0

Hey, just got this contact form working, but had an email from the guy with the server, and he says he got the emails as well...which I thought was quite odd. Now I have no idea why it'd do this so I was wondering if one of you guys could maybe point out why it'd do this in the first place? I can't for the life of my see why it would act like that.

Here's the code, thanks for any help.

[obviously started session at the top of my page]

<div id="form_wrap" class="form_space">
<?php
//FIll out the settings below before using this script
$your_email = "someone@example.net";
$website = "www.example.com";
//BOTS TO BLOCK
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer|T8Abot|Syntryx|WinHttp|WebBandit|nicebot)/i";
//Check if known bot is visiting
if (preg_match($bots, $_SERVER["HTTP_USER_AGENT"])) {
 exit ("Sorry bots are not allowed here!");
}

//Known Exploits

$exploits = "/(content-type|bcc:|cc:|from:|reply-to:|javascript|onclick|onload)/i";

//Spam words
$spam_words = "/()/i";

// BAD WORDS
$words = "/(
)/i";
//BAD WORD/SPAM WORD/EXPLOIT BLOCKER
function wordBlock($word) {
  //Make variables global
 global $words;
 global $spam_words;

if(preg_match($spam_words,$word)){
  $word = preg_replace($spam_words,"$$$$",$word);
}
 return $word;
}

function ex_clean($clean){
   global $exploits;
   if(preg_match($exploits,$clean)){
$clean = preg_replace($exploits,"",$clean);

}
return $clean;
}
//CLean data function
function dataClean($data) {
 $data = addslashes(trim(rawurldecode(strip_tags($data))));
 $data = filter_var ($data,FILTER_SANITIZE_SPECIAL_CHARS);
 return $data;
}
//CREATE MAIN VARIABLES
$name = (isset ($_POST['name'])) ? dataClean(ex_clean($_POST['name'])) : FALSE;
$email = (isset ($_POST['email'])) ? dataClean(ex_clean(filter_var($_POST['email'],FILTER_SANITIZE_EMAIL))) : FALSE;
$subject = (isset ($_POST['subject'])) ? dataClean(ex_clean($_POST['subject'])) : FALSE;
$comment = (isset ($_POST['message'])) ? wordBlock(dataClean($_POST['message'])) : FALSE;
$submit = (isset ($_POST['send'])) ? TRUE : FALSE;
$email_check = "/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i";
$spam = (isset($_POST['spam'])) ? dataClean($_POST['spam']) : FALSE;
$ip = $_SERVER["REMOTE_ADDR"];
$success = FALSE;
$error_tri = FALSE;
$errors = array();
//Check if send button was clicked
if ($submit) {
  if(!$spam)
  {
    $errors[] = "Please enter the verification code prevent automated submissions.";
  }
  if($spam)
  {
    if($spam !== $_SESSION['captcha'])
    {
      $errors[] = "Incorrect verification code, please try again.";
    }
  }
 if (!$name) {
  $errors[] = "Please make sure the name field is filled in.";
 }
 if ($name) {
   if(preg_match("/[^a-zA-Z0-9 ]/",$name)){
                    $errors[] = "The name field must only include letters from A-Z";
                  }
 }

 if (!$email) {
  $errors[] = "Please make sure the email field is filled in.";
 }
 if ($email) {
  if (!preg_match($email_check, $email)) {
   $errors[] = "Please make sure the email field is correct.";
  }
 }
 if (!$subject) {
  $errors[] = "Please make sure the subject field is filled in.";
 }
 if (!$comment) {
  $errors[] = "Please make sure the message field is filled in.";
 }
 //If bot trap is tripped exit the script
 if(isset($_POST['Email_address']) ? $_POST['Email_address'] : FALSE ){
   exit();
 }
//Check if any errors are present
 if (count($errors) > 0) {
$error_tri = TRUE;
 }
 else {
  $success = TRUE;
//MESSAGE TO SEND TO ADMIN
//Create main headers
  $headers = "From: " . $website . " <$your_email> \n";
  $headers .= "Reply-to:" . $email . " \n";
  $headers .= "MIME-Version: 1.0\n";
  $headers .= "Content-Transfer-Encoding: 8bit\n";
  $headers .= "Content-Type: text/html; charset=UTF-8\n";
  $message = "";
  $message .= "<h1>New E-Mail From " . $website . "</h1><br /><br />";
  $message .= "<b>Senders IP:</b>" . $ip . "<br />";
  $message .= "<b>Senders Name:</b>" . $name . "<br />";
  $message .= "<b>Senders E-mail:</b>" . $email . "<br />";
  $message .= "<b>Senders Subject:</b>" . $subject . "<br />";
  $message .= "<b>Senders Message:</b>" . $comment . "<br />";
//E-mails subject
  $mail_subject = "New E-mail From " . $website . "";
/*
CHECK TO BE SURE FIRST E-MAIL TO ADMIN IS A SUCCESS AND SEND EMAIL TO ADMIN
OTHERWISE DON'T SEND AUTO RESPONCE
*/
  if (mail($your_email, $mail_subject, $message, $headers)) {
//UNSET ALL VARIABLES
   unset ($name, $email,$zip,$phone, $subject, $reason, $comment, $_REQUEST);

