PDA

View Full Version : Send Mail Form to php in IE...Don't Work?!



cannrobe
06-09-2007, 11:58 PM
Hi,

Just wondering on here may be able to help, i have a form on PHP page 1 that posts info to PHP page 2 that sends an email to a specific email address this all works fine in FireFox but for some unknown reason (on the same site and everything the same apart from browser) it does not work on IE?!

Just a quick edit, In IE when you submit the form on PHP page 1 it says that PHP page 2 is not found but as soon as you goto FireFox it works no problems

Thanks in advance for your help.

thetestingsite
06-10-2007, 12:36 AM
Not sure about this one without a link to your problem page (and perhaps even the source code). This is mostly due to the fact that PHP is parsed on the server, then outputted to the browser. The only thing that shouldn't work with a PHP form would be either HTML, CSS, or Javascript code that is valid in some browsers but not in others.
Anyways, hope this helps.

cannrobe
06-10-2007, 01:29 AM
http://www.hellbot.co.uk/test/

this is just a test form but is does the same thing as the rest of the forms done in the same way, this is just a simple contact us form that is posting to random.php which in turn should just send what ever is in the form to an email address.

Here is the code for random.php


<?php

function _local_replace_bad($value) {
# mail adress(ess) for reports...
$report_to = "sales@mydomain.co.uk"; // REPORT EMAIL, THIS CAN BE YOUR EMAIL ADDRESS

# array holding strings to check, we do not trust these strings in $_POST
$suspicious_str = array
(
"content-type:"
,"charset="
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);

$suspect_found = false;

// remove added slashes from $value...
$value = stripslashes($value);

# checks if $value contains $suspect...
foreach($suspicious_str as $suspect) {
if(eregi($suspect, strtolower($value))) {
# if we found some suspicios string, then we add our string, so it
# will be messed a little bit. :)
$suspect_found = true;
$value = eregi_replace($suspect, "(anti-spam-".$suspect.")", $value);
}
}

if ($suspect_found) {
# if at least one suspicios string was found, then do something more

$ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty' : $_SERVER['REMOTE_ADDR'];
$rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty' : $_SERVER['HTTP_REFERER'];
$ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty' : $_SERVER['HTTP_USER_AGENT'];
$ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty' : $_SERVER['REQUEST_URI'];
$rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty' : $_SERVER['REQUEST_METHOD'];

# very often HTTP_USER_AGENT is empty. We consider this is 100% spam
if ($suspect_found && $ua == "empty") {
exit();
}

# if we are here, then HTTP_USER_AGENT is not empty. this is only 80-90% that it is spam
# Remember, that POST values were already changed. But we still want to inform our
# admin about this suspicios request.
if(isset($report_to) && !empty($report_to)) {
@mail(
$report_to,
"[ABUSE] [SUSPECT] @ " . $_SERVER['HTTP_HOST'] . " by " . $ip,
"Stopped possible mail-injection @ " .
$_SERVER['HTTP_HOST'] . " by " . $ip .
" (" . date('d/m/Y H:i:s') . ")\r\n\r\n" .
"*** IP/HOST\r\n" . $ip . "\r\n\r\n" .
"*** USER AGENT\r\n" . $ua . "\r\n\r\n" .
"*** REFERER\r\n" . $rf . "\r\n\r\n" .
"*** REQUEST URI\r\n" . $ru . "\r\n\r\n" .
"*** REQUEST METHOD\r\n" . $rm . "\r\n\r\n" .
"*** SUSPECT\r\n-----\r\n" . $value . "\r\n-----"
);
} # if report
} # if suscpect found
else {
return($value);
}
}

# what we do - is we simply check all posted values.
foreach($_POST as $f=>$v) {
$_POST[$f] = _local_replace_bad($v);
}

# if register_globals is set to "on", then we should overwrite them once again.
if (ini_get("register_globals") == 1)
extract($_POST, EXTR_OVERWRITE);

function checkOK($field)
{
if (eregi("BCC",$field) || eregi("CC",$field)){
header( "Location: m_error.html" ); // ERROR REDIRECT IF THERES AN INJECTION ATTEMPT
}
}

