Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: please check php form code

  1. #1
    Join Date
    Jul 2006
    Location
    Antwerp, Belgium (Europe)
    Posts
    903
    Thanks
    114
    Thanked 2 Times in 2 Posts

    Default please check php form code

    Hey all,

    For a while I have been using a php script with multiple files upload.
    It works fine but it seems that not always mails are sent through, so here's my question:

    Can an expert verify if this code is waterproof, please?

    Here's the form: https://www.lichaamengeest.be/nieuw.php
    Here's the php:

    Code:
    <?php
    $to = "bruno@mail.be";
    $subject= "inschrijving";
    $name = $_POST['name'];
    $phone = $_POST['phone'];
    $email = $_POST['email'];
    $website = $_POST['website'];
    $beschrijving = $_POST['beschrijving'];
    $socialURL = $_POST['socialURL'];
    $cmname = $_POST['cmname'];
    $faciliteit = $_POST['faciliteit'];
    $add = $_POST['add'];
    $city = $_POST['city'];
    $zip = $_POST['zip'];
    $keywords1 = $_POST['keywords1'];
    $keywords2 = $_POST['keywords2'];
    $keywords3 = $_POST['keywords3'];
    $keywords4 = $_POST['keywords4'];
    $keywords5 = $_POST['keywords5'];
    $keywords6 = $_POST['keywords6'];
    $prijslijst = $_POST['prijslijst'];
    $openingsuren = $_POST['openingsuren'];
    $klikbaar = $_POST['klikbaar'];
    $socialFB = $_POST['socialFB'];
    $socialTW = $_POST['socialTW'];
    $socialIN = $_POST['socialIN'];
    $socialGP = $_POST['socialGP'];
    $opmerking = $_POST['opmerking'];
    $message = "
    Faciliteit: $faciliteit
    Naam bedrijf: $cmname
    Adres: $add, $zip $city
    
    Beschrijving:
    $beschrijving
    
    Video:
    $socialURL
    
    Kernwoorden: 
    $keywords1
    $keywords2
    $keywords3
    $keywords4
    $keywords5
    $keywords6
    
    Prijslijst:
    $prijslijst
    
    Openklikbare tekst:
    $klikbaar
    
    Contactpersoon: $name
    Telefoon: $phone
    Email: $email
    Website: $website
    
    Openingsuren: 
    $openingsuren
    
    Facebook: $socialFB
    Instagram: $socialIN
    Twitter: $socialTW
    Google Plus: $socialGP
    
    Verdere opmerkingen:
    $opmerking
    ";
      $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
             $headers = "From: $email\r\n" .
             "MIME-Version: 1.0\r\n" .
                "Content-Type: multipart/mixed;\r\n" .
                " boundary=\"{$mime_boundary}\"";
             $message = "This is a multi-part message in MIME format.\n\n" .
                "--{$mime_boundary}\n" .
                "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
                "Content-Transfer-Encoding: 7bit\n\n" .
             $message . "\n\n";
             foreach($_FILES as $userfile)
             {
                $tmp_name = $userfile['tmp_name'];
                $type = $userfile['type'];
                $name = $userfile['name'];
                $size = $userfile['size'];
                if (file_exists($tmp_name))
                {
                   if(is_uploaded_file($tmp_name))
                   {
                      $file = fopen($tmp_name,'rb');
                      $data = fread($file,filesize($tmp_name));
                      fclose($file);
                      $data = chunk_split(base64_encode($data));
                   }
                   $message .= "--{$mime_boundary}\n" .
                      "Content-Type: {$type};\n" .
                      " name=\"{$name}\"\n" .
                      "Content-Disposition: attachment;\n" .
                      " filename=\"{$fileatt_name}\"\n" .
                      "Content-Transfer-Encoding: base64\n\n" .
                   $data . "\n\n";
                }
             }
             $message.="--{$mime_boundary}--\n";
    if (mail($to, $subject, $message, $headers))
       echo "Dankje om je gegevens door te zenden.<br>We nemen die door en contacteren je zo snel mogelijk.";
    else
       echo "Error in mail.<br>Probeer opnieuw door hieronder te klikken.";
    ?>

  2. #2
    Join Date
    Jul 2006
    Location
    Antwerp, Belgium (Europe)
    Posts
    903
    Thanks
    114
    Thanked 2 Times in 2 Posts

  3. #3
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,938
    Thanks
    92
    Thanked 98 Times in 96 Posts

    Default

    Nothing is jumping out at me as being out of place. The important thing is to discover who is not receiving your emails. If I understand you correctly, some people are receiving your emails and others are not? Or are you saying that some of the messages are not being sent out at all?
    To choose the lesser of two evils is still to choose evil. My personal site

  4. #4
    Join Date
    Jul 2006
    Location
    Antwerp, Belgium (Europe)
    Posts
    903
    Thanks
    114
    Thanked 2 Times in 2 Posts

    Default

    Thanks for your reply, James.
    In fact, this is the code of a form on my website, on which people register : https://www.lichaamengeest.be/nieuw.php
    Several people filled in the form, then got to the "thank you" page (meaning the form has been sent), but I never receive the mail.
    So maybe it doesn't work properly when images are too large, or maybe some other reason?

  5. #5
    Join Date
    Jan 2015
    Posts
    78
    Thanks
    0
    Thanked 19 Times in 19 Posts

    Default

    You need to log, either to a text file or a database table, the date/time, entered email address, ip address, and the result (success or error messages.) This will give you a record of form submissions that you can compare to the emails you receive.

    This code is lacking several features that will either cause the emails to be sent or to tell you why they are not and it is open to spammers sending their emails through your mail server, due to mail header injection, so the problem could be that your sending mail server and/or the receiving mail server, where the To: email address is located at (even if these are the same mail server), is refusing to send/receive the emails, is placing them into the junk/spam folder, or is temporarily getting blacklisted/banned.

    The most likely problem for it only working some of the time/for some submitted email addresses, is because the email address that someone entered in the form is NOT where these emails are being sent from. These emails are being sent from your web hosting and the From: mail header should either be an email address at your web site domain or at a domain where there is an SPF (Sender Policy Framework) record that indicates your sending mail server is authorized to send email for that domain.

    You can put the email address that was entered in the form into a Reply-to: mail header, after validating that it is exactly and only one email address.

    Next, this form processing code should do the following -

    1) Detect that a post method form has been submitted before referencing any of the form data.

    2) Because this is uploading files, if the total size of the submitted form data is greater than the post_max_size setting, both the $_POST and $_FILES arrays will be empty. The code should detect this condition, output a user error message 'Sorry, the form data was too large, try again with smaller files...', log the date/time, entered email address, ip address, submitted data size, and prevent the remainder of the code from running. You should also look at and set the post_max_size and upload_max_filesize settings to be reasonable values that you are willing to accept from the people filling in the form.

    3) Validate all the submitted form data before using it. At a minimum, any 'required' fields should not be empty and the entered email address should be a single correctly formatted address. For validating the uploaded files, you need to check the ['error'] element in the $_FILES data and only use the uploaded file if there is no error. You also need to decide what you are going to do for each of the possible upload errors. Some of the errors can be corrected by the user (an aborted/partial upload, file too large.) For these errors, you can output an error message telling the user to re-try the form submission, and list the reason for the error. For the errors that are caused by the server setup, you should output a generic error message, that the uploaded files could not be used, and log the actual errors, so that you can find and fix what is causing them.

    4) If there are no validation errors, you can use the submitted form data. When using the text values (form fields and uploaded file name and type), you need to apply htmlentities() to each value so that any html/javascript that could be in the value won't be rendered when the email is read.

    5) If the mail() call fails, again, you need to log the date/time, email address, ip address, and your own mail fail message, so that you can try to find and fix any problem. You should also have php's error_reporting set to E_ALL and log_errors set to ON. This will cause the php error information from the mail() call to be logged too.

    6) Even if the mail() call succeeds, there is no guarantee that the email will get sent by the sending mail server or accepted by the receiving mail server. You should log the data/time, email address, ip address, a success message, the total number of uploaded files and either the size of each file or the total size of all the files, and any other values you think may be helpful. This will tell you that there was a form submission and hopefully give information that will help find out why you are not receiving some of the emails.

    If you will be using a file for logging the information, php's file_put_contents(), with the FILE_APPEND flag, is the simplest method.

  6. The Following User Says Thank You to DyDr For This Useful Post:

    chechu (03-03-2018)

  7. #6
    Join Date
    Jul 2006
    Location
    Antwerp, Belgium (Europe)
    Posts
    903
    Thanks
    114
    Thanked 2 Times in 2 Posts

    Default

    Now that is an amazingly detailed explanation, DyDr, thanks for that.
    I just needed a php form script with multiple upload, and that is what I found.

    Do you know a more solid form script with multiple upload, or can you implement the remarks you had into the above code, please (as I know nothing of php)?
    Thanks!

  8. #7
    Join Date
    Jan 2015
    Posts
    78
    Thanks
    0
    Thanked 19 Times in 19 Posts

    Default

    To implement the logging of the success (and failed) mail() calls, make the following changes to the code.

    Add the following lines, near the top of the code -

    PHP Code:
    // append data to a log file
    function _log($log_file,$ip,$email,$message)
    {
        
    $str date('Y-m-d H:i:s') . " IP:$ip, EM:$email$message\n";
        
    file_put_contents($log_file,$str,FILE_APPEND);
    }

    $log_file 'log.txt'// log text file name

    $ip $_SERVER['REMOTE_ADDR']; // get ip to short variable name for logging purposes 
    Replace the existing if(mail(...)) ... else ... code with the following -

    PHP Code:
            if(mail($to$subject$message$headers))
            {
                echo 
    "Dankje om je gegevens door te zenden.<br>We nemen die door en contacteren je zo snel mogelijk.";
                
    // 6) Even if the mail() call succeeds, there is no guarantee that the email will get sent by the sending mail server or accepted by the receiving mail server. You should log the data/time, email address, ip address, a success message, the total number of uploaded files and either the size of each file or the total size of all the files, and any other values you think may be helpful. This will tell you that there was a form submission and hopefully give information that will help find out why you are not receiving some of the emails.
                // log the success information to compare against actual received emails
                
    _log($log_file,$ip,$email,'Mail call successful.');

            } else {
                echo 
    "Error in mail.<br>Probeer opnieuw door hieronder te klikken.";
                
    // 5) If the mail() call fails, again, you need to log the date/time, email address, ip address, and your own mail fail message, so that you can try to find and fix any problem.
                // log the fail information. you can capature the php error message and include it too.
                
    $last_error error_get_last(); // "type", "message", "file" and "line". 
                
    _log($log_file,$ip,$email,"Mail call failed - {$last_error['message']}");

            } 

  9. #8
    Join Date
    Jul 2006
    Location
    Antwerp, Belgium (Europe)
    Posts
    903
    Thanks
    114
    Thanked 2 Times in 2 Posts

    Default

    Thanks for that, DyDr.
    Just implemented your code, and all works fine, thanks.
    But what about the log.txt file? Is that a file I just upload and gets filled whenever a mail is sent?

    And this. You wrote:
    // 6) Even if the mail() call succeeds, there is no guarantee that the email will get sent by the sending mail server or accepted by the receiving mail server. You should log the data/time, email address, ip address, a success message, the total number of uploaded files and either the size of each file or the total size of all the files, and any other values you think may be helpful. This will tell you that there was a form submission and hopefully give information that will help find out why you are not receiving some of the emails.
    Does that mean the form code is still not waterproof?
    What to add of code in order to "log the data/time, email address, ip address, a success message, the total number of uploaded files and either the size of each file or the total size of all the files"?

    This is the code till now, with your adjustments:
    Code:
    <?php
    
    // append data to a log file 
    function _log($log_file,$ip,$email,$message) 
    { 
        $str = date('Y-m-d H:i:s') . " IP:$ip, EM:$email, $message\n"; 
        file_put_contents($log_file,$str,FILE_APPEND); 
    } 
    
    $log_file = 'log.txt'; // log text file name 
    
    $ip = $_SERVER['REMOTE_ADDR']; // get ip to short variable name for logging purposes 
    
    $to = "bruno@mail.be";
    $subject= "inschrijving";
    $name = $_POST['name'];
    $phone = $_POST['phone'];
    $email = $_POST['email'];
    $website = $_POST['website'];
    $beschrijving = $_POST['beschrijving'];
    $socialURL = $_POST['socialURL'];
    $cmname = $_POST['cmname'];
    $faciliteit = $_POST['faciliteit'];
    $add = $_POST['add'];
    $city = $_POST['city'];
    $zip = $_POST['zip'];
    $keywords1 = $_POST['keywords1'];
    $keywords2 = $_POST['keywords2'];
    $keywords3 = $_POST['keywords3'];
    $keywords4 = $_POST['keywords4'];
    $keywords5 = $_POST['keywords5'];
    $keywords6 = $_POST['keywords6'];
    $prijslijst = $_POST['prijslijst'];
    $openingsuren = $_POST['openingsuren'];
    $klikbaar = $_POST['klikbaar'];
    $socialFB = $_POST['socialFB'];
    $socialTW = $_POST['socialTW'];
    $socialIN = $_POST['socialIN'];
    $socialGP = $_POST['socialGP'];
    $opmerking = $_POST['opmerking'];
    $message = "
    Faciliteit: $faciliteit
    Naam bedrijf: $cmname
    Adres: $add, $zip $city
    
    Beschrijving:
    $beschrijving
    
    Video:
    $socialURL
    
    Kernwoorden: 
    $keywords1
    $keywords2
    $keywords3
    $keywords4
    $keywords5
    $keywords6
    
    Prijslijst:
    $prijslijst
    
    Openklikbare tekst:
    $klikbaar
    
    Contactpersoon: $name
    Telefoon: $phone
    Email: $email
    Website: $website
    
    Openingsuren: 
    $openingsuren
    
    Facebook: $socialFB
    Instagram: $socialIN
    Twitter: $socialTW
    Google Plus: $socialGP
    
    Verdere opmerkingen:
    $opmerking
    ";
      $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
             $headers = "From: $email\r\n" .
             "MIME-Version: 1.0\r\n" .
                "Content-Type: multipart/mixed;\r\n" .
                " boundary=\"{$mime_boundary}\"";
             $message = "This is a multi-part message in MIME format.\n\n" .
                "--{$mime_boundary}\n" .
                "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
                "Content-Transfer-Encoding: 7bit\n\n" .
             $message . "\n\n";
             foreach($_FILES as $userfile)
             {
                $tmp_name = $userfile['tmp_name'];
                $type = $userfile['type'];
                $name = $userfile['name'];
                $size = $userfile['size'];
                if (file_exists($tmp_name))
                {
                   if(is_uploaded_file($tmp_name))
                   {
                      $file = fopen($tmp_name,'rb');
                      $data = fread($file,filesize($tmp_name));
                      fclose($file);
                      $data = chunk_split(base64_encode($data));
                   }
                   $message .= "--{$mime_boundary}\n" .
                      "Content-Type: {$type};\n" .
                      " name=\"{$name}\"\n" .
                      "Content-Disposition: attachment;\n" .
                      " filename=\"{$fileatt_name}\"\n" .
                      "Content-Transfer-Encoding: base64\n\n" .
                   $data . "\n\n";
                }
             }
             $message.="--{$mime_boundary}--\n";
            if(mail($to, $subject, $message, $headers)) 
            { 
                echo "Dankje om je gegevens door te zenden.<br>We nemen die door en contacteren je zo snel mogelijk."; 
                _log($log_file,$ip,$email,'Mail call successful.'); 
    
            } else { 
                echo "Error in mail.<br>Probeer opnieuw door hieronder te klikken."; 
                $last_error = error_get_last(); 
                _log($log_file,$ip,$email,"Mail call failed - {$last_error['message']}"); 
    
            }
    ?>
    Please remember, I have no idea how php works, so I'm driving blind here ...
    If possible, could you please rewrite the code as if you 'd be using it, with all the features you mentioned?
    Thanks.
    Last edited by chechu; 03-04-2018 at 06:46 PM.

  10. #9
    Join Date
    Jul 2006
    Location
    Antwerp, Belgium (Europe)
    Posts
    903
    Thanks
    114
    Thanked 2 Times in 2 Posts

    Default

    This is a new version someone built (apparently headers were missing and the variables were copied):

    Code:
    <?php
    
    // append data to a log file 
    function _log($log_file,$ip,$email,$message) 
    { 
        $str = date('Y-m-d H:i:s') . " IP:$ip, EM:$email, $message\n"; 
        file_put_contents($log_file,$str,FILE_APPEND); 
    } 
    
    $log_file = 'log.txt'; // log text file name 
    
    $ip = $_SERVER['REMOTE_ADDR']; // get ip to short variable name for logging purposes 
    
    $website_naam = 'Mijn Site';
    $eigen_emailadres = 'bruintje@gmail.com';
    $error_emailadres = 'bruintje@gmail.com';
    $naam_verzender = 'Afzender';
    $email_verzender = 'emailadres_van_verzender@zijn_domein.nl';
    $bcc_emailadres = 'bruintje@gmail.com';
    $html = true;
    
    $headers    = 'From: ' . $website_naam . ' <' . $eigen_emailadres . '>' . "\r\n";
    $headers    .= 'Reply-To: ' . $naam_verzender . ' <' . $email_verzender . '>' . "\r\n";
    $headers    .= 'Return-Path: Mail-Error <' . $error_emailadres . '>' . "\r\n";
    $headers    .= ($bcc_emailadres != '') ? 'Bcc: ' . $bcc_emailadres . "\r\n" : '';
    $headers    .= 'X-Mailer: PHP/' . phpversion() . "\r\n";
    $headers    .= 'X-Priority: Normal' . "\r\n";
    $headers    .= ($html) ? 'MIME-Version: 1.0' . "\r\n" : '';
    $headers    .= ($html) ? 'Content-type: text/html; charset=iso-8859-1' . "\r\n" : '';
    $headers    .= ($html) ? "Content-Type: multipart/mixed;\r\n" .
    $headers    .= ($html) ? "boundary=\"{$mime_boundary}\"";
    
    $to = "bruintje@gmail.com";
    $subject= "inschrijving";
    $_POST['name'];
    $_POST['phone'];
    $_POST['email'];
    $_POST['website'];
    $_POST['beschrijving'];
    $_POST['socialURL'];
    $_POST['cmname'];
    $_POST['faciliteit'];
    $_POST['add'];
    $_POST['city'];
    $_POST['zip'];
    $_POST['keywords1'];
    $_POST['keywords2'];
    $_POST['keywords3'];
    $_POST['keywords4'];
    $_POST['keywords5'];
    $_POST['keywords6'];
    $_POST['prijslijst'];
    $_POST['openingsuren'];
    $_POST['klikbaar'];
    $_POST['socialFB'];
    $_POST['socialTW'];
    $_POST['socialIN'];
    $_POST['socialGP'];
    $_POST['opmerking'];
    $message = "
    Faciliteit: $_POST['faciliteit'];
    Naam bedrijf: $_POST['cmname'];
    Adres: $_POST['add']; $_POST['zip']; $_POST['city'];
    
    Beschrijving:
    $_POST['beschrijving'];
    
    Video:
    $_POST['socialURL'];
    
    Kernwoorden: 
    $_POST['keywords1'];
    $_POST['keywords2'];
    $_POST['keywords3'];
    $_POST['keywords4'];
    $_POST['keywords5'];
    $_POST['keywords6'];
    
    Prijslijst:
    $_POST['prijslijst'];
    
    
    Openklikbare tekst:
    $_POST['klikbaar'];
    
    
    Contactpersoon: $_POST['name'];
    Telefoon: $_POST['phone'];
    Email: $_POST['email'];
    Website: $_POST['website'];
    
    Openingsuren: 
    $_POST['openingsuren'];
    
    Facebook: $_POST['socialFB'];
    Instagram: $_POST['socialIN'];
    Twitter: $_POST['socialTW'];
    Google Plus: $_POST['socialGP'];
    
    Verdere opmerkingen:
    $_POST['opmerking'];
    ";
      $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
             $message = "This is a multi-part message in MIME format.\n\n" .
                "--{$mime_boundary}\n" .
                "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
                "Content-Transfer-Encoding: 7bit\n\n" .
             $message . "\n\n";
             foreach($_FILES as $userfile)
             {
                $tmp_name = $userfile['tmp_name'];
                $type = $userfile['type'];
                $name = $userfile['name'];
                $size = $userfile['size'];
                if (file_exists($tmp_name))
                {
                   if(is_uploaded_file($tmp_name))
                   {
                      $file = fopen($tmp_name,'rb');
                      $data = fread($file,filesize($tmp_name));
                      fclose($file);
                      $data = chunk_split(base64_encode($data));
                   }
                   $message .= "--{$mime_boundary}\n" .
                      "Content-Type: {$type};\n" .
                      " name=\"{$name}\"\n" .
                      "Content-Disposition: attachment;\n" .
                      " filename=\"{$fileatt_name}\"\n" .
                      "Content-Transfer-Encoding: base64\n\n" .
                   $data . "\n\n";
                }
             }
             $message.="--{$mime_boundary}--\n";
            if(mail($to, $subject, $message, $headers)) 
            { 
                echo "Dankje om je gegevens door te zenden.<br>We nemen die door en contacteren je zo snel mogelijk."; 
                _log($log_file,$ip,$email,'Mail call successful.'); 
    
            } else { 
                echo "Error in mail.<br>Probeer opnieuw door hieronder te klikken."; 
                $last_error = error_get_last(); 
                _log($log_file,$ip,$email,"Mail call failed - {$last_error['message']}"); 
    
            }
    ?>
    Is this a code that garantees sending through?
    Please share your thoughts.

  11. #10
    Join Date
    Jan 2015
    Posts
    78
    Thanks
    0
    Thanked 19 Times in 19 Posts

    Default

    The last post you made is even worse. The code is out of proper order, which will produce php errors and won't work at all, but beyond that, unless your web site is hosted at google, I can guarantee that you won't be able to send email to an @gmail account because the From: mail header doesn't correspond to your web hosting and gmail isn't going to accept an email that states it is From: a gmail email address if wasn't actually sent from a gmail mail server.

    The suggestions I have made in this thread are to get your code to either work (fix the obviously wrong From: email address usage and to only attempt to send an email when there's valid data to use) or to log information that would help find why it isn't working. Until you find the reason the existing code isn't working, you don't have anything to fix, and making random changes is just a waste of time.

    You will either need to implement the suggestions or hire someone to do so. Programming help forums as not free programming services and the amount of time it would take to design, write, test, and debug all the code needed is more that you should expect someone to do for you for free.

    The only additional suggestion I have is to find or write a script that uses either the phpmailer or swiftmailer php class. This will simplify the code needed to build the multi-part mime message w/file attachments, the mail headers, and will allow you to use SMTP authentication against your receiving email account, which will help to guarantee that the email will be accepted, though it can still end up in the junk/spam folder.
    Last edited by DyDr; 03-06-2018 at 10:35 AM.

Similar Threads

  1. Could you check my code please
    By theremotedr in forum CSS
    Replies: 12
    Last Post: 01-21-2016, 11:05 AM
  2. code check please
    By bwc in forum PHP
    Replies: 8
    Last Post: 06-17-2009, 07:39 AM
  3. Resolved Hello im new to CSS can you check this code?
    By PSG1JOHN in forum CSS
    Replies: 5
    Last Post: 03-08-2009, 03:07 PM
  4. Please Check my code (PHP)
    By laserdude in forum PHP
    Replies: 2
    Last Post: 04-02-2007, 06:15 PM
  5. can anyone check code
    By newj in forum ASP
    Replies: 0
    Last Post: 02-18-2007, 04:13 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •