Feedback Email setup

**Erwin Moller** · Sep 18 '06, 10:45 AM

Re: Feedback Email setup

ianbarton@adam. com.au wrote:

Hello all
>
I am trying to setup a feedback form on my webpage using some script
provided by my ISP. I really don't know a lot about PHP and it's syntax
etc.
>
The feedback form only has 4 fields. These are UserName, UserEmail,
UserCountry & Comments. It works well with all of those fields
appearing in the body of an email that is sent to me. What I would now
like is for the UserEmail field to appear in the "From:" field in the
header rather than only in the body of the email.
>
There is a line in the script that says:-
$header .= "From: Web Form <email@yourbusi ness.com.au>\n" ;
>
I suspect I need to somehow place the UserEmail string in here somehow
but I don't know how to do it. Is it possible to do what I want?

No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it what
the from-field is.
Most probably you can put in there any valid emailaddress you own, like:
info@adam.com

>
Here is the script of the formmail.php file I am using. I have inserted
my email address at the point where it says to and I have created a
"confirm.ht m" webpage.
>
<?
# Adam Internet PHP Form Mailer v1.3
# By John Edwards, Copyright September 2005.
# Mail all variables to:
>
$to='email@your business.com.au '; ###I have inserted my email address
here ####
$domain = 'yourbusiness.c om.au'; ### I don't have a business domain
name ####

Use the one of your ISP.
For example, if you host your site at: www.xs4all.nl/~adam you are in domain
x4all.nl, or maybe www.xs4all.nl

>
while(list($key ,$val) = each($HTTP_POST _VARS))
{
>
$val = str_replace(chr (10),"",$val);
$val = str_replace(chr (13),"",$val);
$formmessage .= "$key = $val\n";
}

This part cleans up some header-injection hackattack.
It also removes any newlines from the content of the mail.

>
if(
>
$formmessage # If we have content
&& 'POST' == $_SERVER['REQUEST_METHOD '] # If the message is being
posted
&& strstr(strtolow er($_SERVER['HTTP_USER_AGEN T']),'mozilla') # If the
user agent contains mozilla
&& strstr($_SERVER['HTTP_REFERER'], $domain) # If the referrer is us
&& !strstr($formme ssage,"Content-Type") # Don't send XSS attempt
)

This is a really old and bad piece of code.
It uses $formmessage and I expect that it is NOT filled before like:
$formmessage = $_POST["formmessag e"];

If you are new to PHP, this is difficult to explain.
I just say it is old and will not work on a modern PHP install.

{
>
# Message is ok!
}
else
{
>
die("This request looked like a XSS attempt. Stopped");
}
>
# Reset the From: address for a neater look
$header .= "From: Web Form <email@yourbusi ness.com.au>\n" ;
# If there's an email element, use it for reply-to
if ($email)
{
>
$header .= "Reply-To: $email\n";
}
>
# Log the IP Address of the sender.
if($HTTP_X_FORW ARDED_FOR)
{
>
$header .= "X-Originating-IP: $HTTP_X_FORWARD ED_FOR via
$REMOTE_ADDR\n" ;
}
else
{
>
$header .= "X-Originating-IP: $REMOTE_ADDR\n" ;
}
>
mail($to,"Web Form Details",$formm essage,$header) ;

That is the actual mailfunction.
Go to www.php.net and look up mail for more information.

header("Locatio n: confirm.htm"); ## I have inserted the full URL for my
confirm page here ##
>
?>

I don't like the script at all. It is probably published years ago.
Just go to www.php.net and look up the mail function.

Regards,
Erwin Moller

**ianbarton@adam.com.au** · Sep 19 '06, 10:35 AM

Re: Feedback Email setup

Thanks Erwin for your reply.

I know nothing about PHP but since I started this exercise I have
become a little, just a little more familiar with this particular
function. Unfortunately I wouldn't know enuff to know whether it is
good or bad code so I will have to take your word for that.

In your reply you state "No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it
what the from-field is. Most probably you can put in there any valid
emailaddress you own, like: info@adam.com"

The email address that I want to put in there is that which is supplied
in the feedback form field I have titled "UserEmail" The trouble is I
don't know what the syntax is to do this. I have tried many variations
(eg)

$header .= "From: Web Form <UserEmail>\n ";
$header .= "From: <UserEmail>\n ";
$header .= "From: 'UserEmai'l>\n" ;
$header .= "From: <$UserEmail>\n" ;
$header .= "From: $UserEmail\n";

Am I trying to do something that just isn't possible in PHP. I have
done this in ASP on another webpage but I can't get it to work here.