$email = $_POST['email'];
$name = $_POST['name'];
$message = $_POST['message'];
$address = $_POST['address'];
$mobile = $_POST['mobile'];
$phone = $_POST['phone'];
$options = $_POST['options'];
$ipaddress = $_SERVER['REMOTE_ADDR'];

$message = 'Name: ' . $name . "\n" .
'Address: ' . "\n" . $address . "\n\n" .
'Phone: ' . $phone . "\n" .
'Mobile: ' . $mobile . "\n" .
'options: ' . $options . "\n\n" .
'Message:' . "\n\n" . $message . "\n" .
'IP Address:' . "\n\n" . $ipaddress;

/////////////// I ADDED DEPTS, SO YOU CAN SEND MAIL TO DIFFERENT PLACES ////////
$dept = $_POST['dept'];
checkOK($dept);

if ($dept == 'sales') {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO EMAIL DESTINATION OR LEAVE BLANK
} else if ($dept == 'aftersales') {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO EMAIL DESTINATION OR LEAVE BLANK
} else {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO MAIN EMAIL DESTINATION
}

$subject = 'Web Enquiry; // CHANGE TO SUBJECT OF EMAIL

/* //////// TEST JUST TO CHECK EMAIL HASNT BEEN TAMPERED WITH /////////////// */

/* //////// LOCATION REDIRECTS BACK TO A MESSAGE IF EMAIL IS MISSING ///////// */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
header( "Location: m_error.html" );

} else {

$string .= $subject;
$mailheaders = "From: $email <$email>";

mail($email_address, $string, $message, $mailheaders);
header( "Location: m_sent.html" ); // SUCCESS, EMAIL WAS SENT, LET THE USER KNOW
}

?>

thetestingsite
06-10-2007, 01:33 AM
It appears as though random.php is not on the server (or at least in the link you posted above). Also, I noticed the following error in your code (which you posted above); and it is highlighted below in red.



<?php

function _local_replace_bad($value) {
# mail adress(ess) for reports...
$report_to = "sales@mydomain.co.uk"; // REPORT EMAIL, THIS CAN BE YOUR EMAIL ADDRESS

# array holding strings to check, we do not trust these strings in $_POST
$suspicious_str = array
(
"content-type:"
,"charset="
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);

$suspect_found = false;

// remove added slashes from $value...
$value = stripslashes($value);

# checks if $value contains $suspect...
foreach($suspicious_str as $suspect) {
if(eregi($suspect, strtolower($value))) {
# if we found some suspicios string, then we add our string, so it
# will be messed a little bit. :)
$suspect_found = true;
$value = eregi_replace($suspect, "(anti-spam-".$suspect.")", $value);
}
}

if ($suspect_found) {
# if at least one suspicios string was found, then do something more

$ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty' : $_SERVER['REMOTE_ADDR'];
$rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty' : $_SERVER['HTTP_REFERER'];
$ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty' : $_SERVER['HTTP_USER_AGENT'];
$ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty' : $_SERVER['REQUEST_URI'];
$rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty' : $_SERVER['REQUEST_METHOD'];

# very often HTTP_USER_AGENT is empty. We consider this is 100&#37; spam
if ($suspect_found && $ua == "empty") {
exit();
}

# if we are here, then HTTP_USER_AGENT is not empty. this is only 80-90% that it is spam
# Remember, that POST values were already changed. But we still want to inform our
# admin about this suspicios request.
if(isset($report_to) && !empty($report_to)) {
@mail(
$report_to,
"[ABUSE] [SUSPECT] @ " . $_SERVER['HTTP_HOST'] . " by " . $ip,
"Stopped possible mail-injection @ " .
$_SERVER['HTTP_HOST'] . " by " . $ip .
" (" . date('d/m/Y H:i:s') . ")\r\n\r\n" .
"*** IP/HOST\r\n" . $ip . "\r\n\r\n" .
"*** USER AGENT\r\n" . $ua . "\r\n\r\n" .
"*** REFERER\r\n" . $rf . "\r\n\r\n" .
"*** REQUEST URI\r\n" . $ru . "\r\n\r\n" .
"*** REQUEST METHOD\r\n" . $rm . "\r\n\r\n" .
"*** SUSPECT\r\n-----\r\n" . $value . "\r\n-----"
);
} # if report
} # if suscpect found
else {
return($value);
}
}

