Want to modify a simple php script
October 25, 2007 8:49 AM   Subscribe

How can I modify this php form script so that the submitted email address also becomes the "from" address of the received email.
posted by davebush to Computers & Internet (9 answers total) 1 user marked this as a favorite
I'm not sure what you mean by "submitted email address." The script uses a hard-coded address in $emailadd. Is this what you're referring to?

This address is also set to be From address in the final argument in this line:
mail($emailadd, $subject, $text, 'From: '.$emailadd.''); 
That argument adds the From field to the SMTP headers. What are you seeing when you try the script?
posted by metric space at 9:06 AM on October 25, 2007

You need to replace the second $emailadd in the call to mail(), in the third line from the end. Store the submitted address in some other variable during the main loop. Remember to provide something sensible if nothing is given.

Try it out as is before going to the trouble of modyfing the form. Some servers will ignore your from: line anyway, and your mail will appear to come from some default user name on your domain.
posted by the number 17 at 9:08 AM on October 25, 2007

Response by poster: The code supplied emails the form results to the hard-coded $emailadd but that also becomes the sender as well - in other words, the email's "from" is the same as the "to." I want the "from" to be the address the user has entered within the form.
posted by davebush at 9:23 AM on October 25, 2007

Ok, then what the number 17 said. You'll need a check in the foreach loop for a $key equal to whatever you call the email input field. Save its corresponding $value in a new variable and replace the $emailadd in the line quoted above with that variable.
posted by metric space at 9:38 AM on October 25, 2007

Best answer: Supposing the control where the e-mail is submitted is called "email", you need to add something like this before the closing brace on fourth line from the end:
if( $key == "email" ){
 $fromadd= $value;
Then change the mail() line to read :
mail($emailadd, $subject, $text, 'From: '.$fromadd.'');
Add this line in the header, after $emailadd is set, for good measure:
DISCLAIMER: I don't really now anything about php, using the user-supplied e-mail like that may be a security weakness. You probably need to at least check it's a well-formatted address before using it.
posted by the number 17 at 9:51 AM on October 25, 2007

The address needs to be properly validated, or at the very least filtered to remove anything that could be treated as a newline, otherwise it's wide open to email injection.
posted by malevolent at 9:59 AM on October 25, 2007

you will also need to check to make sure only one email address has been entered. it is perfectly valid to have a delimited list of emails addresses for your to address but this causes all sorts of problems with your from address.
posted by phil at 10:04 AM on October 25, 2007

Building a Bulletproof Contact Form with PHP (maybe not actually bulletproof, but some good tips, including code for stripping header injections and new lines).

I use this code to check for a valid domain in the email address:

// split the submitted email address
list($username,$domaintld) = split("@",$email);
// validate the domain
if (getmxrr($domaintld,$mxrecords))

posted by kirkaracha at 12:10 PM on October 25, 2007

I'd like to recommend against this idea. Don't modify the from field, use the Reply-To header instead. Certain anti-spam mechanisms (particularly SPF) will most likely tag mail as spam if the from header is spoofed and the sender is not in the accepted allowed sender list. Most mail clients will display the Reply-To field as the sender and your real mail host address will be simply buried in the headers.
posted by purephase at 2:34 PM on October 25, 2007 [1 favorite]

« Older How can I help a friend who will be undergoing...   |   Did I imagine this Vine column? Newer »
This thread is closed to new comments.