PHP contact form not working

I have a php contact form here: http://www.bdcwebdesign.com/?a=Colorado-Wyoming_Contact-Us

I was making some changes to it today to make the text disappear, but when I was testing I realized I wasn't receiving the emails being sent by the form. I rolled back the changes, but it still isn't working.

Honestly, it has been a while since I received an email from this form so I don't know exactly when it broke. Any help would be nice.

Here is my code:

<?php

if(isset($_POST['name'])) { $name = $_POST['name']; } else { $name = ''; }
if(isset($_POST['email'])) { $email= $_POST['email']; } else { $email = ''; }
if(isset($_POST['phone'])) { $phone= $_POST['phone']; } else { $phone = ''; }
if(isset($_POST['message'])) { $message= $_POST['message']; } else { $message = 'Your message here'; }

$form = "
<form method='post' />
<p>
*Name:
</p>
<p>
<input type='text' name='name' value='$name' />
</p>

<p>
Email:
</p>
<p>
<input type='text' name='email' value='$email' />
<p>
<p>
*Phone:
</p>
<p>
<input type='text' name='phone' value='$phone' />
</p>
<p>
*Message:
</p>
<p>
<textarea onclick='cleatTextAtea(this)' name='message' cols='40' rows='10' >$message</textarea>
</p>
<p>
<input type='submit' name='submit' value='Submit' class='form_submit' />
</p>
<p>
*required fields
</p>
</form>";

if(isset($_POST['submit'])) {

    $errors = array();
    if(strlen( $_POST['name'] ) == 0) { $errors[] = "Please provide your name"; }
    if(strlen( $_POST['phone'] ) == 0) { $errors[] = "Please provide your phone number"; }
    if(strlen( $_POST['message'] ) == 0 || $_POST['message'] == 'Your message here') { $errors[] = "Please enter a message"; } 

    if(count($errors) == 0) {
        $header = 'From: ' .$_POST['email'] .'\r\nContent-type: text/plain; charset=iso-8859-1\r\n';
        $body = 'Name:: '. $_POST['name'];
        $body .= '\nEmail:: '. $_POST['email'];
        $body .= '\nPhone:: '. $_POST['phone'];
        $body .= '\nMessage:: '. $_POST['message'];
        $body = wordwrap($body,70);
        $send = mail('info@bdcwebdesign.com', 'Web Design Request',$body, $header);
        if($send){ echo '<h3>Your messages was successfully sent....</h3>'; }
        else{ echo '<h3>There was a problem sending this message....</h3>'; }
        }
    else { foreach($errors as $error) { echo ("$error <br>"); } echo $form; }

    }
else { echo $form; }

?> 

Open in new window

LVL 2
BDC-NetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
I may not be able to help you debug this, but I can offer a suggestion and an example of what might be a good design pattern.

Add these statements to the top of all of your PHP scripts:

ini_set('display_errors', TRUE);
error_reporting(E_ALL);

Here is my sample form-to-email script.

HTH, ~Ray
<?php // RAY_form_to_email.php
error_reporting(E_ALL);


// SEND MAIL FROM A FORM


// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK
$from  = "NoReply@Your.org";
$subj  = "Contact Form";

// THIS IS AN ARRAY OF RECIPIENTS - CHANGE THESE FOR YOUR WORK
$to[]  = "You@Your.org";
$to[]  = "Her@Your.org";
$to[]  = "Him@Your.org";



// IF THE DATA HAS BEEN POSTED
if (!empty($_POST['email']))
{
    // DISABLED ON THE SERVER SIDE
    var_dump($_POST);
    die(' DISABLED');

    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA
    $email      = clean_string($_POST["email"]);
    $name       = clean_string($_POST["name"]);
    $telephone  = clean_string($_POST["telephone"]);

    // CONSTRUCT THE MESSAGE THROUGH STRING CONCATENATION
    $content    = NULL;
    $content   .= "You have a New Query From $name" . PHP_EOL . PHP_EOL;
    $content   .= "Tel No: $telephone" . PHP_EOL;
    $content   .= "Email: $email" . PHP_EOL;

