Home > Archive > PHP Programming > September 2006 > Feedback Email setup
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Feedback Email setup
|
|
| ianbarton@adam.com.au 2006-09-18, 3:58 am |
| Hello all
I am trying to setup a feedback form on my webpage using some script
provided by my ISP. I really don't know a lot about PHP and it's syntax
etc.
The feedback form only has 4 fields. These are UserName, UserEmail,
UserCountry & Comments. It works well with all of those fields
appearing in the body of an email that is sent to me. What I would now
like is for the UserEmail field to appear in the "From:" field in the
header rather than only in the body of the email.
There is a line in the script that says:-
$header .= "From: Web Form <email@yourbusiness.com.au>\n";
I suspect I need to somehow place the UserEmail string in here somehow
but I don't know how to do it. Is it possible to do what I want?
Here is the script of the formmail.php file I am using. I have inserted
my email address at the point where it says to and I have created a
"confirm.htm" webpage.
<?
# Adam Internet PHP Form Mailer v1.3
# By John Edwards, Copyright September 2005.
# Mail all variables to:
$to='email@yourbusiness.com.au'; ###I have inserted my email address
here ####
$domain = 'yourbusiness.com.au'; ### I don't have a business domain
name ####
while(list($key,$val) = each($HTTP_POST_VARS))
{
$val = str_replace(chr(10),"",$val);
$val = str_replace(chr(13),"",$val);
$formmessage .= "$key = $val\n";
}
if(
$formmessage # If we have content
&& 'POST' == $_SERVER['REQUEST_METHOD'] # If the message is being
posted
&& strstr(strtolower($_SERVER['HTTP_USER_AG
ENT']),'mozilla') # If the
user agent contains mozilla
&& strstr($_SERVER['HTTP_REFERER'], $domain) # If the referrer is us
&& !strstr($formmessage,"Content-Type") # Don't send XSS attempt
)
{
# Message is ok!
}
else
{
die("This request looked like a XSS attempt. Stopped");
}
# Reset the From: address for a neater look
$header .= "From: Web Form <email@yourbusiness.com.au>\n";
# If there's an email element, use it for reply-to
if ($email)
{
$header .= "Reply-To: $email\n";
}
# Log the IP Address of the sender.
if($HTTP_X_FORWARDED_FOR)
{
$header .= "X-Originating-IP: $HTTP_X_FORWARDED_FOR via
$REMOTE_ADDR\n";
}
else
{
$header .= "X-Originating-IP: $REMOTE_ADDR\n";
}
mail($to,"Web Form Details",$formmessage,$header);
header("Location: confirm.htm"); ## I have inserted the full URL for my
confirm page here ##
?>
| |
| Erwin Moller 2006-09-18, 7:57 am |
| ianbarton@adam.com.au wrote:
> Hello all
>
> I am trying to setup a feedback form on my webpage using some script
> provided by my ISP. I really don't know a lot about PHP and it's syntax
> etc.
>
> The feedback form only has 4 fields. These are UserName, UserEmail,
> UserCountry & Comments. It works well with all of those fields
> appearing in the body of an email that is sent to me. What I would now
> like is for the UserEmail field to appear in the "From:" field in the
> header rather than only in the body of the email.
>
> There is a line in the script that says:-
> $header .= "From: Web Form <email@yourbusiness.com.au>\n";
>
> I suspect I need to somehow place the UserEmail string in here somehow
> but I don't know how to do it. Is it possible to do what I want?
No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it what
the from-field is.
Most probably you can put in there any valid emailaddress you own, like:
info@adam.com
>
> Here is the script of the formmail.php file I am using. I have inserted
> my email address at the point where it says to and I have created a
> "confirm.htm" webpage.
>
> <?
> # Adam Internet PHP Form Mailer v1.3
> # By John Edwards, Copyright September 2005.
> # Mail all variables to:
>
> $to='email@yourbusiness.com.au'; ###I have inserted my email address
> here ####
> $domain = 'yourbusiness.com.au'; ### I don't have a business domain
> name ####
Use the one of your ISP.
