help with subscribe form to send an email.

Boxkites

Hi There, Happy New Year to you all out there.
I have a question, or rather an ask, Can anyone help me to get this working?
I would just like to have website visitors to fill out the subscribe form and get it to send me an email with the data so that I can then add it to the mailing list.

I get a lot of spam hence me trying to use the validation side a bit more, I did a lot of searching and tried and tried but I can not get it to work.
The validation seems to do it's job but sending the email when all is ok, does not work. It sends it without waiting for all data to be filled in proper.
I do not want the email to be sent until all is verified and with no errors.

Your help is appreciated.

[ATTACH=CONFIG]5431[/ATTACH]

<?php
// define variables and set to empty values
$nameErr = $emailErr = $captchaErr ="";
$name = $email = $captcha = "";
$answer ="6";


if ($_SERVER["REQUEST_METHOD"] == "POST") {
  if (empty($_POST["name"])) {
    $nameErr = "<span class='sub_error'>Name is required.</span>";
  } else {
    $name = test_input($_POST["name"]);
    // check if name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
      $nameErr = "<span class='sub_error'>Only letters and white space allowed.</span>"; 
    }
  }


  if (empty($_POST["email"])) {
    $emailErr = "<span class='sub_error'>Email is required.</span>";
  } else {
    $email = test_input($_POST["email"]);
    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
      $emailErr = "<span class='sub_error'>Invalid email format.</span>";
    }
  }

if (empty($_POST["captcha"]))
{
    $captchaErr = "<span class='sub_error'>Please add up</span>.<br>";
}
else {
    $captcha = test_input($_POST["captcha"]);
}

if ($captcha !== $answer)
{
    $captchaErr = "<span class='sub_error'>3 + 3 = !Wrong Answer</span>.<br>";
}
else
{
   $captcha = test_input($_POST["captcha"]);
}

}
function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}


$to="myEmail@mywebsite.com";
$subject = "PL NL Subs";
$from = $email; 

   $headers = "MIME-Version: 1.0" . "\r\n";
   $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
   $headers  .= "From: $from\r\n";


   $message = 'New Sub for Peter Lynn';
   $message  = "Their Email= $email.\r\n\r\n";
   $message .= "Their Name= $name\r\n\r\n";


mail($to,$subject,$message,$headers,"-f $from");

if (mail) {  

echo "email has been sent"; 
}  

else { 
echo "email has NOT been sent."; 
}  



?>
<div class="subform">
<div align="center"><div class="img"><img src="images/octopus2.png"></div></div>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">  

<div class="form_input_name"><input type="text" name="name" value="<?php echo $name;?>" placeholder="Your Name"><?php echo $nameErr;?></div>
<div class="form_input_email"><input type="text" name="email" value="<?php echo $email;?>" placeholder="Your Email"><?php echo $emailErr;?></div>
<div class="form_input_captcha"><input type="text"  name="captcha" value="<?php echo $captcha;?>" placeholder="Are you human?  3 + 3 = ?"/><?php echo $captchaErr;?></div>
<input type="submit" name="submit" value="Subscribe" class="subscr">  

</form>
</div>
<script type="text/javascript">

  // ref: http://diveintohtml5.org/detect.html
  function supports_input_placeholder()
  {
    var i = document.createElement('input');
    return 'placeholder' in i;
  }

  if(!supports_input_placeholder()) {
    var fields = document.getElementsByTagName('INPUT');
    for(var i=0; i < fields.length; i++) {
      if(fields[i].hasAttribute('placeholder')) {
        fields[i].defaultValue = fields[i].getAttribute('placeholder');
        fields[i].onfocus = function() { if(this.value == this.defaultValue) this.value = ''; }
        fields[i].onblur = function() { if(this.value == '') this.value = this.defaultValue; }
      }
    }
  }

</script>

Form.png

NogDog

My first guess would be that your host's mail server does not allow the "From:" header to be anything that is not a valid email address on that server. Therefore, you may have to set it to your email address on that server, then you can add a "Reply-To:" header with the user's submitted email address.

