Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help with PHP mail form

    This is what I have for a PHP mail form from my website. The only issue is, that when I get the email, it shows "from my server". What would I change below to have the email show "from" as what the user enters in their email"? (also is there a way for the sending person's IP address to be attached to the form?

    PHP Code:
    <?php

    $where_form_is
    ="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

    session_start();
    if( (
    $_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) { 
    mail("info@computerservice.com","Form submission","Form data:

    First Name: " 
    $_POST['field_1'] . 
    Last Name: " 
    $_POST['field_2'] . 
    City: " 
    $_POST['field_3'] . 
    State: " 
    $_POST['field_4'] . 
    Email Address: " 
    $_POST['field_5'] . 
    Mobile Phone Number: " 
    $_POST['field_6'] . 
    Alternate Phone Number: " 
    $_POST['field_7'] . 
    Type of Computer: " 
    $_POST['field_8'] . 
    Manufacturer / Brand / Make: " 
    $_POST['field_9'] . 
    Model Name & Number: " 
    $_POST['field_10'] . 
    Operating System: " 
    $_POST['field_11'] . 
    32 Bit or 64 Bit?: " 
    $_POST['field_12'] . 
    Detailed Description of Problem: " 
    $_POST['field_13'] . 


     Powered by Computer Service.
    "
    );

    include(
    "confirm.html");
    }
    else {
    echo 
    "Invalid Captcha String.";
    }

    ?>
    Last edited by italy; 12-18-2010 at 04:57 PM.

  • #2
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,472
    Thanks
    71
    Thanked 104 Times in 103 Posts
    PHP Code:
    <?php

    $where_form_is
    ="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

    session_start();
    if( (
    $_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) {
    mail("info@computerservice.com","Form submission","Form data:

    First Name: " 
    $_POST['field_1'] . "
    Last Name: " 
    $_POST['field_2'] . "
    City: " 
    $_POST['field_3'] . "
    State: " 
    $_POST['field_4'] . "
    Email Address: " 
    $_POST['field_5'] . "
    Mobile Phone Number: " 
    $_POST['field_6'] . "
    Alternate Phone Number: " 
    $_POST['field_7'] . "
    Type of Computer: " 
    $_POST['field_8'] . "
    Manufacturer / Brand / Make: " 
    $_POST['field_9'] . "
    Model Name & Number: " 
    $_POST['field_10'] . "
    Operating System: " 
    $_POST['field_11'] . "
    32 Bit or 64 Bit?: " 
    $_POST['field_12'] . "
    Detailed Description of Problem: " 
    $_POST['field_13'] . "


    Powered by Computer Service.
    "
    );

    include(
    "confirm.html");
    }
    else {
    echo 
    "Invalid Captcha String.";
    }

    ?>

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Welcome to the forums; in the future please wrap your code with [code][/code] or [php][/php] tags to preserve your formatting. This is short so its easy to read, though so its not a big problem with this.

    First thing I'd do is create variables for what you want to use. It will make the mail command appear shorter so its easier to pass in:
    PHP Code:
    $to 'info@computerservice.com';
    $subject 'Form submission';
    $body "Form data:

    First Name: " 
    $_POST['field_1'] . "
    Last Name: " 
    $_POST['field_2'] . "
    City: " 
    $_POST['field_3'] . "
    State: " 
    $_POST['field_4'] . "
    Email Address: " 
    $_POST['field_5'] . "
    Mobile Phone Number: " 
    $_POST['field_6'] . "
    Alternate Phone Number: " 
    $_POST['field_7'] . "
    Type of Computer: " 
    $_POST['field_8'] . "
    Manufacturer / Brand / Make: " 
    $_POST['field_9'] . "
    Model Name & Number: " 
    $_POST['field_10'] . "
    Operating System: " 
    $_POST['field_11'] . "
    32 Bit or 64 Bit?: " 
    $_POST['field_12'] . "
    Detailed Description of Problem: " 
    $_POST['field_13'] . "


    Powered by Computer Service"
    ;

    mail($to$subject$body); 
    Ok, the fourth parameter in the mail command is additional headers. This is where you want to change your 'from' address:
    PHP Code:
    // above stuff minus the mail call
    $headers 'From: youraddress@site.com';
    // $headers is a string, concatenate what you need with a \r\n ending value.  \r\n must be 
    // in double quotations to be considered a linefeed otherwise its the literal characters

    mail($to$subject$body$headers); 
    Finally, you'll want some validation as well. Never trust any input that comes from a user, ever. Select, radio, checkboxes and similar 'static-y' type inputs can be overridden from the client html as well. Here is a quick search on google to help lead you to some reading on that: http://www.google.ca/search?q=php+mail+security

    To use the provided address, retrieve the $_POST['usersubmittedemailaddress'] or whatever you called it for the $headers From field.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #4
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you so much!

  • #5
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The only thing I don't see, how can I have it come from the form, field_5?

  • #6
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Under the $to section, if I want to send a BCC, how do I do that?

  • #7
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, in order to protect the script, where would I add this to the script I posted?

    if ( preg_match( "/[\r\n]/", $name ) || preg_match( "/[\r\n]/", $email ) ) {

    [... direct user to an error page and quit ...]

    }

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Quote Originally Posted by italy View Post
    The only thing I don't see, how can I have it come from the form, field_5?
    PHP Code:
    $headers 'From: ' $_POST['field_5']; 
    Remember to read up on how to prevent injections to your mail, that is beyond the scope of this discussion. You may want to consider using more obvious names for your html fields as well; field_x isn't very descriptive.

    Quote Originally Posted by italy View Post
    Under the $to section, if I want to send a BCC, how do I do that?
    You don't, Bcc is not a to address. Add an additional header instead:
    PHP Code:
    $headers 'From: ' $_POST['field_5'] . "\r\n";
    $headers .= 'Bcc: address@host.com'
    Check with the documentation on the mail command here: http://php.ca/manual/en/function.mail.php
    It has many useful examples for how to add things to the mail.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #9
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi, thank you so much for your help.

    I reviewed the documentation. I am not sure how to add the protection to the script I have above. Any way you can help me with this?

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    filter_var is a new feature in PHP 5.2 that includes several types of validation and verification techniques. Its probably the easiest to use with email addresses (there is a filter just for email's).
    The body is a whole different story. You need to strip out anything unwanted (html for example), and you must remove things like linefeeds from the input. You don't need to check if its there already, you can use a simple str_replace or preg_replace. Try to disallow the < and > characters as well, if you want to allow html input ensure you use a strip_tags and add in the tags you want to allow. This will help prevent JS embedding, and email address masking (less important on a send-to without the ability to rewrite the to address).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •