[thelist] More PHP Contact form trouble

[Phil Turmel]

Tom Dell'Aringa wrote:
> Well I had this form working, then my client moved the site over to Yahoo!
> web hosting. I didn't think it would matter, but now the info does not get
> mailed to the recipient, although the page does not error out and goes to
> the thank you page no problem. Here is the simple code I am using to
> process:
> 
> <?php
> $name = $_POST["name"];
> $email = $_POST["email"];
> 
> $to      = 'myemail at gmail.com';
> $subject = 'OraTechNet Form Feedback';
> $message = $_POST['comments'];
> $headers =    "From: $name" . "\r\n" .
>             "Reply-To: $email" . "\r\n" .
>             'X-Mailer: PHP/' . phpversion();
> 
> mail($to, $subject, $message, $headers);
> 
> Header("Location:http://www.oratechnet.com/thank-you.php");
> ?>
> 
> I ran phpinfo() and the server is running PHP Version 4.3.11, so I don't
> think anything is wrong with the code - does there appear to be anything
> wrong? I can take it up with their hosting support but I wanted to check if
> I am missing anything obvious first. Please CC me at pixelmech at gee mail
> dot com with any answers.
> 
> Thanks!
> 
> Tom
Tom,

Mail transfer agents are generally set up to refuse to honor "From:" headers
that don't match the actual user process that submits the mail.  The refusal
can either be a "Screw You" with a bounce, or a "I'll send it under protest,
and include the real sender From: address".

The trouble with 1) is that the bounce goes to the web server process' user,
which just throws it away.

I suggest you run a test without the "From:" header, just to see what gets
through.

Meanwhile, you are exposing yourself to classic form spam by placing POST
variables directly into the headers argument.  You definitely need to check
those fields for \r and \n, at a minimum.

It's also possible that Yahoo! just doesn't permit form-mail (so that scripts
like yours can't put their servers on spam blacklists).

HTH,

Phil