homepage Welcome to WebmasterWorld Guest from 54.166.53.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
sending email with php
MBAngel

5+ Year Member



 
Msg#: 4546576 posted 7:59 pm on Feb 18, 2013 (gmt 0)

guys can you take a peek at my code and help me find where I'm doing this wrong? or maybe figure out how to figure it out?

It was working and now I'm trying to add the from and reply to info to the headers. I may have fubar'd that part.

$to = "me@example.com";
$from = $_POST["name"];
$subject = "mysubject";
$reason = $_POST["reason"];
$email = $_POST["email"];
$phone = $_POST["phone"];
if ($_POST["method"] == "email")
{
$prefer = "email";
}
else
{
if ($_POST["method" == "phone"])
{
$prefer = "phone";
}
else
{
$prefer = "no preference";
}
}
$comments = $_POST["comments"];
$text = "<html><body><p>";
$text .= "From: " . $from . "<br />";
$text .= "Reason: " . $reason . "<br />";
$text .= "E-mail address: " . $email . "<br />";
$text .= "Phone: " . $phone . "<br />";
$text .= "Preferred method of contact: " . $prefer . "<br />";
$text .= "Comments: " . $comments;
$text .= "</p></body></html>";
$header .= 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header .= "From: me@example.com" . "\r\n";
$header .= "Reply-To: $email";
if ($name == "" &&($email == "" && $phone == ""))
{
$msg = "<p>Name and contact fields are required. Your information was not submitted.<br>Please try again.</p><p><a href='contact.php'>Back to form</a></p>";
}
else
{
if (mail($to,$subject,$text,$header))
{
$msg = "<p style='text-align: center; height: 350px;'>Thank you for your submission. Someone will contact you shortly.</p>";
}


[edited by: tedster at 7:59 pm (utc) on Feb 19, 2013]

[edited by: coopster at 6:45 pm (utc) on Feb 20, 2013]
[edit reason] fixed a typo [/edit]

 

tommytx

10+ Year Member



 
Msg#: 4546576 posted 9:56 pm on Feb 18, 2013 (gmt 0)

$text = "<html><body><p>";
$text .= "From: " . $from . "<br />";
$text .= "Reason: " . $reason . "<br />";

$header .= 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header .= "From: me@example.com" . "\r\n";

May not fix your problem, but its horrible programming to start the adding a lot of text to a variable with a .=, always begin the first one without the dot.... so how you correctly started the:
$text = "<html><body><p>"; correctly without the . on the first one...Do the same for the header.. as shown below...

$header = 'MIME-Version: 1.0' . "\r\n";

MBAngel

5+ Year Member



 
Msg#: 4546576 posted 10:41 pm on Feb 18, 2013 (gmt 0)

I've tried just doing this...

$header = 'From: Adventure Ropes Course' . "\r\n" . 'Reply-To: $email' . "\r\n";
$header .= "MIME-Version: 1.0\n";
$header .= "Content-type: text/html; charset=iso-8859-1";

but it doesn't seem to work either.. the email goes to someone else, but he's got an autoresponder set up, so I should get an instant autoreply if the reply to email is correct... shouldn't I?



I've tried so many variations of this code, lol, I'm fried now. (I'm not a good coder, just a mutilator with tools..) I found where my double quotes were wrong and tried to replace them too...

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4546576 posted 1:06 am on Feb 19, 2013 (gmt 0)

$header = 'From: Adventure Ropes Course' . "\r\n" . 'Reply-To: $email' . "\r\n";
$header .= "MIME-Version: 1.0\n";

It should have no effect on the execution of the code --unless you've got a persnickety mail handler-- but why are you using two kinds of line ending?

Yup, quotation marks and newlines are tricky. I remember getting bitten by that one too ;)

Are all those separate $text = statements just to make it easier for you to read and debug?

tommytx

10+ Year Member



 
Msg#: 4546576 posted 1:55 am on Feb 19, 2013 (gmt 0)

if ($name == "" &&($email == "" && $phone == ""))

You are saying if the name is blank and the email is blank and the phone is blank send a fail message... Hell that makes no sense to me...

This messes up my mind.... what would work better is below:

if ($name == "" OR $email == "" OR $phone == "") {
Send fail message
}
else
{
Lets do our thing..
}

makes more sense to me..

Basically its saying you gotta have all 3 to dance...

