php contact form help

Associate
Joined
9 May 2010
Posts
1,669
Location
sheffield
I have a contact form which is working well, there is a variable called '$from' which is where the from email goes, it tells me to use a static mail address, but i would like to use the name and email which is sent via the form to be used. i have tried everything and I'm going code blind! can anyone cast their eyes over it and see whats wrong?

<?php
// require ReCaptcha class
require('recaptcha-master/src/autoload.php');
/*
* CONFIGURE EVERYTHING HERE
*/

// an email address that will be in the From field of the email.
$from = .$_POST[Name]. <.$_POST.>;

// an email address that will receive the email with the output of the form
$sendTo = 'Orders <[email protected]>';

// subject of the email
$subject = 'Trade Print Order from ' .$_POST[name];

// form field names and their translations.
// array variable name => Text to appear in the email
$fields = array('name' => 'Name', 'businessname' => 'Business Name', 'phone' => 'Phone', 'email' => 'Email', 'order' => 'Order');

// message that will be displayed when everything is OK :)
$okMessage = 'Contact form successfully submitted. Thank you, We will get back to you soon!';

// If something goes wrong, we will display this message.
$errorMessage = 'There was an error while submitting the form. Please try again later';

$recaptchaSecret = '000000000000000000000000';
/*
* LET'S DO THE SENDING
*/

// if you are not debugging and don't need error reporting, turn this off by error_reporting(0);
error_reporting(0);

try
{
if (!empty($_POST)) {

// validate the ReCaptcha, if something is wrong, we throw an Exception,
// i.e. code stops executing and goes to catch() block

if (!isset($_POST['g-recaptcha-response'])) {
throw new \Exception('ReCaptcha is not set.');
}

// do not forget to enter your secret key in the config above
// from https://www.google.com/recaptcha/admin

$recaptcha = new \ReCaptcha\ReCaptcha($recaptchaSecret, new \ReCaptcha\RequestMethod\CurlPost());

// we validate the ReCaptcha field together with the user's IP address

$response = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);


if (!$response->isSuccess()) {
throw new \Exception('ReCaptcha was not validated.');
}

// everything went well, we can compose the message, as usually
$emailText ="
Name: $_POST[name]\n
Business Name: $_POST[businessname]\n
Email: $_POST[email]\n
Phone: $_POST[phone]\n
Message:\n\n\n$_POST[order]";



$headers = array('Content-Type: text/plain; charset="UTF-8";',
'From: ' . $from,
'Reply-To: ' . $from,
'Return-Path: ' . $from,
);

mail($sendTo, $subject, $emailText, implode("\n", $headers));

$responseArray = array('type' => 'success', 'message' => $okMessage);
}
}
catch (\Exception $e)
{
$responseArray = array('type' => 'danger', 'message' => $errorMessage);
}

if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
$encoded = json_encode($responseArray);

header('Content-Type: application/json');

echo $encoded;
}
else {
echo $responseArray['message'];
}[/SPOILER]
 
I have a contact form which is working well, there is a variable called '$from' which is where the from email goes, it tells me to use a static mail address, but i would like to use the name and email which is sent via the form to be used. i have tried everything and I'm going code blind! can anyone cast their eyes over it and see whats wrong?

You can't just send an email from somebody else's email address.
You need to use an email address which you can give php access to as the from address.
In the headers, you can set the Reply-To address to be the one the user typed into the form and then when you receive it and click reply you'll be sending to that address.
 
You can't just send an email from somebody else's email address.
You need to use an email address which you can give php access to as the from address.
In the headers, you can set the Reply-To address to be the one the user typed into the form and then when you receive it and click reply you'll be sending to that address.

If I'm reading it correctly he doesn't want to send the email from that address, he just wants the email received to say from: Joe Bloggs <[email protected]>, I believe.

What do you use at the moment OP? With that code you put up there do you get a from of just there name?
 
If I'm reading it correctly he doesn't want to send the email from that address, he just wants the email received to say from: Joe Bloggs <[email protected]>, I believe.

That's effectively the same thing.
Almost all emails from that contact form are going to get rejected because they have SPF records set up to define who can send email and OP doesnt have permission to send from those addresses.
 
That's effectively the same thing.
Almost all emails from that contact form are going to get rejected because they have SPF records set up to define who can send email and OP doesnt have permission to send from those addresses.

Ahh yes, I see that now, I thought he wanted it in the body of the email to say who it was from with their reply address.
 
sorry i have only just got around to checking this. I have found the solution, by defining
$name = strip_tags(htmlspecialchars($_POST['name']));
$email_address = strip_tags(htmlspecialchars($_POST['email']));


I was able to simply say $from = "$name<$email_address>"; and this seemed to work,
the form itself is for customers to send order through to my workshop and this makes it easy to reply to them with any questions.
does that look like its ok?
 
The best thing to do would simply use the replyto field in building the email so when you get your notification and you hit reply it goes to the sender.

Our contact forms are setup that they come from say [email protected] and get sent to an email address such as [email protected] and when you then go to reply to that email the replyto field is filled with the persons email who submitted the form (assuming you capture that information obviously).
 
does that look like its ok?

Nope, I wouldn't be comfortable with that setup - I would use a fixed email address like the documentation says (an email address with the same domain as the website).
I cant think of any reason why you would want the customer's email address in the 'From' field and not just the 'Reply-To' field. There's no difference in how you'd reply but you're much more likely to lose sales from rejected emails.
 
Last edited:
Back
Top Bottom