Problems with a 'send emal php' script I got off the web

DaFatMan · January 2, 2020, 8:35pm

None of the suggested topics cover my problem. I downloaded a contact form from the web as my hosting company doesn’t provide one. I added a ‘last name’ and ‘phone’. Everything works except the ‘message’ part doesn’t come through in the email and I can’t for the life of me figure out why. Any suggestions?

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "[email protected]";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$message = $_REQUEST['message'] ;
$first_name = $_REQUEST['first_name'] ;
$last_name = $_REQUEST['last_name'] ;
$phone = $_REQUEST['phone'] ;
$msg =
"First Name: " . $first_name . "\r\n" . 
"Last Name: " . $last_name . "\r\n" . 
"Email: " . $email_address . "\r\n" .
"Phone: " . $phone ; 
"Message: " . $message ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($first_name) || empty($email_address)) {
header( "Location: $error_page" );
}

/* 
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($first_name)  || isInjected($comments) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

	mail( "$webmaster_email", "Feedback Form Results", $msg );

	header( "Location: $thankyou_page" );
}
?>

frankbeen · January 3, 2020, 10:10am

please set your code between [code] and [/code] tags

DaFatMan · January 3, 2020, 12:29pm

I’m brand new to this site and, to be honest, as self taught hack. I never saw the [code] tag before. Thanks!!

astonecipher · January 3, 2020, 2:14pm

Does that mean nothing comes in the body of the email, or the message itself is not there?

DaFatMan · January 3, 2020, 2:15pm

Sorry, that was poorly worded. I get everything (fname, lname etc.) except for the message itself. Also I have checked the HTML name and the PHP name and assured they are the same.

astonecipher · January 3, 2020, 2:18pm

Okay. That gives a starting point. The processing code is looking for the name ‘message’. Does the form have a field with that as the name?

DaFatMan · January 3, 2020, 3:23pm

Yes, I just edited the post above. I verified that the name in the HTML code and the name in the PHP code are the same. I have even tried using a unique name in case ‘message’ was a reserved word. Still the same result and it’s now back the same code that’s above.

astonecipher · January 3, 2020, 3:36pm

Post the form code as well then.

DaFatMan · January 3, 2020, 3:38pm

<!DOCTYPE HTML>
<html><!-- InstanceBegin template="/Templates/sjc-main.dwt" codeOutsideHTMLIsLocked="false" -->

<head>
	<script type="text javascript" src="js/jquery.js"></script>
	<script type="text javascript" src="js/timothy.js"></script>
    
    <link href="CSS Files/styles.css" rel="stylesheet" type="text/css" media="screen">
    <link href="css/print.css" rel="stylsheet" type="text/css" media="print">
    
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta http-equiv="Content-Type" content="cache" />
    <meta name="robots" content="INDEX,FOLLOW" />
    <meta name="keywords" content="Enter Keywords" />
    <meta name="description" content="Descriptioon Here" />
<!-- InstanceBeginEditable name="doctitle" -->
    <title>St. Joesphs Web Site</title>
    <!-- InstanceEndEditable -->
    <!-- InstanceBeginEditable name="head" -->
    <!-- InstanceEndEditable -->
</head>
    
    <body>
    
    <div id="outer">
    
    
    <div id="wrapper">        
        
    		<div id="logo">
		   		<img src="Images/Logo1.jpg" width="406" height="48";>
				<img src="Images/logo flag.jpg" width="79" height="48";>
          		<img src="Images/Logo2 B&W.jpg" width="406" height="48";>
                
             </div>
        
        
        <div id="topnav">
        	<ul>
            	<li><a href="index.html">Home</a></li>
              	<li><a href="about.html">About</a></li>
                <li><a href="contact.html">Contact</a></li>
                <li><a href="events.html">Events</a></li>
                <li><a href="newsletter.html">Newsletter</a></li>
                <li><a href="officers.html">Officers</a></li></ul>
        </div>
        
        <div id="banner">
        	<img src="Images/New Banner/Banner-Pool 1.jpg" width=448 height=150;>
            <img src="Images/New Banner/Banner-Bean Bag 1.jpg" width=448 height=150;>
            <img src="Images/New Banner/Banner-Bean Bag 3.jpg" width=448 height=150;>
            <img src="Images/New Banner/Banner-Pool 2.jpg" width=448 height=150;>
            
            </div>
            
        <!-- InstanceBeginEditable name="content" -->
        <div id="content">
          <h1>Contact</h1>

<form method="post" action="send_mail.php">

<H3>
<label>First Name* <br>
  <input type="text" name="first_name" required size="35">
</label> 
</H3>
<H3>
  <label>Last Name* <br>
  <input type="text" name="last_name" required size="35">
</label> 
</H3>

<H3>
<label>Email* <br>
  <input type="text" name="email_address" required size="40">
</label>
</H3>


<label><H3>Phone (Optional) </H3>
<input type="text" name="phone">
 <br>

<H3>
 <label>Message* <br>
    <textarea name="message" textarea rows="6" cols="50" maxlength="500"></textarea>
  </label></H3>
  
<H4>Limit 500 characters.</H4>

<H3>* Indicates required. Phone is optional.</H3> <br>

<button><H3>Submit</H3></button>
</form>          
        </div>
        <!-- InstanceEndEditable -->
        <div id="rightside">
       	  <h2>Latest News</h2>
            <p class="date">Jan 13, 2020</p>
            <h3>New Board</h3>
            <p>At the monthly meeting in Jan. the old group of officers finished their two year term.  The new officers were sworn in for the next two years. Check out the <strong>Officer's Page</strong> (above) to see who's in charge of the club now. </p>
            <p class="date">Feb.12, 2020</p>
            <h3>Another Headline</h3>
            <p>On the way they had to cross a stream. One day the donkey suddenly tumbled down the stream and the salt bag also fell into the water. The salt dissolved in the water and hence the bag became very light to carry. The donkey was happy. </p>
            <p class="date">Feb.12, 2020</p>
            <h3>Final Headline</h3>
            <p>On the way they had to cross a stream. One day the donkey suddenly tumbled down the stream and the salt bag also fell into the water. The salt dissolved in the water and hence the bag became very light to carry. The donkey was happy. </p>
        </div>
        
        <div id="footer">
          <p class="footer-text">Copyright 2020 St. Joseph Club </p>
          
        </div>
        
   	</div>
    
 	</div>
    
    
</body>
<!-- InstanceEnd --></html>

DaFatMan · January 3, 2020, 3:40pm

Done as requested. And Thanks.

astonecipher · January 3, 2020, 3:49pm

Change that to,

<input type='submit'>

and the remove the textarea portion that is in the element to be like this,

<textarea name="message" rows="6" cols="50" maxlength="500"></textarea>

Next, on the send_mail.php page, add this to the top,

echo '<pre>';
print_r($_POST);
echo '</pre>';
exit;

on the line below the opening php tag <?php

DaFatMan · January 3, 2020, 4:04pm

It’s getting through to there!

Array
(
[first_name] => Joe
[last_name] => Schmuck
[email_address] => [email protected]
[phone] => 978-123-4567
[message] => This is a test to see if it’s going through.
)

astonecipher · January 3, 2020, 4:06pm

You should be able to remove that test block from the processing page. I would also suggest you change all of those ‘$_REQUEST’ variables to ‘$_POST’ however.

DaFatMan · January 3, 2020, 4:34pm

Unfortunately the change from $_REQUEST to $_POST made no difference. I still get all the above info but not the message.

astonecipher · January 3, 2020, 4:40pm

DaFatMan:

$msg =
"First Name: " . $first_name . "\r\n" . 
"Last Name: " . $last_name . "\r\n" . 
"Email: " . $email_address . "\r\n" .
"Phone: " . $phone ; <------------ 
"Message: " . $message ;

I missed it before! You terminated it with the semicolon when it should be like the lines above it, d’oh

DaFatMan · January 3, 2020, 5:33pm

Thank you, Thank you, and thank you! Believe it or not with my lack of experience I did look at that. But I wasn’t sure what the “\r\n” was for. After your ‘find’ I looked it up and now I know. That was the whole problem and I am very appreciative of your help.

I see now that by adding in the phone number and not terminating the line the way I should have it was all my fault. Rest assured I will never make that mistake again.

Thanks for all your effort!