MBAngel

5+ Year Member



 
Msg#: 4546576 posted 1:56 am on Feb 19, 2013 (gmt 0)

lol, yeah, and for me to make sure I've got all the periods and semi colons and such.. (note I DID say I suck)

two kinds of line ending because some parts were there, I'm just trying to get the reply-to email addy to be the senders as it should be, not the web site owner's. Many tutorials show the \r\n ending. It's a linux server.. (godaddy.. shh no cursing at me, and laffin's ok as long as you don't point)

tommytx

10+ Year Member



 
Msg#: 4546576 posted 3:39 am on Feb 19, 2013 (gmt 0)

OK.. here it is.. I tested it thoroughly and it works fine. Also its in the test mode and injects the posts for test.. so be sure to remark out the test code at the top.. but leave in for T/S later.
also you need to enter your email in the to: field to see the results.. also you can turn on the troubleshooter inside if you like in the lower part of the code...


******************* Begin code **************************

<?php

// Begin Testing......
// Once testing is complete remark out this entire testing block
$_POST["name"] = "Tommy Tucker <tommy@tucker.com>";
$_POST["reason"] = "My reason is not your business.";
$_POST["email"] = "pogo@hogo.com";
$_POST["phone"] = "123-456-5432";
$_POST["method"] = "email";
$_POST["comments"] = 'Please visit my site when you are ready to purchase.<br><b><font color="green"> You can visit my site at</b></font> <a href="http://www.example.com">here</a>. Could you do that for me please?';
// End Testing......






// Place your email here so that you will receive the response.
$to = "me@example.com";


$from = $_POST["name"];
$subject = "mysubject";
$reason = $_POST["reason"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$comments = $_POST["comments"];
$name = $_POST["name"];


if ($_POST["method"] == "email")
{
$prefer = "email";
}
else
{
if ($_POST["method" == "phone"])
{
$prefer = "phone";
}
else
{
$prefer = "no preference";
}
}
$comments = $_POST["comments"];
$text = "<html><body><p>";
$text .= "From: " . $from . "<br />";
$text .= "Reason: " . $reason . "<br />";
$text .= "E-mail address: " . $email . "<br />";
$text .= "Phone: " . $phone . "<br />";
$text .= "Preferred method of contact: " . $prefer . "<br />";
$text .= "Comments: " . $comments;
$text .= "</p></body></html>";
$header .= 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header .= "From: " . $from . "\r\n";
$header .= "Reply-To: $email";


// Remove quotes below during testing..if you like.
// Use to view that correct data is being sent.
// print "$email<br>";
// print "$text<br>";
// print "<br><br><br>";
// print "$header<br>";

// Used to test a fail below..
// By removing one "" at a time you can see the failure.
// $name = "";
// $phone = "";
// $email = "";


// Go here if name, phone, or email is missing.
if (!$name OR !$phone Or !$email) {
$msg = "<p>Name and contact fields are required. Your information was not submitted.<br>Please try again.</p><p><a href='contact.php'>Back to form</a></p>";
echo "$msg<br>";
exit;
}


// Go here if all is well...
if (mail($to,$subject,$text,$header))
{
$msg = "<p style='text-align: center; height: 350px;'>Thank you for your submission. Someone will contact you shortly.</p>";
echo "$msg<br>";
}

?>
**************** End Code *******************

[edited by: tedster at 8:02 pm (utc) on Feb 19, 2013]
[edit reason] switch URL to example.com [/edit]

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4546576 posted 10:15 am on Feb 19, 2013 (gmt 0)

You've got a bunch of security issues as well.

input validation is mostly missing and it is quite important.
E.g.
- variables that you enter in a mail encoded as ISO-LATIN-1, need to be valid strings in that encoding.
- using "==" to check if a variable of unknown origin is equal to a string is dangerous in PHP: always use "===" to make sure the types of the variables are also equal as automatic conversion happens otherwise with surprising results. (e.g. a string being "equal" to the number 0.)
- input you use as email address: it better be a valid email address
- input you use in header lines for email: it better not have things like newlines in it now would it. (or other control characters)

also output filtering seems like a good idea:
- since you're going to look at the email parsing it as html: I'd strip it so it doesn't contain html (using e.g. htmlentities() on things like comment fields.

If you don't want to bother, be aware that hackers out there are *very* interested in converting your script into a gateway to send spam around the world - by the zillions. And failing that, they'll happily settle for spamming you and/or "owning" you.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved