This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
My freshly updated website has a contact form with php mail script which I based on the form script here.
The script is saved on my webserver, but when data is submitted, no mails are sent as there is a fault in line 10.
I honestly don't understand enough to pinpoint my error - can someone help a newbie out?
I found a temporary replacement by using Bravenet, but I'd like to use my unbranded version, if simple php scripts are as simple as they seem…
My script (kontakt.php) looks like this:
<?php
/* Set e-mail recipient */
$myemail = "edw#rdturner.co.uk";
/* Check all form inputs using check_input function */
$name = check_input($_POST['name'], "Ihr Name");
$email = check_input($_POST['email'], "Ihre E-Mail-Adresse");
$kontaktnummer = check_input($_POST['kontaktnummer']);
$thema = check_input($_POST['them']);
$message = check_input($_POST['message']), "Worum geht's?");
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
show_error("E-mail-Adresse ungültig");
}
/* Let's prepare the message for the e-mail */
$message = "Hallo!
Ihr Form ist unterwegs…:
Name: $name
E-Mail-Adresse: $email
Kontaktnummer: $kontaktnummer
Frage zum Thema? $thema
Nachricht: $message
Comments:
$comments
End of message
";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
header('Location: danke.htm');
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<b>Hier stimmt was nicht - bitte prüfen!</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
}
?>
and my submission form like this:
<form method="post" enctype="multipart/form-data" action="http://pub14.bravenet.com/emailfwd/senddata.php" accept-charset="utf-8">
<input type="hidden" name="usernum" value="1126560145">
<input type="hidden" name="cpv" value="2">
<ol><li>
<label for="name">Name (Erförderlich)</label>
<input id="name" name="name" class="text" />
</li><li>
<label for="email">E-Mail-Adresse (Erförderlich)</label>
<input id="email" name="email" class="text" />
</li><li>
<label for="kontaktnummer">Kontaktnummer (Erförderlich)</label>
<input id="kontaktnummer" name="kontaktnummer" class="text" />
</li><li>
<label for="thema">Fragen zum Thema (Erförderlich)</label></br>
<input type="checkbox" name="thema" value="unterricht" /> Unterricht</br>
<input type="checkbox" name="thema" value="übersetzungen" /> Übersetzungen</br>
<input type="checkbox" name="thema" value="dolmetschen" /> Dolmetschen</br>
<input type="checkbox" name="thema" value="faß" /> Englsich vom Faß</br>
<input type="checkbox" name="thema" value="anders" /> Andere
</li><li>
<label for="message">Worum geht's? (Erförderlich)</label>
<textarea id="message" name="message" rows="8" cols="50"></textarea>
</li><li>
<input type="image" name="imageField" id="imageField" src="images/submit.gif" class="send" />
<div class="clr"></div>
</li></ol>
</form>
Naturally I'll need to tweak the html to reflect the newly working script… but how?
Thanks in advance
Edd Turner
$message = check_input($_POST['message']), "Worum geht's?");
to
$message = check_input($_POST['message'], "Worum geht's?");
There is a ) in the wrong place.
$message = check_input($_POST['message']), "Worum geht's?");
Excessive ), try $message = check_input($_POST['message'], "Worum geht's?");'
Check out the extra ')'. The error is in this line.
Change
$message = check_input($_POST['message']), "Worum geht's?");
to
$message = check_input($_POST['message'], "Worum geht's?");
Related
Hi I am trying to somehow create a custom payment gateway. The one I am using is integrated in Gravity Forms and I have created a new php gateway MeprTransactiumGateway.php to include this new custom gateway.
I am able to capture the payment but not assign the subscription to the member. The member is being registered in memberpress but with no Memberships.
