Good morning. My contact / formail stopped working. Can someone please take a look at the code?

Good morning. My contact / formail stopped working. Can someone please take a look at the code?

Link to contact page with the issue. https://shorturl.at/kwyJ2

Once submitted it currently redirects to formmail.php and not confirmation.html as it should and I receive no email.

I am guessing something has changed in the servers new php version. Can anyone spot the issue? Thank you for your time!

My formmail.php

<?php
$mailto = 'me@mydomain.com' ;
$from = "Biz Name Formmail" ;
$formurl = "http://www.mydomain/formmail.php" ;
$errorurl = "http://www.mydomain/formmailerror.html" ;
$thankyouurl = "http://www.mydomain/confirmation.html" ;

// prevent browser cache
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); 

function remove_headers($string) { 
  $headers = array(
    "/to\:/i",
    "/from\:/i",
    "/bcc\:/i",
    "/cc\:/i",
    "/Content\-Transfer\-Encoding\:/i",
    "/Content\-Type\:/i",
    "/Mime\-Version\:/i" 
  ); 
  if (preg_replace($headers, '', $string) == $string) {
    return $string;
  } else {
    die('You think Im spammy? Spammy how? Spammy like a clown, spammy?');
  }
}

$uself = 0;
$headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;

if (!isset($_POST['email'])) {
	header( "Location: $errorurl" );
	exit ;
}

$name = remove_headers($_POST['name']);
$phone = remove_headers($_POST['phone']);
$email = remove_headers($_POST['email']);

$address = remove_headers($_POST['address']);
$city = remove_headers($_POST['city']);
$state = remove_headers($_POST['state']);
$zip = remove_headers($_POST['zip']);

$child1 = remove_headers($_POST['child1']);
$age1 = remove_headers($_POST['age1']);
$months1 = remove_headers($_POST['months1']);

$child2 = remove_headers($_POST['child2']);
$age2 = remove_headers($_POST['age2']);
$months2 = remove_headers($_POST['months2']);

$contactvia = remove_headers($_POST['contactvia']);
$comments = remove_headers($_POST['comments']);
$spam = remove_headers($_POST['spam']);
$http_referrer = getenv( "HTTP_REFERER" );

// Clean Phone
if (preg_match("{[A-Za-z]}", $phone)) {
    header( "Location: $errorurl" );
	exit ;
}
// Clean Email
if (!preg_match("/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$email) && ( !empty($email))) {
    header( "Location: $errorurl" );
    exit ;
}
// Clean Comments
if (get_magic_quotes_gpc()) {
	$comments = stripslashes( $comments );
}
if (strlen($comments) > 3000) {
$comments=substr($comments, 0, 3000).'...';
}
if (preg_match("{link=}", $comments) || preg_match("{url=}", $comments) || preg_match("{http://}", $comments))
{
    header( "Location: $errorurl" );
	exit ;
}
// Clean All
if ( preg_match( "[\r\n]", $name ) || preg_match( "[\r\n]", $email ) ) {
	header( "Location: $errorurl" );
	exit ;
}
// Spam Question
if ($spam == 4){
    // success, continue processing
}
else{
    header( "Location: $errorurl" );
	exit ;
}

$message =
	"This message was sent from:\n" .
	"$http_referrer\n\n\n" .
	
	"Name: $name\n\n" .
	"Phone: $phone\n\n" .
	"Email: $email\n\n\n" .
	
	"Address: $address\n\n" .
	"City: $city\n\n" .
	"State: $state\n\n" .
    "Zip Code: $zip\n\n\n" .

	"Child One: $child1\n\n" .
	"Age: $age1\n\n" .
	"Months: $months1\n\n\n" .
	
	"Child Two: $child2\n\n" .
	"Age: $age2\n\n" .
	"Months: $months2\n\n\n" .

	"Contact Via: $contactvia\n\n" .
	"Comments: $comments\n\n" .
	"Spam Question: $spam\n" .
	"\n\n-----------------------------------------------------------\n" ;

mail($mailto, $from, $message,
	"From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\" <$email>" . $headersep );
header( "Location: $thankyouurl" );
exit ;

?>

And here is the run html as php in my .htaccess just incase this might be the issue.

