Contact Form...

carlitos4christ

I am in dire need of some help :eek: ...

I built this website for a friend of mine and the contact page works on my server (hosted by: ipowerweb.com) however, when I put it on his host (web.com) it does not work and comes back with this error:

Warning: mail(): SMTP server response: 553 5.3.0 <me@localhost.com>... DISCARD Spam Relay in \atl.hosting.int\storage\IPSWX0005ATL2\user854428\www\test\contact.php on line 18
Thank you. We will be contacting you soon.

According to their (web.com) technical support they say there is an error in my code. My php file contains the following code(I changed my email address for privacy reasons):

<?
$subject="from ".$GET['your_name'];
$headers= "From: ".$GET['your_email']."\n";
$headers.='Content-type: text/html; charset=iso-8859-1';
mail("myemail@email.com", $subject, "
<html>
<head>
<title>CCUA Submission Received</title>
</head>
<body>

<br>
".$GET['your_name']." <br />
".$GET['phone']."<br />
".$_GET['message']."<br />
</body>
</html>" , $headers);
echo ("Thank you. We will be contacting you soon.");
?>
<script>
resizeTo(300, 300)
//window.close()
</script>

How can I get rid of this error? Any suggestions? Can u help me get around this error? 😕
The contact page is located at: www.ccua.us/test/contact.html

Thank you so much.

Horizon88

From the error, I'd say you're trying to send email from "me@localhost.com" which is invalid. Try setting From: and Reply-To: to valid email address on that domain (eg, mailer@ccua.us; after you create that account) and see if it still does it.

Also, you shouldn't use <? ?> short-tags, they've been bad practice for quite some time.

bradgrafelman

As noted, you should use your own email (or a valid email address on your server) as the From: and Reply-To: headers, otherwise you're allowing the origin of the email to be spoofed which will a) most likely cause many spam filters to flag your message, and b) cause problems with many MTA's (as you're experience right now, actually).

Also not that the line endings to separate headers is a CRLF, that is "\r\n" in PHP code (well, it's that way for MTA's that follow the rules... unless your host is using a poorly-designed MTA, the CRLF line ending should work); more information on this can be found in the manual: [man]function.mail[/man].

EDIT: Also, while we're on the topic of bad practices... in your present code, you're allowing users to insert information directly into the headers of the e-mail without any form of validation or sanitization, meaning they can add whatever headers they want. They could change the from address, subject and message and then send the e-mail out that they have composed to thousands of people (or until your host notices the flood of email traffic and suspends your account).

Long story short... sanitize the input - stripping new lines should be all you need, depending on the header you're allowing them to specify.

carlitos4christ

🙂 Hey thanks so much for all of those who replied. I was amazed at which wealth of information you had.

I, unfortunately:o , am not as advanced in PHP as you are and so I got the contact form somewhere online and it was one of the first contact forms that worked for me. So I was like finally YAY! But I can see where you are coming from. I do have HTML and XHTML and CSS experience, however, I am lacking in the PHP department (hence why I got the stuff from online and virtually set ourselves up for some bad things). Is there a book or a website that is legit and that you can recommend to me that will help me with some of the database part of things. I am more of a visual learner than a reader...but I'm really wanting to learn this stuff.

Any suggestions?

Again, thanks so much. What do you think about response-o-matic? I purchased their services as a temporary solution and it seems to work on the website I am working with. Would this be okay?

Horizon88

I'm pretty much all self-taught from the docs at www.php.net . I hear there are some excellent books out that others may be able to recommend. The best way to learn, though, is to get your hands down into the code and see what works and what doesn't. Keep trying that, and come back here with other questions. 😃