Form submission error

Discussion in 'Programming' started by dura_killer, Nov 11, 2008.

0
  1. #1
    I am trying to get a form inserted into my drupal site but everytime I press the submit button it downloads the php file associated with form.Need help on what could be the problem.

    Form code

    <head>

<style>
input {
width: ;
}

textarea {
width: ;
}
</head>
</style>

<form action='contactus.php' method='post'>
Email: <input type='text' name='email'><br>
Subject: <input type='text' name='subject'><br>
Mail body: <textarea name='body'></textarea><br>

<input type='submit' value='Send comments'>
</form>
    Code (markup):
    Php file code

    <?php
$to      = "bob@domain_example.co.za";
$subject = $_REQUEST["subject"];
$body = $_REQUEST["body"];
$email = $_REQUEST["email"];

$dodgy_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
                ,"bcc:"
);

function is_valid_email($email) {
  return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);
}

function contains_bad_str($str_to_test) {
  $bad_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
		,"Content-Transfer-Encoding:"
                ,"bcc:"
		,"cc:"
		,"to:"
  );
  
  foreach($bad_strings as $bad_string) {
    if(eregi($bad_string, strtolower($str_to_test))) {
      echo "$bad_string found. Suspected injection attempt - mail not being sent.";
      exit;
    }
  }
}

function contains_newlines($str_to_test) {
   if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
     echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
     exit;
   }
} 

if($_SERVER['REQUEST_METHOD'] != "POST"){
   echo("Unauthorized attempt to access page.");
   exit;
}

if (!is_valid_email($email)) {
  echo 'Invalid email submitted - mail not being sent.';
  exit;
}

contains_bad_str($email);
contains_bad_str($subject);
contains_bad_str(body);

contains_newlines($email);
contains_newlines($subject);

$headers = "From: $email";
mail($to, $subject, $body, $headers);
echo "Thanks for submitting.";
?>
    Code (markup):

     
    dura_killer, Nov 11, 2008 IP
  2. happpy

    happpy Well-Known Member

    Messages:
    926
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    120
    #2
    do you have the contactus.php file in a dir where php files cannot be executed? or some rule in the .htaccess?
     
    happpy, Nov 11, 2008 IP
  3. SoundRoom

    SoundRoom Peon

    Messages:
    26
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    If it's trying to download your php file, then your hosting provider has no PHP support !
    Check if you have it and what version ..
     
    SoundRoom, Nov 12, 2008 IP
  4. mavros

    mavros Peon

    Messages:
    52
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    problem is from apache. Apache doesnt translate your php extension.
     
    mavros, Nov 12, 2008 IP
  5. happpy

    happpy Well-Known Member

    Messages:
    926
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    120
    #5
    he already has "drupal" running, which is php :)
     
    happpy, Nov 12, 2008 IP