Secure E-mail form troubles

[BGarner]

So I finally gave in and started learning php. I breezed through the beginner tutorial at w3schools, but the I hit my first glitch in the advanced tutorial.

I tried using their Email scripts but I can't seem to get it to send an email to myself. The script can be found here http://www.thehtmldude.com/test.php

The code is...

Code: Select all

<?php
function spamcheck($field)
  {
//eregi() performs a case insensitive regular expression match
  if(eregi("to:",$field) || eregi("cc:",$field)) 
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }

//if "email" is filled out, send email
if (isset($_REQUEST['email']))
  {
  //check if the email address is invalid
  $mailcheck = spamcheck($_REQUEST['email']);
  if ($mailcheck==TRUE)
    {
    echo "Invalid input";
    }
  else
    { 
    //send email
    $email = $_REQUEST['email'] ; 
    $subject = $_REQUEST['subject'] ;
    $message = $_REQUEST['message'] ;
    mail("bgarner.webdesign@gmail.com", "Subject: $subject",
    $message, "From: $email" );
    echo "Thank you for using our mail form";
    }
  }
else
//if "email" is not filled out, display the form
  {
  echo "<form method='post' action='/test.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='15' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>

I think the problem is in

Code: Select all

<form method='post' action='/test.php'>

Thanks!

[masonbarge]

I'm barely adequate with mail() myself, but I'll try to help. The #1 area I can't talk about is server configuration, which could be your problem. Check your php.ini settings for mail.

Code: Select all

<?php
function spamcheck($field)
  {
//eregi() performs a case insensitive regular expression match
  if(eregi("to:",$field) || eregi("cc:",$field)) 
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }

I'd take out this function, first off. I realize you might want to use the function-making device for practice, but this just feels odd to me, and is certainly unnecessary. I use Perl for regex, but iirc ereg() returns string length when successful and NULL when not, so you don't need to a function to create a return.

Code: Select all

//if "email" is filled out, send email
if (isset($_REQUEST['email']))
  {
  //check if the email address is invalid
  $mailcheck = spamcheck($_REQUEST['email']);
  if ($mailcheck==TRUE)
    {
    echo "Invalid input";
    }
  else

I'm not following you here. If you want to check the validity of the email address -- an excellent idea -- you need slightly complicated regex. The net has a lot of good examples. Maybe your comment ('check if the email address is valid') just threw me off, and all you're trying to do is trigger an initial email by seeing if the form has been filled out.

I don't see a problem with "<form method='post' action='/test.php'>". However, I would suggest that you add value="submitted" to the submit input and use this format:

Code: Select all

if ((isset($_POST['submit'])) && ($_POST['submit']=='submitted'))  {
- send email -
} else {
- echo the form - 
}

This is my boilerplate for a one page form/handler. BTW, you will get a slightly faster response, in general, by using the XML format './test.php' for relative urls.

I don't know why you use $_REQUEST instead of $_POST here, since you don't have any cookie or GET content in the email. I don't like allowing GET variables into my form-handling unless absolutely necessary. It should work, though. You see it done a lot in email forms, so there may be something I don't know understand.

I know this is disjointed. I hope it's some help, at least.

[BGarner]

Thanks,

Like I said, I mostly just tweaked the script at w3schools. I may just need to write my own and look at server settings.