This is the code I am editing:
public function display_payment_form($amount, $user, $product_id, $txn_id) {
$mepr_options = MeprOptions::fetch();
$prd = new MeprProduct($product_id);
$coupon = false;
$txn = new MeprTransaction($txn_id);
//Artifically set the price of the $prd in case a coupon was used
if($prd->price != $amount) {
$coupon = true;
$prd->price = $amount;
}
ob_start();
$invoice = MeprTransactionsHelper::get_invoice($txn);
//echo $invoice;
$email = MeprTransactionsHelper::get_email($txn);
echo do_shortcode("[gravityform id=\"4\" field_values=\"email=".$email."\" title=\"Subscription\" description=\"false\" ajax=\"true\"]");
/* ?>
<div class="mp_wrapper mp_payment_form_wrapper">
<form action="" method="post" id="payment-form" class="mepr-form" novalidate>
<input type="hidden" name="mepr_process_payment_form" value="Y" />
<input type="hidden" name="mepr_transaction_id" value="<?php echo $txn_id; ?>" />
<div class="mepr_spacer"> </div>
<input type="submit" class="mepr-submit" value="<?php _e('Submit', 'memberpress'); ?>" />
<img src="<?php echo admin_url('images/loading.gif'); ?>" alt="<?php _e('Loading...', 'memberpress'); ?>" style="display: none;" class="mepr-loading-gif" />
<?php MeprView::render('/shared/has_errors', get_defined_vars()); ?>
<noscript><p class="mepr_nojs"><?php _e('Javascript is disabled in your browser. You will not be able to complete your purchase until you either enable JavaScript in your browser, or switch to a browser that supports it.', 'memberpress'); ?></p></noscript>
</form>
</div>
<?php*/
}
The gravity form is being echoed using do_shortcode. The payment is going through. Then a success or fail message is displayed as confirmation. I would like that if a success message is received the membership is actually submitted (this was previously done in the html form code that is commented out)
I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case the vulnerability is from Paypal input form. I build my website with Paypal redirect so the user will input their own data into the form and the system will send it to paypal. This is the example of my form code:
<div class="col-md-5">
<input type="text" class="form-control" name="L_PAYMENTREQUEST_FIRSTNAME" id="L_PAYMENTREQUEST_FIRSTNAME" value="<?=$_SESSION['post_value']['shipping_first_name']?>" readonly="readonly">
</div>
<input type="hidden" name="billing_first_name" value="<?=$_POST['billing_first_name']?>">
<input type="hidden" name="billing_last_name" value="<?=$_POST['billing_last_name']?>">
<input type="hidden" name="billing_email" value="<?=$_POST['billing_email']?>">
<input type="hidden" name="billing_phone" value="<?=$_POST['billing_phone']?>">
<input type="hidden" name="billing_address" value="<?=$_POST['billing_address']?>">
<input type="hidden" name="billing_city" value="<?=$_POST['billing_city']?>">
<input type="hidden" name="billing_postcode" value="<?=$_POST['billing_postcode']?>">
<input type="hidden" name="billing_state" value="<?=$_POST['billing_state']?>">
That is some part of my form. What I want to know is whats wrong with that form and how to prevent Sitelock to scan XSS vulnerability ? Please anyone knows could help me.
I would also recommend using the HTTP header.
X-XSS-Protection: 1; mode=block
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
you probably dont check/nullify the data you are getting in the input fields
and by typing <script>alert('hacked')</script> in billing_address field
on next page where you print the billing_address you will get a popup window calling hacked
On the page that process your form you should validate that input fields doesn't have any javascript code.
for example
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
you need to create a function like test_input and run for all your input fields
newbie here
I am currently attempting to build a simple contact form to learn how best to build one. I've tried to make several fields required (name, email, do you like spam radio button). The required html5 element isn't working for me or I am not implementing it correctly based on what i've read here, on google and other places. Likewise the error/require messages don't display if someone attempts to submit a message. Instead the form goes through on submit even if NO content anywhere has been entered. I built this yesterday and have been working on the errors for about 24 hours now and am hoping to find some help here.
I currently am returning no errors, the form sends all information entered as hoped, but it also sends if NO information is entered and that doesn't seem like the best possible form to me. I've tried to build a function to help the required, but that doesn't seem to be working either.
Again, i'm new so if my mistakes are obvious and silly, please help em to understand them, that would be greatly appreciated.
current example can be found here
My code:
<!-- For PoohPot -->
<style TYPE="text/css">
input[type="text"]#website { display: none; }
input#website { display: none; }
.vSmall {font-size: 50%; text-align: center;}
</style>
<script>
$('form').submit(function(){
if ($('input#website').val().length != 0) {
return false;
}
});
</script>
<?php
//template.php
include '_inc/config.php';//holds arrays, et al.