For example, if you host your site at: www.xs4all.nl/~adam you are in domain
x4all.nl, or maybe www.xs4all.nl
>
> while(list($key,$val) = each($HTTP_POST_VARS))
> {
>
> $val = str_replace(chr(10),"",$val);
> $val = str_replace(chr(13),"",$val);
> $formmessage .= "$key = $val\n";
> }
This part cleans up some header-injection hackattack.
It also removes any newlines from the content of the mail.
>
> if(
>
> $formmessage # If we have content
> && 'POST' == $_SERVER['REQUEST_METHOD'] # If the message is being
> posted
> && strstr(strtolower($_SERVER['HTTP_USER_AG
ENT']),'mozilla') # If the
> user agent contains mozilla
> && strstr($_SERVER['HTTP_REFERER'], $domain) # If the referrer is us
> && !strstr($formmessage,"Content-Type") # Don't send XSS attempt
> )
This is a really old and bad piece of code.
It uses $formmessage and I expect that it is NOT filled before like:
$formmessage = $_POST["formmessage"];
If you are new to PHP, this is difficult to explain.
I just say it is old and will not work on a modern PHP install.
> {
>
> # Message is ok!
> }
> else
> {
>
> die("This request looked like a XSS attempt. Stopped");
> }
>
> # Reset the From: address for a neater look
> $header .= "From: Web Form <email@yourbusiness.com.au>\n";
> # If there's an email element, use it for reply-to
> if ($email)
> {
>
> $header .= "Reply-To: $email\n";
> }
>
> # Log the IP Address of the sender.
> if($HTTP_X_FORWARDED_FOR)
> {
>
> $header .= "X-Originating-IP: $HTTP_X_FORWARDED_FOR via
> $REMOTE_ADDR\n";
> }
> else
> {
>
> $header .= "X-Originating-IP: $REMOTE_ADDR\n";
> }
>
> mail($to,"Web Form Details",$formmessage,$header);
That is the actual mailfunction.
Go to www.php.net and look up mail for more information.
> header("Location: confirm.htm"); ## I have inserted the full URL for my
> confirm page here ##
>
> ?>
I don't like the script at all. It is probably published years ago.
Just go to www.php.net and look up the mail function.
Regards,
Erwin Moller
| |
| ianbarton@adam.com.au 2006-09-19, 7:57 am |
| Thanks Erwin for your reply.
I know nothing about PHP but since I started this exercise I have
become a little, just a little more familiar with this particular
function. Unfortunately I wouldn't know enuff to know whether it is
good or bad code so I will have to take your word for that.
In your reply you state "No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it
what the from-field is. Most probably you can put in there any valid
emailaddress you own, like: info@adam.com"
The email address that I want to put in there is that which is supplied
in the feedback form field I have titled "UserEmail" The trouble is I
don't know what the syntax is to do this. I have tried many variations
(eg)
$header .= "From: Web Form <UserEmail>\n";
$header .= "From: <UserEmail>\n";
$header .= "From: 'UserEmai'l>\n";
$header .= "From: <$UserEmail>\n";
$header .= "From: $UserEmail\n";
Am I trying to do something that just isn't possible in PHP. I have
done this in ASP on another webpage but I can't get it to work here.
Regards
Erwin Moller wrote:
> ianbarton@adam.com.au wrote:
>
>
> No, you want to put there the from address.
> Since this script automatically sends the email, you'll have to tell it what
> the from-field is.
> Most probably you can put in there any valid emailaddress you own, like:
> info@adam.com
>
>
>
> Use the one of your ISP.
> For example, if you host your site at: www.xs4all.nl/~adam you are in domain
> x4all.nl, or maybe www.xs4all.nl
>
>
>
>
> This part cleans up some header-injection hackattack.
> It also removes any newlines from the content of the mail.
>
>
>
>
> This is a really old and bad piece of code.
> It uses $formmessage and I expect that it is NOT filled before like:
> $formmessage = $_POST["formmessage"];
>
> If you are new to PHP, this is difficult to explain.
> I just say it is old and will not work on a modern PHP install.
>
>
>
> That is the actual mailfunction.
> Go to www.php.net and look up mail for more information.
>
>
>
> I don't like the script at all. It is probably published years ago.
