Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End nice and easy contact form $EmailFrom = ""; query

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #176858
    rebzwebz30
    Participant

    Hi all
    Im quite new at php but Ive downloaded the nice and easy contact form, which looks great on my website, however am a bit confused as to what needs to be placed in here??
    ($EmailFrom = “”;)
    when i first opened the contactengine.php file up it had a proper email address in there.
    Shouldn’t the other parties email address be showing in here??
    As this next bit should have my email address in.
    ($EmailTo = “[email protected]”;)

    but what is supposed to go in here? ($EmailFrom = “”;)

    Cheers

    #176864
    __
    Participant

    Shouldn’t the other parties email address be showing in here??

    Not necessarily. $EmailFrom is meant to be an email address from your domain (even a fake, “no-reply” address). It is being used in the email From header, which has two major implications if using the user’s email address:

    1. You would need to validate the user’s input (i.e., make sure it is a single, valid email address), otherwise you would run the risk of header injection. This is a very, very common way for a simple contact form to be hijacked and used as a spam server, which will cause you all kinds of trouble. Note that Chris’ example does not include validation of any kind, which he points out in his comments. Look at using the filter_var function.
    2. You would need to add a Sender header with an email address that belongs to your domain. Otherwise, it is likely that the email will be discarded as spam during delivery, because the From address and the domain don’t match.

    All in all, I would suggest not making these changes: just use the form as intended. If you’re set on it, however, you’d need to keep the above points in mind.

Viewing 2 posts - 1 through 2 (of 2 total)
  • The forum ‘Back End’ is closed to new topics and replies.