include '_inc/functions.php';//holds functions that call arrays, etc
include '_inc/head.php';//Begin Document
//include '_inc/header.php';//Begin Content
?>
<article class="container box style3">
<header>
<img src="_img/icons/icon_lg-max-o-matic2.png" alt="php icon">
<h2><?=NAME_SITE?></h2>
<p>Spam Survey</p>
</header>
<?php
$to = "chezshire#gmail.com";
$subject="Spam Survey";
//----- end conf ----- //
// define variables and set to empty values
$nameErr = $emailErr = $spamErr = "";
$userName = $userEmail = $userMessage = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["userName"]))
{$nameErr = "* Name is required";}
else
{$name = testInput($_POST["userName"]);}
if (empty($_POST["userEmail"]))
{$emailErr = "* Email is required";}
else
{$email = testInput($_POST["userEmail"]);}
if (empty($_POST["spamErr"]))
{$emailErr = "* You must select an option";}
else
{$email = testInput($_POST["userEmail"]);}
if (empty($_POST["userMessage"]))
{$comment = "";}
else
{$comment = testInput($_POST["userMessage"]);}
}
if(isset($_POST['userName']))
{//data is submitted, show it
//echo $_POST['userName'];
$text = 'From: ' . $_POST['userName'] . PHP_EOL;
//$text .= $_POST['Comments']; //add on to text
$text .= process_post(); // uses proces_post to handle comments and stuff
$from = $_POST['userEmail'];
/*
echo '<pre>';
var_dump($_POST);
echo '</pre>';
*/
//domain spoofing controls
$headers = 'From: noreply#max-o-matic.com' . PHP_EOL . //from where formhandler sits
'Reply-To: ' . $from . PHP_EOL . //where replies are to go to
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $text, $headers); //from becomes headers
echo '<div class="row">
<div class="12u">
<p>Thanxs!</p>
<p>
<br />RESET
</p>
</div>
</div>
</article>
';
/*
echo '<pre>';
var_dump($_POST);
echo '</pre>';
*/
}else{//no data, show form
echo '
<form action="' . THIS_PAGE . '" method="post">
<div class="row half">
<div class="6u">
<input type="text" class="text" name="userName" placeholder="Name?" required autofocus />
<span class="error"><?php echo $nameErr;?></span>
</div>
<div class="6u">
<input type="text" class="text" name="userEmail" placeholder="Email" required />
<span class="error"><?php echo $emailErr;?></span>
</div>
</div>
<div class="row half">
<div class="6u">
Do you like spam?<br />
<input type="radio" name="Please_Spam_Me" value="YES!" required value="1" />Yes<br />
<input type="radio" name="Please_Spam_Me" value="NO!" />No<br />
<span class="error"><?php echo $spamErr;?>
</div>
<div class="6u">
How much Spam is too much?<br />
<input type="checkbox" name="checkbox-group" class="group-required" id="checkbox-group-id" value="6+" >6 or more<br />
<input type="checkbox" name="checkbox-group" value="2+">2 to 5<br />
<input type="checkbox" name="checkbox-group" value="Any">ANY<br /><br />
</div>
</div>
<!--For Winnie the Pooh -->
<input id="website" name="website" type="text" value"Website" />
<div class="row half">
<div class="12u">
<textarea name="userMessage" placeholder="What is your opinion on Spam?"></textarea>
</div>
</div>
<div class="row">
<div class="12u">
<ul class="actions">
<li>SEND!</li>
<input type="submit" />
</ul>
<p class="vSmall">
* Please note, instead of a reCaptcha I build my own \'honeypot\' from scratch.
</p>
</div>
</div>
</form>
</article>
';
}
function testInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// this is a function
function process_post()
{//loop through POST vars and return a single string
$myReturn = ''; //set to initial empty value
foreach($_POST as $varName=> $value)//$_POST is an array
{#loop POST vars to create JS array on the current page - include email
$strippedVarName = str_replace("_"," ",$varName);#remove underscores
if(is_array($_POST[$varName]))
{#checkboxes are arrays, and we need to collapse the array to comma separated string!
$myReturn .= $strippedVarName . ": " . implode(",",$_POST[$varName]) . PHP_EOL;
}else{//not an array, create line
$myReturn .= $strippedVarName . ": " . $value . PHP_EOL;
}
}
return $myReturn;
}
include "_inc/footer.php";//End Content/Document
?>
If you're trying to use HTML5 stuffs then you need the HTML5 doctype. Place this at the start of your output and see what happens:
<!DOCTYPE html>
Also, typo value"Website" should be value="Website"
I've spent most of today and all of yesterday just trying to get a simple, basic send-to-email PHP code to work. Here is the code I've tried putting together myself after extensively researching, checking, and editing based on a lot of other threads I've read on this website and on other sites.
