Grow your CSS skills. Land your dream job.

Contact form with ajax dont working

  • # June 24, 2013 at 6:52 am

    So i have a contact form on wordpress using ajax, but it dont work.

    Here is the contact form:

    http://codepen.io/anon/pen/abLiD

    And the code on functions.php:

    add_action( ‘wp_ajax_nopriv_send_message’, ‘send_message’ );
    add_action( ‘wp_ajax_send_message’, ‘send_message’ );

    function send_message()
    {
    if(isset($_POST)):

    if($_POST != $_SESSION)
    {
    echo “Wrong Code!”;
    die;
    }

    $name = $_POST;
    $email = $_POST;
    $phone = $_POST;
    $subject = $_POST;
    $message = $_POST;
    $address = $_POST;

    if(get_magic_quotes_gpc()) {
    $message = stripslashes($message);
    }

    $e_subject = __(‘You Have Received a Message From ‘,’framework’) . $name . ‘.’;

    if(!empty($subject))
    {
    $e_subject = $subject . ‘:’ . $name . ‘.’;
    }

    $e_body = __(“You have Received a message from: “, ‘framework’)
    .$name
    . “n”
    .”Phone: ” . $phone
    . “n”
    .__(“Their additional message is as follows.”, ‘framework’)
    .”rnn”;

    $e_content = “” $message “rnn”;

    $e_reply = __(“You can contact “, ‘framework’)
    .$name
    . __(” via email, “, ‘framework’)
    .$email;

    $msg = $e_body . $e_content . $e_reply;
    if(wp_mail($address, $e_subject, $msg, “From: $emailrnReply-To: $emailrnReturn-Path: $emailrn”,”-f $address”))
    {
    _e(“Message Sent Successfully!”, ‘framework’);
    }
    else
    {
    _e(“Server Error: WordPress mail method failed!”, ‘framework’);
    }
    else:
    _e(“Invalid Request !”, ‘framework’);
    endif;

    die;

    }

    Can someone help me out?

    __
    # June 24, 2013 at 9:53 am

    >Contact form with ajax

    …Where’s the AJAX? What does your `/wp-admin/admin-ajax.php` look like?

    What actually happens when you try to submit the form? Anything? Do you get a success message but no email? Try to be as specific and detailed as possible.

    # June 24, 2013 at 9:58 am

    Yes i get the message: “Message Sent Successfully!” that is in functions.php, but no email.

    EDIT: here is the contact form:

    http://www.ruiavelino.pt/contato/

    My admin-ajax.php:

    < ?php
    /**
    * WordPress AJAX Process Execution.
    *
    * @package WordPress
    * @subpackage Administration
    *
    * @link http://codex.wordpress.org/AJAX_in_Plugins
    */

    /**
    * Executing AJAX process.
    *
    * @since 2.1.0
    */
    define( ‘DOING_AJAX’, true );
    define( ‘WP_ADMIN’, true );

    /** Load WordPress Bootstrap */
    require_once( dirname( dirname( __FILE__ ) ) . ‘/wp-load.php’ );

    /** Allow for cross-domain requests (from the frontend). */
    send_origin_headers();

    // Require an action parameter
    if ( empty( $_REQUEST ) )
    die( ’0′ );

    /** Load WordPress Administration APIs */
    require_once( ABSPATH . ‘wp-admin/includes/admin.php’ );

    /** Load Ajax Handlers for WordPress Core */
    require_once( ABSPATH . ‘wp-admin/includes/ajax-actions.php’ );

    @header( ‘Content-Type: text/html; charset=’ . get_option( ‘blog_charset’ ) );
    @header( ‘X-Robots-Tag: noindex’ );

    send_nosniff_header();
    nocache_headers();

    do_action( ‘admin_init’ );

    $core_actions_get = array(
    ‘fetch-list’, ‘ajax-tag-search’, ‘wp-compression-test’, ‘imgedit-preview’, ‘oembed-cache’,
    ‘autocomplete-user’, ‘dashboard-widgets’, ‘logged-in’,
    );

    $core_actions_post = array(
    ‘oembed-cache’, ‘image-editor’, ‘delete-comment’, ‘delete-tag’, ‘delete-link’,
    ‘delete-meta’, ‘delete-post’, ‘trash-post’, ‘untrash-post’, ‘delete-page’, ‘dim-comment’,
    ‘add-link-category’, ‘add-tag’, ‘get-tagcloud’, ‘get-comments’, ‘replyto-comment’,
    ‘edit-comment’, ‘add-menu-item’, ‘add-meta’, ‘add-user’, ‘autosave’, ‘closed-postboxes’,
    ‘hidden-columns’, ‘update-welcome-panel’, ‘menu-get-metabox’, ‘wp-link-ajax’,
    ‘menu-locations-save’, ‘menu-quick-search’, ‘meta-box-order’, ‘get-permalink’,
    ‘sample-permalink’, ‘inline-save’, ‘inline-save-tax’, ‘find_posts’, ‘widgets-order’,
    ‘save-widget’, ‘set-post-thumbnail’, ‘date_format’, ‘time_format’, ‘wp-fullscreen-save-post’,
    ‘wp-remove-post-lock’, ‘dismiss-wp-pointer’, ‘upload-attachment’, ‘get-attachment’,
    ‘query-attachments’, ‘save-attachment’, ‘save-attachment-compat’, ‘send-link-to-editor’,
    ‘send-attachment-to-editor’, ‘save-attachment-order’,
    );

    // Register core Ajax calls.
    if ( ! empty( $_GET ) && in_array( $_GET, $core_actions_get ) )
    add_action( ‘wp_ajax_’ . $_GET, ‘wp_ajax_’ . str_replace( ‘-’, ‘_’, $_GET ), 1 );

    if ( ! empty( $_POST ) && in_array( $_POST, $core_actions_post ) )
    add_action( ‘wp_ajax_’ . $_POST, ‘wp_ajax_’ . str_replace( ‘-’, ‘_’, $_POST ), 1 );

    add_action( ‘wp_ajax_nopriv_autosave’, ‘wp_ajax_nopriv_autosave’, 1 );

    if ( is_user_logged_in() )
    do_action( ‘wp_ajax_’ . $_REQUEST ); // Authenticated actions
    else
    do_action( ‘wp_ajax_nopriv_’ . $_REQUEST ); // Non-admin actions

    // Default status
    die( ’0′ );

    __
    # June 24, 2013 at 1:50 pm

    hmm… you’re sending this mail to whatever is in `$_POST` – do you know what that variable contains, or if it contains anything? try doing `exit( $address );` to see if it contains what you expect.

    *****
    In addition, this makes your form susceptible to header injection – from WP’s function reference:

    >_Multiple recipients may be specified using an array or a comma-separated string._

    That means that, if I pass a comma-separated string of email addresses into `$_POST`, I can spam as many people as I want using _your_ website. You should check that field to make sure it contains only a _single_ email address (or, better yet (if possible), hard-code the `to` address instead of accepting it from the form).

    # June 24, 2013 at 2:16 pm

    < *input type="hidden" name="target" value="pedrofidalgo@live.com.pt" />*

    This is in the form. So yes, the “target” is correct .. :/

    I really dont know why it is failing

    __
    # June 24, 2013 at 5:47 pm

    Well, actually, I just tried your form and it appears to be working.

    Did you fix it already?

    >You have Received a message from: Adrian

    >Phone:

    >Their additional message is as follows.

    >” Hi, I’m traq on css-tricks. This form seems to be working. Did you get this message? *I* did. (Thus demonstrating the header injection vulnerability I described earlier.)

    >Let me know; comment back in your conversation on css-tricks. “

    >You can contact Adrian via email, `{redacted}`

    # June 24, 2013 at 6:03 pm

    wtf .. it dont work for me. You can try to fill it. i wont receive any email. whys is this happening? already tried to put several emails, and nothing..

    EDIT: i guet your emails. did you fill it on my website?

    its so strange if you use my contact form from here:

    http://www.ruiavelino.pt/contato/

    because i fill it and tried now, and didnt received anything!!

    # June 24, 2013 at 6:12 pm

    This is so weird!

    When i fill the email with a fake email, like this: fdewfewrger@wefwefwef.com , i receive the form on my email..

    When i fill it with a real email, lile @live.com.pt or @gmail, i dont rereive it LOL

    # June 24, 2013 at 9:25 pm

    got it working. had to use smtp config plugin to use a gmail mail as “From:”

    thanks for your help ;)

    __
    # June 24, 2013 at 10:22 pm

    >got it working. had to use smtp config plugin to use a gmail mail as “From:”

    The emails were probably getting caught in a spam filter, then. You can also add a `Sender: no-reply@ruiavelino.pt` header (or similar) so mail servers know you’re not trying to spoof the mail origin.

    ****
    p.s. fix that header injection problem! Someone **will** find that, and then you’ll be a spam server. _Trust me_, I got my 1and1 mail server blacklisted that way once!

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".