-1

I have a decent understanding of HTML and CSS but completely novice when it comes to PHP. I've scouted the net and tried this out with multiple different tutorials, however I can't seem to tailor the php code to work with my contact page's email form. (www.richseeley.com/contact)

Ultimately, I would like this form to confirm the message being sent with a pop up window, without leaving the page, but so far I can't even get it to work in the most basic sense. At present, it is echoing the "thank you for using our mail form", however the email isn't sending.

Here is the html coding for my contact form:

<div id="form-main">
                  <div id="form-div">
                    <form class="form" id="form1" action="scripts/test.php" method="post" enctype="text/plain">

                      <input name="name" type="text" class="feedback-input" placeholder="Name" id="name" />

                      <input name="email" type="text" class="feedback-input" id="email" placeholder="Email" />                    

                      <textarea name="message" class="feedback-input" id="message" placeholder="Message"></textarea>  

                      <input type="submit" value="SEND" id="button-blue"/>

                    </form>
                 </div>
                </div>

And here is the PHP code that I have most recently been trying to work with:

        <?php
  //send email
  $name = $_REQUEST['name'] ;
  $email = $_REQUEST['email'] ;
  $message = $_REQUEST['message'] ;
  mail("r*******@gmail.com", $name,
  $message, "From:" . $email);
  echo "Thank you for using our mail form";
?>

I appreciate that this is a fairly simple problem I am trying to solve, but I've spent several hours with no success, and I really don't want to have to compromise the design of my work/website, and end up using something less stylised, as a basic tutorial would provide.

Rich
  • 1
  • 3
  • First of all, use `$_POST` instead of `$_REQUEST`. If you are explicitly stating the form as post there is no point on using `$_REQUEST`. – Gasim Jan 11 '14 at 15:59
  • 3
    Also your code is vulnerable to header injection – PeeHaa Jan 11 '14 at 15:59
  • You need to pass the form to your PHP using GET or POST... – Abbe Jan 11 '14 at 16:00
  • ok try this, as I am not by any server right now to test it. Add name to submit button, (like "name=sendmail") and in php add `if(isset($_POST['sendmail'])) { //your code here }` If that doesn't work, check out the php mods to see if there is a mail module there. – Gasim Jan 11 '14 at 16:09
  • Where in my php code should I add that? cheers – Rich Jan 11 '14 at 16:22

1 Answers1

0

The only way I could think of doing it would be something like:

    <?php
if (isset($_REQUEST['email']))
//if "email" is filled out, send email
  {
  echo <p>Are you sure you want to do this?</p>

<form action="send_mail.php" method="post">
    <input type="submit" name="ok" value="OK" />
    <input type="submit" name="cancel" value="Cancel" />
</form>
?>

and in send_mail.php:

    <?php>
    //send email
    if (isset($_POST['ok'])) {
    $name = $_REQUEST['name'] ;
      $email = $_REQUEST['email'] ;
      $message = $_REQUEST['message'] ;
      mail("richsee******@****.com", $name,
      $message, "From:" . $email);
      echo "Thank you for using our mail form";
      }
}

if (isset($_POST['cancel'])) {
    header('Location: didnt_confirm.html");
}
     ?>

Also, your php seems wrong and vulnerable, but all you're asking is for a confirmation ;)

If you're concerned about vulnerability (header injections), you can read this.

Cilan
  • 13,101
  • 3
  • 34
  • 51
  • Igave him an answer but I guess yours is more good – Humphrey Jan 11 '14 at 16:03
  • HTTP header injections and mail header injections are different... https://en.wikipedia.org/wiki/Email_injection is what you should be linking to. – kittycat Jan 11 '14 at 17:39
  • Why don't you actually fix the PHP code and the vulnerability instead of posting bad code? – kittycat Jan 11 '14 at 17:42
  • @crypticツ I specifically answered the question *he asked.* If someone asks what's 1+1 I'm going to say '2', I'm not going tell them what '2+4' is – Cilan Jan 11 '14 at 17:49
  • No, but you're posting vulnerable code for OP and visitors to this question to use. That's irresponsible and makes for a low quality answer. – kittycat Jan 11 '14 at 18:05