1

I am in the process of completing a small portfolio 1 page scroller webpage. I have found a responsive template for a contact me / mail form. (the HTML/JS/PHP is displayed below). I have Plesk shared hosting with godaddy and from what I can see the mail form isn't functioning as it should.

Does anyone please have any ideas or suggestions to how to makes this work.

www.rockfizz.com (more specifically http://rockfizz.com/#contact) Is the webpage and the mail form is situated at the bottom.

All THREE relevant files -

      contact_me.js
         index.html
         contact_me.php 
           are in the root HTTPDOCS folder.

The code

HTML

<!-- Contact Section -->
<section class="contact" id="contact">
    <div class="container">
        <div class="row">
            <div class="col-lg-12 text-center">
                <h2>Contact me</h2>
            </div>
        </div>
    <div class="contact-form">
        <div class="row">
            <div class="col-lg-8 col-lg-offset-2">


                <form name="sentMessage" id="contactForm" novalidate action="contact_me.php" method="post">
                    <div class="row control-group">
                        <div class="form-group col-xs-12 floating-label-form-group controls">
                            <label>Name</label>
                            <input type="text" class="form-control" placeholder="Name" id="name" required data-validation-required-message="Please enter your name.">
                            <p class="help-block text-danger"></p>
                        </div>
                    </div>
                    <div class="row control-group">
                        <div class="form-group col-xs-12 floating-label-form-group controls">
                            <label>Email Address</label>
                            <input type="email" class="form-control" placeholder="Email Address" id="email" required data-validation-required-message="Please enter your email address.">
                            <p class="help-block text-danger"></p>
                        </div>
                    </div>
                    <div class="row control-group">
                        <div class="form-group col-xs-12 floating-label-form-group controls">
                            <label>Phone Number</label>
                            <input type="tel" class="form-control" placeholder="Phone Number" id="phone" required data-validation-required-message="Please enter your phone number.">
                            <p class="help-block text-danger"></p>
                        </div>
                    </div>
                    <div class="row control-group">
                        <div class="form-group col-xs-12 floating-label-form-group controls">
                            <label>Message</label>
                            <textarea rows="5" class="form-control" placeholder="Ask me anything!" id="message" required data-validation-required-message="Please enter a message."></textarea>
                            <p class="help-block text-danger"></p>
                        </div>
                    </div>
                    <br>
                    <div id="success"></div>
                    <div class="row">
                        <div class="form-group col-xs-12 text-center">
                            <button type="submit" class="btn">SEND</button>
                        </div>
                    </div>
                </form>
            </div>
          </div>
        </div>
    </div>

</section>

JAVASCRIPT

$(function () {

$("input,textarea").jqBootstrapValidation ({
    preventSubmit: true,
    submitError: function($form, event, errors) {
        // additional error messages or events
    },
    submitSuccess: function ($form, event) {
        event.preventDefault(); // prevent default submit behaviour
        // get values from FORM
        var name = $("input#name").val();
        var email = $("input#email").val();
        var phone = $("input#phone").val();
        var message = $("textarea#message").val();
        var firstName = name; // For Success/Failure Message
        // Check for white space in name for Success/Fail message
        if (firstName.indexOf(' ') >= 0) {
            firstName = name.split(' ').slice(0, -1).join(' ');
        }
        $.ajax({
            url: "contact_me.php",
            type: "POST",
            data: {
                name: name,
                phone: phone,
                email: email,
                message: message
            },
            cache: false,
            success: function() {
                // Success message
                $('#success').html("<div class='alert alert-success'>");
                $('#success > .alert-success').html("<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;")
                    .append("</button>");
                $('#success > .alert-success')
                    .append("<strong>Your message has been sent. </strong>");
                $('#success > .alert-success')
                    .append('</div>');

                //clear all fields
                $('#contactForm').trigger("reset");
            },
            error: function() {
                // Fail message
                $('#success').html("<div class='alert alert-danger'>");
                $('#success > .alert-danger').html("<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;")
                    .append("</button>");
                $('#success > .alert-danger').append("<strong>Sorry " + firstName + ", it seems that my mail server is not responding. Please try again later!");
                $('#success > .alert-danger').append('</div>');
                //clear all fields
                $('#contactForm').trigger("reset");
            },
        });
    },
    filter: function() {
        return $(this).is(":visible");
    },
});

$("a[data-toggle=\"tab\"]").click(function(e) {
    e.preventDefault();
    $(this).tab("show");
    });
        });


                /*When clicking on Full hide fail/success boxes */
             $('#name').focus(function() {
               $('#success').html('');
                  });

and PHP

          <?php

           error_reporting(E_ALL);
             ini_set('display_errors', 1);

           // Check for empty fields
         if(empty($_POST['name'])       ||
          empty($_POST['email'])        ||
           empty($_POST['phone'])       ||
             empty($_POST['message'])   ||
          !filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
                    {
          echo "No arguments Provided!";
           return false;
                 }

              $name = $_POST['name'];
              $email_address = $_POST['email'];
              $phone = $_POST['phone'];
              $message = $_POST['message'];

            // Create the email and send the message
                     $to = "hello@rockfizz.com";
                      $email_subject = "Rock Fizz:  $name";
                     $email_body = "You have received a new message from                          your website contact form.\n\n"."Here are the details:\n\nName: $name\n\nEmail:         $email_address\n\nPhone: $phone\n\nMessage:\n$message";
                $headers = "From: noreply@rockfizz.com\n";
               $headers .= "Reply-To: $email_address";  
                mail($to,$email_subject,$email_body,$headers);
                  return true;          
                     ?>

I appreciate ALL of your help!

Oliver Hargreaves
  • 11
  • 1
  • Besides your question: your script is vulnerable to mail header header injection! (If you can't find it please let me know) – fateddy Mar 09 '15 at 18:54
  • Hi fateddy, I'm unsure what you're referring to?? – Oliver Hargreaves Mar 10 '15 at 08:54
  • You are using unfiltered values from the POST request and pass it along inside a mail header line (see the `email` post param). One could easily exploit it and post additional header values such as BCC, CC etc. (using the `email` post param). Here's more info about mail header injection: http://stackoverflow.com/questions/19138093/what-is-the-best-way-to-prevent-email-injection-in-a-mailform – fateddy Mar 10 '15 at 15:26
  • I see, thank you I will address that. Do you have anything to add in terms of the code, and potentially why it's only out putting the JS " $('#success > .alert-danger').append("Sorry " + firstName + ", it seems that my mail server is not responding. Please try again later!");" – Oliver Hargreaves Mar 10 '15 at 15:32
  • Did you try invoking the php mail script standalone (without the ajax thing involved)? – fateddy Mar 11 '15 at 20:05
  • did you found solution for this? – PvDev Jan 06 '19 at 15:31

0 Answers0