2

i have a php mail function which sends out emails with content from the contact form.but when i send this email on my website. instead of the from header being the email address entered, it is username@srv30.000webhost.com and i don't know why. my php mail function is below.

$email is the email entered by the user.

EDIT: Subject: Comment from hello X-PHP-Script: kwp.host22.com/form_action.php for 78.147.187.64 Message-Id: <20131124204151.478EC28021@srv30.000webhost.com> Date: Sun, 24 Nov 2013 15:41:51 -0500 (EST) From: a5485011@srv30.000webhost.com Return-Path: a5485011@srv30.000webhost.com X-OriginalArrivalTime: 24 Nov 2013 20:41:52.0292 (UTC) FILETIME=[9B09B640:01CEE955]

full php script:

$name = ($_GET['Name']) ? $_GET['Name'] : $_POST['Name'];
$email = ($_GET['Email']) ?$_GET['Email'] : $_POST['Email'];
$phone = ($_GET['Phone']) ?$_GET['Phone'] : $_POST['Phone'];
$comment = ($_GET['Comment']) ?$_GET['Comment'] : $_POST['Comment'];

// flag to indicate which method it uses. If POST set it to 1
if ($_POST) $post=1;

// Simple server side validation for POST data, of course, you should validate the email
if (!$name) $errors[count($errors)] = 'Please enter your name.';
if (!$email) $errors[count($errors)] = 'Please enter your email.'; 
if (!$comment) $errors[count($errors)] = 'Please enter your comment.'; 

// if the errors array is empty, send the mail
if (!$errors) {

// recipient
$to = '<example@example.com>';  
// sender
$from = $name . ' <' . $email . '>';

// subject and the html message
$subject = 'Comment from ' . $name; 
$message = '
<!DOCTYPE html>
<html>
<head></head>
<body>
<table>
    <tr><td>Name</td><td>' . $name . '</td></tr>
    <tr><td>Email</td><td>' . $email . '</td></tr>
    <tr><td>Phone</td><td>' . $phone . '</td></tr>
    <tr><td>Comment</td><td>' . nl2br($comment) . '</td></tr>
</table>
</body>
</html>';

// send the mail
$result = @mail($to, $subject, $message, $from);

// if POST was used, display the message straight away
if ($_POST) {
    if ($result) echo 'Thank you! We have received your message.';
    else echo 'Sorry, unexpected error. Please try again later';

// else if GET was used, return the boolean value so that 
// ajax script can react accordingly
// 1 means success, 0 means failed
} else {
    echo $result;   }

// if the errors array has values
} else {
// display the errors message
for ($i=0; $i<count($errors); $i++) echo $errors[$i] . '<br/>';
echo '<a href="contact.php">Back</a>';

exit;}
function sendmail($to, $subject, $message, $from) {

$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: ' . $email . "\r\n";
$headers .= 'Reply-To: ' .$email . "\r\n";
$headers .= 'X-Mailer: PHP/' . phpversion();
@mail($to, $subject, $message, $headers); 

if ($result) return 1;
else return 0;}

im quite new to PHP so any help would be apreciated. thankyou

user2806656
  • 59
  • 1
  • 2
  • 9
  • The host's sendmail may force an overwrite of the sender header, but try adding `"-fyou@example.com"` as the optional fourth param to `mail()` after `$headers` – Michael Berkowski Nov 24 '13 at 20:36
  • That's `-f` followed immediately by your `from` address.. – Michael Berkowski Nov 24 '13 at 20:36
  • And post the headers of the message as you receive it, so we can tell if the `From` is actually being overwritten or if a `Sender` is being added (which is more common) – Michael Berkowski Nov 24 '13 at 20:39
  • is it possible to use the -f then a variable as the email address will change – user2806656 Nov 24 '13 at 20:40
  • Yes, it is just a string - construct it any way you wish. But if you are trying to force `From` values from other domains, your messages will end up in spam. – Michael Berkowski Nov 24 '13 at 20:44
  • ive added image of headers – user2806656 Nov 24 '13 at 20:52
  • Is this your actual code that you're using? If so, I don't see a call to the `sendmail()` function. How are you using it? Plus, one of the (most) probable reason is because the `From` email is not being passed through your headers. – Funk Forty Niner Nov 24 '13 at 20:53
  • No, those are not headers. That's an image from your mail client as it displays them. You need to see the full message source, which will include plain text headers. You'll have to find out how to do that with your mail client. – Michael Berkowski Nov 24 '13 at 20:54
  • yes this is the code i'm using and it is sending mail – user2806656 Nov 24 '13 at 21:00
  • **2 questions:** How are these variables defined `$to, $subject, $message, $from`? and how are you accessing the `sendmail()` function? Something doesn't connect here. – Funk Forty Niner Nov 24 '13 at 21:02
  • on click of submit i serialize the form then use ajax to call the php page which the variables are then defined from in the php script and passed into the function. – user2806656 Nov 24 '13 at 21:10
  • Then try changing `sendmail($to, $subject, $message, $from)` to `sendmail($to, $subject, $message, $headers)` something is getting overwritten. Without seeing full code, it's very very hard to say where the actual problem is. – Funk Forty Niner Nov 24 '13 at 21:12
  • After seeing your full code, you're using a mix of `GET` and `POST` - why? You're also suppressing errors using `@` in `@mail` remove it. – Funk Forty Niner Nov 24 '13 at 21:19
  • Sorry, I don't have time to chat. There's an answer below which may help. – Funk Forty Niner Nov 24 '13 at 21:25
  • im using get and post so if javascript is disabled on user computer then it can still send mail without the ajax. – user2806656 Nov 24 '13 at 21:28
  • @MichaelBerkowski If you are using a legitimate relay like SES, and the from address you are forcing is validated, then messages like this will not end up as spam. – gregtzar Apr 07 '14 at 00:50

