I'm going FORM crazy!

MKDale

Hello...

I am using the PHP form (in blue) below on a website I maintain and for the most-part it works very well. However, I keep receiving the same server generated, message below (in red) at random intervals and no matter what I do I can seem to stop this from happening. I have spoken to the server host about this error message and although they were not much help they did confirm that the error email is coming from them BUT that I can avoid it by adjusting my code. I am not sure how to adjust the existing PHP without completely starting over and finding new code. Can anyone help with this? More info available, if needed... THANKS!

INFOREQUEST.PHP ---

<form action="sendeail.php" method="post" target="_blank">

<!-- DO NOT change ANY of the php sections -->
<?php
$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
?>

<input type="hidden" name="ip" value="<?php echo $ipi ?>" />
<input type="hidden" name="httpref" value="<?php echo $httprefi ?>" />
<input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" />
<table width="589" height="34">
  <tr>
    <td height="26" align="center" valign="baseline" class="body" id="body"><input name="visitormail" type="text" value="(Email Address)" size="25" maxlength="100" />      <input type="submit" class="body" value="Sign up for our Newsletter!" /></td>
    </tr>
</table>
<br />
</form>

SENDEAIL.PHP-----

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>GGOT Newsletter Sign Up</title>
<style type="text/css">
<!--
body {
    background-color: #FDF21C;
}
-->
</style></head>
<body>

<!-- Reminder: Add the link for the 'next page' (at the bottom) -->
<!-- Reminder: Change 'YourEmail' to Your real email -->

<?php

$ip = $_POST['ip'];
$httpref = $_POST['httpref'];
$httpagent = $_POST['httpagent'];
$visitor = $_POST['visitor'];
$visitormail = $_POST['visitormail'];
$attn = $_POST['attn'];


if (eregi('http:', $notes)) {
die ("Do NOT try that! ! ");
}
if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,".")))
{
echo "<h2>Use Back - Enter valid e-mail</h2>\n";
$badinput = "<h2>Feedback was NOT submitted</h2>\n";
echo $badinput;
die ("Go back! ! ");
}

$todayis = date("l, F j, Y, g:i a") ;

$attn = $attn ;
$subject = $attn;

$notes = stripcslashes($notes);

$message = " $todayis [EST] \n
From: $visitor ($visitormail)\n
Additional Info : Sign me up for the newsletter... please.
";

$from = "From: $visitormail\r\n";

mail("clientemailaddress@gmail.com", $subject, $message, $from);
?>

<p align="center">Got it! The latest edition of our newsletter will arrive in your inbox shortly.
  <br />
Thanks for your support!
<br />
<br />
<a href="http://www.ggontour.com"> Back </a></p>
</body>

EMAIL ERROR MESSAGE:

From: example@example.com
Subject:

Date: August 27, 2010 9:31:04 PM PDT
To: example2@example.com

Body of Email:
Friday, August 27, 2010, 9:31 pm [EST]

From: ()

Additional Info : Sign me up for the newsletter... please.

bpat1434

Look quickly, you're using data in the $_POST array that isn't in the form. Specifically:

$POST['visitor'] and $POST['attn'].

Also, this line:

if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,".")))

has some logic issues. Read it out loud to yourself and think about it. It should sound something like this:

If 'Not $visitormail' is empty AND ($visitormail doesn't contain an '@' or $visitormail doesn't contain a '.'

If I were to rewrite it, I would probably tell you to use a try / catch statement to simplify things. Something like:

$ip = $_POST['ip'];
$httpref = $_POST['httpref'];
$httpagent = $_POST['httpagent'];
$visitor = $_POST['visitor'];
$visitormail = $_POST['visitormail'];
$attn = $_POST['attn']; 

try
{
if(empty($visitormail))
{
    throw new Exception ("Missing email address");
}

if(
    ($offset = strpos($visitormail, "@")) === false ||
    strpos($visitormail, ".", $offset) === false
)
{
    throw new Exception ("Invalid email address format.");
}

$todayis = date("l, F j, Y, g:i a") ;

$attn = $attn ;
$subject = $attn;

$notes = stripcslashes($notes);

$message = " $todayis [EST] \n
From: $visitor ($visitormail)\n
Additional Info : Sign me up for the newsletter... please.
";

$from = "From: $visitormail\r\n";

mail("clientemailaddress@gmail.com", $subject, $message, $from);

}
catch(Exception $e)
{
// Output generic headers
echo "<h2>Use Back - Enter valid data</h2>
<h2>Feedback was NOT submitted</h2>\n";

// Output the error message
echo $e->getMessage();


echo "Go Back! !";

// Stop all execution
exit;
}

Hope that helps.

johanafm

Also, the ereg functions have been deprecated and should not be used. Use preg instead. I also added an optional s (0 or 1 occurences) to the pattern to match both http and https:, as well as the slashes since http: should be no problem. But I did not see where $notes come from or where it is used

if (preg_match('#https?://#i', $notes))