Payment options form to email

Hi people, I’m just a dumb ass aussie trying to teach myself webdesign. I’ve just uploaded a site for a friend who wants to sell a CD from the site that teaches pre school kids to write, count, etc. I’ve created a form that collects the users details, name, email, address, etc. It has a couple of options for payment, credit card, cheque, money order, etc and soon to come paypal. The form uses a PHP mail function and a javascript for validation purposes. The PHP also guards against email injection. The code should send the users details to the site owners email address and a thank you email to the users email address. However, when I test this, absolutely nothing happens, the form even retains all the data in the input fields. There are no errors that come up nothing to indicate any problem at all. This is way over my head and I was wondering if somebody here could possibly help out.
This is the link to the form page http://www.lefs.com.au/Lefs%20CD/html/Order%20CD.html
This is the link to the PHP page http://www.lefs.com.au/Lefs%20CD/html/form_to_email.php
This the link to the email for the user http://www.lefs.com.au/Lefs%20CD/html/thank-you.html
And this is the link to the javascript validation page http://www.lefs.com.au/Lefs%20CD/html/scripts/gen_validatorv31.js
Any help is greatly appreciated as I need to get this finished for her, now the site is up . Cheers

Sounds like there’s a problem with the PHP script that is meant to send off the emails. You’d need to post your form’s PHP code here for people to check it out, as you can’t post a live link to it. :slight_smile:

Ok no worries ralph.m here it is

<?php
if(!isset($_POST['submit']))
{
	//This page should not be accessed directly. Need to submit the form.
	echo "error; you need to submit the form!";
}
$Firstname = $_POST['Firstname'];
$Lastname = $_POST['Lastname'];
$visitor_email = $_POST['Email Address'];
$Address = $_POST['Address'];
$Suburb = $_POST['Suburb'];
$City = $_POST['City'];
$State = $_POST['State'];
$Postcode = $_POST['Postcode'];
$Cardtype = $_POST['Card type'];
$Cardname = $_POST['Name on Card'];
$Cardnumber = $_POST['Card Number'];
$Securcode = $_POST['Security Code'];
$Expiredate = $_POST['Expiry date'];
$Cheque = $_POST['Cheque/Money Order/Postal Note'];
//Validate first
if(empty($Firstname)||empty($Lastname)||empty($visitor_email)||empty($Address)||empty($Suburb)||empty($City)||empty($State)||empty($Postcode)) 
{
    echo "Name and email are mandatory!";
    exit;
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

$email_from = 'email@mysite.com.au';//<== update the email address
$email_subject = "CD Order";
$email_body = "You have received a new CD order from the user $Firstname, $Lastname.\
".
    "Here is their address:\
 $Address, $Suburb, $City, $State, $Postcode.\
".
	"Here is their Credit Card details:\
 $Cardtype, $Cardname, $Cardnumber, $Securcode, $Expiredate.\
".
	"This is if they chose to pay by Cheque, Money Order or Postal Note:\
 $Cheque.\
".
    
$to = "email@mysite.com.au";//<== update the email address
$headers = "From: $email_from \\r\
";
$headers .= "Reply-To: $visitor_email \\r\
";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank-you.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\
+)',
              '(\\r+)',
              '(\	+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
   
?>

Hm, I can’t see off the top of my head why that isn’t working. BUT … it’s actually illegal to collect card details like that on a non-encypted form. You should delete this form at once! Those credit card details can easily be stolen, and you will be up for a big fine. You either should use a free service like PayPal to collect credit card info, or set up a proper shopping cart, with SSL protection (https:// etc.), but that’s a bit of a learning curve.

Ok ralph.m I wasn’t aware of that, I have since, posting the thread, spoken to the owner of the site, and she said she has spoken to paypal is awaiting an email from them, I will delete the card info immediately, a shopping cart seems a bit much for one item anyway. The site has only been up for just on 24hrs and is still in testing stages, hence the reason for the post. So you reckon the code is good otherwise, strange no email was generated. Do you think it could have something to do with the way I set the mail forwarding on Crazy Domains server? Cheers and thanx for the info.

