0

I'm creating a contact form that emails the company when someone fills out the form. I want it to send an email to the sales team, with a From: header containing the email address of the person that sent it, so they can hit reply on the email and contact the person.

The problem is that the mail() function is returning false if I set any From: header at all.

What am I doing wrong?

Here's my code:

$emailto = "sales@xyz.com";

// does nothing
ini_set('sendmail_from', 'me@abc.com'); 

$subject = "Test";
$message = "123 Testing";

// This line when included makes mail() fail
$header = "From: {$_REQUEST['name']} <{$_REQUEST['email']}> \r\n"; // fails

$emailsent = mail ($emailto,$subject,$message, $header);
echo $emailsent?'true':'false';
Jodes
  • 14,118
  • 26
  • 97
  • 156
  • `What am I doing wrong?`. You use `mail()`. – Marcin Orlowski Apr 24 '23 at 22:35
  • `\r\n` is a windows new line, are you using windows? You're also open to header injections. – user3783243 Apr 24 '23 at 22:38
  • 1
    @user3783243 In email headers, using `\r\n` is correct. From [the docs](https://www.php.net/manual/en/function.mail.php): _"Multiple extra headers should be separated with a CRLF (\r\n)."_ – rickdenhaan Apr 24 '23 at 23:03
  • @rickdenhaan Oh, guess so. Also noted there though it does say to use `\n` instead.. `If messages are not received, try using a LF (\n) only. Some Unix mail transfer agents (most notably » qmail) replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with` – user3783243 Apr 24 '23 at 23:14
  • @MarcinOrlowski what's wrong with mail()? – Jodes Apr 24 '23 at 23:25
  • in short it's a garbage. In long, try sending multipart message with attachements over the SSL/TLS via remote server requiring AUTH (which nowadays is a default) and you will see :) Many hostings even have `mail()` disabled function as it only spammer's friendly. Really - it's a garbage since PHP4. It should not be here in the first place. Do yourself a favou and really try something modern and save your future time. – Marcin Orlowski Apr 25 '23 at 05:30
  • _"I want it to send an email [...] with a From: header containing the email address of the person that sent it"_ - no, you don't. Please see https://stackoverflow.com/a/24644450/1427878, section titled _"Don't use a faux From: sender"_ -- _"so they can hit reply on the email and contact the person"_ - use `Reply-To` for that. – CBroe Apr 25 '23 at 07:02
  • @MarcinOrlowski what service do most hosting companies offer for that? Do you have any examples of how I'd access such a service? Any php code? – Jodes Apr 25 '23 at 10:46
  • That's any mail serwer you use is such service. It's just regular remote (from your script perspective) SMTP server, requiring user authentication prior sending anything, and often requiring clients to use TLS/SSL. Nothing of these are known to `mail()`. Just try to send yourself a mail using your script via such account and see. – Marcin Orlowski Apr 25 '23 at 10:48
  • You can look into using [PHPMailer](https://github.com/PHPMailer/PHPMailer). This is quite possibly the most-used and best-maintained PHP library for sending email and supports sending mail via an SMTP-server that requires authentication and/or encryption. As for what SMTP-server to connect to, that is something your hosting provider should be able to help you with. Preferably the official mail server for the domain after the `@` in the From-address, since that one is most likely to be properly configured in SPF/DKIM/DMARC-settings. – rickdenhaan Apr 25 '23 at 12:48

0 Answers0