Contact form not sending data

astrid33 · November 25, 2013, 2:00am

Hello! I’m trying to fix this contact form that someone else built, it sends the email but with no field data. Any help would be appreciated.

Here is the HTML

<script type="text/javascript">
//<![CDATA[
var nReset=0;
function Reset(){
 var obj = new Object;
obj = document.getElementById('name');
obj.value = 'Name';
obj = document.getElementById('phone');
obj.value = 'Phone';
obj = document.getElementById('email');
obj.value = 'E-Mail';
obj = document.getElementById('message');
obj.value = 'Type message here';
}

                                                        //]]>
 </script>
<form name="contact" method="post" action="php/sendemail.php" onSubmit="if(nReset==1) return false; else return formCheck(this,fieldRequired1,selFld1);">
  <input type="hidden" name="refpage" value="index.html" />
  <input type="hidden" name="form_avar" value="name,email" />
  <input type="hidden" name="form_amsg" value="'Your Name','Your Email Address'" />
  <input type="hidden" name="form_aval" value="'Name','E-Mail'" />
  <input type="hidden" name="form_aftp" value="'','E'" />
  <script type="text/javascript">
//<![CDATA[

 <!-- // Array = ['field Name', 'field Label', 'field Empty value', 'field Type'] - for field Type = N - numeric, E - email address, P - phone format (XXX) XXX - XXXXX / XXX - XXX.XXXX, D -date

 myString = new String()
 myString = document.contact.form_avar.value;
aStringA = myString.split(",")
 myString = document.contact.form_amsg.value;
aStringB = myString.split(",")
myString = document.contact.form_aval.value;
aStringC = myString.split(",")
 myString = document.contact.form_aftp.value;
 aStringD = myString.split(",")
for(n=0; n<aStringA.length; n++){
 cEval = "fieldRequired1.push(['"+aStringA[n]+"',"+aStringB[n]+","+aStringC[n]+","+aStringD[n]+"]);";
eval(cEval);

                                                        }

                                                        -->

                                                        //]]>
 </script>
  <table width="176" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td align="left" valign="top"><img src="images/quick-text.gif" alt="quick contact" width="118" height="12" /></td>
  </tr>
  <tr>
    <td align="center" valign="top" class="body_text"><!-- starterr -->&nbsp;<!-- stoperr --></td>
  </tr>
  <tr>
    <td align="left" valign="top"><label>
        <input name="name" id="name" type="text" class="inputArea" onFocus="if(this.value=='Name')this.value='';" onBlur="if(this.value=='')this.value='Name';" value="Name" />
      </label></td>
  </tr>
  <tr>
    <td height="12" align="left" valign="top"></td>
  </tr>
  <tr>
    <td align="left" valign="top"><input name="phone" id="phone" type="text" class="inputArea" onFocus="if(this.value=='Phone')this.value='';" onBlur="if(this.value=='')this.value='Phone';" value="Phone" /></td>
  </tr>
  <tr>
    <td height="12" align="left" valign="top"></td>
  </tr>
  <tr>
    <td align="left" valign="top"><input name="email" id="email" type="text" class="inputArea" onFocus="if(this.value=='E-Mail')this.value='';" onBlur="if(this.value=='')this.value='E-Mail';" value="E-Mail" /></td>
  </tr>
  <tr>
    <td height="12" align="left" valign="top"></td>
  </tr>
  <tr>
    <td align="left" valign="top"><label>
        <textarea name="message" id="message" wrap="virtual" class="messageArea" onFocus="if(this.value=='Type message here')this.value='';" onBlur="if(this.value=='')this.value='Type message here';" value="Type message here">
Type message here
</textarea>
      </label></td>
  </tr>
  <tr>
    <td height="8" align="left" valign="top"></td>
  </tr>
  <tr>
    <td align="left" valign="top"><table border="0" cellspacing="0" cellpadding="2">
        <tr>
          <td align="left" valign="middle"><input type="image" src="images/send-btn.gif" alt="send" width="44" height="23" border="0" onClick="nReset=0;" /></td>
          <td align="left" valign="middle"><script type="text/javascript">
//<![CDATA[
  <!--//
document.write('<input type="image" src="images/reset-btn.gif" alt="reset" width="50" height="23" border="0" onClick="nReset=1; Reset();"/>');

   //-->
   //]]>
  </script></td>
        </tr>
      </table>
</form>

Here is the sendemail.php

&lt;?php
$refpage = $_REQUEST['refpage'];
$baseURL = 'http://www.PharmapexUSA.com';

// E R R O R   C H E C K --------------------------------------------------------------------------------------------
if(isset($_POST['form_avar']) && isset($_POST['form_amsg']) && isset($_POST['form_aval']) && isset($_POST['form_aftp'])){
    $cErr = '';
    $nNr=0;
    $aVar=explode(",", $_POST['form_avar']);
    $aMsg=explode(",", $_POST['form_amsg']);
    $aVal=explode(",", $_POST['form_aval']);
    $aFtp=explode(",", $_POST['form_aftp']);
    foreach($aVar as $var){
        $val = stripslashes($aVal[$nNr]);
        if($val=="'".trim($_POST[$var])."'"){
            $cErr = '1';
        } else {
            $ftp = stripslashes($aFtp[$nNr]);
            if(strpos(' '.$ftp,'E')&gt;0){
                if(!eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\\.[a-z]{2,6}$", trim($_POST[$var]))){
                    $cErr = '2';
                    $cFld = $var;
                }
            }
        }
        $nNr+=1;
    }

    if($cErr!=''){
        $cVal = '';
        include_once('cookie.php');
        sess_start("../temp/","");
        foreach (array("_POST") as $source) {
            foreach (${$source} as $idx =&gt; $value) {
                sess_register($idx);
                $idx = $value;
            }
        }
    
