email contact form

wortmann

Hello all,

i've bee trying to get my contact form to work but somehow i'm not getting the emails send back to me.
Any chance you can have a look?
contact page: dsign.ie/contact.html
the php script:

<html>
 <body>
 <?php
 function spamcheck($field)
   {
   //filter_var() sanitizes the e-mail
   //address using FILTER_SANITIZE_EMAIL
   $field=filter_var($field, FILTER_SANITIZE_EMAIL);

  //filter_var() validates the e-mail
   //address using FILTER_VALIDATE_EMAIL
   if(filter_var($field, FILTER_VALIDATE_EMAIL))
     {
     return TRUE;
     }
   else
     {
     return FALSE;
     }
   }

if (isset($_REQUEST['email']))
   {//if "email" is filled out, proceed

  //check if the email address is invalid
   $mailcheck = spamcheck($_REQUEST['email']);
   if ($mailcheck==FALSE)
     {
     echo "Invalid input";
     }
   else
     {//send email
     $email = $_REQUEST['email'] ;
     $subject = "Web email form" ;
     $message = $_REQUEST['comment'] ;
	 $name = $_REQUEST['name'] ;
	 $to = "wenenquiry@dsign.ie" ;
     mail($to, $subject, $message, "Name: $name", "From: $email" );
     echo "Your request has been send";
     }
   }
 else
   {//if "email" is not filled out, display the form
   echo '<form action="email_form_process.php" method="post" name="contact_form">
			<div><input type="text" name="name" id="name"> Name *</div>
			<div><input type="email" name="email" id="email"> Email *</div>
			<div><textarea rows="10" name="comment" id="comment"></textarea></div>
			<div><input type="submit" name="submit" value="Submit"></div>
		</form>';
   }
 ?>


</body>
 </html>

johanafm

I'd start by recommending to never ever change user input. Consider the sanitize example from php.net which turns (bogus@example.org) into bogus@example.org. Should the same user ever refer to that email address again, he would once more input it with the parentheses since that's what he did the first time. If this would be his login, he'd not be able to even find his account. Or possibly, he would be for a while, as in as long as the same string transformation was applied, until one day he'd sunddenly not be able to tell what his old account name was.

This exact case may not apply here, but I still believe it's a good idea to never transform input. Simply fail input if it doesn't validate and let the user modify it if they made a misstake.

The from address usually has to be at least a valid email address on the same domain as the MTA. But it might have to actually also match an existing account on that domain.

Then you will need to call the [man]mail[/man] function properly. Looking at the documentation, its formal parameters are, in order

to
subject
message
additional headers
additional parameters

... and some further reading regarding additional parameters gives

additional_parameters (optional)

The additional_parameters parameter can be used to pass additional flags as command line options to the program configured to be used when sending mail, as defined by the sendmail_path configuration setting. For example, this can be used to set the envelope sender address when using sendmail with the -f sendmail option.

The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users.