homepage Welcome to WebmasterWorld Guest from 54.226.173.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Help with PHP script not working properly
Developed form and PHP, but it's not functioning...
louisvilleweb




msg:4349277
 2:52 am on Aug 9, 2011 (gmt 0)

I've created a form in HTML (index.html) and then a php file to execute the form submission (articledownload.php). The problem is that when I fill out the form and submit it, I get the error message of "We encountered an error sending your mail, please notify user@mysite.com"

Could someone please take a gander at my HTML/PHP to see what might be causing this issue that has me beating myself upside the head?!

HTML on index.html:

<label for="firstname"></label>
<input name="firstname" type="text" id="firstname" size="20" />
<br />
Last Name
<label for="lastname"></label>
<input name="lastname" type="text" id="lastname" size="20" />
<br />
Email<br />
<label for="email"></label>
<input name="email" type="text" id="email" size="20" />
</h2>
<h2>
<input type="submit" name="submit" id="submit" value="Download" />
</h2>
</form>


PHP (articledownload.php:

<?php
$to ='myemailaddress@mysite.com';
$from = $_REQUEST['firstname'] ;
$name = $_REQUEST['lastname'] ;
$name = $_REQUEST['email'] ;
$headers = "From: $from";
$subject = "Article Download Subscriber";

$fields = array();
$fields{"firstname"} = "First Name";
$fields{"lastname"} = "Last Name";
$fields{"email"} = "Email Address";

$body = "This person just downloaded our e-article from the homepage:\n\n"; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); }

$headers2 = "From: noreply@mysite.com";
$subject2 = "Thank you for downloading our e-article";
$autoreply = "Thank you for downloading our article. If for some reason you were not automatically directed to the location of the article, you can find the article by visiting this link: http://www.mysite.com/site/articledownload.html";

if($from == '') {print "You have not entered a first name, please go back and try again";}
else {
if($name == '') {print "You have not entered a field properly, please go back and try again";}
else {
$send = mail($to, $subject, $body, $headers);
$send2 = mail($from, $subject2, $autoreply, $headers2);
if($send)
{header( "Location: http://www.mysite.com/site/articledownload.html" );}
else
{print "We encountered an error sending your mail, please notify user@mysite.com"; }
}
}
?>

 

louisvilleweb




msg:4349454
 12:49 pm on Aug 9, 2011 (gmt 0)

Also, I'm a newb. If there are any additions to this script that would help with spam protection, I would greatly appreciate the insight.

Thanks,
Matt

rocknbil




msg:4349571
 4:54 pm on Aug 9, 2011 (gmt 0)

Your first problem is here:

$from = $_REQUEST['firstname'] ;
$name = $_REQUEST['email'] ;

This puts the name as the from email address, it will never send. Try switching those two:

$from = $_REQUEST['email'] ;
$name = $_REQUEST['firstname'] ;

Then change this

$headers = "From: $from";

to this

$headers = "From: \"$name\" <$from>\r\n";

The newlines are important. You should probably echo out all the values and exit to make sure it's right, you should have something like this:

From: "John" <john@example.com>
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1

The last two are for HTML emails, you can remove them for plain text.

Second there is no mail for $send2, but guessing you just stopped there because $send wasn't working.

As for spam protection, you need to start with injection protection - you are using raw uncleansed input directly in your program. Suppose I could do "something like" this:

firstname="john&amp;email=here@example.com\r\nBCC:spam-address1@example.com;spam-address2@example.com;spam-address3@example.com;spam-address4@example.com\r\n

I've just created my own BCC header and used your form to spam 4 addresses (potentially thousands.) Although as posted this is impossible, you get the drift - follow Selena Sol's mantra:

Every user input is a potential hack.

And the corollary, accept only what you want and throw everything else away.

This is a bit complex to cover in one post, but you'll use a variety of methods, including regular expression replacements, to filter all input to make sure it's what you expect - the most important, of course, is the email address itself, there should be only one, and it should match an acceptable email pattern.

Once your input is relatively clean, you can use the same approach against spammers to avoid the dreaded captcha. The most common attack is "link spamming" - there's a link below that shows how you do that.

I also advise to log every input within the script - this is different than access logs, just log everything that is being sent to your program. When trouble arises, you'll have something to look at to see what they are up to.

Get it working first, log everything first, cleanse your input, then filter for spam, if it's all clean **then** send the mail.

See my post here to help [webmasterworld.com]

louisvilleweb




msg:4352756
 4:17 pm on Aug 17, 2011 (gmt 0)

rocknbil, thanks so much for your thorough reply. I made the changes you recommended about the modification of the $from/$name/$headers and the form is then sending the information to the person who filled out the form (hooray!); however, it is not being sent to myemailaddress@mysite.com with the form information. I'm still befuddled by the other recommendations - I'm sure that probably will iron out my issues. Namely, I don't know what you mean about "there is no mail for $send2".

Can you or some other kind ninja out there help me figure out what I am missing that is keeping me from receiving the form's input info to my email address?

Thanks!

coopster




msg:4353064
 12:54 pm on Aug 18, 2011 (gmt 0)

Have you tried sending it to just yourself first? You can narrow down whether or not it is your email or your process. If it is working for one try just one again but this time your own email address.

louisvilleweb




msg:4353177
 5:16 pm on Aug 18, 2011 (gmt 0)

Yes, I filled out the form myself with my email address. It sent the confirmation email to me correctly but it did not send an email to the site owner with the information I sent when submitting the form.

louisvilleweb




msg:4353242
 8:29 pm on Aug 18, 2011 (gmt 0)

Anyone care to share their simple HTML/PHP script that works properly and has spam protection built in? Perhaps this would give me the push in the right direction that I need.

coopster




msg:4354302
 7:13 pm on Aug 22, 2011 (gmt 0)

Namely, I don't know what you mean about "there is no mail for $send2".


This is why, you need to have a closer look at what you are populating that variable with ... namely no email.
$send2 = mail($from, $subject2, $autoreply, $headers2);

Print each of these variables out and exit your script before sending the email and have a closer look at what values are in each variable. Compare that to the mail() functions expected parameter values and see if you spot the problem.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved