0

I have a contact form that sends 2 mails one to the user and the other to the admin.

The email that is sent to the user has no problems, yet the other is not working and giving a success code.

Here is my code:

This is the config file (emails and contents removed):

$adminEmail = "*********@*****.com";
$adminSubj = "Admin Subject";

$userSubj = "User Subject";

////////////////////////////////////////////////////////
//DON`T EDIT BELOW THIS LINE
////////////////////////////////////////////////////////

$userName = $_GET['name'];
$userEmail = $_GET['email'];
$userPhone = $_GET['phone'];
$userMessage = $_GET['message'];


$adminHeaders = 'MIME-Version: 1.0' . "\r\n";
$adminHeaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";;
$adminHeaders .= "To: " . $adminEmail . "<" . $adminEmail . ">" . "\r\n";
$adminHeaders .= "From: " . $userName ."<" . $userEmail . ">" . "\r\n";


$userHeaders  = 'MIME-Version: 1.0' . "\r\n";
$userHeaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$userHeaders .= "To: " . $userName . "<" . $userEmail . ">" . "\r\n";
$userHeaders .= "From: website <no-reply@website>" . "\r\n";

And this is the file that sends the mail:

include("config.php");

$userSendMessage = "Your Message:<br />
$userMessage<br /><br /><br />
We will get back you.
<br /><br />
Thanks
Website Team.

";

$adminSendMessage = "
$userName<br />
$userEmail<br />
$userPhone<br />
$userMessage";


$toUser = mail($userEmail,$userSubj,$userSendMessage,$userHeaders);
$toAdmin = mail($adminEmail,$adminSubj,$adminSendMessage,$adminHeaders);

if($toAdmin && $toUser)
    echo 1;
else
    echo 0;

I guess that the problem is in the $adminHeaders

$adminHeaders = 'MIME-Version: 1.0' . "\r\n";
$adminHeaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";;
$adminHeaders .= "To: " . $adminEmail . "<" . $adminEmail . ">" . "\r\n";
$adminHeaders .= "From: " . $userName ."<" . $userEmail . ">" . "\r\n";

when I use the headers as this it works:

$adminHeaders = 'MIME-Version: 1.0' . "\r\n";
$adminHeaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";;
$adminHeaders .= "To: " . $adminEmail . "<" . $adminEmail . ">" . "\r\n";
$adminHeaders .= "From: Someone <[email protected]" . "\r\n";

Any idea how to send the mail to the admin by the user email?

Improve this question
1
  • here goes mail injection Commented Dec 12, 2010 at 14:50

5 Answers 5

Reset to default
1

The hard work has been done for you. There are many libraries that do what you're needing with my favorite being here:

http://phpmailer.worxware.com/

It's easy to use, very robust and keeps the spam from webforms down quite well.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I dont want to use external applications, I want to use the default mail() function. I dont want to go through documentations and installations.
Spam is not an issue, I`m using reCAPTCHA to prevent spam
1

You can consider using PHP Mailer.

It can be used as a wrapper for the mail() function, and it's that easy:

<?php

require_once('PHPMailer_v5.1/class.phpmailer.php');

$mail = new PHPMailer(); // defaults to using php "mail()"

$body = file_get_contents('contents.html');
$mail->SetFrom($fromAddress, 'First Last');
$mail->AddReplyTo($replyToAddress, "First Last");
$mail->AddAddress($toAddress, "John Doe");
$mail->Subject = "PHPMailer Test Subject via mail(), basic";
$mail->AltBody = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
$mail->MsgHTML($body);

// $mail->AddAttachment("images/phpmailer.gif");      // attachment
// $mail->AddAttachment("images/phpmailer_mini.gif"); // attachment

if (!$mail->Send()) {
    echo "Mailer Error: " . $mail->ErrorInfo;
} else {
    echo "Message sent!";
}
Improve this answer

5 Comments

I dont want to use external applications, I want to use the default mail() function. I dont want to go through documentations and installations.
@sikas Edited with an example, which uses PHP's built in mailer() function, so there is no need for any configuration, just include the class file.
Always giving me an error: Could not instantiate mail function.
@sikas: Is your From address a valid address?
Yes, the From address is either the $adminEmail or $userEmail! and both are valid.
1

Some mail domains have checks to ensure the sender is not pretending to be some other domain. The from address is checked if no sender is specified.

This may be fixed by adding another header:

Sender: [email protected]

Also please note your script is vulnerable to header manipulation as it's not properly escaped. This can be only easily be done in PHP 5.3 by using quoted_printable_encode e.g.

'From: ' . quoted_printable_encode($userName . '<' . $userEmail . '>');

earlier PHP versions don't have a simple way of doing this correctly without a library.

I agree with the other answers that you should look at using a library to do this, however I don't suggest you use php mailer as its no longer in active development (although it might be feature rich).

I use the mail class that comes from Zend Framework (as I use the framework as well):

http://framework.zend.com/manual/en/zend.mail.introduction.html

Apache Zeta components (formerly ez components), does a good implementation:

http://qafoo.com/blog/011_apache_zeta_components_doing_mail_right.html

Improve this answer

1 Comment

Edited encoding as it wasn't working correctly. No easy way of doing it < PHP 5.3, so it is always the correct answer to use an existing library.
0

When I write scripts like these, I always check whitespace and eliminate as much as I possibly can so they headers are sent correctly. Otherwise, glance at the examples on the mail function.

I noticed that you have 2 square brackets at the end of the line below when the adminHeaders are set.

$adminHeaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";;

When you changed the headers to the following:

$adminHeaders .= "From: Someone <[email protected]" . "\r\n";

You missed a closing brace after the "Someone" email address.

In more of the examples on the manual page, they show the "To" and "From" parameters only as the email address. Try removing the braces and duplication of the email all together. You may also want to secure your values from the $_GET variable, which could potentially be exploited. It may also be worth debugging what the $_GET variables are giving you for the values of $userName and $userEmail (this can be as simple as echoing or vardumping the variables).

Improve this answer

Comments

0

I was also facing the same issue and after some R&D i found that if we eliminate the newline characters from the message field then our PHP mail function start working

for e.g. The previous message which i was using --

$message = '<html>
        <head>
          <title>App Approval</title>
        </head>
        <body>
          <p>Hi amir!</p>
          <table>
            <tr>
              <td>Amir Khan has created a new app HH</td>
            </tr>
            <tr>
              <td>Click the following link in order to <a href="http://theexecutiveeye.com/teenetwork/index.php?action=view&sub=app&app_id=">view</a> the app.</td>
            </tr>
          </table>
        </body>
        </html>
        ';

after changing it to 

$message = '<html><head><title>App Approval</title></head><body><p>Hi amir!</p><table><tr><td>Amir Khan has created a new app HH</td></tr><tr><td>Click the following link in order to <a href="http://theexecutiveeye.com/teenetwork/index.php?action=view&sub=app&app_id=">view</a> the app.</td></tr></table></body></html>';

It started working.

Also if you are confused regarding how to use variables in message content in between single qoutes then my suggestion is to just use it as double quotes as for this 

$message = 'blah blah blah';

use this 

$message = 'blah'.$blah.' blah';
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.