# what we do - is we simply check all posted values.
foreach($_POST as $f=>$v) {
$_POST[$f] = _local_replace_bad($v);
}

# if register_globals is set to "on", then we should overwrite them once again.
if (ini_get("register_globals") == 1)
extract($_POST, EXTR_OVERWRITE);

function checkOK($field)
{
if (eregi("BCC",$field) || eregi("CC",$field)){
header( "Location: m_error.html" ); // ERROR REDIRECT IF THERES AN INJECTION ATTEMPT
}
}

$email = $_POST['email'];
$name = $_POST['name'];
$message = $_POST['message'];
$address = $_POST['address'];
$mobile = $_POST['mobile'];
$phone = $_POST['phone'];
$options = $_POST['options'];
$ipaddress = $_SERVER['REMOTE_ADDR'];

$message = 'Name: ' . $name . "\n" .
'Address: ' . "\n" . $address . "\n\n" .
'Phone: ' . $phone . "\n" .
'Mobile: ' . $mobile . "\n" .
'options: ' . $options . "\n\n" .
'Message:' . "\n\n" . $message . "\n" .
'IP Address:' . "\n\n" . $ipaddress;

/////////////// I ADDED DEPTS, SO YOU CAN SEND MAIL TO DIFFERENT PLACES ////////
$dept = $_POST['dept'];
checkOK($dept);

if ($dept == 'sales') {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO EMAIL DESTINATION OR LEAVE BLANK
} else if ($dept == 'aftersales') {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO EMAIL DESTINATION OR LEAVE BLANK
} else {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO MAIN EMAIL DESTINATION
}

$subject = 'Web Enquiry'; // CHANGE TO SUBJECT OF EMAIL

/* //////// TEST JUST TO CHECK EMAIL HASNT BEEN TAMPERED WITH /////////////// */

/* //////// LOCATION REDIRECTS BACK TO A MESSAGE IF EMAIL IS MISSING ///////// */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
header( "Location: m_error.html" );

} else {

$string .= $subject;
$mailheaders = "From: $email <$email>";

mail($email_address, $string, $message, $mailheaders);
header( "Location: m_sent.html" ); // SUCCESS, EMAIL WAS SENT, LET THE USER KNOW
}

?>


Other than those things, every looks like it should work fine.
Hope this helps.

cannrobe
06-10-2007, 10:19 AM
It appears as though random.php is not on the server (or at least in the link you posted above). Also, I noticed the following error in your code (which you posted above); and it is highlighted below in red.



<?php

function _local_replace_bad($value) {
# mail adress(ess) for reports...
$report_to = "sales@mydomain.co.uk"; // REPORT EMAIL, THIS CAN BE YOUR EMAIL ADDRESS

# array holding strings to check, we do not trust these strings in $_POST
$suspicious_str = array
(
"content-type:"
,"charset="
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);

$suspect_found = false;

// remove added slashes from $value...
$value = stripslashes($value);

# checks if $value contains $suspect...
foreach($suspicious_str as $suspect) {
if(eregi($suspect, strtolower($value))) {
# if we found some suspicios string, then we add our string, so it
# will be messed a little bit. :)
$suspect_found = true;
$value = eregi_replace($suspect, "(anti-spam-".$suspect.")", $value);
}
}

if ($suspect_found) {
# if at least one suspicios string was found, then do something more

$ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty' : $_SERVER['REMOTE_ADDR'];
$rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty' : $_SERVER['HTTP_REFERER'];
$ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty' : $_SERVER['HTTP_USER_AGENT'];
$ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty' : $_SERVER['REQUEST_URI'];
$rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty' : $_SERVER['REQUEST_METHOD'];

# very often HTTP_USER_AGENT is empty. We consider this is 100% spam
if ($suspect_found && $ua == "empty") {
exit();
}

# if we are here, then HTTP_USER_AGENT is not empty. this is only 80-90% that it is spam
# Remember, that POST values were already changed. But we still want to inform our
# admin about this suspicios request.
if(isset($report_to) && !empty($report_to)) {
@mail(
$report_to,
"[ABUSE] [SUSPECT] @ " . $_SERVER['HTTP_HOST'] . " by " . $ip,
"Stopped possible mail-injection @ " .
$_SERVER['HTTP_HOST'] . " by " . $ip .
" (" . date('d/m/Y H:i:s') . ")\r\n\r\n" .
"*** IP/HOST\r\n" . $ip . "\r\n\r\n" .
"*** USER AGENT\r\n" . $ua . "\r\n\r\n" .
"*** REFERER\r\n" . $rf . "\r\n\r\n" .
"*** REQUEST URI\r\n" . $ru . "\r\n\r\n" .
"*** REQUEST METHOD\r\n" . $rm . "\r\n\r\n" .
"*** SUSPECT\r\n-----\r\n" . $value . "\r\n-----"
);
} # if report
} # if suscpect found
else {
return($value);
}
}

# what we do - is we simply check all posted values.
foreach($_POST as $f=>$v) {
$_POST[$f] = _local_replace_bad($v);
}

# if register_globals is set to "on", then we should overwrite them once again.
if (ini_get("register_globals") == 1)
extract($_POST, EXTR_OVERWRITE);

function checkOK($field)
{
if (eregi("BCC",$field) || eregi("CC",$field)){
header( "Location: m_error.html" ); // ERROR REDIRECT IF THERES AN INJECTION ATTEMPT
}
}

$email = $_POST['email'];
$name = $_POST['name'];
$message = $_POST['message'];
$address = $_POST['address'];
$mobile = $_POST['mobile'];
$phone = $_POST['phone'];
$options = $_POST['options'];
$ipaddress = $_SERVER['REMOTE_ADDR'];

$message = 'Name: ' . $name . "\n" .
'Address: ' . "\n" . $address . "\n\n" .
'Phone: ' . $phone . "\n" .
'Mobile: ' . $mobile . "\n" .
'options: ' . $options . "\n\n" .
'Message:' . "\n\n" . $message . "\n" .
'IP Address:' . "\n\n" . $ipaddress;

/////////////// I ADDED DEPTS, SO YOU CAN SEND MAIL TO DIFFERENT PLACES ////////
$dept = $_POST['dept'];
checkOK($dept);

if ($dept == 'sales') {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO EMAIL DESTINATION OR LEAVE BLANK
} else if ($dept == 'aftersales') {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO EMAIL DESTINATION OR LEAVE BLANK
} else {
$email_address = 'sales@mydomain.co.uk'; // CHANGE TO MAIN EMAIL DESTINATION
}

$subject = 'Web Enquiry'; // CHANGE TO SUBJECT OF EMAIL

/* //////// TEST JUST TO CHECK EMAIL HASNT BEEN TAMPERED WITH /////////////// */

/* //////// LOCATION REDIRECTS BACK TO A MESSAGE IF EMAIL IS MISSING ///////// */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
header( "Location: m_error.html" );

} else {

$string .= $subject;
$mailheaders = "From: $email <$email>";

mail($email_address, $string, $message, $mailheaders);
header( "Location: m_sent.html" ); // SUCCESS, EMAIL WAS SENT, LET THE USER KNOW
}

?>


Other than those things, every looks like it should work fine.
Hope this helps.

I have found that although the form seems to not work in IE when you click submit it does submit the for to the email address but it is not redirecting to the specific file i have asked it

random.php is definitely on the server because if you fill the form out in firefox and click submit it works fine, as it emails me and redirects to the correct page but when you fill it out in IE and then click submit it send the email but seems to refuse to redirect to the page i have specified.

Could you also point out in the code what you have changed as it does not seem to be coming up in red on my system.

Thanks for your help

thetestingsite
06-10-2007, 02:26 PM
The only thing that I changed in the code was this line:



$subject = 'Web Enquiry'; // CHANGE TO SUBJECT OF EMAIL


As for the form not submitting correctly, it is submitting to random.php; however, m_error.html and m_sent.html are not in the same folder as random.php. I noticed that in IE7 (and perhaps earlier versions as well), when you have a php script using a header redirect to a missing page, it refers to the page that is doing the redirecting as missing (if that makes sense). Anyways; the script is fine (as I said before), just upload (or move) those 2 files to the same directory as random.php and the error should go away.

Hope this helps.