Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
Like Tree2Likes
  • 1 Post By Ronald Roe
  • 1 Post By Thrallix

Thread: PHP email form problem

  1. #1
    Junior Member
    Join Date
    May 2016
    Posts
    2
    Member #
    54164

    PHP email form problem

    Okay, I'm a total PHP noob and script kiddie, so can someone help me out? This is the PHP contact form script that comes with the Oxygen website template. The problem is it doesn't seem to work on Dreamhost. The authors, Themeum, are no help. They want direct FTP access and only support premium users, which leaves out this free template. From my research, others seem to say that Dreamhost only allows mail sent from a fixed address, not the "from" address in the form field. So do I just format the $from line like the $to line? How would I get the Reply-To to show the email address from the form?

    PHP Code:
    <?php
    $name       
    = @trim(stripslashes($_POST['name'])); 
    $from       = @trim(stripslashes($_POST['email'])); 
    $subject    = @trim(stripslashes($_POST['subject'])); 
    $message    = @trim(stripslashes($_POST['message'])); 
    $to           'example@nowhere.com';//replace with your email

    $headers   = array();
    $headers[] = "MIME-Version: 1.0";
    $headers[] = "Content-type: text/plain; charset=iso-8859-1";
    $headers[] = "From: {$name} <{$from}>";
    $headers[] = "Reply-To: <{$from}>";
    $headers[] = "Subject: {$subject}";
    $headers[] = "X-Mailer: PHP/".phpversion();

    mail($to$subject$message$headers);

    die;
    Last edited by webslinger; May 17th, 2016 at 08:19 PM.

  2.  

  3. #2
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    If you take a look here, the headers need to be a string (see here). In the code you posted, $headers is an array, and the first index of the array is only the X-Mailer string, since it overwrites it on each line. Your $headers needs to be set up like so:
    PHP Code:
    $headers "MIME-Version: 1.0";
    $headers .= "Content-type: text/plain; charset=iso-8859-1";
    $headers .= "From: {$name} <{$from}>";
    $headers .= "Reply-To: <{$from}>";
    $headers .= "Subject: {$subject}";
    $headers .= "X-Mailer: PHP/".phpversion(); 
    Dreamhost is saying that you have to pass the $header with the From address, and that address will be a fixed address that you'll put directly into the code, per Dreamhost's security policies. You can see how they do it here. Alternatively, you can leave the from address blank and it appears DH will add it for you. You'll have to add the user's address into the body or subject of the email.
    hagen likes this.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."

  4. #3
    Junior Member
    Join Date
    May 2016
    Posts
    7
    Member #
    54151
    Liked
    1 times
    I cant say this enough, but use PHPMailer!
    It's an awesome little script created by professionals for exactly this reason;
    Making e-mail-sending alot more easy.
    sarahswansea likes this.

  5. #4
    Senior Member sarahswansea's Avatar
    Join Date
    Oct 2015
    Location
    Swansea, UK
    Posts
    152
    Member #
    52184
    Liked
    64 times
    As Ronald said, you need to turn your array into a string (e.g. using "implode").

    Also, you need to make sure that inputs don't contain linefeed characters, otherwise they can be used by an attacker to set any headers they want (I think its a big design mistake that PHP doesn't protect you from mail header injection by default). So Thrallix is right about PHPMailer!

    Code:
    <?php
    function clean($s)
    {
        if (!isset($_POST[$s])) { return ''; }
        $rule = array(
            "\r" => '',
            "\n" => '',
            "\t" => '',
            '"'  => '',
            '<'  => '',
            '>'  => '',
        );
    
        return trim(stripslashes(strtr($_POST[$s], $rule)));
    }
    
    
    $name       = clean("name"); 
    $from       = clean("email"); 
    $subject    = clean("subject"); 
    $message    = clean("message"); 
    $to           = 'example@nowhere.com';//replace with your email
    
    $from = filter_var($from, FILTER_VALIDATE_EMAIL) || '';
    
    $headers   = array();
    $headers[] = "MIME-Version: 1.0";
    $headers[] = "Content-type: text/plain; charset=iso-8859-1";
    $headers[] = "From: {$name} <{$from}>";
    $headers[] = "Reply-To: <{$from}>";
    $headers[] = "Subject: {$subject}";
    $headers[] = "X-Mailer: PHP/".phpversion();
    
    implode ("\r\n" , $headers);
    mail($to, $subject, $message, $headers);

  6. #5
    Junior Member
    Join Date
    May 2016
    Posts
    2
    Member #
    54164
    I've tried everything short of installing PEAR. Still can't get it to send any emails. At this point, I'm fed up with Dreamhost. Never had any problems with php contact forms before when I was hosting on Godaddy. I'll try the Dreamhost support forums and if nobody can help me there, I might switch back since Dreamhost seems to be making this more trouble than it needs to be. Thanks for all the replies.

  7. #6
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    Try contacting their support directly.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."

  8. #7
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,686
    Member #
    5580
    Liked
    716 times
    Just like GoDaddy, they may require the "from" to be your own domain. The reason for that is so nobody can send emails from your website with someone else's email address. The person that submits the contact form puts in their name and email. You put that information into the "message" part of the email, not the "from" part.

    If your domain name is www.webslinger.com, the "from" part needs to be "noreply@webslinger.com". You can use noreply or anything you want, but the domain name has to be there.

    The contact form (email) is being sent to you, so you don't care who it is coming from. You already know it is coming from your website's contact page. The user's info will be in the message.

    GoDaddy now requires that, and I assume other webhosts are as well.



Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 05:04 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com