Hey, just got this contact form working, but had an email from the guy with the server, and he says he got the emails as well...which I thought was quite odd. Now I have no idea why it'd do this so I was wondering if one of you guys could maybe point out why it'd do this in the first place? I can't for the life of my see why it would act like that.

Here's the code, thanks for any help.

[obviously started session at the top of my page]

<div id="form_wrap" class="form_space">
<?php
//FIll out the settings below before using this script
$your_email = "someone@example.net";
$website = "www.example.com";
//BOTS TO BLOCK
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer|T8Abot|Syntryx|WinHttp|WebBandit|nicebot)/i";
//Check if known bot is visiting
if (preg_match($bots, $_SERVER["HTTP_USER_AGENT"])) {
 exit ("Sorry bots are not allowed here!");
}

//Known Exploits

$exploits = "/(content-type|bcc:|cc:|from:|reply-to:|javascript|onclick|onload)/i";

//Spam words
$spam_words = "/()/i";

// BAD WORDS
$words = "/(
)/i";
//BAD WORD/SPAM WORD/EXPLOIT BLOCKER
function wordBlock($word) {
  //Make variables global
 global $words;
 global $spam_words;

if(preg_match($spam_words,$word)){
  $word = preg_replace($spam_words,"$$$$",$word);
}
 return $word;
}

function ex_clean($clean){
   global $exploits;
   if(preg_match($exploits,$clean)){
$clean = preg_replace($exploits,"",$clean);

}
return $clean;
}
//CLean data function
function dataClean($data) {
 $data = addslashes(trim(rawurldecode(strip_tags($data))));
 $data = filter_var ($data,FILTER_SANITIZE_SPECIAL_CHARS);
 return $data;
}
//CREATE MAIN VARIABLES
$name = (isset ($_POST['name'])) ? dataClean(ex_clean($_POST['name'])) : FALSE;
$email = (isset ($_POST['email'])) ? dataClean(ex_clean(filter_var($_POST['email'],FILTER_SANITIZE_EMAIL))) : FALSE;
$subject = (isset ($_POST['subject'])) ? dataClean(ex_clean($_POST['subject'])) : FALSE;
$comment = (isset ($_POST['message'])) ? wordBlock(dataClean($_POST['message'])) : FALSE;
$submit = (isset ($_POST['send'])) ? TRUE : FALSE;
$email_check = "/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i";
$spam = (isset($_POST['spam'])) ? dataClean($_POST['spam']) : FALSE;
$ip = $_SERVER["REMOTE_ADDR"];
$success = FALSE;
$error_tri = FALSE;
$errors = array();
//Check if send button was clicked
if ($submit) {
  if(!$spam)
  {
    $errors[] = "Please enter the verification code prevent automated submissions.";
  }
  if($spam)
  {
    if($spam !== $_SESSION['captcha'])
    {
      $errors[] = "Incorrect verification code, please try again.";
    }
  }
 if (!$name) {
  $errors[] = "Please make sure the name field is filled in.";
 }
 if ($name) {
   if(preg_match("/[^a-zA-Z0-9 ]/",$name)){
                    $errors[] = "The name field must only include letters from A-Z";
                  }
 }

 if (!$email) {
  $errors[] = "Please make sure the email field is filled in.";
 }
 if ($email) {
  if (!preg_match($email_check, $email)) {
   $errors[] = "Please make sure the email field is correct.";
  }
 }
 if (!$subject) {
  $errors[] = "Please make sure the subject field is filled in.";
 }
 if (!$comment) {
  $errors[] = "Please make sure the message field is filled in.";
 }
 //If bot trap is tripped exit the script
 if(isset($_POST['Email_address']) ? $_POST['Email_address'] : FALSE ){
   exit();
 }
//Check if any errors are present
 if (count($errors) > 0) {
$error_tri = TRUE;
 }
 else {
  $success = TRUE;
//MESSAGE TO SEND TO ADMIN
//Create main headers
  $headers = "From: " . $website . " <$your_email> \n";
  $headers .= "Reply-to:" . $email . " \n";
  $headers .= "MIME-Version: 1.0\n";
  $headers .= "Content-Transfer-Encoding: 8bit\n";
  $headers .= "Content-Type: text/html; charset=UTF-8\n";
  $message = "";
  $message .= "<h1>New E-Mail From " . $website . "</h1><br /><br />";
  $message .= "<b>Senders IP:</b>" . $ip . "<br />";
  $message .= "<b>Senders Name:</b>" . $name . "<br />";
  $message .= "<b>Senders E-mail:</b>" . $email . "<br />";
  $message .= "<b>Senders Subject:</b>" . $subject . "<br />";
  $message .= "<b>Senders Message:</b>" . $comment . "<br />";
//E-mails subject
  $mail_subject = "New E-mail From " . $website . "";
/*
CHECK TO BE SURE FIRST E-MAIL TO ADMIN IS A SUCCESS AND SEND EMAIL TO ADMIN
OTHERWISE DON'T SEND AUTO RESPONCE
*/
  if (mail($your_email, $mail_subject, $message, $headers)) {
//UNSET ALL VARIABLES
   unset ($name, $email,$zip,$phone, $subject, $reason, $comment, $_REQUEST);

/*
-----------------END MAIL BLOCK FOR SENDING TO ADMIN AND START AUTO RESPONCE SEND-----------------
*/
//AUTO RESPONCE MESSAGE
//Create main headers
   $headers = "From: " . $website . " <$your_email> \n";
   $headers .= "Reply-to:" . $your_email . " \n";
   $headers .= "MIME-Version: 1.0\n";
   $headers .= "Content-Transfer-Encoding: 8bit\n";
   $headers .= "Content-Type: text/html; charset=UTF-8\n";
   $message = "";
   $message .= "<h1>Thank You For Contacting Us </h1><br /><br />";
   $message .= "On behalf of <b>" . $website . "</b> we wanna thank you for contacting us and to let you know we will respond to your message as soon as possible thank you again.";
//E-mails subject
   $mail_subject = "Thank you for contacting " . $website . "";
//Send the email
   mail($email, $mail_subject, $message, $headers);
/*
-----------------END MAIL BLOCK FOR SENDING AUTO RESPONCE -----------------
*/
  }
  else {
   echo "
   <script type='text/javascript' language='JavaScript'>
   alert('Sorry could not send your message');
   </script>
   ";
   echo "<noscript><p style='color:red;'>SORRY COULD NOT SEND YOUR MESSAGE</p></noscript>";
  }
  UNSET($_SESSION['captcha']);
 }

}
?>
<div id="error_cover" class="sub_text">
<?php
if($success === FALSE && $error_tri === TRUE)
{
  foreach ($errors AS $error) {
   print "• $error <br />";
  }
}
else{
        echo '<div id="errors"></div>';
}
?>
</div>

<!--Error holder-->

<form method='POST' action='<?php echo "".dataClean($_SERVER['PHP_SELF']).""; ?>'>
    <fieldset>
        <div id="form">
                <p>Name*</p>
                <input name='name' type='text' class='form' value='<?php echo "" . (isset($_REQUEST['name'])) ? dataClean(ex_clean($_REQUEST['name'])) : FALSE . "";?> ' size="40" />
                <br>
                <p>Email Address*</p>
                <input name='email' type='text' class='form' value='<?php echo "" . (isset($_REQUEST['email'])) ? dataClean(ex_clean($_REQUEST['email'])) : FALSE . "";?>' size="40" />
                <br>
                <p>Subject*</p>
                <input name='subject' type='text' class='form' value='<?php echo "" . (isset($_REQUEST['subject'])) ? dataClean(ex_clean($_REQUEST['subject'])) : FALSE . "";?>' size="40" >
                <br>
                <p>Message*</p>
                <p>
                <textarea name='message' class='mess_area' rows='15' cols='110' ><?php echo "" . (isset($_REQUEST['message'])) ? dataClean($_REQUEST['message']) : FALSE . "";?></textarea>
                </p>
                <br>
                <div id="val_contact">
                <p><img  id="captcha" src='captcha/captcha.php' title='Are you human?' /><br /><br />
                </p>
                </div>
                <div id="val_input">
                <input type='text' class='val_input' name='spam' size='10' />
                <!--Spam bot trap starts-->
                </div>
                </p>
                <p>
                </div>
                <input type="hidden" value="" name="Email_address" />
                </p>
                <br>
                <div id="submit_butt">
                <input type="submit" class='form_button' name='send' value='Send message' />
                </p>
        </div>
    </fieldset>
</form>

</div>

I've never dealt with a contact for before so maybe it's a really amateur error, but thanks for any input.

Ello.

Line 127 sends it.

Line 127 sends it.

Hey thanks for the reply, but is there any reason it's sending to the server aswell as the defined email? I can see which lines are doing what but I'm just curious as to why it's sending emails to both that email and the server.

Have I misunderstood ? Is it sending to yet another email address as $your_email ?

If so, are you sure it is not a server email setting that is automatically forwarding e-mails ?

Have I misunderstood ? Is it sending to yet another email address as $your_email ?

If so, are you sure it is not a server email setting that is automatically forwarding e-mails ?

Sorry to bump and old thread but it was to do with some server settings, strangely the script is now working fine,

Thanks pritaeas for the help

:)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.