Contact form with ajax dont working

[austinnnnn]

So i have a contact form on wordpress using ajax, but it dont work.

Here is the contact form:

http://codepen.io/anon/pen/abLiD

And the code on functions.php:

add_action( ‘wp_ajax_nopriv_send_message’, ‘send_message’ );
add_action( ‘wp_ajax_send_message’, ‘send_message’ );

function send_message()
{
if(isset($_POST)):

if($_POST != $_SESSION)
{
echo “Wrong Code!”;
die;
}

$name = $_POST;
$email = $_POST;
$phone = $_POST;
$subject = $_POST;
$message = $_POST;
$address = $_POST;

if(get_magic_quotes_gpc()) {
$message = stripslashes($message);
}

$e_subject = __(‘You Have Received a Message From ‘,’framework’) . $name . ‘.’;

if(!empty($subject))
{
$e_subject = $subject . ‘:’ . $name . ‘.’;
}

$e_body = __(“You have Received a message from: “, ‘framework’)
.$name
. “n”
.”Phone: ” . $phone
. “n”
.__(“Their additional message is as follows.”, ‘framework’)
.”rnn”;

$e_content = “” $message “rnn”;

$e_reply = __(“You can contact “, ‘framework’)
.$name
. __(” via email, “, ‘framework’)
.$email;

$msg = $e_body . $e_content . $e_reply;
if(wp_mail($address, $e_subject, $msg, “From: $emailrnReply-To: $emailrnReturn-Path: $emailrn”,”-f $address”))
{
_e(“Message Sent Successfully!”, ‘framework’);
}
else
{
_e(“Server Error: WordPress mail method failed!”, ‘framework’);
}
else:
_e(“Invalid Request !”, ‘framework’);
endif;

die;

}

Can someone help me out?

[__]

>Contact form with ajax

…Where’s the AJAX? What does your `/wp-admin/admin-ajax.php` look like?

What actually happens when you try to submit the form? Anything? Do you get a success message but no email? Try to be as specific and detailed as possible.

[austinnnnn]

Yes i get the message: “Message Sent Successfully!” that is in functions.php, but no email.

EDIT: here is the contact form:

http://www.ruiavelino.pt/contato/

My admin-ajax.php:

/**
* WordPress AJAX Process Execution.
*
* @package WordPress
* @subpackage Administration
*
* @link http://codex.wordpress.org/AJAX_in_Plugins
*/

/**
* Executing AJAX process.
*
* @since 2.1.0
*/
define( ‘DOING_AJAX’, true );
define( ‘WP_ADMIN’, true );

/** Load WordPress Bootstrap */
require_once( dirname( dirname( __FILE__ ) ) . ‘/wp-load.php’ );

/** Allow for cross-domain requests (from the frontend). */
send_origin_headers();

// Require an action parameter
if ( empty( $_REQUEST ) )
die( ‘0’ );

/** Load WordPress Administration APIs */
require_once( ABSPATH . ‘wp-admin/includes/admin.php’ );

/** Load Ajax Handlers for WordPress Core */
require_once( ABSPATH . ‘wp-admin/includes/ajax-actions.php’ );

@header( ‘Content-Type: text/html; charset=’ . get_option( ‘blog_charset’ ) );
@header( ‘X-Robots-Tag: noindex’ );

send_nosniff_header();
nocache_headers();

do_action( ‘admin_init’ );

$core_actions_get = array(
‘fetch-list’, ‘ajax-tag-search’, ‘wp-compression-test’, ‘imgedit-preview’, ‘oembed-cache’,
‘autocomplete-user’, ‘dashboard-widgets’, ‘logged-in’,
);