<?php
$to='dustedpages#gmail.com';
$subject='Commission Inquiry';
$email = $_REQUEST['Email'] ;
$headers = "From: $email";
$sent = mail($to, $subject, $message, $headers) ;
$message="Name: ".$name. "\r\n" . "Email: " .$email . "\r\n" . "Username: " .$user . "\r\n" . "Type: ".$position. "\r\n" . "Add-Ons: ".$addons. "\r\n" . "Price: ".$price. "\r\n" . "Brief Description: ".$briefdesc;
$name=$_POST['FirstName'],['LastName'];
$email=$_POST['Email'];
$user=$_POST['User'];
$position=$_POST['position'];
$addons=$_POST['cat'],['dog'];
$price=$_POST['price'];
$desc=$_POST['briefdesc'];
if($sent)
{print "Your mail was sent successfully. Please be patient and the artist will contact you soon. Thanks!"; }
else
{print "We encountered an error sending your mail"; }
?>
There is actually a LOT more form data than just that basic information, but I cannot even get the basic information to show up. For the portion of html codes it is pulling from, here is some of what it looks like.
<!--NAME-->
</li> <li id="li_2" >
<label class="description" for="element_2">Name </label>
<span>
<input onkeypress="return handleEnter(this, event)" id="element_2_1" name="FirstName" class="element text" maxlength="255" size="14" value=""/>
<label>First</label>
</span>
<span>
<input onkeypress="return handleEnter(this, event)" id="element_2_2" name="LastName" class="element text" maxlength="255" size="18" value=""/>
<label>Last</label>
</span>
<p class="guidelines" id="guide_2"><small>Please fill this in as the name I will see on Paypal.</small></p>
<!--EMAIL-->
</li> <li id="li_1" >
<label class="description" for="element_1">Email </label>
<div>
<input onkeypress="return handleEnter(this, event)" id="element_1" name="Email" class="element text medium" type="text" maxlength="255" value=""/>
</div>
<p class="guidelines" id="guide_1"><small>Your Paypal email</small></p>
<!--USERNAME-->
</li> <li id="li_3" >
<label class="description" for="element_3">DA/Tumblr Username </label>
<div>
<input onkeypress="return handleEnter(this, event)" id="element_3" name="User" class="element text medium" type="text" maxlength="255" value=""/>
</div>
<p class="guidelines" id="guide_3"><small>If you have an account on either Deviantart or Tumblr and wish to be credited in the commission description, please note it here.</small></p>
</li>
<p>
<!--POSITION TYPE-->
</li> <li id="li_26" >
<label class="description" for="element_26">Comm. Type </label>
<div>
<select class="element select medium" id="element_26" name="position">
<option value="" selected="selected"></option>
<option value="1" >Bust</option>
<option value="2" >Waist</option>
<option value="3" >Full-Body</option>
</select>
</div>
<p class="guidelines" id="guide_26">
<small>Please choose what position you wish for your character(s) to be viewed from. Price will change depending on what type you choose.</small></p>
<!--ADD ONS-->
</li> <li id="li_27" >
<label class="description" for="element_27" name="addons">Add-Ons </label>
<span>
<input name="cat" type="checkbox" onClick="return KeepCount()">
+1 Character<br>
<input name="dog" type="checkbox" onClick="return KeepCount()">
+2 Characters
I have multiple fields (such as the First and Last Name) that I need to be one single variable in the email code, and I need to be able to display all of the filled out form fields in an email. I can't even get more than one variable to show up at this point.
Also the form itself includes selects, checkboxes, textareas, and image uploads. I haven't even gotten to that point - I'm just trying to make some of the basic information show up right now. I'm very familiar with HTML and Javascript, just not so much PHP, though I've worked with it before. Some of the form data is used in Javascript code on the same page as the HTML, also. The actual PHP data is on a separate file that my form pulls from.
I think what's happening is you're attempting to use variables before they have the value you would like. Try something like the following and let me know how it goes.
<?php
$to = 'dustedpages#gmail.com';
$subject = 'Commission Inquiry';
$headers = "From: $email";
$fname = $_POST['FirstName'];
$lname = $_POST['LastName'];
$email = $_POST['Email'];
$user = $_POST['User'];
$position = "CHANGE-ME";
$addons = "CHANGE-ME";
$price = "CHANGE-ME";
$briefdesc = "CHANGE-ME";
$message = "Name: ".$fname.", ".$lname."\r\n";
$message .= "Email: $email \r\n";
$message .= "Username: $user \r\n";
$message .= "Type: $position \r\n";
$message .= "Add-Ons: $addons \r\n";
$message .= "Price: $price \r\n";
$message .= "Brief Description: $briefdesc \r\n";
$sent = mail($to, $subject, $message, $headers);
if($sent) {
echo "Success";
}
else {
echo "Failure";
}
?>
I have a contact form which is a template for pages on wordpress that I use if I need a contact form. All works fine but I want to add the capability of adding a file attachment so when the user fills in their name etc they can upload a photo and that photo will be sent to be me as an attachment.
