- This topic is empty.
-
AuthorPosts
-
June 24, 2013 at 6:52 am #45788
austinnnnn
ParticipantSo i have a contact form on wordpress using ajax, but it dont work.
Here is the contact form:
http://codepen.io/anon/pen/abLiD
And the code on functions.php:
add_action( ‘wp_ajax_nopriv_send_message’, ‘send_message’ );
add_action( ‘wp_ajax_send_message’, ‘send_message’ );function send_message()
{
if(isset($_POST)):if($_POST != $_SESSION)
{
echo “Wrong Code!”;
die;
}$name = $_POST;
$email = $_POST;
$phone = $_POST;
$subject = $_POST;
$message = $_POST;
$address = $_POST;if(get_magic_quotes_gpc()) {
$message = stripslashes($message);
}$e_subject = __(‘You Have Received a Message From ‘,’framework’) . $name . ‘.’;
if(!empty($subject))
{
$e_subject = $subject . ‘:’ . $name . ‘.’;
}$e_body = __(“You have Received a message from: “, ‘framework’)
.$name
. “n”
.”Phone: ” . $phone
. “n”
.__(“Their additional message is as follows.”, ‘framework’)
.”rnn”;$e_content = “” $message “rnn”;
$e_reply = __(“You can contact “, ‘framework’)
.$name
. __(” via email, “, ‘framework’)
.$email;$msg = $e_body . $e_content . $e_reply;
if(wp_mail($address, $e_subject, $msg, “From: $emailrnReply-To: $emailrnReturn-Path: $emailrn”,”-f $address”))
{
_e(“Message Sent Successfully!”, ‘framework’);
}
else
{
_e(“Server Error: WordPress mail method failed!”, ‘framework’);
}
else:
_e(“Invalid Request !”, ‘framework’);
endif;die;
}
Can someone help me out?
June 24, 2013 at 9:53 am #140084__
Participant>Contact form with ajax
…Where’s the AJAX? What does your `/wp-admin/admin-ajax.php` look like?
What actually happens when you try to submit the form? Anything? Do you get a success message but no email? Try to be as specific and detailed as possible.
June 24, 2013 at 9:58 am #140086austinnnnn
ParticipantYes i get the message: “Message Sent Successfully!” that is in functions.php, but no email.
EDIT: here is the contact form:
http://www.ruiavelino.pt/contato/
My admin-ajax.php:
/**
* WordPress AJAX Process Execution.
*
* @package WordPress
* @subpackage Administration
*
* @link http://codex.wordpress.org/AJAX_in_Plugins
*//**
* Executing AJAX process.
*
* @since 2.1.0
*/
define( ‘DOING_AJAX’, true );
define( ‘WP_ADMIN’, true );/** Load WordPress Bootstrap */
require_once( dirname( dirname( __FILE__ ) ) . ‘/wp-load.php’ );/** Allow for cross-domain requests (from the frontend). */
send_origin_headers();// Require an action parameter
if ( empty( $_REQUEST ) )
die( ‘0’ );/** Load WordPress Administration APIs */
require_once( ABSPATH . ‘wp-admin/includes/admin.php’ );/** Load Ajax Handlers for WordPress Core */
require_once( ABSPATH . ‘wp-admin/includes/ajax-actions.php’ );@header( ‘Content-Type: text/html; charset=’ . get_option( ‘blog_charset’ ) );
@header( ‘X-Robots-Tag: noindex’ );send_nosniff_header();
nocache_headers();do_action( ‘admin_init’ );
$core_actions_get = array(
‘fetch-list’, ‘ajax-tag-search’, ‘wp-compression-test’, ‘imgedit-preview’, ‘oembed-cache’,
‘autocomplete-user’, ‘dashboard-widgets’, ‘logged-in’,
);$core_actions_post = array(
‘oembed-cache’, ‘image-editor’, ‘delete-comment’, ‘delete-tag’, ‘delete-link’,
‘delete-meta’, ‘delete-post’, ‘trash-post’, ‘untrash-post’, ‘delete-page’, ‘dim-comment’,
‘add-link-category’, ‘add-tag’, ‘get-tagcloud’, ‘get-comments’, ‘replyto-comment’,
‘edit-comment’, ‘add-menu-item’, ‘add-meta’, ‘add-user’, ‘autosave’, ‘closed-postboxes’,
‘hidden-columns’, ‘update-welcome-panel’, ‘menu-get-metabox’, ‘wp-link-ajax’,
‘menu-locations-save’, ‘menu-quick-search’, ‘meta-box-order’, ‘get-permalink’,
‘sample-permalink’, ‘inline-save’, ‘inline-save-tax’, ‘find_posts’, ‘widgets-order’,
‘save-widget’, ‘set-post-thumbnail’, ‘date_format’, ‘time_format’, ‘wp-fullscreen-save-post’,
‘wp-remove-post-lock’, ‘dismiss-wp-pointer’, ‘upload-attachment’, ‘get-attachment’,
‘query-attachments’, ‘save-attachment’, ‘save-attachment-compat’, ‘send-link-to-editor’,
‘send-attachment-to-editor’, ‘save-attachment-order’,
);// Register core Ajax calls.
