reply-to address in php contact form
Asked Answered
F

2

11

I bought a simple website template with a php contact form. Everything works great with the one small exception of actually receiving the messages sent via the form. That is, the contact form would show a success message, but the message would never arrive.

After a long back and forth with my hosting service, I found out that in order to avoid spoofing they won't allow emails to be sent where the FROM address they don't host. That is, if a visitor to the site writes down his gmail/yahoo etc. in the form, I won't get it.

They suggested using the email address hosted with them as the FROM address, and having the visitor's input email as the REPLY-TO address. This seems reasonable.

So I dug around (e.g. here: PHP reply-to error - comes with admin email not sender of contact form and php Contact Form on website and reply-to email )

and the answers suggest something adding a headers component:

$headers = 'From: [email protected]' . "\r\n" .
    'Reply-To: [email protected]' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

and also add it to

mail($to, $subject, $message, $headers);

so that's what I did. $email is defined in this template as what the visitor's email, so what I did was:

$subject = "Contact Form: $name";
$message = "$message";
$headers = 'From: myemail@my_domain.com' . "\r\n" .
    'Reply-To: $email' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

This is all nice and dandy but it still doesn't work well. Emails do go through now, but the details are:

from:    myemail@my_domain.com via servername.hosting_company.com 
**reply-to:  [email protected]_company.com**
to:  myemail@my_domain.com

so, the reply to address is still not what the visitor left.

Can you help me with this? Don't know what else I can do.

Many thanks!


if anyone is interested, here's the full php file:

<?php

// Clean up the input values
foreach($_POST as $key => $value) {
    if(ini_get('magic_quotes_gpc'))
        $_POST[$key] = stripslashes($_POST[$key]);

    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}

// Assign the input values to variables for easy reference
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];

// Test input values for errors
$errors = array();
if(strlen($name) < 2) {
    if(!$name) {
        $errors[] = "You must enter a name.";
    } else {
        $errors[] = "Name must be at least 2 characters.";
    }
}
if(!$email) {
    $errors[] = "You must enter an email.";
} else if(!validEmail($email)) {
    $errors[] = "You must enter a valid email.";
}
if(strlen($message) < 10) {
    if(!$message) {
        $errors[] = "You must enter a message.";
    } else {
        $errors[] = "Message must be at least 10 characters.";
    }
}

if($errors) {
    // Output errors and die with a failure message
    $errortext = "";
    foreach($errors as $error) {
        $errortext .= "<li>".$error."</li>";
    }
    die("<span class='failure'><h3>Sorry, The following errors occured:</h3><ol>". $errortext ."</ol><a href='contact.html' class='more'>Refresh Form</a></span>");
}


// --------------------------------------//
// Send the email // INSERT YOUR EMAIL HERE
$to = "myemail@my_domain.com";
// --------------------------------------//


$subject = "Contact Form: $name";
$message = "$message";
$headers = 'From: myemail@my_domain.com' . "\r\n" .
    'Reply-To: $email' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();


mail($to, $subject, $message, $headers);

// Die with a success message
die("<span class='success'><h3>Successfully Sent!</h3> Your message is on its way, we will respond to you shortly.</span>");

// A function that checks to see if
// an email is valid
function validEmail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless 
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
   }
   return $isValid;
}

?>
Fadiman answered 25/9, 2013 at 13:59 Comment(1)
You need to use double quotes around the $headers string when you create it - single quotes treat the string as a literal, so variables aren't interpolated.Rheingold
G
16

Try changing this part of your code :

$subject = "Contact Form: $name";
$message = "$message";
$headers = 'From: myemail@my_domain.com' . "\r\n" .
    'Reply-To: $email' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

To this :

$subject = "Contact Form: $name";
$message = "$message";
$headers = 'From: myemail@my_domain.com' . "\r\n" .
    'Reply-To: ' . $email . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

Basically take out the $email from inside the single quote and append it to that string

Goodill answered 25/9, 2013 at 14:21 Comment(3)
thank you both. this seems to work. i don't have the karma to share... sorryFadiman
@Rheingold thanks, although you deserve the credit since this is what I used. thanks for your comment.Fadiman
@Fadiman This answer is still vulnerable to mail header injection; in this case, always check if $_POST["email"] / $email contains a valid email address, otherwise spammers will be happy with your form by injecting multiple email addresses that receive the same mail.Heaviness
A
1

Try to use the header like this:

$headers = array(
    'From' => $from,
    'To' => $to,
    'Cci' => $bcc,
    'Subject' => $subject,
    'Reply-To' => $reply_to
);
Arlinearlington answered 24/9, 2018 at 12:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.