1 Answers1

7

I believe this line

$result = @mail($to, $subject, $message, $from);

Should be fixed to this

$result = sendmail($to, $subject, $message, $from);

And change your sendmail function to this

function sendmail($to, $subject, $message, $from) {
    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    $headers .= 'From: ' . $from . "\r\n";
    $headers .= 'Reply-To: ' .$from . "\r\n";
    $headers .= 'X-Mailer: PHP/' . phpversion();
    @mail($to, $subject, $message, $headers); 

    if ($result) return 1;
    else return 0;
}

Here you are using $email, but maybe you should use $from. Your function takes $to, $subject, $message, $from.

Also you should maybe change your code a bit

function sendmail($to, $subject, $message, $from) {
    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    $headers .= 'From: ' . $from . "\r\n";
    $headers .= 'Reply-To: ' .$from . "\r\n";
    $headers .= 'X-Mailer: PHP/' . phpversion();
    if(mail($to, $subject, $message, $headers)){
        return 1;
    } 
    return 0;
}

sendmail is a unix application binary used to send emails. Writing your own sendmail function in PHP doesn't do anything. The PHP mail function uses sendmail on linux by default I believe, and on windows, you need to configure SMTP. But as your emails are being sent, this is not the problem. Maybe you should rename the function, so you don't mix these things by accident.

Also here is whole code rewritten, maybe you can learn a thing or two :)

$post = false;
// flag to indicate which method it uses. If POST set it to 1
if (isset($_POST['Name'])) {
    $post = true;
}

$name = (isset($_GET['Name'])) ? $_GET['Name'] : $_POST['Name'];
$email = (isset($_GET['Email'])) ? $_GET['Email'] : $_POST['Email'];
$phone = (isset($_GET['Phone'])) ? $_GET['Phone'] : $_POST['Phone'];
$comment = (isset($_GET['Comment'])) ? $_GET['Comment'] : $_POST['Comment'];


// Simple server side validation for POST data, of course, you should validate the email
if (!$name) {
    $errors[] = 'Please enter your name.';
}
if (!$email) {
    $errors[] = 'Please enter your email.';
}
if (!$comment) {
    $errors[] = 'Please enter your comment.';
}
// if the errors array is empty, send the mail
if (count($errors) == 0) {

    // recipient
    $to = 'example@example.com';
    // sender
    $from = $name . ' <' . $email . '>';

    // subject and the html message
    $subject = 'Comment from ' . $name;
    $message = '<!DOCTYPE html>
<html>
<head></head>
<body>
<table>
    <tr><td>Name</td><td>' . $name . '</td></tr>
    <tr><td>Email</td><td>' . $email . '</td></tr>
    <tr><td>Phone</td><td>' . $phone . '</td></tr>
    <tr><td>Comment</td><td>' . nl2br($comment) . '</td></tr>
</table>
</body>
</html>';


    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    $headers .= 'From: ' . $from . "\r\n";
    $headers .= 'Reply-To: ' . $from . "\r\n";
    $headers .= 'X-Mailer: PHP/' . phpversion();
    $mailSuccess = mail($to, $subject, $message, $headers);

    // if POST was used, display the message straight away
    if ($post) {
        if ($mailSuccess) {
            echo 'Thank you! We have received your message.';
        } else {
            echo 'Sorry, unexpected error. Please try again later';
        }
    // else if GET was used, return the boolean value so that
    // ajax script can react accordingly
    // 1 means success, 0 means failed
    } else {
        echo (int)$mailSuccess;
    }
// if the errors array has values
} else {
    // display the errors message
    foreach ($errors as $error) {
        echo $error . '<br/>';
    }
    echo '<a href="contact.php">Back</a>';
}
Jompper
  • 1,412
  • 9
  • 15