Issue with a messagebox/e-mail function.

[lauradei]

hi,
I have created a messagebox on my contact page that e-mails me when they hit the submit button. This work fine as long they don't use the "enter" key to go to the next line.
How can I let people use the "enter" key to start a new line in the message box?
I have used multiple "send-mail".php examples but all have the same issue
(at least the error page works properly, lol).

Any help is appreciated

 

[lylex10h]

URL to duplicate issue?

 

[lauradei]

You can find it here

 

[lauradei]

Ways to reproduce the error is:
1) write message/question in the message box
2) press "enter" to go to next line and write some again.
3) hit the send button
4) result: error page and no message send

If you don't use the "enter"key (to go to the next line) but hit the send button it works fine.

For now the link above is going to our backup website for testing.

 

[lauradei]

After being asked for a link were the issue is (and added how to duplicate the issue) no one answers.
Bit disappointed in the community support.

 

[lylex10h]

You can find a solution here

 

[caftpx10]

I have tried submitting with and without newlines in the text area (comments). The POST requests sent out all have the parameters from the text boxes (including 'comments'), so it is being sent out for certain, at least in my case anyway.
What is this error page you speak of? Any information about what it shows? Because I am either thinking of Mod-Security2 or the scripts used do not play well with newlines for whatever reason.

 

[lauradei]

@lylex10h sorry that page didn't help me.

@caftpx10
I havent received any of your submissions after filling in the form (without using enter for a newline), this works for me when I test this myself, I do get then the message I make send to my E-mail.
All fields needs to be filled in to have a successful submission, so far so good.
When you hit enter in the message box (to make a new line) and then click the "send" button you will get the "error" page, this is were my issue is.

The PHP and HTML I use:

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "here is my@e-mail.normally"

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "contact.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$phone = $_REQUEST['phone'] ;
$first_name = $_REQUEST['first_name'] ;
$msg =
"First Name: " . $first_name . "\r\n" .
"Email: " . $email_address . "\r\n" . 
"Phone: " . $phone . "\r\n" .
"Message: " . $comments ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
    $injections = array('(\n+)',
    '(\r+)',
    '(\t+)',
    '(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
    );
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if(preg_match($inject,$str)) {
        return true;
    }
    else {
        return false;
    }
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($first_name) || empty($phone) || empty($email_address)) {
header( "Location: $error_page" );
}

/*
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($phone) || isInjected($first_name)  || isInjected($comments) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

    mail( "$webmaster_email", "Feedback Form Results", $msg );

    header( "Location: $thankyou_page" );
}
?>

<div class="main">
                <div class="info">Enquiries</div>
                <form method="post" action="send_mail.php" name="form" class="form-box">
                <label>Name
                <input type="text" name="first_name" class="inp" placeholder="Enter Your Name" required>
                </label> 
                <label>Email 
                <input type="email" name="email_address" class="inp" placeholder="Enter Your Email"  required>
                </label>
                <label>Phone
                <input type="tel" name="phone" class="inp" placeholder="Enter Your Phone Number"  required>
                </label>
                <label>Message
                <textarea name="comments" id="msg-box" placeholder="Enter Your Message Here ..." maxlength="750"></textarea>
                </label>
                <input type="submit" name="submit" value="Send" class="sub-btn">
                </form>
            </div>

I hope this will help to get to it sorted
Thank you both for trying to help me.

 

[caftpx10]

"$_REQUEST" is not recommended to use. As it is POST, you should use "$_POST" instead. That is not the issue, however.
What is preventing newlines intentionally is the function "isInjected". According to the comment above the definition, it is an attempt to prevent abuse by spammers when it comes to them adding in their own CC list.

 

[lauradei]

@caftpx10 thank you for your reply.

Seems I better find something else to replace the "$_REQUEST" to "$_POST".
I'm not worried about the "spammers" so if this can be changed to have the "newline" option working I would rather have that (now don't jump on the wagon guys to spam me, remember I have pointe shoes, lol).

Is there an other PHP form that you can recommend?

 

[caftpx10]

Clarification on the spam protection in that script: it was to avoid others from being spammed under your account because of email lists and those emails being placed in the CC.
Maybe at the time it was possible but it does not look like it would pose any danger (now) if used in the case of the comments field. The script is very old.
That said, replace this...

elseif ( isInjected($email_address) || isInjected($phone) || isInjected($first_name)  || isInjected($comments) ) {
header( "Location: $error_page" );
}

...with this...

elseif ( isInjected($email_address) || isInjected($phone) || isInjected($first_name) ) {
header( "Location: $error_page" );
}

There are a lot of other things I would improve with the script but that is basically it.

 

[lauradei]

@caftpx10
Many thank for your reply and solution, this works as I wanted it, but....
You mention that you would improve a few more things, I'm a total noob with this and just search online for "ready made" scripts that I can use.
I previously used an other script that had the same issue but didn't had a fancy redirect for the "thank you/error page" (see here) this I why is used the (from what I know now) a very old script.
Which one is better to use or as asked before do you have a recommended "ready made" script?

 

[caftpx10]

As I do not really look up ready-made scripts for emailing, I went and Googled for some. All of them were not 'complete' but some had validation (not much of it). So, I cannot recommend any that I had came across so far.
If it was me improving the script (but done fairly basic), it would be something like this...

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "your@email.here";
$subject = "Feedback Form Results";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "contact.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
    $injections = array('(\n+)',
    '(\r+)',
    '(\t+)',
    '(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
    );
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if (preg_match($inject,$str)) {
        return true;
    }
    else {
        return false;
    }
}

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/

if (isset($_POST['email_address']) && isset($_POST['comments']) && isset($_POST['phone']) && isset($_POST['first_name'])) {
    $email_address = trim($_POST['email_address']);
    $comments = trim($_POST['comments']);
    $phone = trim($_POST['phone']);
    $first_name = trim($_POST['first_name']);
} else {
    // Any missing input? Redirect back to feedback page.
    header("Location: $feedback_page");
    exit;
}

// If the form fields are empty, redirect to the error page.
if (empty($first_name) || empty($phone) || empty($email_address) || empty($comments)) {
    header("Location: $error_page");
    exit;
}
// Check if provided email is in a valid format
elseif (!filter_var($email_address, FILTER_VALIDATE_EMAIL)) {
    header("Location: $error_page");
    exit;
}
/*
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif (isInjected($email_address) || isInjected($phone) || isInjected($first_name)) {
    header("Location: $error_page");
    exit;
}
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
    $msg =
"First Name: " . $first_name . "\r\n" .
"Email: " . $email_address . "\r\n" .
"Phone: " . $phone . "\r\n" .
"Message: " . $comments;

    if (mail($webmaster_email, $subject, $msg)) {
        header("Location: $thankyou_page");
    } else {
        header("Location: $error_page");
    }

}

 

[lauradei]

@caftpx10
Thank you so much for helping me with this, much appreciated.
Added it to the main web page now and all runs fine.