Regards

Erwin Moller wrote:

ianbarton@adam. com.au wrote:
>

Hello all

I am trying to setup a feedback form on my webpage using some script
provided by my ISP. I really don't know a lot about PHP and it's syntax
etc.

The feedback form only has 4 fields. These are UserName, UserEmail,
UserCountry & Comments. It works well with all of those fields
appearing in the body of an email that is sent to me. What I would now
like is for the UserEmail field to appear in the "From:" field in the
header rather than only in the body of the email.

There is a line in the script that says:-
$header .= "From: Web Form <email@yourbusi ness.com.au>\n" ;

I suspect I need to somehow place the UserEmail string in here somehow
but I don't know how to do it. Is it possible to do what I want?

>
No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it what
the from-field is.
Most probably you can put in there any valid emailaddress you own, like:
info@adam.com
>
>

Here is the script of the formmail.php file I am using. I have inserted
my email address at the point where it says to and I have created a
"confirm.ht m" webpage.

<?
# Adam Internet PHP Form Mailer v1.3
# By John Edwards, Copyright September 2005.
# Mail all variables to:

$to='email@your business.com.au '; ###I have inserted my email address
here ####
$domain = 'yourbusiness.c om.au'; ### I don't have a business domain
name ####

>
Use the one of your ISP.
For example, if you host your site at: www.xs4all.nl/~adam you are in domain
x4all.nl, or maybe www.xs4all.nl
>
>
>

while(list($key ,$val) = each($HTTP_POST _VARS))
{

$val = str_replace(chr (10),"",$val);
$val = str_replace(chr (13),"",$val);
$formmessage .= "$key = $val\n";
}

>
This part cleans up some header-injection hackattack.
It also removes any newlines from the content of the mail.
>
>

if(

$formmessage # If we have content
&& 'POST' == $_SERVER['REQUEST_METHOD '] # If the message is being
posted
&& strstr(strtolow er($_SERVER['HTTP_USER_AGEN T']),'mozilla') # If the
user agent contains mozilla
&& strstr($_SERVER['HTTP_REFERER'], $domain) # If the referrer is us
&& !strstr($formme ssage,"Content-Type") # Don't send XSS attempt
)

>
>
This is a really old and bad piece of code.
It uses $formmessage and I expect that it is NOT filled before like:
$formmessage = $_POST["formmessag e"];
>
If you are new to PHP, this is difficult to explain.
I just say it is old and will not work on a modern PHP install.
>
>

{

# Message is ok!
}
else
{

die("This request looked like a XSS attempt. Stopped");
}

# Reset the From: address for a neater look
$header .= "From: Web Form <email@yourbusi ness.com.au>\n" ;
# If there's an email element, use it for reply-to
if ($email)
{

$header .= "Reply-To: $email\n";
}

# Log the IP Address of the sender.
if($HTTP_X_FORW ARDED_FOR)
{

$header .= "X-Originating-IP: $HTTP_X_FORWARD ED_FOR via
$REMOTE_ADDR\n" ;
}
else
{

$header .= "X-Originating-IP: $REMOTE_ADDR\n" ;
}

mail($to,"Web Form Details",$formm essage,$header) ;

>
That is the actual mailfunction.
Go to www.php.net and look up mail for more information.
>

header("Locatio n: confirm.htm"); ## I have inserted the full URL for my
confirm page here ##

?>

>
>
I don't like the script at all. It is probably published years ago.
Just go to www.php.net and look up the mail function.
>
Regards,
Erwin Moller

**Colin Fine** · Sep 23 '06, 03:15 PM

Re: Feedback Email setup

ianbarton@adam. com.au wrote:

Thanks Erwin for your reply.
>
I know nothing about PHP but since I started this exercise I have
become a little, just a little more familiar with this particular
function. Unfortunately I wouldn't know enuff to know whether it is
good or bad code so I will have to take your word for that.
>
In your reply you state "No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it
what the from-field is. Most probably you can put in there any valid
emailaddress you own, like: info@adam.com"
>
The email address that I want to put in there is that which is supplied
in the feedback form field I have titled "UserEmail" The trouble is I
don't know what the syntax is to do this. I have tried many variations
(eg)
>
$header .= "From: Web Form <UserEmail>\n ";
$header .= "From: <UserEmail>\n ";
$header .= "From: 'UserEmai'l>\n" ;
$header .= "From: <$UserEmail>\n" ;
$header .= "From: $UserEmail\n";
>
Am I trying to do something that just isn't possible in PHP. I have
done this in ASP on another webpage but I can't get it to work here.
>

Probably

$_REQUEST['UserEmail']

(or $_GET or $_POST instead of $_REQUEST if you know which HTTP method
is being used. But $_REQUEST will do for either.)

