php mail script not working

[garyb10]

Can anybody tell me why this script isn't working.

You can see the form at http://1900tr.com/contact.php

Code: [Select]

$to      = "customer_support@1900tr.com";
$subject = $_REQUEST["subject"];
$body = $_REQUEST["body"];
$email = $_REQUEST["email"];
$name = $_REQUEST["name"];

$dodgy_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
                ,"bcc:"
);

function is_valid_email($email) {
  return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);
}

function contains_bad_str($str_to_test) {
  $bad_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
,"Content-Transfer-Encoding:"
                ,"bcc:"
,"cc:"
,"to:"
  );
 
  foreach($bad_strings as $bad_string) {
    if(eregi($bad_string, strtolower($str_to_test))) {
      echo "$bad_string found. Suspected injection attempt - mail not being sent.";
      exit;
    }
  }
}

function contains_newlines($str_to_test) {
   if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
     echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
     exit;
   }
}

if($_SERVER['REQUEST_METHOD'] != "POST"){
   echo("Unauthorized attempt to access page.");
   exit;
}

if (!is_valid_email($email)) {
  echo 'Invalid email submitted - mail not being sent.';
  exit;
}

contains_bad_str($email);
contains_bad_str($subject);
contains_bad_str(body);

contains_newlines($email);
contains_newlines($subject);

$headers = "From: $email";
mail($to, $name, $subject, $body, $headers);
echo "Thanks for submitting.";

TIA
Gary

[alex]

Code: [Select]

$to      = "customer_support@1900tr.com";
$subject = $_REQUEST["subject"];
$body = $_REQUEST["body"];
$email = $_REQUEST["email"];
$name = $_REQUEST["name"];

$dodgy_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
                ,"bcc:"
);

function is_valid_email($email) {
  return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);
}

function contains_bad_str($str_to_test) {
  $bad_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
,"Content-Transfer-Encoding:"
                ,"bcc:"
,"cc:"
,"to:"
  );
 
  foreach($bad_strings as $bad_string) {
    if(eregi($bad_string, strtolower($str_to_test))) {
      echo "$bad_string found. Suspected injection attempt - mail not being sent.";
      exit;
    }
  }
}

function contains_newlines($str_to_test) {
   if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
     echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
     exit;
   }
}

if($_SERVER['REQUEST_METHOD'] != "POST"){
   echo("Unauthorized attempt to access page.");
   exit;
}

if (!is_valid_email($email)) {
  echo 'Invalid email submitted - mail not being sent.';
  exit;
}

contains_bad_str($email);
contains_bad_str($subject);
contains_bad_str($body);//replace body with $body

contains_newlines($email);
contains_newlines($subject);

$body = $body . " From: " . $name;
$headers='MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html;charset=iso-8859-1' . "\r\n";
$headers .= "From: $email" . "\r\n";
mail ($to, $subject, $body, $headers);
echo "Thanks for submitting.";


[garyb10]

no more server error but no body/message. it is strange with the other way i got the whole mail but had a server error.

[garyb10]

my bad, it working just putting the body before the from. I will go through it tomorrow. Thanks for the help.