PHP Contact Form Coming From Admin's Email

Question

I made a PHP Contact Form using this tutorial and it works great, but I've encountered one potential security risk / inconvenience. Each email I receive comes from my admin login name.

I added $headers as this thread instructed, but to no avail.

My Current PHP:

<?php
    $name = $_POST['name'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];
    $message = $_POST['message'];
    $from = $_POST['email']; 
    $to = 'myClientsEmail@gmail.com';
    $subject = 'Estimate Contact Form';

    $headers = "From: $email\r\n";                 /* I added this */
    $headers .= "Reply-To: $email\r\n";            /*     and this */

    $body = "From: $name\n Phone: $phone\n E-Mail: $email\n Message:\n $message";

    if ($_POST['submit']) {
        if (mail ($to, $subject, $body, $from, $headers)) { 
            echo '<p>Your message has been sent!</p>';
        } else { 
            echo '<p>Something went wrong, go back and try again!</p>'; 
        }
    }
?>

What exactly am I missing? Any help is greatly appreciated. Thank you!

Are you talking about this: `$headers = "From: $email\r\n"; ` ? — Darren, Aug 21 '15 at 03:48
Yes, that's what I added in hopes of changing the "From" in my email — CSS Apprentice, Aug 21 '15 at 03:49
What you want is this: `$headers = '"From: The Name <$email>\r\n";` — Darren, Aug 21 '15 at 03:58
That threw an error `Parse error: syntax error, unexpected '$body' (T_VARIABLE)`, referencing the `$body` after headers, before the if statement — CSS Apprentice, Aug 21 '15 at 04:03

score 4 · Accepted Answer · answered Aug 21 '15 at 04:01

4

Your mail() function call has an extra parameter it looks like. The correct mail() call should be:

if (mail($to, $subject,$body,$headers)) {
  ....
}

So just remove the $from portion and it should be good.

answered Aug 21 '15 at 04:01

Adam Link

2,783
4
30
44

Thanks for the hasty reply! With those changes, the email no longer sends. I checked the inbox and spam mail. I also reverted it back to the original, and it came through again (just to make sure it wasn't the system) – CSS Apprentice Aug 21 '15 at 04:08
You'll have to start doing some debugging. 1) Assign the `mail()` call to a variable. `var_dump()` that variable. 2) Check your SMTP settings on your server. It may be rejecting mail from a domain / user combo that is not the same as the admin username. – Adam Link Aug 21 '15 at 04:10
Not 100% sure if I did it correctly, but the end result was "Your message has been sent!" "bool(true)". I made `$mail = mail($to, $subject, $body, $headers);` put `$mail` inside my if statement, and then did `var_dump($mail)` after the if else statement. Is that correct? – CSS Apprentice Aug 21 '15 at 04:26
The mail didn't get there :/ – CSS Apprentice Aug 21 '15 at 04:32
Then check your SMTP settings on your server, or the acceptance settings on the mail you're sending it to. Likely it's another question for SO at this point, since there are lots of potential issues with troubleshooting a SMTP setup. – Adam Link Aug 21 '15 at 04:42
It's working now! I set up an email address to send from, and it's 100%. Thank you for the help! – CSS Apprentice Aug 21 '15 at 04:49

PHP Contact Form Coming From Admin's Email

1 Answers1