0

i have a site which is built in normal HTML and only one page is in php, for generating email from contact us page. now what is happening, my contact page is working fine, but i am receiving email daily at 3:10AM to 3:12AM with same junk entries "1" Eg:
Name: 1
Email: my own email address (same as sender(myself) email address)
Company: 1
Address:1

This is the main issue, i am experiencing. I am using Captcha to prevent spamming. Please help: Please see below code which i have used: PHP Email Code(example-form.php):

    <?php session_start(); ?>
    <?php
    /** Validate captcha */
    if (!empty($_REQUEST['captcha'])) {
    if (empty($_SESSION['captcha']) || trim(strtolower($_REQUEST['captcha'])) !=          $_SESSION['captcha']) {
      header('Location: /captchacode.html');
      exit();
      //die("The verification code didn't match what was expected.");
      //echo '<script>window.location.assign("/captchacode.html")</script>';
     }
     unset($_SESSION['captcha']);
    }
    if(thankyou_mail()){
    $rediect = $_REQUEST['redirect'];
        $_REQUEST ='';
    //header("Location :".$_REQUEST['redirect']);
    echo '<script>window.location.assign("'.$rediect.'")</script>';
    }else{

       //header("Location:404.html");
        echo '<script>window.location.assign("/404.html")</script>';   
    }
    function thankyou_mail() {
    # Localize variables used in this subroutine.
    $to =$_REQUEST['email'];
    //$headers = "From:".$_REQUEST['recipient']."(".$_REQUEST['realname'].")\r\n";
    //$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    $date=date("Y/m/d");

    # Check for Message Subject
    $subject =$_REQUEST['subject'];

    $message ="Thank You For Filling Out This Form.</b>";
    $message .= "Below is what you submitted to ".$_REQUEST['recipient']." on ";
    $message .="$date<p><hr size=1 width=75\%><p>\n";    
    $message .="<b> Name:</b> ".$_REQUEST['name']."<p>\n";
    $message .="<b> Email:</b> ".$_REQUEST['email']."<p>\n";
    $message .="<b> Company:</b> ".$_REQUEST['company']."<p>\n";
    $message .="<b> Address:</b> ".$_REQUEST['address']."<p>\n";
    $message .="<b> City:</b> ".$_REQUEST['city']."<p>\n";
    $message .="<b> State:</b> ".$_REQUEST['state']."<p>\n";
    $message .="<b> Zip:</b> ".$_REQUEST['zip']."<p>\n";
    $message .="<b> Questions/Comments:</b> ".$_REQUEST['message']."<p>\n";


    $headers = "From:".$_REQUEST['FormName']."<".$_REQUEST['from'].">\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    //send_mail();
    if ($to == $_REQUEST['from'])
    {
        header ('Location: /emailerror.html');
        exit();
    }
    if(mail($to,$subject,$message,$headers)){
        return true;    
    }else{
        return false;
    }
    //mail($to,$subject,$message,$headers);
    // return true;
    }
    /*
    function send_mail() {


    # Localize variables used in this subroutine.
    $to =$_REQUEST['recipient'];
    $headers = "From:".$_REQUEST['email']."(".$_REQUEST['realname'].")\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";


    # Check for Message Subject
    $subject =$_REQUEST['subject'];

    $message  ="Below is the result of your feedback form.  It was submitted by\n";
    $message .= $_REQUEST['realname']." (".$_REQUEST['email'].") on $date<p><hr size=1   width=75\%><p>\n"; 
    $message .="<b> Name:</b> ".$_REQUEST['name']."<p>\n";
    $message .="<b> Email:</b> ".$_REQUEST['email']."<p>\n";
    $message .="<b> Company:</b> ".$_REQUEST['company']."<p>\n";
    $message .="<b> Address:</b> ".$_REQUEST['address']."<p>\n";
    $message .="<b> City:</b> ".$_REQUEST['city']."<p>\n";
    $message .="<b> State:</b> ".$_REQUEST['state']."<p>\n";
    $message .="<b> Zip:</b> ".$_REQUEST['zip']."<p>\n";
    $message .="<b> Questions/Comments:</b> ".$_REQUEST['message']."<p>\n";
    mail($to,$subject,$message,$headers);
    return true;
    }
    */

Contacts Us (HTML PAGE)

