[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 140
  • Last Modified:

Problem with the From mail header not working

Hi,

I have this a feedback form go to my helpdesk. The back end code that makes it tick is attached.

I have it pipe into my helpdesk, and I get this error from my helpdesk, an dit does not parse: FROM header does not contain a valid email address.

I've set the from as a specific email address.

Any ideas?
<?php  





 $return_arr = array();

if( !isset($_POST['message']) || trim($_POST['message'])=="")

{ 

// echo "{'errors': [{'field': 'message','error': 'This field is required.'}], 'success': false}";

 $return_arr["errors"]=array(array('field'=>'message','error'=>'This field is required.'));

 $return_arr["success"]= false;

 echo json_encode($return_arr);

 return ;

}

 else if(!isset($_POST['email']) || trim($_POST['email'])=="")

 { 

    // echo "{'errors': [{'field': 'email', 'error': 'Enter a valid e-mail address.'}], 'success': false}";

     $return_arr["errors"]=array(array('field'=>'email','error'=>'This field is required.'));

	 $return_arr["success"]= false;

	 echo json_encode($return_arr);

	 return;

 }

  

//  



$to = 'feedback@mydomain.com';

$server = 'feedback@mydomain.com';

$subject = 'Feedback: ' .$_POST['webid'];

$from = $_POST['email'];

$msg=$_POST['message'];

$edate= $_POST['edate'];

$webid=$_POST['webid'];

$rate1="";

$rate2="";

$rate3="";

$recommend="";

$news="";
 
$IP=$_SERVER["REMOTE_ADDR"];

$Browser=$_ENV["HTTP_USER_AGENT"];

 if(isset($_POST['rating_1']))

 $rate1=$_POST['rating_1'];

  if(isset($_POST['rating_2']))

 $rate2=$_POST['rating_2'];

  

 

$message ="<table border='0' >".	  

	  "<tr><td>Email Address:</td><td>$from</td></tr>".

	  "<tr><td>Web ID:</td><td>$webid</td></tr>".

	  "<tr><td>Event Date:</td><td>$edate</td></tr>".

	  "<tr><td>Comments / Suggestions:</td><td>$msg</td></tr>".

	  "<tr><td>Easy To Use:</td><td>$rate1</td></tr>".

	  "<tr><td>Loading Speed:</td><td>$rate2</td></tr>".
	  
	  "<tr><td>IP Address:</td><td>$IP</td></tr>".
	  
	  "<tr><td>Browser:</td><td>$Browser</td></tr>".

	  "</table>";



if(mail($to, $subject, $message, "From: $server \r\nContent-type: text/html\r\n"))

{

  $return_arr["success"]= true;

  echo json_encode($return_arr);	 

}

else

{

	  $return_arr["success"]= false;

  echo json_encode($return_arr);	 

}

?>

Open in new window

0
Computer Guy
Asked:
Computer Guy
1 Solution
 
Mark BradyCommented:
Try testing ALL the posted data to make 100% CERTAIN that those fields are being sent correctly. Here's how you do it.

In your php script that accepts/processes the form data, place this line of code then run the script after filling out the form.

<?php
// leave all of your existing variable setups like $firname = $_POST['first'] and stuff like that in here.
// then this code...

print_r($_REQUEST);
die();


That will print out every value sent to your form so you can check it and see where the problem is.

Don't forget in your form you need to addslashes to the user input data for several reason but the main one is "security". You can be hacked very easily with your code (no protection again sql injection).

$msg=$_POST['message'];     // should be

$msg = addslashes($_POST['message']);

Then you can put the data into the database of whatever you want. When you recall if from the database you do this...
// the usual way
$username = $row['username']; // etc... retrieving from database.

// the safe way

$username = stripslahes($row['username']);

Or even better in my opinion is mysql_real_escape_string()

If you have a current mysql connection open you should use this method.

$firstname = mysql_real_escape_string($_POST['firstname']);

There you have it, basic security.

The other problem you have and is more than likely the culprit for why your code is not working is you have not "escaped" the users data as stated above so if a user was to add any quotes or ' marks then it would break the posted data and not display correctly.

Consider this.

$message = 'This is a message. It's a very short one.';

Now try to post that message to a script and either enter it into a mysql table or echo it back to the screen and see what happens.

The message will be read as 'This is a message. It'   - that is where it ends because it stops at the single quote mark.

You must escape the quotes like this

$message = "This is another message. It\'s a very short one and it\'s been escaped with backslashes.";

Now you can save this to a database or echo it to a screen but before you display it, you need to run "stripslashes($message)" on it.
0
 
Ray PaseurCommented:
Without inspecting your unique PHP installation we cannot be sure whether or not you have "magic quotes" so you may be getting the escape characters.  But you might want to read this article and understand the issue associated with magic quotes, since (like "register globals") they are going away.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html

But that said, as I follow the $server variable through the code, it looks like the code is correct to me.  This variable is set on line 49 and used on line 109.  So the problem may be in the helpdesk software.  It may be looking for some special criteria surrounding the From address.  I think I would look there first.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now