However...a weird issue has just been brought up. I have three people saying that when they use it, if they are the recipient of the email, they are sent anywhere from 5-20 copies of the email. These are also sent anywhere from immediately to up to 30 minutes after the email was originally sent from the site.

I cannot replicate this. For me, it does exactly what it's supposed to do - and I've tried it on 2 different servers. I sent the link to some people on a wen design group I belong to, and I've gotten almost 7 responses so far. 6 of them have the same experience I do - they get 1 email, just like they're supposed to. but one of them has received 14 copies of it in the last 15 minutes (so far).

I have absolutely no idea what could be causing this. I would like to rule out that it is, in fact, my script that's causing the error, and know that it's some setting in their servers that's doing it. So I was hoping some of you could take a look at my code, and tell me if you see anything that could cause this?

I'm using WordPress for the site, and this is a custom function written. The form is also using a jQuery toggle display to show/hide the form on the site - but it's not actually used within the form scripting at all - but I thought I'd mention it, just in case. Sorry it's so long (it really is long!) I'll cut out what I can...

function hdist_STF() {
// draw the form ?>
<div class="offDiv">
<a class="showLink" href="#">Send this post to a friend?</a>
<a class="hideLink" href="#">Send this post to a friend? &nbsp; X</a>

<div class="show-hide">
<small>All fields are required, but you can use secret spy names in place of your own if you are shy
or need to keep a secret. For the record, we DO NOT harvest these emails - we'll never even know
you were here.</small>

<form method="post" action="<?php echo $PHP_SELF ?>" id="hdistSTF">

<div class="form_field">
<span class="fieldname">Your Name:</span>
<input class="form" type="text" name="fromname" value="<?php $fromname ?>" />
<hr />
</div>

<div class="form_field">
<span class="fieldname">Your e-Mail:</span>
<input class="form" type="text" name="fromemail" value="<?php $fromemail ?>" />
<hr />
</div>

<div class="form_field">
<span class="fieldname">Friend's Name:</span>
<input class="form" type="text" name="toname" value="<?php $toname ?>" />
<hr />
</div>

<div class="form_field">
<span class="fieldname">Friend's e-Mail:</span>
<input class="form" type="text" name="toemail" value="<?php $toemail ?>" />
<hr />
</div>

<div class="form_field">
<span class="fieldname">Want to add a message?</span>
<textarea rows="4" cols="10" name="comments"><?php echo $comments ?></textarea>
<hr />
</div>

<div align="center">
<label for="surprise" title="This field is to help prevent spam. Please do not place any input in this field. Doing so will cause the form stop functioning.">
<input id="surprise" class="surprise" type="text" name="surprise" value="<?php stripSlashes($surprise) ?>" /></label>
<input type="hidden" name="action" value="sendmail" />
<input class="button" type="submit" value="Submit" />
</div>
</form>
</div>
</div>
<?php
// thank you message
$thanks .= "<p class=\"thankyou\">";
$thanks .= "Thanks! The notification has been sent.";
$thanks .= "</p>";

// get the Page URL
$pageURL = "http://" . $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];

// get the individual post URL
$postURL = get_permalink($np->ID);

// start the script
foreach($_POST as $k => $v);
$_POST[$k] = htmlentities($v);

isset($_POST['action']) ? $action = $_POST['action'] : $action = '';
isset($_POST['fromname']) ? $fromname = $_POST['fromname'] : $fromname = '';
isset($_POST['fromname_error']) ? $fromname_error = $_POST['fromname_error'] : $fromname_error = '';
isset($_POST['fromemail']) ? $fromemail = $_POST['fromemail'] : $fromemail = '';
isset($_POST['fromemail_error']) ? $fromemail_error = $_POST['fromemail_error'] : $fromemail_error = '';
isset($_POST['toname']) ? $toname = $_POST['toname'] : $toname = '';
isset($_POST['toname_error']) ? $toname_error = $_POST['toname_error'] : $toname_error = '';
isset($_POST['toemail']) ? $toemail = $_POST['toemail'] : $toemail = '';
isset($_POST['toemail_error']) ? $toemail_error = $_POST['toemail_error'] : $toemail_error = '';
isset($_POST['comments']) ? $comments = $_POST['comments'] : $comments = '';
isset($_POST['comments_error']) ? $comments_error = $_POST['comments_error'] : $comments_error = '';
isset($_POST['surprise']) ? $surprise = $_POST['surprise'] : $surprise = '';
isset($_POST['surprise_error']) ? $surprise_error = $_POST['surprise_error'] : $surprise_error = '';
isset($_POST['error']) ? $error = $_POST['error'] : $error = '';
isset($_POST['injection_error']) ? $injection_error = $_POST['injection_error'] : $injection_error = '';
isset($_POST['send']) ? $send = $_POST['send'] : $send = '';