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org    /TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Contact Us - </title>
    <meta name="keywords" content="KEYWORDS GO HERE. 12 KEYWORDS MAX, & ONLY 3 REPEATED WORDS" /> 
    <meta name="description" content="DESCRIPTION GOES HERE. 160 CHARACTERS" />

    <link rel="stylesheet" type="text/css" href="styles.css" title="standard" />
    <link rel="icon" href="/images/favicon.ico" />

    <script src="scripts/rollover.js" type="text/javascript"></script>

    </head>

    <script src="lib/jquery.js"></script>
    <script src="jquery.validate.js"></script>

    <script>
    //$.validator.setDefaults({
    //  submitHandler: function() {  }
    //});

    $().ready(function() {

    // validate signup form on keyup and submit
    $("#signupForm").validate({
        rules: {


    name: {
                required: true,
                minlength: 2
            },
            email: {
                required: true,
                email: true
            },
            company: {
                required: true,
                minlength: 5
            },
            address: {
                required: true,
                minlength: 2
            },
            city: "required",
            state: "required",
            zip: "required",
            captcha:"required"
        },

        messages: {
            name: {
                required: "Please enter a username",
                minlength: "Your username must consist of at least 2 characters"
            },
            company: "Please enter a company",

            email: "Please enter a valid email address",
            address: "Please enter a address",
            city: "Please enter a city",
            state:"Please enter a state",
            zip: "Please enter a zip",
            captcha : "Please enter a letters of Image"
        }
    });


    });
    </script>

    <style type="text/css">

     label.error {
    margin-left: 10px;
    width: auto;
    display: inline;
    color: red;
    }
    #newsletter_topics label.error {
    display: none;
    margin-left: 103px;
    }
    </style>


    <body>
    <div id="headerWrap">
    <div id="header">
        <h1 id="logo">LLC</h1>
        <div id="contact"><a href="contact.html">CONTACT US</a></div>
    </div><!-- end #header -->
    </div><!--  end #headerWrap  -->

    <div id="navWrap">
    <div id="nav">
        <ul class="nav1">
        <li><a href="index.html"><img class="imgover" src="images/nav-home.jpg"  width="129" height="46" /></a></li>
        <li><a href="about.html"><img class="imgover" src="images/nav-about.jpg" width="135" height="46" /></a></li>
        <li><a href="lobbying.html"><img class="imgover" src="images/nav-lobbying.jpg" width="168" height="46" /></a></li>
        <li><a href="ally-development.html"><img class="imgover" src="images/nav-ally.jpg" width="237" height="46" /></a></li>
        <li><a href="strategic-consulting.html"><img class="imgover" src="images/nav-strategic.jpg" width="231" height="46" /></a></li>
        </ul>
    </div><!-- end #nav -->
    </div><!--  end #navWrap  -->

    <div id="contentWrap">

    <div id="content">

    <br clear="all" />

    <table width="100%" border="0" cellpadding="0" cellspacing="0">
        <tr>
        <td class="c2L">
            <div><a href="contact.html"><img src="images/contact.jpg" /></a></div>
        </td>
        <td class="c2R">
            <div>
            <h2 class="normh2">Contact Us</h2>

            <form method="post"  id="signupForm" action="example-form.php">
                <input name="FormName" type="hidden"  />
             <!--   <input name="username" type="hidden"  />-->
                <input name="realname" type="hidden"  />
                <input name="subject" type="hidden"  />
                <input name="thankurl" type="hidden" value="thank.html" />
              <!--  <input name="recipient" type="hidden" value="emailid" />-->
                <input name="email" type="hidden" value="" />
                <input name="redirect" type="hidden" value="/thank.html" />

                <input type="hidden" name="from"  />

            <table id="contactTable" width="100%" cellspacing="0" cellpadding="0">
                <tr>
                <td id="contactTableL">Name</td>
                <td id="contactTableR"><input type="text" name="name" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">Email</td>
                <td id="contactTableR"><input type="text" name="email" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">Company</td>
                <td id="contactTableR"><input type="text" name="company" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">Address</td>
                <td id="contactTableR"><input type="text" name="address" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">City</td>
                <td id="contactTableR"><input type="text" name="city" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">State</td>
                <td id="contactTableR"><input type="text" name="state" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">Zip</td>
                <td id="contactTableR"><input type="text" name="zip" size="35" /></td>
                </tr>
                <tr>
                <td id="contactTableL">Questions/<br />Comments</td>
                <td id="contactTableR"><textarea name="message" rows="9" cols="31" ></textarea></td>
                </tr>
                 <tr>
                <td id="contactTableL">Verification<br />
        <img src="captcha.php" id="captcha" /><br/>


    <!-- CHANGE TEXT LINK -->
     <a href="javascript:void(0)" onclick="      document.getElementById('captcha').src='captcha.php?'+Math.random();
    document.getElementById('captcha-form').focus();"
    id="change-image">Not readable? Change text.</a>
    </td>
                <td id="contactTableR">
            <input type="text" name="captcha" id="captcha-form"  autocomplete="off" />
            </td>
                </tr>
                <tr>
                <td>&nbsp;</td>
                <td><input id="submitButton" type="submit" name="submit" value="SUBMIT" /></td>
                </tr>
            </table>
            </form>

            </div>
        </td>
        </tr>
    </table>

    </div><!--  end #content  -->

     </div><!--  end #contentWrap  -->

    <div id="footerWrap">

    <div id="footer">

    <table width="100%" border="0" cellpadding="0" cellspacing="0">
        <tr>
        <td class="c2L2">
            <div><img src="images/logo-footer.jpg" alt="" width="216" height="103"   /></div>
        </td>
        <td class="c2R2">
            <ul class="nav2">
                <li><a href="index.html">HOME</a></li>
                <li><a href="about.html">ABOUT</a></li>
                <li><a href="lobbying.html">LOBBYING</a></li>
                <li><a href="ally-development.html">ALLY<br />DEVELOPMENT</a></li>
                <li><a href="strategic-consulting.html">STRATEGIC<br />CONSULTING</a></li>
                <li class="last"><a href="contact.html">CONTACT US</a></li>
            </ul>
            <br clear="all" />

            <p><span>Copyright &copy; 2012 LLC</span> Website Design by <a       href="http://www.2broz.com">Web Design CT</a></p>
        </td>
        </tr>
    </table>

    </div><!--  end #footerContain  -->

    </div><!--  end #footerWrap  -->

     </body>
    </html>

i think these are the usefull code, if you need any more assistance please let me know.

user2753272
  • 17
  • 2
  • 9

2 Answers2

0

There is a logical mistake made in your if-else clause:

if (!empty($_REQUEST['captcha'])) {
    if (empty($_SESSION['captcha']) || trim(strtolower($_REQUEST['captcha'])) != $_SESSION['captcha']) {
        header('Location: /captchacode.html');
        exit();
    }
    unset($_SESSION['captcha']);
}

You are ONLY testing if the captcha is correct if someone filled in the captcha. So if someone manages to send the form while leaving the captcha blank, the test will pass, and the mail will be sent. If you alter the test to the following, it should work:

if( empty($_REQUEST['captcha']) 
    || empty($_SESSION['captcha']) 
    || trim(strtolower($_REQUEST['captcha'])) != $_SESSION['captcha']) {
    // captcha not filled in, or captcha not correct.
}
giorgio
  • 10,111
  • 2
  • 28
  • 41
  • i checked the captcha condition and it is working fine...when entered wrong redirected to error page and email is not sent. while if entered correct does the email – user2753272 May 29 '14 at 09:40
  • yeah, but if NOT entered, it will pass the test... and maybe your javascript is checking if a value is posted, but your PHP code isn't, and javascript, as we all know, is bypassed quite easily. – giorgio Jun 03 '14 at 12:36
  • if its not entered, its not passing the result, captcha ask for enter value. and if not entered anything i am not getting email. – user2753272 Jun 03 '14 at 13:29
  • dude... I don't know how to explain more clearly... Captcha depends on javascript to do the first check (without leaving the page), and PHP for checking if the captcha is right. But what you do is checking if the captcha is right **ONLY IF SOMETHING IS ENTERED**, which normally would not be a problem, but if someone **BYPASSES JAVASCRIPT** and **SENDS IT'S DATA DIRECTLY TO YOUR SCRIPT**, your check fails... – giorgio Jun 03 '14 at 14:37
0

If you are able to see the mail in your spam inbox, then the mail agent has a low reputation. Try adding From address in the header and check.

This question has been answered earlier. PHP mail() form sending to GMAIL spam

Community
  • 1
  • 1
vinay rajan
  • 351
  • 4
  • 9