|
|
Posted by Erwin Moller on 12/16/14 11:58
ianbarton@adam.com.au wrote:
> Hello all
>
> I am trying to setup a feedback form on my webpage using some script
> provided by my ISP. I really don't know a lot about PHP and it's syntax
> etc.
>
> The feedback form only has 4 fields. These are UserName, UserEmail,
> UserCountry & Comments. It works well with all of those fields
> appearing in the body of an email that is sent to me. What I would now
> like is for the UserEmail field to appear in the "From:" field in the
> header rather than only in the body of the email.
>
> There is a line in the script that says:-
> $header .= "From: Web Form <email@yourbusiness.com.au>\n";
>
> I suspect I need to somehow place the UserEmail string in here somehow
> but I don't know how to do it. Is it possible to do what I want?
No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it what
the from-field is.
Most probably you can put in there any valid emailaddress you own, like:
info@adam.com
>
> Here is the script of the formmail.php file I am using. I have inserted
> my email address at the point where it says to and I have created a
> "confirm.htm" webpage.
>
> <?
> # Adam Internet PHP Form Mailer v1.3
> # By John Edwards, Copyright September 2005.
> # Mail all variables to:
>
> $to='email@yourbusiness.com.au'; ###I have inserted my email address
> here ####
> $domain = 'yourbusiness.com.au'; ### I don't have a business domain
> name ####
Use the one of your ISP.
For example, if you host your site at: www.xs4all.nl/~adam you are in domain
x4all.nl, or maybe www.xs4all.nl
>
> while(list($key,$val) = each($HTTP_POST_VARS))
> {
>
> $val = str_replace(chr(10),"",$val);
> $val = str_replace(chr(13),"",$val);
> $formmessage .= "$key = $val\n";
> }
This part cleans up some header-injection hackattack.
It also removes any newlines from the content of the mail.
>
> if(
>
> $formmessage # If we have content
> && 'POST' == $_SERVER['REQUEST_METHOD'] # If the message is being
> posted
> && strstr(strtolower($_SERVER['HTTP_USER_AGENT']),'mozilla') # If the
> user agent contains mozilla
> && strstr($_SERVER['HTTP_REFERER'], $domain) # If the referrer is us
> && !strstr($formmessage,"Content-Type") # Don't send XSS attempt
> )
This is a really old and bad piece of code.
It uses $formmessage and I expect that it is NOT filled before like:
$formmessage = $_POST["formmessage"];
If you are new to PHP, this is difficult to explain.
I just say it is old and will not work on a modern PHP install.
> {
>
> # Message is ok!
> }
> else
> {
>
> die("This request looked like a XSS attempt. Stopped");
> }
>
> # Reset the From: address for a neater look
> $header .= "From: Web Form <email@yourbusiness.com.au>\n";
> # If there's an email element, use it for reply-to
> if ($email)
> {
>
> $header .= "Reply-To: $email\n";
> }
>
> # Log the IP Address of the sender.
> if($HTTP_X_FORWARDED_FOR)
> {
>
> $header .= "X-Originating-IP: $HTTP_X_FORWARDED_FOR via
> $REMOTE_ADDR\n";
> }
> else
> {
>
> $header .= "X-Originating-IP: $REMOTE_ADDR\n";
> }
>
> mail($to,"Web Form Details",$formmessage,$header);
That is the actual mailfunction.
Go to www.php.net and look up mail for more information.
> header("Location: confirm.htm"); ## I have inserted the full URL for my
> confirm page here ##
>
> ?>
I don't like the script at all. It is probably published years ago.
Just go to www.php.net and look up the mail function.
Regards,
Erwin Moller
Navigation:
[Reply to this message]
|