Colin

**ianbarton@adam.com.au** · Sep 26 '06, 10:25 AM

Re: Feedback Email setup

I finally got this all sorted out and it works fine. I have even gone
one step more and generate 2 emails, one to myself and another back to
the person who sent the feedback, providing they provide a valid email
address. This second part isn't necessary but I was "on a roll" so kept
going.

Here is my "contact.ph p" script. Remember that it has to be mentioned
in the Feedback form with a line
<form method="post" action="contact .php">

Thanks to all those who offered some assistance.
Ian

<?php
// Website Contact Form Generator

// get posted data into local variables ready for email to Ian
$EmailFrom = Trim(stripslash es($_POST['UserEmail']));
$Country = Trim(stripslash es($_POST['UserCountry']));
$EmailTo = "my own email address";
$Subject = "Web Site Feedback";
$Name = Trim(stripslash es($_POST['UserName']));
$Comments = Trim(stripslash es($_POST['Comments']));

// validation
// not used as my Form has it's own validation
//$validationOK=t rue;
//if (Trim($EmailFro m)=="") $validationOK=f alse;
//if (Trim($Country) =="") $validationOK=f alse;
//if (Trim($Name)==" ") $validationOK=f alse;
// if (Trim($Telephon e)=="") $validationOK=f alse;
// if (Trim($Email)== "") $validationOK=f alse;
//if (Trim($Comments )=="") $validationOK=f alse;
//if (!$validationOK ) {
// print "<meta http-equiv=\"refresh \" content=\"0;URL =index.htm\">";
// exit;
//}

// prepare email body text to Ian
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Country: ";
$Body .= $Country;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $EmailFrom;
$Body .= "\n";
$Body .= "Comments: ";
$Body .= $Comments;
$Body .= "\n";

// send email to Ian
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>" );

// get posted data into local variables ready for email to User
$EmailFrom = "";
$EmailTo = Trim(stripslash es($_POST['UserEmail']));
$Subject = "Web Site Feedback Comments";
$Comments = Trim(stripslash es($_POST['Comments']));

// prepare email body text to User
$Body = "";
$Body .= "Hello ";
$Body .= $Name;
$Body .= "\n";
$Body .= "\n";
$Body .= "Here is a copy of the Comments you sent to Ian's Website";
$Body .= "\n";
$Body .= "\n";
$Body .= "Comments: ";
$Body .= "\n";
$Body .= $Comments;
$Body .= "\n";

// send email to User
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>" );

// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh \" content=\"0;URL =confirm.htm\"> ";
}
else{
print "<meta http-equiv=\"refresh \" content=\"0;URL =error.htm\">";
}
?>

Colin Fine wrote:

ianbarton@adam. com.au wrote:

Thanks Erwin for your reply.

I know nothing about PHP but since I started this exercise I have
become a little, just a little more familiar with this particular
function. Unfortunately I wouldn't know enuff to know whether it is
good or bad code so I will have to take your word for that.

In your reply you state "No, you want to put there the from address.
Since this script automatically sends the email, you'll have to tell it
what the from-field is. Most probably you can put in there any valid
emailaddress you own, like: info@adam.com"

The email address that I want to put in there is that which is supplied
in the feedback form field I have titled "UserEmail" The trouble is I
don't know what the syntax is to do this. I have tried many variations
(eg)

$header .= "From: Web Form <UserEmail>\n ";
$header .= "From: <UserEmail>\n ";
$header .= "From: 'UserEmai'l>\n" ;
$header .= "From: <$UserEmail>\n" ;
$header .= "From: $UserEmail\n";

Am I trying to do something that just isn't possible in PHP. I have
done this in ASP on another webpage but I can't get it to work here.

Probably
>
$_REQUEST['UserEmail']
>
(or $_GET or $_POST instead of $_REQUEST if you know which HTTP method
is being used. But $_REQUEST will do for either.)
>
Colin