Home
Monday, October 23, 2017
5:22:32 PM
Users online: 0   You are here >> Home > Web Design

Forums | Web Design Forums search
Forum FAQ
   
  1  
a very dumb php question...
GTAV6 
30/6/08 2:31:31 PM
Hero
Titan


i'm trying to use the smallest php snippet i can to send the contents of a form. what i have so far is this:
 
<?php
$msg="
Name: $_REQUEST[name]
Email: $_REQUEST[email]
Phone: $_REQUEST[phone]
Enquiry: $_REQUEST[enquiry]";
mail("somebody@somewhere.com","General Enquiry",$msg);
?>

it works exactly how i want it to, but for one tiny detail - what do i need to add to get it to include the sender's name in the 'from' field, in the e-mail it generates?
at the moment, it just says it's from 'Nobody' and biffs it into the junk mail mail folder :o(

-----

+++ out of cheese error +++ melon melon melon +++ redo from start +++

- - - - - - - - - - - - - - - - - - - - -
http://www.thexman.net.nz/

superfireydave 
30/6/08 3:13:22 PM
Titan

You need to add some headers to the email.
Here's some basic code I'm currently using with flash (using GET cause it's easy but the client will never see the address =P)

 
<?
$recipient = 'myemail@gmail.com';
$from = $_GET['from'];
$subject = $_GET['subject'];
$email = $_GET['email'];
$message = $_GET['message'];

$msg = "Name: $from\nEmail: $email\nSubject: $subject\n\nMessage: $message";
$msgheaders="From: $from";
mail($recipient,$subject,$msg,$msgheaders) ;
?>

By adding the "From: $from" data to the email header, it should appear as being from that name. I haven't tested this one yet though =P


Edited by superfireydave: 30/6/2008 3:14:00 PM

-----
Mreow?
http://www.atomicmpc.com.au/forums.asp?s=2&c=9&t=17306

Sneddo 
30/6/08 3:17:05 PM
Hero
Immortal


Edit: Bleh, too slow.

Off the top of my head...
 
<?php
$msg="
Name: $_REQUEST[name]
Email: $_REQUEST[email]
Phone: $_REQUEST[phone]
Enquiry: $_REQUEST[enquiry]";
$headers="From: Someone Else <someoneelse@somewhere.com>\r\n";
mail("somebody@somewhere.com","General Enquiry",$msg, $headers);
?>

Been a while since I touched PHP, even longer since I used the mail() command...



Edited by Sneddo: 30/6/2008 3:18:06 PM

-----
Where have all the quality posters gone?

GTAV6 
30/6/08 5:33:51 PM
Hero
Titan


aha... cheers guys. after much fiddling, based on your replies, i found it was as simple as adding "From: $name" to the mail() command.




*sigh* i feel so dumb...


:o)

-----

+++ out of cheese error +++ melon melon melon +++ redo from start +++

- - - - - - - - - - - - - - - - - - - - -
http://www.thexman.net.nz/

superfireydave 
30/6/08 6:15:14 PM
Titan

Hey, you've gotta learn somewhere =P
I learnt from looking at someone elses script and going "What's that do?" then fiddling with it =P

-----
Mreow?
http://www.atomicmpc.com.au/forums.asp?s=2&c=9&t=17306

Girvo 
30/6/08 6:21:36 PM
Immortal

I learnt it by not sucking like Dave.
















:P

-----
Quote by SnowSquirrel
But then again, I find it near impossible to turn the bf off, unless I say his mum's name, a lot. And call him his mum's name.



moofactory 
30/6/08 10:24:07 PM
Titan

its not dumb.. your average person doesn't even know php

-----
http://www.spore.com/sporepedia#qry=usr-moofactory

Girvo 
30/6/08 11:00:27 PM
Immortal

Quote by moofactory
its not dumb.. your average person doesn't even know php



If it was my choice, no one would. :P

-----
Quote by SnowSquirrel
But then again, I find it near impossible to turn the bf off, unless I say his mum's name, a lot. And call him his mum's name.



johnsee 
30/6/08 11:22:46 PM
Mod
SuperHero

Immortal


I'd be careful though, left as is, it would be pretty easy for someone to exploit and start spamming.

-----
Quote by Mac Dude
I love the smell of napalm in the Green Room.
------

GTAV6 
1/7/08 10:18:40 AM
Hero
Titan


hopefully i've got that sorted, thanks johnsee. i was actually very nervous about that issue.
i've added a validation snippet so it now looks like this:
 
<?php
$msg="
Name: $_REQUEST[name]
Email: $_REQUEST[email]
Phone: $_REQUEST[phone]
Enquiry: $_REQUEST[enquiry]";
mail("someone@somewhere.com", "General Enquiry", $msg, "From: $name");
function has_no_newlines($text) {
return preg_match("/(%0A|%0D|\n+|\r+)/i", $text);
}
function has_no_emailheaders($text) {
return preg_match("/(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)/i", $text);
}
if(!preg_match("/^[A-Z0-9._%-]+@[A-Z0-9.-]+.[A-Z]{2,4}$/i",$_POST["email"])) {
//email address is invalid
die("Invalid Email");
}
?>
does that look like i've done the right thing as far as security goes?

-----

+++ out of cheese error +++ melon melon melon +++ redo from start +++

- - - - - - - - - - - - - - - - - - - - -
http://www.thexman.net.nz/

Girvo 
1/7/08 10:30:03 AM
Immortal

Another way is to perhaps pass a token from your email page. Any spammers script would have to pass that as well, thus defeating it. Just an idea :)

-----
Quote by SnowSquirrel
But then again, I find it near impossible to turn the bf off, unless I say his mum's name, a lot. And call him his mum's name.



zenali 
8/7/08 10:14:12 PM
Champion

I'd be careful actually. There was an exploit for the php mail function not all that long ago...

http://www.phpit.net/article/php-security-3-example-exploits/

http://www.phpbuilder.com/columns/ian_gilfillan20060412.php3

It behaves like a SQL injection exploit, but instead passes a list of email addresses into your script that end up becoming recipients. PEAR has a mail package that gives you a little more security:

http://pear.php.net/package/Mail

http://email.about.com/od/emailprogrammingtips/qt/et073006.htm

Be careful out there...

-----
Quote by Caelum
Death is fairly irreversible.



  1  
Forums | Web Design