# make server run html as php
AddHandler application/x-httpd-ea-php81___lsphp .html

There is no line in the code you have shown us that could redirect to that url. All exit paths in this code lead to either formmailerror.html or confirmation.html.

The form you linked to doesnt redirect, it just flat out fails, returning a 500 error.

Do you have access to the server error log? (it may be in the directory, as error_log)

Any chance $email is not a valid email address on the server sending the mail? With your PHP upgrade, maybe you aren’t allowed to forge that From: address anymore?

How far through your code does execution get before it starts to go wrong, when you debug it?

The email is valid

I wish I knew

Ok yes I was able to locate the error logs. Here is what it says. What do you php experts make of it?

There are hundreds of the same error dating back to early 2022. Thats when it obviously broke.

Thank you for any ideas you may have.

#0 {main}
thrown in /home2/building/public_html/formmail.php on line 73
[14-Jul-2023 06:55:28 America/Chicago] PHP Warning: Undefined array key “contactvia” in /home2/building/public_html/formmail.php on line 57
[14-Jul-2023 06:55:28 America/Chicago] PHP Fatal error: Uncaught Error: Call to undefined function get_magic_quotes_gpc() in /home2/building/public_html/formmail.php:73
Stack trace:

Ok this line of code breaks it. If I remove it the form works. Is the syntax wrong? Or should I just remove it?

// Clean Comments
if (get_magic_quotes_gpc()) {
	$comments = stripslashes( $comments );
}

also how to I fix the warning?

PHP Warning: Undefined array key “contactvia” in /home2/building/public_html/formmail.php on line 57

The first error refers to this line:

$contactvia = remove_headers($_POST['contactvia']);

and is telling you that there is no such variable coming from your form post. As for how to fix it, either add it in to your form, or have your PHP code check that it exists before you try to use it. You should really do that for all form variables prior to using them.

As per the documentation, that function has been removed completely from PHP version 8.0

https://www.php.net/manual/en/function.get-magic-quotes-gpc.php

As your use of it results in a fatal error, that would (as I read it) mean that the script goes no further.

contactvia is in my contact form though. Sorry I’m php slow.

<p class="blue">How would you like us to contact you?</p>
<input type="radio" name="contactvia" value="Email" id="radioemail"><label for="radioemail">Email</label>
<input type="radio" name="contactvia" value="Phone" id="radiophone"><label for="radiophone">Phone</label>

Nice! So just remove it then. Thank you!!!

Only if someone chooses one of the radio options. If they submit the form without choosing one, contactvia will not be sent as part of the submission. You should check to see if it exists (or null coalesce it to exist)

This function has been DEPRECATED as of PHP 7.4.0, and REMOVED as of PHP 8.0.0. Relying on this function is highly discouraged.

You could set one of the radios to be selected by default to help avoid situations where someone neglects to select one.
Though it is still best practice to have PHP check if it is set and has a valid (expected) value.

I like that but then I have to do the same in the js. Im old and lazy

thank you. Can you show me how to go about doing that?

It’s only a case of adding the checked attribute to the default value.

<input type="radio" name="contactvia" value="Email" id="radioemail" checked>

No JS required.
For most cases of ordinary users it will ensure that a radio button is selected.
The only time that won’t happen is if someone is up to no good, in that case the server side (PHP) validation will catch and deal with it, if the value is either not set, or different to any value you expect.

which is about as nice of a segue as i’m going to get :stuck_out_tongue:

if(!isset($_POST['contactvia']) || ($_POST['contactvia'] !== "Email" && $_POST['contactvia'] !== "Phone")) {
  //You have choices here; either set a default value, redirect as a failure, etc.
  $contactvia = "Bad Entry"
} else {
  $contactvia = $_POST['contactvia']; 
  //You already know the value was set to either "Email" or "Phone", so it's safe.
}
2 Likes