Solved: PHP form to mail

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

doomlord289

Thread Starter
Joined
Nov 1, 2005
Messages
192
I am looking for a php script that will allow me to send this type of form:
Send to: (drop-down list containing possible e-mail addresses)
Name: (text field for user's name)
E-mail: (text field for user's e-mail)
Message: (textarea for user's message)

[Prefered format:
From: "Name, E-mail"
Body: "Message"
Send to: selected e-mail address
Thank you URL: thankyoucontact.html
] (sample form here.)


Also I need to send this type of form:
Name: (text field for user's name)
E-mail: (text field for user's e-mail)
Program: (drop-down list with program names)
Topic: (drop-down list with subjects)
Question: (textarea for user's question)

[Prefered format:
From: "Name, E-mail"
Subject: "Program Topic"
Body: "Question"
Send to: [email protected]
Thank you URL: thankyoucontact.html
Required fields: Name, E-mail, Question
] (sample form here.)

Also a script for a poll would be nice too, if it's not asking too much.:D

And if someone could post a link to a good php tutorial it would be very much appreciated.
 

doomlord289

Thread Starter
Joined
Nov 1, 2005
Messages
192
Nice script, but I finally figured out how to write my own.

Thank you to all who helped me.(y)
 
Joined
Jul 8, 2002
Messages
14,681
You might want to post it so someone can check over it...poorly written form to mail scripts can be used to send spam.
 

doomlord289

Thread Starter
Joined
Nov 1, 2005
Messages
192
brendandonhu said:
You might want to post it so someone can check over it...poorly written form to mail scripts can be used to send spam.
OK here it is (not what I planned, but it does the job):
Form 1:
PHP:
<?php
	$to = $_POST['sendto'];
	$subject = "Formula Suite Contact";
	$name = $_POST['Name'];
	$email = $_POST['Email'];
	$message = $_POST['Message'];
	$headers = "From: $email";
	mail($to,$subject,"Name: $name\n\nE-mail: $email\n\nMessage: $message",$headers);
?>
Form 2:
PHP:
<?php
	$to = "[email protected]";
	$subject = "Formula Suite Contact";
	$name = $_POST['Name'];
	$email = $_POST['E-mail'];
	$program = $_POST['Program'];
	$topic = $_POST['Topic'];
	$message = $_POST['Question'];
	$headers = "From: $email";
	mail($to,$subject,"Name: $name\n\nE-mail: $email\n\nProgram: $program\n\nTopic: $topic\n\nQuestion: $message",$headers);
?>
Form 3: (Poll)
PHP:
<?php
	$to = "[email protected]";
	$subject = "Formula Suite Poll";
	$vote = $_POST['Updates'];
	$headers = "From: [email protected]";
	mail($to,$subject,"Vote: $vote",$headers);
?>
Form 4: (not posted, file submission)
PHP:
<?php
	$to = "[email protected]";
	$subject = "Formula Suite Samples";
	$name = $_POST['name'];
	$email = $_POST['email'];
	$job = $_POST['job'];
	$maxsize = $_POST['maxsize'];
	$filesize = $_FILES['file']['size'];
	$filename = $_FILES['file']['name'];
    $filetype = strtolower(substr($filename,strrpos($filename,".")));
	$fileext  = array('.zip','.css','.jpg','.jpeg','.gif');
	if ( $filetype == $fileext )
	{
		if ( !( $filesize > $maxsize ) )
		{
			if ( move_uploaded_file ($_FILES['file'] ['tmp_name'], "samples/{$_FILES['file'] ['name']}")  )
      		{
	  			print("Upload Successful!");
      		}
			else
     		{
	  			print("Upload Failed!");
      		}
		}
		else
		{
			print("File is too large!  Please limit your files to 2MB.");
		}
		$headers = "From: $email";
		mail($to,$subject,"Name: $name\n\nE-mail: $email\n\nJob: $job\n\nSize: $filesize",$headers);
	}
	else
	{
		print("File must be in .zip, .css, .jpg, .jpeg, or .gif format!");
	}
?>
These should be pretty secure, but let me know if they aren't. Also, if you want to use them go right ahead. All I ask is a link to my site somewhere on your site. My link is: http://www.formulasuite.com. My logo is located here.
 
Joined
Jul 8, 2002
Messages
14,681
The security problem is here:
PHP:
$to = $_POST['sendto'];
Someone could enter any value for $to and send spam through your form. You should either limit them to sending messages to a certain recipient, or block users from sending many messages at a time. Logging the IP addresses of everyone sending mail through your form would probably help as well.
 

doomlord289

Thread Starter
Joined
Nov 1, 2005
Messages
192
brendandonhu said:
The security problem is here:
PHP:
$to = $_POST['sendto'];
Someone could enter any value for $to and send spam through your form. You should either limit them to sending messages to a certain recipient, or block users from sending many messages at a time. Logging the IP addresses of everyone sending mail through your form would probably help as well.
This uses a drop-down box with only 3 choices. The labels display the names of my staff, and the values are our e-mail addresses, so they couldn't enter any value they wanted. Here is the HTML code:
HTML:
<html>
<body bgcolor="#000000" text="#FFFFFF" link="#00FFFF" vlink="#FF0000" alink="#00FF00">
<form action="processstaff.php" method="post">
<table border="0" width="100%">
	<tr>
	  <td><div align="right">Send to: </div></td>
	  <td><select name="sendto">
	    <option value="[email protected]" selected>Carl Weybrecht</option>
	    <option value="[email protected]">Chris Miller</option>
	    <option value="[email protected]">Mike Johnston</option>
      </select></td>
    </tr>

	<tr>
		<td>
			<div align="right">Name:
	    </div></td>
		<td>
			<input type="text" size="100%" name="Name">
		</td>
	</tr>
	<tr>

		<td>
			<div align="right">Email address:</div></td>
		<td>
			<input type="text" size="100%" name="Email">
		</td>
	</tr>
	<tr>
		<td valign="middle">

			<div align="right">Message:</div></td>
		<td>
			<textarea name="Message" rows="3" cols="100%"></textarea>
		</td>
	</tr>
	<tr>
		<td>&nbsp;
			
	  </td>

		<td>
			<div align="center">
			  <input type="submit" value="Send">
		      </div></td>
	</tr>
</table>
</form>
<div class="foot">
  <hr>
  <p align="left"><font size="1">This site was generated and edited using Macromedia Dreamweaver MX and published using Filezilla</font></p>
<p align="left"><font size="1">By accessing this site you agree to the <a href="termsandconditions.html">Terms
&amp; Conditions</a> of my site.</font></p>
<p align="left"><font size="1">This page and all content on it are Copyright &copy;
2005 Carl Weybrecht.&nbsp; All rights reserved.</font></p>
</div>
</body>
</html>
Now does it all make sense?
Also could you tell me how to log visitors IP addresses?
 
Joined
Jul 8, 2002
Messages
14,681
The values for the dropdown box can still be changed. You should check if $to is one of the 3 allowed addresses within the PHP script. User's IP address is stored in $_SERVER['REMOTE_ADDR'] - you could write that value to a text file every time an email is sent.
 

doomlord289

Thread Starter
Joined
Nov 1, 2005
Messages
192
brendandonhu said:
The values for the dropdown box can still be changed. You should check if $to is one of the 3 allowed addresses within the PHP script.
Ok thanks for the advise. I fixed it.
brendandonhu said:
User's IP address is stored in $_SERVER['REMOTE_ADDR'] - you could write that value to a text file every time an email is sent.
How do I do that? Could I also log the date and time with the IP?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top