I have a perfect working contact form and I only want to add that functionality to it. All my current code does all this it sends the name of the person their email address and their message to my email, all I'm missing is the attachment feature. I've been looking at alot of contact forms with this feature but to integrate that feature to my sendmail.php seems very hard as the coding style is completely different. Here is a demo of this in action. demo
This is my php file that has the form in it.
<?php get_header(); ?>
<script type="text/javascript">
$(document).ready(function(){
$('#contact').ajaxForm(function(data) {
if (data==1){
$('#success').fadeIn("slow");
$('#bademail').fadeOut("slow");
$('#badserver').fadeOut("slow");
$('#contact').resetForm();
}
else if (data==2){
$('#badserver').fadeIn("slow");
}
else if (data==3)
{
$('#bademail').fadeIn("slow");
}
});
});
</script>
<!-- begin colLeft -->
<div id="colLeft">
<!-- Begin .postBox -->
<div class="postBox">
<div class="postBoxTop"></div>
<div class="postBoxMid">
<div class="postBoxMidInner first clearfix">
<h1>Contact Us</h1>
<p><?php echo get_option('alltuts_contact_text')?></p>
<p id="success" class="successmsg" style="display:none;">Your email has been sent! Thank you!</p>
<p id="bademail" class="errormsg" style="display:none;">Please enter your name, a message and a valid email address.</p>
<p id="badserver" class="errormsg" style="display:none;">Your email failed. Try again later.</p>
<form id="contact" action="<?php bloginfo('template_url'); ?>/sendmail.php" method="post">
<label for="name">Your name: *</label>
<input type="text" id="nameinput" name="name" value=""/>
<label for="email">Your email: *</label>
<input type="text" id="emailinput" name="email" value=""/>
<label for="comment">Your message: *</label>
<textarea cols="20" rows="7" id="commentinput" name="comment"></textarea><br />
<input type="submit" id="submitinput" name="submit" class="submit" value="SEND MESSAGE"/>
<input type="hidden" id="receiver" name="receiver" value="<?php echo strhex(get_option('alltuts_contact_email'))?>"/>
</form>
</div>
</div>
<div class="postBoxBottom"></div>
</div>
<!-- End .postBox -->
</div>
<!-- end colleft -->
<?php get_sidebar(); ?>
<?php get_footer(); ?>
and here is the file that handles the sending of the mail.
<?php
if(isset($_POST['submit'])) {
error_reporting(E_NOTICE);
function valid_email($str)
{
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*#([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}
if($_POST['name']!='' && $_POST['email']!='' && valid_email($_POST['email'])==TRUE && strlen($_POST['comment'])>1)
{
$to = preg_replace("([\r\n])", "", hexstr($_POST['receiver']));
$from = preg_replace("([\r\n])", "", $_POST['email']);
$subject = "Website contact message from ".$_POST['name'];
$message = $_POST['comment'];
$match = "/(bcc:|cc:|content\-type:)/i";
if (preg_match($match, $to) ||
preg_match($match, $from) ||
preg_match($match, $message)) {
die("Header injection detected.");
}
$headers = "From: ".$from."\r\n";
$headers .= "Reply-to: ".$from."\r\n";
if(mail($to, $subject, $message, $headers))
{
echo 1; //SUCCESS
}
else {
echo 2; //FAILURE - server failure
}
}
else {
echo 3; //FAILURE - not valid email
}
}else{
die("Direct access not allowed!");
}
function hexstr($hexstr) {
$hexstr = str_replace(' ', '', $hexstr);
$hexstr = str_replace('\x', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
?>
Thanks!
You can read this simple tutorial to know what needs to be done to add file upload support to your current form:
http://www.tizag.com/phpT/fileupload.php
Hope it helps!
EDITED
After the upload process, you can do like this:
if (file_exists($_FILES['uploaded']['tmp_name'])) {
$mail->AddAttachment($_FILES['uploaded']['tmp_name'], $_FILES['uploaded']['name']);
}
What this does is to add an attachment to your email by calling the AddAttachment from PHPMailer, and using the file just uploaded from the TMP folder of your server... so no actual storage of the file is necessary.
You can use
http://wordpress.org/plugins/contact-form-7/
It has a option for Upload field as well as all validations, really easy to use.
You just need to enter shortcode and you can use the contact form anywhere you want.