if ($action == "sendmail") {

if ($fromname == "") {
$fromname_error = "1";
$send = "no";
}

if (!ereg('^[-!#$%&\'*+\./0-9=?A-Z^_`a-z{¦}~]+'.'@'.'[-!#$%&\'*+\/0-9=?A-Z^_`a-z{¦}~]+\.'.'[-!#$%&\'*+\./0-9=?A-Z^_`a-z{¦}~]+$', $fromemail) ¦¦ ereg("'", $fromemail)) {
$fromemail_error = "1";
$send = "no";
}

if ($toname == "") {
$toname_error = "1";
$send = "no";
}

if (!ereg('^[-!#$%&\'*+\./0-9=?A-Z^_`a-z{¦}~]+'.'@'.'[-!#$%&\'*+\/0-9=?A-Z^_`a-z{¦}~]+\.'.'[-!#$%&\'*+\./0-9=?A-Z^_`a-z{¦}~]+$', $toemail) ¦¦ ereg("'", $toemail)) {
$toemail_error = "1";
$send = "no";
}

if ($surprise != "") {
$surprise_error = "1";
$send = "no";
}

if ($send == "no") {
$error = "1";
echo "<span class=\"error\"><strong>Invalid input was entered, or you left something blank.</strong><br />";
echo "Go ahead and give it another shot. To help you find your boo-boo, we listed what was wrong below.<br /><br /></span>";
if ($surprise_error == "1") {echo "<span class=\"error sub\"><strong>Spammy activity</strong> was detected. If you feel this was in error, please check your entries and try again.<br /></span>"; }
if ($fromname_error == "1") { echo "<span class=\"error sub\"The entry for <strong>your name</strong> was invalid.<br /></span>"; }
if ($fromemail_error == "1") { echo "<span class=\"error sub\">The entry for <strong>your email</strong> was invalid.<br /></span>"; }
if ($toname_error == "1") { echo "<span class=\"error sub\">The entry for <strong>your friend's name</strong> was invalid.<br /></span>"; }
if ($toemail_error == "1") { echo "<span class=\"error sub\">The entry for <strong>your friend's email</strong> was invalid.<br /></span>"; }
if ($comments_error == "1") { echo "<span class=\"error sub\"><strong>Your message</strong>has some invalid stuff in it, wanna try again?<br /></span>"; }
return;
}

$find = array("/\r/", "/\n/", "/bcc\:/i", "/Content\-Type\:/i", "/cc\:/i", "/to\:/i", "/http\:/i");
$test_fromname = preg_replace($find, "", $fromname);
$test_toname = preg_replace($find, "", $toname);
$test_comments = preg_replace($find, "", $comments);

if ( ($fromname != $test_fromname) ¦¦ ($toname != $test_toname) ¦¦ ($comments != $test_comments) ) {
$error = "1";
$injection_error = "1";
echo "<span class=\"error\">A <strong>form mail injection attempt</strong> was detected. If you feel this was in error, please check your entries and try again.</span>";
return;

} else {

$subject = "An email from " . $fromname;
$message = nl2br("
$toname,
You have been sent something very special from [website name here].

To watch it:

<a href=\"$postURL\">$postURL</a>

$fromname also sends a personal message:
$comments

");
$message = stripSlashes($message);

$mailheader = "From: $fromname <$fromemail>\nContent-Type: text/html";
mail("$toname <$toemail>", "$subject", "$message", "$mailheader");
}

{
echo $thanks;
return;
}

} // end "action = sendmail" section

} // end "Send to Friend"

*Any* help deciphering what could be causing this would be really appreciated. Thanks!