|
-
Contact form PHP/Flash Code help.... PLEASE
Hi:
I am creating a contact form and its going through all the stops correctly but for some reason I am not getting a email.
here is my php code.
PHP Code:
<?php
$your_name = $_GET['nameField'];
$your_facility = $_GET['facilityField'];
$your_number = $_GET['numberField'];
$your_email = $_GET['emailField'];
$your_subject = $_GET['subjectField'];
$your_ddBox = $_GET['ddBox'];
$your_message = $_GET['messageField'];
$recipient_email = "[email protected]";
$subject = "from " . $your_email;
$headers = "From: " . $your_name . "<" . $your_email . ">\n";
$headers .= 'Content-type: text/html; charset=iso8859-1';
$content = "<html><head><title>Contact Letter</title></head><body><br>";
$content .= "Name: <b>" . $your_name . "</b><br>";
$content .= "Facility: <b>" . $your_facility . "</b><br>";
$content .= "Phone: <b>" . $your_number . "</b><br>";
$content .= "Email: <b>" . $your_email . "</b><br>";
$content .= "Directed To: <b>" . $your_dropdown . "</b><br>";
$content .= "Subject: <b>" . $your_subject . "</b><br>";
$contact .= $your_message;
$content .= "<br></body></html>";
mail($recipient_email,$subject,$content,$headers);
?>
<html>
<body>
Your Message has been sent, Thank you!
</body>
</html>
<script>resizeTo(300, 300)</script>
my text fields have the names:
name - var: nameField
facility - var: facilityField
phone - var: numberField
email - var: emailField
subject - var: subjectField
ddBox(dropdown)
message - var:messageField
I think that it is something in my php code that I am not doing correctly. It's not hitting the mail server. any thoughts?
-
Hi,
first of all your code looks right. So you should test basic mail functionality
If this works, there may be a hidden problem inside your code. If it does not work, your website might disallow mail or impose some restrictions - I recall a server where the email domain had to match the website, and some others that suggested to use some custom php script instead of calling mail()
Your script has a basic SECURITY problem: where your form certainly would not allow to input multiline for the name and email address and probably would not allow < to be part of a name, an attacker could just send crafted data to your php with these features. You certainly want to detect that name and email do not contain unwanted characters.
During the last years two solutions have been devised to allow for detection of fake senders - a site could choose to implement one of them, and the receiving server could happen to drop mails that fail verification. Now if YOUR server sends FROM the visitor's domain, and the visitor's domain uses such system, you might not get the mail. You should either add a SENDER header pointing at your domain, or replace the FROM by a REPLY-TO
Musicman
-
 Originally Posted by Musicman
Hi,
first of all your code looks right. So you should test basic mail functionality
If this works, there may be a hidden problem inside your code. If it does not work, your website might disallow mail or impose some restrictions - I recall a server where the email domain had to match the website, and some others that suggested to use some custom php script instead of calling mail()
Your script has a basic SECURITY problem: where your form certainly would not allow to input multiline for the name and email address and probably would not allow < to be part of a name, an attacker could just send crafted data to your php with these features. You certainly want to detect that name and email do not contain unwanted characters.
During the last years two solutions have been devised to allow for detection of fake senders - a site could choose to implement one of them, and the receiving server could happen to drop mails that fail verification. Now if YOUR server sends FROM the visitor's domain, and the visitor's domain uses such system, you might not get the mail. You should either add a SENDER header pointing at your domain, or replace the FROM by a REPLY-TO
Musicman
Ok, Ill have to give it a I had back to work tomorrow. I do have codes in my flash to have a valid name, email before heading to the .php file.
If the php file is sitting on my domain, should i still need to have the php point to it?
what would the code be to add a SENDER header?
(sorry if these are noob questions)
-
Hi,
you use
Code:
$headers = "From: " . $your_name . "<" . $your_email . ">\n";
This could be either
Code:
$headers = "Sender: <[email protected]>\n";
$headers .= "From: " . $your_name . "<" . $your_email . ">\n";
or
Code:
$headers = "From: <[email protected]>\n";
$headers .= "Reply-To: " . $your_name . "<" . $your_email . ">\n";
to avoid possible problems with sender verification.
Validating user input is a great thing: it helps stupid visitors to not enter "somebody@hotmail" as an email address and expect the dwarfs in the server room to add the ".com" part for them.
On the other side, when somebody visits your site and completes the form, SOMETHING asks for http://www.yoursite.com/movie.swf and later SOMETHING sends form data to http://www.yoursite.com/contact.php
For a legitimate visitor, it is the user's browser both times. A miscreant could use a variety of tools to send unverified form data to the same webserver
As a simple protection I tend to write
Code:
$your_email = $_GET['emailField'];
if(ereg("[\r\n]", $your_email)) die("thou shalt not hack");
or something like that
BTW: you should use POST in your flash and your php instead of GET
Musicman
-
I guess there is something up with the server not being able to see php... it see asp though... though, i dont know how to call flash into asp.
-
PHP Code:
<%@language = "VBScript" %>
<%
strFirst = Request.Form("name_txt")
strFacility = Request.Form("facility_txt")
strPhone = Request.Form("phone_txt")
strEmail = Request.Form("email_txt")
strSubject = Request.Form("subject_txt")
strMessage = Request.Form("message_txt")
%>
I know this portion so far works. anyone else have any ideas?.... how do i add my fla files here?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote