Weborum Webmaster Forum > FormToEmail Chokes on "E-mail address"

Full Version: FormToEmail Chokes on "E-mail address"

Weborum Webmaster Forum > Web Page Design > PHP

dtilbor

Aug 22 2005, 08:21 PM

We're using FormToEmail, a php script that mails the contents of a Web form to us. We just discovered that the string "e-mail address", when entered into any field on the form by a visitor, causes a permissions error. (Forbidden You don't have permission to access /FormToEmail.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.)

Now, probably nobody is going to enter that string into any of the fields, but the question is, why does it cause a failure, and could there be other strings that when entered cause an error? We haven't found any, but now we don't trust the script.

Anyone have any ideas? The script is below.

Thanks,

Dave

<?php

/*

Thank you for choosing FormToEmail by FormToEmail.com

Version 1.2 Created June 8th 2004

COPYRIGHT FormToEmail.com 2004

You are not permitted to sell this script, but you can use it, copy it or distribute it, providing that you do not delete this copyright notice, and you do not remove any reference to FormToEmail.com

DESCRIPTION

FormToEmail allows you to place a form on your website which your visitors can fill out and send to you. The contents of the form are sent to the email address which you specify below. The form allows your visitors to enter their name, email address and comments. If they try to send a blank form, they will be returned to the form.

Your visitors (and nasty spambots!) cannot see your email address!

When the form is sent, your visitor will get a confirmation of this on the screen, and will be given a link to continue to your homepage, or other page if you specify it.

Should you need the facility, you can add additional fields to your form, which this script will also process, without making any additional changes.

This is a PHP script. In order for it to run, you must have PHP (version 4.1.0 or later) on your webhosting account. If you are not sure about this, then ask your webhost about it.

SETUP INSTRUCTIONS

Step 1: Put the form on your webpage
Step 2: Enter your email address and continue link below
Step 3: Upload the files to your webspace

Step 1:

To put the form on your webpage, copy the code below as it is, and paste it into your webpage:

<form action="FormToEmail.php" method="post">
<table border="0" bgcolor="#ececec" cellspacing="5">
<tr><td><font face="arial" size="2">Name</font></td><td><input type="text" size="30" name="Name"></td></tr>
<tr><td><font face="arial" size="2">Email address</font></td><td><input type="text" size="30" name="Email"></td></tr>
<tr><td valign="top"><font face="arial" size="2">Comments</font></td><td><textarea name="Comments" rows="6" cols="30"></textarea></td></tr>
<tr><td> </td><td><input type="submit" value="Send"><font face="arial" size="1">  FormToEmail by <a href="http://FormToEmail.com">FormToEmail.com</a></font></td></tr>
</table>
</form>

Step 2:

Enter the email address below to send the form to:

*/

$my_email = "abc@xyz.com";

/*

Enter the continue link to offer the user after the form is sent. If you do not change this, your visitor will be given a continue link to your homepage:

If you do change it, remove the "/" symbol below and replace with the name of the page to link to, eg: "mypage.htm" or "http://www.elsewhere.com/page.htm"

*/

$continue = "http://www.xyz.com";

/*

Step 3:

Save this file (FormToEmail.php) and upload it together with your webpage to your webspace. IMPORTANT - The file name is case sensitive! You must save it exactly as it is named above! Do not put this script in your cgi-bin directory (folder) it may not work from there.

THAT'S IT, FINISHED!

You do not need to make any changes below this line.

*/

// This line prevents values being entered in a URL

if ($_SERVER['REQUEST_METHOD'] != "POST"){exit;}

// This line prevents a blank form being sent

while(list($key,$value) = each($_POST)){if(!(empty($value))){$set=1;}$message = $message . "$key: $value\n\n";} if($set!==1){header("location: $_SERVER[HTTP_REFERER]");exit;}

$message = $message . "";
$message = stripslashes($message);

$subject = "Inquiry from dmp3music.com";
$headers = "From: " . $Email . "\n" . "Return-Path: " . $Email . "\n" . "Reply-To: " . $Email . "\n";

mail($my_email,$subject,$message,$headers);

?>

<html>

<head>

</head>

<body bgcolor="#ffffff" text="#000000">

<strong><font size="2" face="Arial, Helvetica, sans-serif"><a href="index.html">
<div align="center"><img src="images/submitted.jpg" width="700" height="400" border="0"></div>
</a>

</font></strong>

</body>
</html>

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.