Don’t take my word for it, as it’s not my area, though I am interested in it. :slight_smile: PayPal sounds like the way to go here, anyway, as i makes things super easy. If you want a nicer interface, you could look at alternatives like FoxyCart (which allows you to style the landing page just like your site, so that the visitors think they are still on the same site), but then you are up for monthly fees and you also need a payment gateway (like eWay) and a merchant account with a bank … bleh, which starts to get expensive, unfortunately.

There are laws relating to PCI compliance that it’s worth knowing about (though I can’t claim to have read them). They set out the rules and regulations for those engaging in online selling. I still find it a bit confusing and scary.

Yes I think paypal maybe the answer also, so what is your area ralph.m? just in case I come across something, if not already come across something that I need help with, I’ll know where and who to turn to, Cheers mate.

Nothing, really. :lol: But I’m more at home with HTML and CSS. Those forums are very active, though, with a lot of great people.

Cheers ralph.m, I’m reasonably fine with HTML but not so crash hot with CSS, PHP I can usually edit to suit my needs but would be flat out trying to wite my own code, javascipt is way over my head and very difficult to understand. However back to the topic at hand, I’ve removed all the credit card details from the form and now have Paypal installed, seems to work well, unfortunately I still can’t get the PHP mail function to work, it is requied for users who wish to pay by cheque, money order or postal note, the emails it generates has the billing address in it, as well as sending the user details, to the site owner, for posting the CD. Maybe you can point one of the PHP gurus here to take a look at the code. Thanx

The next question would be, where is the [COLOR="#FF8C00"]form-to-email.php[/COLOR] file stored? Is it in the same folder as the page [COLOR="#FF8C00"]Order CD.html[/COLOR] page (that is, the /html/ folder)? If not, then it’s in the wrong location.

PS: try to avoid spaces in your URLs. File names should have no gaps. Browsers insert %20 for gaps, which is quite ugly:

[noparse]http://www.lefs.com.au/Lefs%20CD/html/Order%20CD.html[/noparse]

Yes it is ralph.m my initial post indicates that, and yes I’m aware of the %20 for gaps, though I don’t think ugliness compares to workability, in other words as long as it works I don’t care how ugly it looks (laugh). Cheers mate

But that link returns a 404 error. Are you sure it’s there?

I’m aware of the %20 for gaps, though I don’t think ugliness compares to workability, in other words as long as it works I don’t care how ugly it looks

It doesn’t really work, though. Try using hyphens if you want the words to be separated. Just consider it a fundamental no no to leave gaps in URLs.

Your order form page isnt submitting the data, and you have a javascript error on that page also.

Youd need to post the code for the order page to find out whats going on there.

Its there and as you stated earlier “You’d need to post your form’s PHP code here for people to check it out, as you can’t post a live link to it.” Its the same code as above, just minus the credit card stuff “$Cardtype = $_POST[‘Card type’]; $Cardname = $_POST[‘Name on Card’]; $Cardnumber = $_POST[‘Card Number’]; $Securcode = $_POST[‘Security Code’]; $Expiredate = $_POST[‘Expiry date’];” and this line ""Here is their Credit Card details:
$Cardtype, $Cardname, $Cardnumber, $Securcode, $Expiredate.
". But just to make 100% sure I’ll FTP back into Crazy Domains server and get back to you in a couple of minutes. Cheers ralph.m

Ok ralph.m just checked Crazy Domains, its definetly there. And here’s the form from the Order CD page Mandes,

<div id=“apDiv6”><p>Payment Options</p>
<p>If you wish to pay by Cheque, Money Order or Postal Note, please fill out and submit the form below to order your CD, otherwise you can pay using Paypal or Credit card by clicking on the Buy Now button.<br>Price $25.00 + $4.95 postage = $29.95</p>
<form method=“post” name=“myemailform” action=“form-to-email.php”>
<input type=“text” name=“Firstname” id=“textfield”> First Name<br>
<input type=“text” name=“Lastname” id=“textfield”> Last Name<br>
<input type=“text” name=“email” id=“textfield”> Email Address<br>
<input type=“text” name=“Address” id=“textfield”> Address<br>
<input type=“text” name=“Suburb” id=“textfield”> Suburb<br>
<input type=“text” name=“City” id=“textfield”> City<br>
<input type=“text” name=“State” id=“textfield”> State<br>
<input type=“text” name=“Postcode” id=“textfield”> Postcode<br>

<select name=“invoice[ch_mo_pn}” autocomplete=“off” style=“width: 100px;”>

<option value=“”>Cheque</option>

<option value=“Cheque”>Cheque</option>

<option value=“Money Order”>Money Order</option>

<option value=“Postal Note”>Postal Note</option></select><label for=Cheque/Money Order/Postal Note> Cheque/Money Order/Postal Note</label><br>An email will be sent with our billing address.
<p><input type=“button” name=“Submit” value=“Submit”></p>
</form>
<script language=“JavaScript”>
var frmvalidator = new Validator(“myemailform”);
frmvalidator.addValidation(“FirstName”,“req”,“Please enter your First Name”);
frmvalidator.addValidation(“FirstName”,“maxlen=20”,“Max length for FirstName is 20”);
frmvalidator.addValidation(“LastName”,“req”);
frmvalidator.addValidation(“LastName”,“maxlen=20”);
frmvalidator.addValidation(“email”,“req”,“Please provide your email”);
frmvalidator.addValidation(“email”,“email”,“Please enter a valid email address”);
frmvalidator.addValidation(“Address”,“req”,“maxlen=50”);
frmvalidator.addValidation(“Suburb”,“req”,“maxlen=50”);
frmvalidator.addValidation(“City”,“req”,“maxlen=50”);
frmvalidator.addValidation(“State”,“req”,“maxlen=50”);
frmvalidator.addValidation(“Postcode”,“req”,“minlen=4”);
frmvalidator.addValidation(“Postcode”,“numeric”);
</script>

Duh, we all missed the obvious. Your URL ends with [COLOR="#FF8C00"]form_to_email.php[/COLOR], but your action link points to [COLOR="#FF8C00"]form-to-email.php[/COLOR]. See any problem there? Those are two different names. :slight_smile:

At least you are using something to fill the gaps, but it must be consistent. Either change the URL to

http://www.lefs.com.au/Lefs-20CD/html/[COLOR="#FF0000"]form-to-email.php[/COLOR]

or change the form action to

<form method="post" name="myemailform" action="[COLOR="#FF0000"]form_to_email.php[/COLOR]"> 

Duh is right ralph.m, a very simple but stupid error on my behalf. Like I said in my initial post “I’m just a dumb ass aussie” Cheers for all your help and support its greatly appreciated guys.

Ha ha, me too. :slight_smile: Did that fix the issue? It certainly needs fixing, but there may be other issues, too.

Umm actually no it didn’t fix it, I just tried it and still nothing happening, but you are right that error did need fixing, ralph.m glad you spotted it. Cheers

OK, the next thing I see is that you have this in your form:

<input type="button" value="Submit" name="[COLOR="#FF0000"]Submit[/COLOR]">

Notice that “Submit” has a captial S, but in your script it is just

$_POST['[COLOR="#FF0000"]submit[/COLOR]']

So change the word in the form to “submit” with a small s.

Also, you are better off not using type=“button”. (It’s really for JavaScript powered buttons, I believe.) Try changing that whole line to this:

<input type="[COLOR="#0000CD"]submit[/COLOR]" value="Submit" name="[COLOR="#FF0000"]submit[/COLOR]">