php mail form sends false mails

Question

I'm new to php and I have a form that needs to get information and send it to me by mail. The problem is that sometimes I receive email containing only an IP adress and nothing else. I tried pressing "send" without entering anything in the fields and I receive an email containing everything else but the answers to the questions, so that is not the case it seems. My questions is why do I receive email containing only an IP adress? Thanks!

<?php
    $to = "mail@gmail.com";
    $subject = "energiebio contact form: {$_POST['ams']['Destination']} ";
    $from = $_POST['ams']['E-mail'];
    $valid=1;
    $message ='';

    foreach ($_POST['mas'] as $k=>$v){
        if (trim($v)=='')$valid=0;
        $k = str_replace('_',' ',$k);
        $message .="$k : $v<br>";
    }

    $message .="<hr />IP: {$_SERVER['REMOTE_ADDR']}";

    function sndmail($from,$to,$subject,$message){
        $headers = "MIME-Version: 1.0\r\n";
        $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
        $headers .= "From:".$from ."\r\n";
        mail($to, $subject, $message, $headers);
    }

    if ($valid=='1') {
        sndmail($from,$to,$subject,$message);
        header( 'Location: http://site.ro/danke.html' ) ;
    }else header( 'Location: http://site.ro/error.html' ) ;
?>

I've discovered that it's the same IP and that I can't get a "whois" on it the same: 92.85.174.105

I strongly recommend using a decent mail class such as [phpMailer](http://code.google.com/a/apache-extras.org/p/phpmailer/) rather than php's built-in `mail()` function. The `mail()` function has a lot of issues; it's not good to use it. — SDC, Oct 22 '12 at 11:38
I tried sending a form as empty as it can be, but I can't get the same result. When doing that (sending the form with all the fields empty) I still get the formatting: email reads as follows: "... mm x : mm x2 : Ø : ...." — Silviu, Oct 22 '12 at 12:08

score 1 · Accepted Answer · answered Oct 22 '12 at 12:08

1

I'd say something, for example google bot or a spam bot, is hitting your email script without using your form. If you have HTML like this:

<form action="postmail.php">
<!-- stuff -->

a script can just hit your "postmail.php" without using the send button. Then body content would be empty, and you'd get an empty email containing nothing but the senders ip.

answered Oct 22 '12 at 12:08

eis

51,991
13
150
199

HTML looks something like this:
could be it since it seems to originate from the same IP.
– Silviu Oct 22 '12 at 12:14
yes, so a script can just pick up your "mymail.php" and send a request directly to that, without specifying anything in the body content. You could test the same with just putting "mymail.php" in the browser url and try to navigate to that, or use command line tool curl to send a POST request to that url with empty body. – eis Oct 22 '12 at 12:16
Thanks eis, this is the spot on answer, I could replicate the same response by entering the www.site.ro/mymail.php in the browser. Even though I received several error messages, I received the empty e-mail aswel. – Silviu Oct 22 '12 at 12:34

php mail form sends false mails

1 Answers1