July 27th, 2013, 06:24 PM
Need Help with Contact script
Im new to PHP, but im pretty familiar with DreamWeaver which makes it so easy. I have a contact form for my business website and I also have copied a contact script from another website for free.
Everything works as it should, but im not getting the user inputted data. I get the email back to me but all fields are blank.
etc etc etc
Here is the following code for the script.
/* Email Variables */
$emailSubject = 'xxxxx';
$webMaster = 'email@example.com';
/* Data Variables */
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$comments = $_POST['comments'];
$date = $_date("m/d/Y H:i:s");
$body = <<<EOD
Email: $email <br>
Name: $name <br>
Subject: $subject <br>
Comments: $comments <br>
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body,
/* Results rendered as HTML */
$theResults = <<<EOD
<title>Your message has been sent!</title>
<meta http-equiv="refresh" content="3;/contactusframe.html">
font-family: Arial, Helvetica, sans-serif;
<div align="center">Thank you for contacting Us!<br>We will get back to you shortly.</div>
Any help would be greatly appreciated.
July 27th, 2013, 06:56 PM
It's not safe to go copying things from around the Internet when you can't tell if they're good or not. Like this script: not only does it have a fatal flaw but it builds the email insecurely.
That's the unsafe part. Remove this line (you probably don't need to specify a From: header) and fix the next one so it uses regular assignment (=) instead of concatenation (.=).
$headers = "From: $email\r\n";
The main problem is
That will do something completely different than was intended, and actually fail trying to do so. It should be using the date function.
$date = $_date("m/d/Y H:i:s");
July 27th, 2013, 07:05 PM
Thank you very much for your prompt reply and help.
I'm trying this as we speak and I will let you know if this fixed the problem.
You stated that it builds the email 'insecurely', how so?
Does this mean that it is vulnerable to hackers/predators?
I suppose the only personal information is the users email?
How can I make it secure?
If you could please go into detail as what is the fatal flaw?
What are good websites I can go to for future references?
Unfortunately the revisions you told me to make above, did not work. Im still getting blank data.
July 27th, 2013, 08:21 PM
Find your php.ini and set
and restart the server. You should also check your web server's error logs as they may already mention something about what's going on.
error_reporting = -1
display_errors = on
1. You're running this on a server that can send email, right? Is it your local machine at home (if so what operating system do you have) or is this live somewhere?
2. Are you getting the "thank you" page? Or is it entirely blank?
3. Are you getting an email at all?
It was insecure because it put user input (their email address) into a place where you shouldn't allow it (email headers). Someone could give you bad data and trick your server into doing something it shouldn't. For example, use your contact form to send spam to anybody they want.
What I didn't think about was that they can also insert any HTML they want into the email. You shouldn't allow that. In fact unless you want a pretty email the safest thing is to not send it as HTML.
(The "fatal flaw" was the $_date thing.)
$body = <<<EOD
$success = mail($webMaster, $emailSubject, $body);
July 28th, 2013, 07:15 PM
Okay so it looks as though this whole script I have is garbage.
Because this is a business page, I need it to be as secure as possible.
Are there any links you can forward me to get the safest contact form and contact script?
Any help is greatly appreciated.
Thank you very much.
July 28th, 2013, 08:07 PM
No, the "whole script" is not "garbage". I suggested a couple changes to fix the couple issues but those were the only problems I saw.
So how about answers to those questions?
July 29th, 2013, 11:32 AM
Originally Posted by requinix
1. My website is hosted by Register.com, so its not on a personal server.
2. I am getting the Thank You page thats in my script and it does reload to the contact page.
3. I am getting the emails, but like I stated before, Im not getting the user inputted data. Just the required fields.
It seems as though that the php.ini file is private and cannot be changed. I cannot find it anywhere in root or any other file for that matter.
July 29th, 2013, 12:01 PM
There's the name, email, subject, and comments. Are you saying there's supposed to be more? Because there isn't any code written to support more than just those four fields.
Originally Posted by dkim916
July 29th, 2013, 12:28 PM
I made some revisions you told me on your last post. It worked! I did get all the user inputted data! Thank you very much for helping me with this troubleshooting.
Now I have another question..
How can I disable the user from sending HTML code, like you stated it could be a security risk?
I want this to be as secure as possible!
July 29th, 2013, 12:40 PM
You can't disable it. All you can do is make sure it doesn't get interpreted as HTML by escaping it if you output it to a page. For emails you can keep them as plain text, or if you want HTML emails escape the value just like you would for a webpage.
July 29th, 2013, 01:42 PM
perhaps this is useful?
using this, will make any html code be interpreted as plain text.
August 2nd, 2013, 12:44 PM
Thanks for all the helps guys, I greatly appreciate it.
Now although I have another problem.
My website isnt compatible with other browsers.
For instance, I use Firefox, and my website displays perfectly fine in that browser. But when I look at it in Internet Explorer, some things do not display correctly, and my contact form script doesnt refresh to the contact page as it does in Firefox, it stays loading.
Any help would be awesome, as you guys are already awesome!
I found this HTML Validator thing off google and it states;
"Line 6, Column 83: document type does not allow element "link" here
…k href="includes/CSSLayouts/CSSLayouts.css" rel="stylesheet" type="text/css" />
The element named above was found in a context where it is not allowed. This could mean that you have incorrectly nested elements -- such as a "style" element in the "body" section instead of inside "head" -- or two elements that overlap (which is not allowed).
One common cause for this error is the use of XHTML syntax in HTML documents. Due to HTML's rules of implicitly closed elements, this error can create cascading effects. For instance, using XHTML's "self-closing" tags for "meta" and "link" in the "head" section of a HTML document may cause the parser to infer the end of the "head" section and the beginning of the "body" section (where "link" and "meta" are not allowed; hence the reported error)."
Does this mean that I need to move this 'element' into the body instead of the head? Will this fix a lot of my problems of it not being displayed correctly in IE?
August 2nd, 2013, 01:50 PM
It probably means either (a) you didn't put it in the <head> or (b) you did but there's an unclosed tag so it seems like the <link> is contained in that instead. Can't say exactly without seeing the source HTML.
You should always validate your pages even if it seems fine in all the browsers. If there are problems then yes, that could explain why IE does it weird. But IE is horrible anyways... Welcome to the world of web design
August 2nd, 2013, 02:04 PM
Thanks for the help.
This website needs to be displayed correctly on all standard browsers, which is IE and FF. Seems to be the most commonly used. Unless your on MAC.
Comments on this post
August 6th, 2013, 02:54 PM
So now im having yet another problem..
I'm down to my last 2, I believe.
1. In Firefox, once the customer fills out the contact form, it loads a thank you page and refreshes to the contact page. On IE, it stays loading and never refreshes to the contact page.
2. In Firefox, (please look at the picture) it shows up perfectly fine. But in IE the red gradient in the nav bar doesnt show up. I tried placing a picture with the gradient bar there and it messes up the flow and makes the box 2x as big.
I just noticed I placed IE and Firefox on the wrong sides of the image below.