Boxkites

This is what it states:

Warning: mail(): SMTP server response: 550 5.1.1 <myemail@mywebsite.com> Recipient not found. <http://x.co/irbounce> in C:\Program Files\EasyPHP-DevServerNew\data\localweb\PeterLynnHimself\inc\nl-form.php on line 70

Notice: Use of undefined constant mail - assumed 'mail' in C:\Program Files\EasyPHP-DevServerNew\data\localweb\PeterLynnHimself\inc\nl-form.php on line 72
email has sent

EDIT: This is trying to send email before I filled out anything, that is what i am hoping to fix.

Cheers

NogDog

Instead of this...

mail($to,$subject,$message,$headers,"-f $from");

if (mail) {
    echo "email has been sent";
}
else {
    echo "email has NOT been sent.";
}

...you want something like this...

if(mail($to,$subject,$message,$headers,"-f $from")) {
    echo "email has been sent";
}
else {
    echo "email has NOT been sent.";
}

Derokorian

You probably also want to wrap the whole mail section in an if statement, something like

if (empty($nameErr) && empty($emailErr) && empty($captchaErr)) {
    $to="myEmail@mywebsite.com";

// ...

   if(mail($to,$subject,$message,$headers,"-f $from")) {
       // ...
   }
}

pbismad

I get a lot of spam

Having a static, number or text answer captcha won't really help with spam. Computers are excellent at solving math problems or matching text and the libraries of code the spammers use, especially if they have already found they can send email through your site, isn't going slow the spam much.

The following two methods (use both at the same time) are the current best ways of reducing bot form submission -

1) Add a 'honey pot' form field, that gets hidden using css, so that a human viewing your form won't see it and won't put a value into it. Detect in your form processing code that this field contains nothing. Bot scripts that blindly submit data for all the fields they find in your form will submit something for it. This will filter out the less sophisticated bot scripts.

2) Use a 'random' answer captcha, such as recaptcha or keycaptcha. These work better because the same initial question have different random answers and require interaction in the browser to solve.

Next, one of the (minor) points of using a captcha is to prevent bots from using server resources or triggering errors to help them find out information about your server and the functioning of your code. You should test the captcha first and skip over all other processing if it isn't valid.

The form processing code you have is overly cluttered, by all the variables and html in it, making it hard to see the forest for the trees. You should use an array to hold the validation error messages. This same array can then be tested to see if it is empty or not to determine if there are any errors. The logic to run the email code would just test if the array is empty. Only the error text should be stored in the errors array. Any markup for the errors should not be repeated and should be applied when you output the error messages to the visitor.

The test_input() function isn't actually testing anything and is poorly named. You should also not modify data (other than trimming it) before validating it. You should apply htmlentities() to any data you put into the message body, but only after you have validated the data.

Lastly, this is expanding on what NogDog wrote in reply #2, these emails are NOT being sent from the email address that someone entered in a form on your web site. If this portion of the code, without working validation, is what you have now, spammers have been able to send emails to anyone, containing any subject or message that they want, since you are putting user submitted data into the mail header, where it can be used to specify anything about the email. The copy of the emails you have been getting is just because your To: address is present.

These emails are being sent from your sending mail server. If the To: email address is hosted at your sending mail server, just use that address for both the From: and the To: addresses. If the To: address is hosted elsewhere, the From: address should be an actual email address hosted at your sending mail server.

The email address that was entered in the form on your web site, after being validated that it is only and exactly one properly formatted email address, can be put into the Reply-to: mail header.

sneakyimp

Getting mail delivered can be tricky. For starters, the [man]mail[/man] function in PHP doesn't return TRUE or FALSE if the mail gets delivered -- or even sent. From the documentation:

Returns TRUE if the mail was successfully accepted for delivery, FALSE otherwise.

It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.

There's some more information on this old thread about sending mail which may be useful:
http://board.phpbuilder.com/showthread.php?10335752-Collected-Solutions-PHP-Bulk-Email-Best-Practices