    // SEND MAIL TO EACH RECIPIENT
    foreach ($to as $recipient)
    {
        if (!mail( $recipient, $subj, $content, "From: $from\r\n"))
        {
            echo "MAIL FAILED FOR $recipient";
        }
        else
        {
            echo "MAIL WORKED FOR $recipient";
        }
    }
}


// A FORM TO TAKE CLIENT INPUT FOR THIS SCRIPT
$form = <<<ENDFORM
<form method="post">
Please enter your contact information
<br/>Email: <input name="email" />
<br/>Phone: <input name="telephone" />
<br/>Name:  <input name="name" />
<br/><input type="submit" />
</form>
ENDFORM;

echo $form;



// A FUNCTION TO CLEAN UP THE DATA - AVOID BECOMING AN OPEN-RELAY FOR SPAM
function clean_string($str)
{
    // IF MAGIC QUOTES IS ON, WE NEED TO REMOVE SLASHES
    $str = stripslashes($str);

    // REMOVE EXCESS WHITESPACE
    $rgx
    = '#'                // REGEX DELIMITER
    . '\s'               // MATCH THE WHITESPACE CHARACTER(S)
    . '\s+'              // MORE THAN ONE CONTIGUOUS INSTANCE OF WHITESPACE
    . '#'                // REGEX DELIMITER
    ;
    $str = preg_replace($rgx, ' ', $str);

    // REMOVE UNWANTED CHARACTERS
    $rgx
    = '#'                // REGEX DELIMITER
    . '['                // START OF A CHARACTER CLASS
    . '^'                // NEGATION - MATCH NONE OF THE CHARACTERS IN THIS CLASS
    . 'A-Z0-9'           // KEEP LETTERS AND NUMBERS
    . '@&+:?_.,/\-'      // KEEP SOME SPECIAL CHARACTERS (ESCAPED HYPHEN)
    . ' '                // KEEP BLANKS
    . ']'                // END OF THE CHARACTER CLASS
    . '#'                // REGEX DELIMITER
    . 'i'                // CASE-INSENSITIVE
    ;
    $str = preg_replace($rgx, NULL, $str);

    return trim($str);
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
PS: Since I leave this script on my server for a teaching example, I disabled it.  You should remove lines 22-25 as well as change the other information at the top to something that works for your needs.
0
Marco GasiFreelancerCommented:
I really don't find any evident problem with your code but some about security, not mail function. Don't trust any kind of input. These lines:

if(isset($_POST['name'])) { $name = $_POST['name']; } else { $name = ''; }
if(isset($_POST['email'])) { $email= $_POST['email']; } else { $email = ''; }
if(isset($_POST['phone'])) { $phone= $_POST['phone']; } else { $phone = ''; }
if(isset($_POST['message'])) { $message= $_POST['message']; } else { $message = 'Your message here'; }

represent a security issue since you don't filter data in any way, not you check if they are of the expected type. What about this: if a user typed malicious javascript code instead name and email?
You should always filter input using a whitelist or inspecting if it is as you expect it is: you can use ctype functions (http://it.php.net/manual/en/ref.ctype.php) or regular expression to be sure $_POST['email'] is really an email address.

Then you must escape output:

$name = htmlentities($name);
<input type='text' name='name' value='$name' />

htmlentities or strip_tags functions avoid some working code enter in your application

http://it.php.net/manual/en/function.htmlentities.php
http://it.php.net/strip_tags

I also suggest you read this book to learn about security issues:
http://phpsecurity.org/

Cheers
0
Dave BaldwinFixer of ProblemsCommented:
In PHP, '\r\n' only gets converted to CrLF when it is in double quoted strings.  This section works properly with double quotes but not with the single quotes you were using:

        $header = "From: " .$_POST['email'] ."\r\nContent-type: text/plain; charset=iso-8859-1\r\n";
        $body = 'Name:: '. $_POST['name'];
        $body .= "\nEmail:: ". $_POST['email'];
        $body .= "\nPhone:: ". $_POST['phone'];
        $body .= "\nMessage:: ". $_POST['message'];

Open in new window


Otherwise, you script appears to be work.  I would add a lot to it including better headers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.