in the all of the form fields";
 }
}

$to = "my email address";
$subject = "Email from Website";
$name_field = $_POST['name'];
$phone_field = $_POST['phone'];
$email_field = $_POST['email'];
$message = $_POST['message'];
//haven't got a clue why this loop is here so is commented out
/*foreach($_POST['check'] as $value) {
$check_msg .= "\n$value\n";
}*/
$body = "Name: $name_field\n\n E-Mail: $email_field\n\n Phone: $phone_field\n\n Message:\n\n $message\n\n";
$header="From: $email_field\r\n";
if(empty($error)){
 mail($to, $subject, $body,$header);
 header("Location: thanks.php");
 exit();
} else {
 echo "The email has not been sent:<br />";
 foreach($error as $x=>$y){
 echo $y."<br />";
 }
 //and here you can show the form to be re-submited after fixing the issues.
}
?>

Seth Brundle

I used a function before (copied from somewhere):

//anti-email injection hack
function sanitize($content){
	$find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
	$parsed = $content;
	$parsed = preg_replace($find, " ", $parsed);
	$parsed = htmlentities($parsed);
	$parsed = strip_tags($parsed);
	$parsed = stripslashes($parsed);
	$parsed = trim($parsed);
	return $parsed;
	}

$senderName = sanitize($_POST['name']);
$email = $_POST['email'];
	if (substr_count($email, 'mydomain.com') > 0)
	{header( "Location: http://www.domain.com");}


$email 			= sanitize($email);
etc.

all form fields are passed through the sanitize function

CyberDave

kbannon wrote: »

I used a function before (copied from somewhere):

//anti-email injection hack
function sanitize($content){
    $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
    $parsed = $content;
    $parsed = preg_replace($find, " ", $parsed);
    $parsed = htmlentities($parsed);
    $parsed = strip_tags($parsed);
    $parsed = stripslashes($parsed);
    $parsed = trim($parsed);
    return $parsed;
    }

$senderName = sanitize($_POST['name']);
$email = $_POST['email'];
    if (substr_count($email, 'mydomain.com') > 0)
    {header( "Location: http://www.domain.com");}


$email             = sanitize($email);
etc.

all form fields are passed through the sanitize function

Where in my code do I add it though?

Seth Brundle

I guess before the line
$body = "Name: $n....


the two lines
if (substr_count($email, 'mydomain.com') > 0)
{header( "Location: http://www.domain.com");}
were meant to see if the sender was trying to send email using your domain so change mydomain.com (and domain.com [typo]) to whatever your site is!