> Just go to www.php.net and look up the mail function.
>
> Regards,
> Erwin Moller
| |
| Colin Fine 2006-09-23, 6:57 pm |
| ianbarton@adam.com.au wrote:
> Thanks Erwin for your reply.
>
> I know nothing about PHP but since I started this exercise I have
> become a little, just a little more familiar with this particular
> function. Unfortunately I wouldn't know enuff to know whether it is
> good or bad code so I will have to take your word for that.
>
> In your reply you state "No, you want to put there the from address.
> Since this script automatically sends the email, you'll have to tell it
> what the from-field is. Most probably you can put in there any valid
> emailaddress you own, like: info@adam.com"
>
> The email address that I want to put in there is that which is supplied
> in the feedback form field I have titled "UserEmail" The trouble is I
> don't know what the syntax is to do this. I have tried many variations
> (eg)
>
> $header .= "From: Web Form <UserEmail>\n";
> $header .= "From: <UserEmail>\n";
> $header .= "From: 'UserEmai'l>\n";
> $header .= "From: <$UserEmail>\n";
> $header .= "From: $UserEmail\n";
>
> Am I trying to do something that just isn't possible in PHP. I have
> done this in ASP on another webpage but I can't get it to work here.
>
Probably
$_REQUEST['UserEmail']
(or $_GET or $_POST instead of $_REQUEST if you know which HTTP method
is being used. But $_REQUEST will do for either.)
Colin
| |
| ianbarton@adam.com.au 2006-09-26, 6:57 pm |
| I finally got this all sorted out and it works fine. I have even gone
one step more and generate 2 emails, one to myself and another back to
the person who sent the feedback, providing they provide a valid email
address. This second part isn't necessary but I was "on a roll" so kept
going.
Here is my "contact.php" script. Remember that it has to be mentioned
in the Feedback form with a line
<form method="post" action="contact.php">
Thanks to all those who offered some assistance.
Ian
<?php
// Website Contact Form Generator
// get posted data into local variables ready for email to Ian
$EmailFrom = Trim(stripslashes($_POST['UserEmail']));
$Country = Trim(stripslashes($_POST['UserCountry'])
);
$EmailTo = "my own email address";
$Subject = "Web Site Feedback";
$Name = Trim(stripslashes($_POST['UserName']));
$Comments = Trim(stripslashes($_POST['Comments']));
// validation
// not used as my Form has it's own validation
//$validationOK=true;
//if (Trim($EmailFrom)=="") $validationOK=false;
//if (Trim($Country)=="") $validationOK=false;
//if (Trim($Name)=="") $validationOK=false;
// if (Trim($Telephone)=="") $validationOK=false;
// if (Trim($Email)=="") $validationOK=false;
//if (Trim($Comments)=="") $validationOK=false;
//if (!$validationOK) {
// print "<meta http-equiv=\"refresh\" content=\"0;URL=index.htm\">";
// exit;
//}
// prepare email body text to Ian
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Country: ";
$Body .= $Country;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $EmailFrom;
$Body .= "\n";
$Body .= "Comments: ";
$Body .= $Comments;
$Body .= "\n";
// send email to Ian
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// get posted data into local variables ready for email to User
$EmailFrom = "";
$EmailTo = Trim(stripslashes($_POST['UserEmail']));
$Subject = "Web Site Feedback Comments";
$Comments = Trim(stripslashes($_POST['Comments']));
// prepare email body text to User
$Body = "";
$Body .= "Hello ";
$Body .= $Name;
$Body .= "\n";
$Body .= "\n";
$Body .= "Here is a copy of the Comments you sent to Ian's Website";
$Body .= "\n";
$Body .= "\n";
$Body .= "Comments: ";
$Body .= "\n";
$Body .= $Comments;
$Body .= "\n";
// send email to User
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=confirm.htm\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
Colin Fine wrote:
> ianbarton@adam.com.au wrote:
> Probably
>
> $_REQUEST['UserEmail']
>
> (or $_GET or $_POST instead of $_REQUEST if you know which HTTP method
> is being used. But $_REQUEST will do for either.)
>
> Colin
|
|
|
|
|