$core_actions_post = array(
‘oembed-cache’, ‘image-editor’, ‘delete-comment’, ‘delete-tag’, ‘delete-link’,
‘delete-meta’, ‘delete-post’, ‘trash-post’, ‘untrash-post’, ‘delete-page’, ‘dim-comment’,
‘add-link-category’, ‘add-tag’, ‘get-tagcloud’, ‘get-comments’, ‘replyto-comment’,
‘edit-comment’, ‘add-menu-item’, ‘add-meta’, ‘add-user’, ‘autosave’, ‘closed-postboxes’,
‘hidden-columns’, ‘update-welcome-panel’, ‘menu-get-metabox’, ‘wp-link-ajax’,
‘menu-locations-save’, ‘menu-quick-search’, ‘meta-box-order’, ‘get-permalink’,
‘sample-permalink’, ‘inline-save’, ‘inline-save-tax’, ‘find_posts’, ‘widgets-order’,
‘save-widget’, ‘set-post-thumbnail’, ‘date_format’, ‘time_format’, ‘wp-fullscreen-save-post’,
‘wp-remove-post-lock’, ‘dismiss-wp-pointer’, ‘upload-attachment’, ‘get-attachment’,
‘query-attachments’, ‘save-attachment’, ‘save-attachment-compat’, ‘send-link-to-editor’,
‘send-attachment-to-editor’, ‘save-attachment-order’,
);

// Register core Ajax calls.
if ( ! empty( $_GET ) && in_array( $_GET, $core_actions_get ) )
add_action( ‘wp_ajax_’ . $_GET, ‘wp_ajax_’ . str_replace( ‘-‘, ‘_’, $_GET ), 1 );

if ( ! empty( $_POST ) && in_array( $_POST, $core_actions_post ) )
add_action( ‘wp_ajax_’ . $_POST, ‘wp_ajax_’ . str_replace( ‘-‘, ‘_’, $_POST ), 1 );

add_action( ‘wp_ajax_nopriv_autosave’, ‘wp_ajax_nopriv_autosave’, 1 );

if ( is_user_logged_in() )
do_action( ‘wp_ajax_’ . $_REQUEST ); // Authenticated actions
else
do_action( ‘wp_ajax_nopriv_’ . $_REQUEST ); // Non-admin actions

// Default status
die( ‘0’ );

[__]

hmm… you’re sending this mail to whatever is in `$_POST` – do you know what that variable contains, or if it contains anything? try doing `exit( $address );` to see if it contains what you expect.

*****
In addition, this makes your form susceptible to header injection – from WP’s function reference:

>_Multiple recipients may be specified using an array or a comma-separated string._

That means that, if I pass a comma-separated string of email addresses into `$_POST`, I can spam as many people as I want using _your_ website. You should check that field to make sure it contains only a _single_ email address (or, better yet (if possible), hard-code the `to` address instead of accepting it from the form).

[austinnnnn]

<*input type="hidden" name="target" value="[email protected]" />*

This is in the form. So yes, the “target” is correct .. :/

I really dont know why it is failing

[__]

Well, actually, I just tried your form and it appears to be working.

Did you fix it already?

>You have Received a message from: Adrian

>Phone:

>Their additional message is as follows.

>” Hi, I’m traq on css-tricks. This form seems to be working. Did you get this message? *I* did. (Thus demonstrating the header injection vulnerability I described earlier.)

>Let me know; comment back in your conversation on css-tricks. “

>You can contact Adrian via email, `{redacted}`

[austinnnnn]

wtf .. it dont work for me. You can try to fill it. i wont receive any email. whys is this happening? already tried to put several emails, and nothing..

EDIT: i guet your emails. did you fill it on my website?

its so strange if you use my contact form from here:

http://www.ruiavelino.pt/contato/

because i fill it and tried now, and didnt received anything!!

[austinnnnn]

This is so weird!

When i fill the email with a fake email, like this: [email protected] , i receive the form on my email..

When i fill it with a real email, lile @live.com.pt or @gmail, i dont rereive it LOL

[austinnnnn]

got it working. had to use smtp config plugin to use a gmail mail as “From:”

thanks for your help ;)

[__]

>got it working. had to use smtp config plugin to use a gmail mail as “From:”

The emails were probably getting caught in a spam filter, then. You can also add a `Sender: [email protected]` header (or similar) so mail servers know you’re not trying to spoof the mail origin.

****
p.s. fix that header injection problem! Someone **will** find that, and then you’ll be a spam server. _Trust me_, I got my 1and1 mail server blacklisted that way once!

[Author]

Posts