I am using a contact.php i downloaded for for my website and its all working fine but the only problem I'm having, is that every time my webpage gets reloaded or someone loads it, I get sent a blank email. Is there anything wrong with the .php? any help would be great I'm pretty new to all this. This is my .php
<?php
$field_name = $_POST['cf_name'];
$field_email = $_POST['cf_email'];
$field_message = $_POST['cf_message'];
$mail_to = 'mail@markblackler.com';
$subject = 'Message from a site visitor'.$field_name;
$body_message = 'From: '.$field_name."\n";
$body_message .= 'E-mail: '.$field_email."\n";
$body_message .= 'Message: '.$field_message."\n";
$headers = 'From: '.$field_email."\r\n";
$headers .= 'Reply-To: '.$field_email."\r\n";
$mail_status = mail($mail_to, $subject, $body_message, $headers);
if ($mail_status) { ?>
<script language="javascript" type="text/javascript">
alert('Thank you for the message. I will contact you as soon as possible.');
document.location = 'http://www.markblackler.com'
</script>
<?php
}
else { ?>
<script language="javascript" type="text/javascript">
alert('Message failed. Please, send an email to mail@markblackler.com');
document.location = 'http://www.markblackler.com'
</script>
<?php
}
?>
Show us the HTML form that collects the data. You are most likely posting to the same page. It's a good idea to have some kind of conditional that validates the data before posting.
From just this, there doesn't seem to be any actionable item aka: a submit button. There's also no validation on any of the fields, which is a big no no.
The biggest problem lies in your $mail_status, currently it just checks if it exists / has a value which can include blank values.
You'll need to make a PHP page for that HTML form.
<?php
// start a session
session_start();
// a "token" is just an arbitrary, unique identifier
$token = md5( rand().$_SERVER['HTTP_USER_AGENT'] );
// save the token to your user session
$_SESSION['token'] = $token;
// add the token to a hidden form field
?>
<form action="contact.php" method="post">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<label>Name: <input name="name"></label>
<label><textarea name="message"></textarea></label>
<input type="submit" value="Submit">
</form>
Then, on your contact.php script, check that the token exists and is valid:
<?php
session_start();
if(
// if there's a token in the session
! empty( $_SESSION['token'] )
// AND a token in the form submission
&& ! empty( $_POST['token'] )
// AND the tokens match
&& $_SESSION['token'] === $_POST['token']
){
// THEN, the form submission is legit.
// first, DELETE the token from the session:
unset( $_SESSION['token'] );
// that way, if the user hits the [back] button,
// the script will ignore the repeated submission
// because there's no matching token in the session.
// next, proceed with processing the form submission
// and sending the email as normal.
}else{
// if there's no matching token,
// the form submission is a duplicate
// (or possibly from a really old visit, and the session has expired).
// so, don't process it or send any emails.
// you might redirect to the contact form again,
// or the homepage, or whatever you like.
}
Edit
there doesn't seem to be any actionable item aka: a submit button.
since the entire <form> is missing from the code sample, I'm assuming that it's on another page and functioning properly. He mentioned that the problem occurred when someone reloaded the page (or, presumably, navigated to it via the [back] button or by accident). @markblackler, does the script email you successfully when you submit the form the first time?
The biggest problem lies in your $mail_status, currently it just checks if it exists / has a value which can include blank values.
$mail_status comes from the call to mail(), which will always be either true or false. It should work as expected.
i tired what you said, but what i did, didn't resolve the problem, i might of done it wrong as i wasn't to sure how to do it cause i have never used tokens before, i will give it another go and see what happens
yes! that worked I'm not getting spammed with emails now, thank you so much for your help, I really do appreciate it, what I was doing wrong, was, I tried to attach another .php file instead of changing my code in my html file, sounds pretty stupid when I'm typing it now.
Hi,
I am using a contact.php i downloaded for for my website and its all working fine but the only problem I'm having, is that every time my webpage gets reloaded or someone loads it, I get sent a blank email. Is there anything wrong with the .php? any help would be great I'm pretty new to all this. This is my .php
Thanks, Mark
Show us the HTML form that collects the data. You are most likely posting to the same page. It's a good idea to have some kind of conditional that validates the data before posting.
From just this, there doesn't seem to be any actionable item aka: a submit button. There's also no validation on any of the fields, which is a big no no.
The biggest problem lies in your $mail_status, currently it just checks if it exists / has a value which can include blank values.
...use a token to make sure you don't process the same form twice.
(This will require you to generate the form itself via PHP, but that's not a bad thing.)
Say, for example, that your current form looks something like this:
You'll need to make a PHP page for that HTML form.
Then, on your contact.php script, check that the token exists and is valid:
Edit
since the entire
<form>is missing from the code sample, I'm assuming that it's on another page and functioning properly. He mentioned that the problem occurred when someone reloaded the page (or, presumably, navigated to it via the [back] button or by accident). @markblackler, does the script email you successfully when you submit the form the first time?$mail_statuscomes from the call tomail(), which will always be eithertrueorfalse. It should work as expected.Yes the script emails me successfully when you submit the form. This is the html code I am using:
I also tried using a token as you said, but the same problem occurred
Can you show me your current code (both scripts)?
It may be easier to share the code on another site (I like making a gist on github) - css-tricks isn't great for sharing code :(
https://gist.github.com/anonymous/5200669
There you go my friend.
So, you didn't try adding a token to the form yet?
i tired what you said, but what i did, didn't resolve the problem, i might of done it wrong as i wasn't to sure how to do it cause i have never used tokens before, i will give it another go and see what happens
Why don't you share your attempt?
I'll help people all day long, but I don't just do "free work" :p
Edit
have a look. For explanations, see my comment above.
yes! that worked I'm not getting spammed with emails now, thank you so much for your help, I really do appreciate it, what I was doing wrong, was, I tried to attach another .php file instead of changing my code in my html file, sounds pretty stupid when I'm typing it now.
Thank you so much for your help and advice :)
No problem, glad I could help. : )