/*
-----------------END MAIL BLOCK FOR SENDING TO ADMIN AND START AUTO RESPONCE SEND-----------------
*/
//AUTO RESPONCE MESSAGE
//Create main headers
   $headers = "From: " . $website . " <$your_email> \n";
   $headers .= "Reply-to:" . $your_email . " \n";
   $headers .= "MIME-Version: 1.0\n";
   $headers .= "Content-Transfer-Encoding: 8bit\n";
   $headers .= "Content-Type: text/html; charset=UTF-8\n";
   $message = "";
   $message .= "<h1>Thank You For Contacting Us </h1><br /><br />";
   $message .= "On behalf of <b>" . $website . "</b> we wanna thank you for contacting us and to let you know we will respond to your message as soon as possible thank you again.";
//E-mails subject
   $mail_subject = "Thank you for contacting " . $website . "";
//Send the email
   mail($email, $mail_subject, $message, $headers);
/*
-----------------END MAIL BLOCK FOR SENDING AUTO RESPONCE -----------------
*/
  }
  else {
   echo "
   <script type='text/javascript' language='JavaScript'>
   alert('Sorry could not send your message');
   </script>
   ";
   echo "<noscript><p style='color:red;'>SORRY COULD NOT SEND YOUR MESSAGE</p></noscript>";
  }
  UNSET($_SESSION['captcha']);
 }

}
?>
<div id="error_cover" class="sub_text">
<?php
if($success === FALSE && $error_tri === TRUE)
{
  foreach ($errors AS $error) {
   print "• $error <br />";
  }
}
else{
        echo '<div id="errors"></div>';
}
?>
</div>

<!--Error holder-->

<form method='POST' action='<?php echo "".dataClean($_SERVER['PHP_SELF']).""; ?>'>
    <fieldset>
        <div id="form">
                <p>Name*</p>
                <input name='name' type='text' class='form' value='<?php echo "" . (isset($_REQUEST['name'])) ? dataClean(ex_clean($_REQUEST['name'])) : FALSE . "";?> ' size="40" />
                <br>
                <p>Email Address*</p>
                <input name='email' type='text' class='form' value='<?php echo "" . (isset($_REQUEST['email'])) ? dataClean(ex_clean($_REQUEST['email'])) : FALSE . "";?>' size="40" />
                <br>
                <p>Subject*</p>
                <input name='subject' type='text' class='form' value='<?php echo "" . (isset($_REQUEST['subject'])) ? dataClean(ex_clean($_REQUEST['subject'])) : FALSE . "";?>' size="40" >
                <br>
                <p>Message*</p>
                <p>
                <textarea name='message' class='mess_area' rows='15' cols='110' ><?php echo "" . (isset($_REQUEST['message'])) ? dataClean($_REQUEST['message']) : FALSE . "";?></textarea>
                </p>
                <br>
                <div id="val_contact">
                <p><img  id="captcha" src='captcha/captcha.php' title='Are you human?' /><br /><br />
                </p>
                </div>
                <div id="val_input">
                <input type='text' class='val_input' name='spam' size='10' />
                <!--Spam bot trap starts-->
                </div>
                </p>
                <p>
                </div>
                <input type="hidden" value="" name="Email_address" />
                </p>
                <br>
                <div id="submit_butt">
                <input type="submit" class='form_button' name='send' value='Send message' />
                </p>
        </div>
    </fieldset>
</form>

</div>

I've never dealt with a contact for before so maybe it's a really amateur error, but thanks for any input.

Ello.

Edited by Ezzaral: Removed personal info.

2
Contributors
4
Replies
5
Views
6 Years
Discussion Span
Last Post by ello
0

Line 127 sends it.

Hey thanks for the reply, but is there any reason it's sending to the server aswell as the defined email? I can see which lines are doing what but I'm just curious as to why it's sending emails to both that email and the server.

0

Have I misunderstood ? Is it sending to yet another email address as $your_email ?

If so, are you sure it is not a server email setting that is automatically forwarding e-mails ?

0

Have I misunderstood ? Is it sending to yet another email address as $your_email ?

If so, are you sure it is not a server email setting that is automatically forwarding e-mails ?

Sorry to bump and old thread but it was to do with some server settings, strangely the script is now working fine,

Thanks pritaeas for the help

:)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.