if ( ! empty( $_GET ) && in_array( $_GET, $core_actions_get ) )
add_action( ‘wp_ajax_’ . $_GET, ‘wp_ajax_’ . str_replace( ‘-‘, ‘_’, $_GET ), 1 );if ( ! empty( $_POST ) && in_array( $_POST, $core_actions_post ) )
add_action( ‘wp_ajax_’ . $_POST, ‘wp_ajax_’ . str_replace( ‘-‘, ‘_’, $_POST ), 1 );add_action( ‘wp_ajax_nopriv_autosave’, ‘wp_ajax_nopriv_autosave’, 1 );
if ( is_user_logged_in() )
do_action( ‘wp_ajax_’ . $_REQUEST ); // Authenticated actions
else
do_action( ‘wp_ajax_nopriv_’ . $_REQUEST ); // Non-admin actions// Default status
die( ‘0’ );June 24, 2013 at 1:50 pm #140108__
Participanthmm… you’re sending this mail to whatever is in `$_POST` – do you know what that variable contains, or if it contains anything? try doing `exit( $address );` to see if it contains what you expect.
*****
In addition, this makes your form susceptible to header injection – from WP’s function reference:>_Multiple recipients may be specified using an array or a comma-separated string._
That means that, if I pass a comma-separated string of email addresses into `$_POST`, I can spam as many people as I want using _your_ website. You should check that field to make sure it contains only a _single_ email address (or, better yet (if possible), hard-code the `to` address instead of accepting it from the form).
June 24, 2013 at 2:16 pm #140112austinnnnn
Participant<*input type="hidden" name="target" value="[email protected]" />*
This is in the form. So yes, the “target” is correct .. :/
I really dont know why it is failing
June 24, 2013 at 5:47 pm #140153__
ParticipantWell, actually, I just tried your form and it appears to be working.
Did you fix it already?
>You have Received a message from: Adrian
>Phone:
>Their additional message is as follows.
>” Hi, I’m traq on css-tricks. This form seems to be working. Did you get this message? *I* did. (Thus demonstrating the header injection vulnerability I described earlier.)
>Let me know; comment back in your conversation on css-tricks. “
>You can contact Adrian via email, `{redacted}`
June 24, 2013 at 6:03 pm #140157austinnnnn
Participantwtf .. it dont work for me. You can try to fill it. i wont receive any email. whys is this happening? already tried to put several emails, and nothing..
EDIT: i guet your emails. did you fill it on my website?
its so strange if you use my contact form from here:
http://www.ruiavelino.pt/contato/
because i fill it and tried now, and didnt received anything!!
June 24, 2013 at 6:12 pm #140161austinnnnn
ParticipantThis is so weird!
When i fill the email with a fake email, like this: [email protected] , i receive the form on my email..
When i fill it with a real email, lile @live.com.pt or @gmail, i dont rereive it LOL
June 24, 2013 at 9:25 pm #140208austinnnnn
Participantgot it working. had to use smtp config plugin to use a gmail mail as “From:”
thanks for your help ;)
June 24, 2013 at 10:22 pm #140216__
Participant>got it working. had to use smtp config plugin to use a gmail mail as “From:”
The emails were probably getting caught in a spam filter, then. You can also add a `Sender: [email protected]` header (or similar) so mail servers know you’re not trying to spoof the mail origin.
****
p.s. fix that header injection problem! Someone **will** find that, and then you’ll be a spam server. _Trust me_, I got my 1and1 mail server blacklisted that way once! -
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.