    // Permanent redirection

    sess_register('cErr');
    sess_register('cFld');
    sess_register('baseurl');
    $baseurl=$baseURL;
    sess_register('refpage');
    sess_close();
    $eChar = md5(rand(0,32000) . time() . rand(0,32000));
    $cVal = "k=".substr($eChar,0,8).$MYSID;

    header("HTTP/1.1 301 Moved Permanently");
    header("Location: ../emailerror.php?".$cVal);
    exit;
    }
}
// ------------------------------------------------------------------------------------------------------------------------

get_form_data();

// ------------------------------------------------------------------------------------------------------------------------


$body="";

$mailform_to = "myemail@gmail.com";
$mailform_to = myemail@gmail.com";

$subject = "Pharmapex.com - Contact Form";
if($refpage == 'contact.html')
    $body= $body . "Name: $name\
" .  "Title: $title\
" .  "Company: $company\
" .  "Country: $country\
" .  "Email: $email\
" . "Phone: $phone\
\
" . "Comments: $message\
";
else
    $body= $body . "Name: $name\
" .  "Phone: $phone\
" . "Email: $email\
\
" . "Message: $message\
";

$nSend = mail($mailform_to, $subject, $body, "From:" . $email);
echo $nSend;
if($nSend==1)
    header("Location: ../thankyou.php?r=".$refpage);
else
    header("Location: ../thankyou.php?e=".$refpage);
?&gt;

&lt;?
//-----------------------------------------------------------------------------------------------------------------------------
function get_form_data(){
    global $REQUEST_METHOD;
    global $HTTP_POST_VARS;
    global $HTTP_GET_VARS;
    
       //strip spaces from all fields
    $vars = ($REQUEST_METHOD == 'GET') ? $_GET : $_POST;
    foreach ($vars as $k=&gt;$value){
        input_check_mailinj($value);
    }
}


function input_check_mailinj($value)
{
   # mail adress(ess) for reports...
   $report_to = "myemail@gmail.com";

   # array holding strings to check...
   $suspicious_str = array
   (
       "content-type:"
       ,"charset="
       ,"mime-version:"
       ,"multipart/mixed"
       ,"bcc:"
       ,"cc:"
   );

   // remove added slashes from $value...
   $value = stripslashes($value);

   foreach($suspicious_str as $suspect)
   {
       # checks if $value contains $suspect...
       if(eregi($suspect, strtolower($value)))
       {
           $ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty' : $_SERVER['REMOTE_ADDR']; // replace this with your own get_ip function...
           $rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty' : $_SERVER['HTTP_REFERER'];
           $ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty' : $_SERVER['HTTP_USER_AGENT'];
           $ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty' : $_SERVER['REQUEST_URI'];
           $rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty' : $_SERVER['REQUEST_METHOD'];

           # if so, file a report...
           if(isset($report_to) && !empty($report_to))
           {
               @mail
               (
                     $report_to
                   ,"[ABUSE] mailinjection @ " . $_SERVER['HTTP_HOST'] . " by " . $ip
                   ,"Stopped possible mail-injection @ " . $_SERVER['HTTP_HOST'] . " by " . $ip . " (" . date('d/m/Y H:i:s') . ")\\r\
\\r\
" .
                     "*** IP/HOST\\r\
" . $ip . "\\r\
\\r\
" .
                     "*** USER AGENT\\r\
" . $ua . "\\r\
\\r\
" .
                     "*** REFERER\\r\
" . $rf . "\\r\
\\r\
" .
                     "*** REQUEST URI\\r\
" . $ru . "\\r\
\\r\
" .
                     "*** REQUEST METHOD\\r\
" . $rm . "\\r\
\\r\
" .
                     "*** SUSPECT\\r\
--\\r\
" . $value . "\\r\
--"
               );
           }

           # ... and kill the script.
           die
           (
               'Script processing cancelled: string (`<em>'.$value.'</em>`) contains text portions that are ' .
               'potentially harmful to this server. &lt;em&gt;Your input has not been sent!&lt;/em&gt; Please use your ' .
               'browser\\'s `back`-button to return to the previous page and try refrasing your input.&lt;/p&gt;'
           );
       }
   }
}
//-----------------------------------------------------------------------------------------------------------------------------

ralphm · November 25, 2013, 2:26am

Hi astrid33. Welcome to the forums.

HTML form fields need to have a name=“” attribute, like this:

name="message"

The value then needs to be picked up by the PHP script. Your script looks for things like

$_POST['[COLOR="#FF0000"]form_amsg[/COLOR]']

… which doesn’t match the name values in the form, meaning that the form data can’t be passed on.

In the PHP code, new variable are created, such as here:

[COLOR="#FF0000"]$aMsg[/COLOR]=explode(",", $_POST['form_amsg']);

If you are going to create new variables like that, the aim is to place them in the email that is sent. But instead, your code has variables like this:

$body= $body . "Name: [COLOR="#FF0000"]$name[/COLOR]\
" .

But $name hasn’t been declared anywhere.

So basically the whole thing is borked. It certainly needs tidying up, so the first thing to do would be to smooth out that flow I described above:

make sure all the name attribute values are picked up after this line:

// E R R O R C H E C K --------------------------------------------------------------------------------------------

Then add the new variables that are created (like $aMsg) into the body code that is sent to the email, instead of things like $name etc.

1119 · November 25, 2013, 7:42pm

You also need to set the enctype attribute to tell the browser what it is sending, plain text or binary data or a URL that is encoded.