PHP Mail Script

[laimirieParticipant]

Hey!

I was quite bothered by spam, recently, so I decided to use the Captcha option on NL-PHP Mail. However, that just wouldn’t work. The image would change whenever it wanted to!

So, now I began writing code for a form from scratch, looking at this tutorial, and using reCaptcha (I love books! Do you?). Everything works just fine, except that even though I receive a success message, I don’t receive any mail…

Can anyone help me, please?

[VeraParticipant]

Could you post your script please?

[laimirieParticipant]

Hi! This is my (very rudimentary) script:

<?php

//reCAPTCHA

require_once('recaptchalib.php');

$privatekey = "key";

$resp = recaptcha_check_answer ($privatekey,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

if (!$resp->is_valid)

{

// What happens when the CAPTCHA was entered incorrectly

die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .

"(reCAPTCHA said: " . $resp->error . ")");

}

else

{

//Assigning values from the form to variables

$name = $_POST;

$email = $_POST;

$url = $_POST;

$comments = $_POST;

if ( preg_match( "/[rn]/", $name ) || preg_match( "/[rn]/", $email ) )

{

?>

<?php include("/home/cerulean/public_html/fan/collective/header.php");?>

header("Location: http://fan.ceruleanhues.net/collective/affiliates-form.php" );

<?php include("/home/cerulean/public_html/fan/collective/footer.php");?>

<?php

}

if(!isset($_POST))

{

//This redirects to the form if the visitor tries to access this file directly

header("Location: http://fan.ceruleanhues.net/collective/affiliates-form.php" );

}

elseif (empty($name) || empty($email) || empty($url))

{

?>

<?php include("/home/cerulean/public_html/fan/collective/header.php");?>

<h1>Error!</h1>

<p>You did not fill in some of the required fields properly. Please go back, refresh the form page, and try again.</p>

<?php include("/home/cerulean/public_html/fan/collective/footer.php");?>

<?php

}

else

{

//This sends the e-mail to me

mail("my-e-mail-address", "subject",

"From: $name <$email>n",

"Website: $urln",

$comments);

?>

<?php include("/home/cerulean/public_html/fan/collective/header.php");?>

<h1>Thanks!</h1>

<p>Your form has been sent. I will add you to the affiliates whenever I update next </p>

<?php include("/home/cerulean/public_html/fan/collective/footer.php");?>

<?php

}

}

?>

[laimirieParticipant]

Hi Vera!

This is very very strange, but suddenly, the form works! I don’t know how this happened!

I also see that I was silly with the e-mail injection thing and did I don’t know what!

I never tried PHP before, but I did study Java in school, so I guess I have no excuse to be so stupid! Too much info, I guess…

Is there anything else you would suggest adding to the form?

[AmelieKeymaster]

Your form is susceptible to header injection – consider reading this tutorial for some tips on how to prevent it.

[VeraParticipant]

I’m also not too keen on:

die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .

"(reCAPTCHA said: " . $resp->error . ")");

You should display a much more generic error, and have the message from recaptcha logged or something. Displaying explicit error messages is a security hole.

Furthermore, I don’t see a reason to stop the script completely. Just save every error in an array, and if the form processing was not successful, display the (empty) form again with the error message on top (or underneath the relevant fields).

[laimirieParticipant]

Thanks Amelie and Vera

I am going to look into all of those things right now!

[Author]

Posts