Email stupidity

rugbyplayer9

After casually saying i could do something for a friend of my Dads... it turns out i dont remember as much from uni as i thought.

Ultimately i want to make a form with drop downs etc... which i have managed to do. but its the emailing bit. I have found a few bits of code online and its seams t work, but then nothing happens and no email. HELP!

<form method="post" action="sendmail.php">
Email: <input name="email" type="text" /><br />
Message:<br />
<textarea name="message" rows="15" cols="40">
</textarea><br />
<input type="submit" />
</form>

then

<?
$email = $REQUEST['email'] ;
$message = $REQUEST['message'] ;

mail( "paul@pkeen.co.uk", "Feedback Form Results",
$message, "From: $email" );
header( "Location: http://www.gdisigns.net/enq/thankyou.html" );
?>

it takes me to the thanks page... but then i sit there like biljly nomats wth no email. the people providing the hosting have said php is enabled. what am i doing wrong?

cheers

stolzyboy

comment out the header() redirect and put a die() statement in there... i've experience it a few times where the header() hits before previous commands fire off...

have you tried different email addresses?

rugbyplayer9

i have removed the header re-direct... but a die statement?

and i have tried different email addresses

NogDog

In most case the "From:" header must be a valid email address on the server, thus you cannot use the email provided by the user. You will probably need to hard-code a From: address, then make the user's address a "Reply-To:" header:

$headers = "From: valid@yoursite.com\r\n";
$headers .= "Reply-To: " . $_REQUEST['email'] . "\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();
$result = mail("paul@pkeen.co.uk", "Feedback Form Results",
$message, $headers);
if(!$result)
{
   die("An error occurred while trying to send the email.");
}

Also, as currently implemented, this is susceptible to email header injection attacks. I would at a minimum suggest adding the following before sending the email:

if(preg_match('/[\r\n]/', $_REQUEST['email']))
{
   die("Invalid email address, possible email header injection attack");
}

stolzyboy

didn't even catch the "from" issue... yes, just use your own email address for the from...

and a die(), yes... just to see what's going on... it's useful for troubleshooting to kill the script to see what's going on

rugbyplayer9

ok so how about if i use

<?
$email = $REQUEST['email'] ;
$message = $REQUEST['message'] ;

mail( "paul@pkeen.co.uk", "Feedback Form Results",
$message, "From: email@domainofwebsite" );

$headers = "From: valid@yoursite.com\r\n";
$headers .= "Reply-To: " . $_REQUEST['email'] . "\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();
$result = mail("paul@pkeen.co.uk", "Feedback Form Results",
$message, $headers);
if(!$result)
{
die("An error occurred while trying to send the email.");
}

if(preg_match('/[\r\n]/', $_REQUEST['email']))
{
die("Invalid email address, possible email header injection attack");
}
?>

or have i lost the plot?

rugbyplayer9

<?php
mail('recipient@some.net', 'Subject', 'Your message here.');
?>

if i save this to the server and then navigate to it should it send me an email? assuming i change the address to mine? as this is not my web server i am wondering if it is setup to send emails via PHP. if not, what is the simplest PHP email i could send to check if the site will work before i blame my stupidity

cheers

NogDog

<?php
/**
* simple test mail script
*/

// make sure all errors are displayed:
ini_set('display_errors', 1);
error_reporting(E_ALL);

// send mail:
$result = mail(mail('recipient@some.net', 'Subject', 'Your message here.', 'webmaster@thissite.com');
if(!$result)
{
   echo "<p>mail() failed. If you're lucky, some sort of error message was displayed above this message.</p>";
}
else
{
   echo "<p>As far as PHP knows, mail() worked OK.</p>";
}

rugbyplayer9

i added the >? to finish the php off but when i run it i just get a blank page saying done.

www.gdisigns.net/enq/php.php shows you all the info about the server. perhaps something is not setup right?

NogDog

There's a bit of a syntax error in my code: I typed "mail(mail(" for some reason. The corrected (and tested) code:

<?php
/**
* simple test mail script
*/

// make sure all errors are displayed:
ini_set('display_errors', 1);
error_reporting(E_ALL);

// send mail:
$result = mail('recipient@some.net', 'Subject', 'Your message here.', 'webmaster@thissite.com');
if(!$result)
{
   echo "<p>mail() failed. If you're lucky, some sort of error message was displayed above this message.</p>";
}
else
{
   echo "<p>As far as PHP knows, mail() worked OK.</p>";
}

Be sure to change the "webmaster@thissite.com" to be a valid email address on your web server.

rugbyplayer9

Ok, so i get the message that as far as PHP knows the email was sent ok. but still no email arriving and i have tried sending it to three different addresses.

I am wondering if the email i am trying to send from is valid for the web server as its paid for hosting. I will need to check with the provider tomorrow. but the address i am using is definately valid as the person i am doing this work for uses that address.

is there anyway around the address having to be valid? when the email comes in its not a problem that they cant just reply to the user/customer.

NogDog

Using the user's email in a "Reply-To:" header allows you to reply to the user instead of the "From:" address. In most cases, you need the from address to be a valid address on the sending server, or else it will reject it as an attempt to relay mail through it (a favorite trick of spammers to try to hide the actual source of the email).

Unfortunately, such errors are not always trappable within the script (or at least not easily so). You may need to check server logs or see if any return messages were sent to your default mail account on the server.

rugbyplayer9

so after talking to the peopledoing the hosting I will need to send the emails via SMTP

they have setup an email account and given me the details. But i am not really sure how to bring it all together now.

stolzyboy

rugbyplayer9 wrote:
ok

so after talking to the peopledoing the hosting I will need to send the emails via SMTP

they have setup an email account and given me the details. But i am not really sure how to bring it all together now.

who's the host so i know not to use then... you can't use PHP to send emails, lame...

i'd find a different one...

stolzyboy

rugbyplayer9

possibly didnt explain that very well. i can use PHP but need to use SMTP with it. all slowly escalating out of my knowledge

bpat1434

Look up and at HTMLMimeMail (google for it) as it's an SMTP class that seems to work very well....