I am getting an error when I click the submit button on the form (error; you need to submit the form). I'm not sure how but I think it's because of the value of the $email_form. Am I doing it wrong? Should I change the value of my $email_form. Are there any other problems?
<?php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];
$phoneno = $_POST['phoneno'];
$datefrom = $_POST['datefrom'];
$dateto = $_POST['dateto'];
$emailto = $_POST['emailto'];
//Validate first
if(empty($name)||empty($visitor_email))
{
echo "Name and email are mandatory!";
exit;
}
if(IsInjected($visitor_email))
{
echo "Bad email value!";
exit;
}
$email_from = "$visitor_email";//<== update the email address
$email_subject = "Leave Application";
$email_body = "You have received a new message from the user $name.\n\n".
"Here is the message:\n\nLeave Date - From: $datefrom To: $dateto \n\n".
"Phone Number: $phoneno\n\n".
"$message \n\n".
$to = $_POST['emailTo'];//<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: leavesuccess.php');
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?> HTML:
<div class="container">
<div class="card">
<div class="form__name" style="font-family: Questrial; ">
Apply for a leave
</div>
<div class="time__container">
<div class="section">
<div class="box">
1
</div><span>Date & Time</span>
</div>
<form action="form-to-email.php" class="form__time" method="post">
<div class="date">
<label for="date">From</label> <input id="date" type="date" name="datefrom">
</div>
<div class="date">
<label for="date">To</label> <input id="date" type="date" name="dateto">
</div>
<div class="timezone">
<label for="timezone"></label>
</select>
</div>
</div>
<div class="message__container">
<div class="section">
<div class="box">
2
</div><span>Message</span>
</div>
<textarea cols="50" rows="5" name="message"></textarea>
</div>
<div class="contact__container">
<div class="section">
<div class="box">
3
</div><span>Contact Information</span>
</div>
<div class="form__contact">
<div class="cname">
<label for="cname">Name</label> <input name="name" type="text">
</div>
<div class="cnum">
<label for="cnum">Phone Number</label> <input id="cnum" type="text" name="phoneno">
</div>
<div class="email">
<label for="cemail">Email</label> <input id="cemail" name="email">
</div>
</div>
</div>
<div class="contact__container">
<div class="section">
<div class="box">
4
</div><span>Send to</span>
</div>
<div class="form__contact">
<div class="cname">
<label for="cname">Manager</label> <select name="emailTo">
<option value=""></option>
<option value="email@email.com">TestingRenzo</option>
<option value="email@email.com">TestingPaul</option>
<option value="email@email.com">Lenz Batara</option>
<option value="email@email.com">Patrick Laqui</option>
<option value="email@email.com">Joseph Enierga</option>
<option value="email@email.com">Gino Ilustre</option>
<option value="email@email.com">Marissa Guirwela</option>
<option value="email@email.com">Angeli Jocson</option>
</select>
</div>
</div>
</div>
<div class="form__confirmation" type="submit" name="submit">
<button>Confirm Information</button>
</div>
</form>
</div>
</div>Removed the emails for privacy
