mail() return address

I need to set a return address for my mail function. Right now it's always putting some server email in there: -2.com

Thanks for any help.

    $to = $userEmail;
            $subject = 'Front Page Reply';
            $message = wordwrap($_POST['message'], 70);
            $headers = 'MIME-Version: 1.0\r\n';
            $headers .= 'Content-type: text/html; charset=iso-8859-1\r\n';
            $headers  .=  'From: '.$_POST['email'].'' . "\r\n" .
            'Reply-To: '.$_POST['email'].'' . "\r\n" .
            'Return-Path: '.$_POST['email'].'' . "\r\n" .
          
            mail($to, $subject, $message, $headers);

PHP:

 

Try using the 5th parameter

mail($to, $subject, $message, $headers,'');

 

Hey,

Thanks for the reply. I tried both at the same time, but message doesn't even send. Didn't go inbox, span, or promotions in gmail. I echoed out both $to, and $_POST['email']. The values are right..

   $to      = $userEmail;
            $subject = 'Front Page Reply';
            $message = wordwrap($_POST['message'], 70);
            $headers = 'MIME-Version: 1.0' ."\r\n";
            $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
            $headers .= 'From: '.$_POST['email'].'' . "\r\n" .
            'Reply-To: '.$_POST['email'].'' . "\r\n" .
            'Return-Path: '.$_POST['email'].'' . "\r\n" .
          
            mail($to, $subject, $message, $headers, $_POST['email']);
                   
            header('Location: ../../ad.php?token='.$_POST['token'].'&success=message+sent');
            exit;

PHP:

 

Missing ; at end of return path line

$to = $userEmail;
$subject = 'Front Page Reply';
$message = wordwrap($_POST['message'], 70);
$headers = 'MIME-Version: 1.0' ."\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.$_POST['email'].'' . "\r\n" .
'Reply-To: '.$_POST['email'].'' . "\r\n" .
'Return-Path: '.$_POST['email'].'' . "\r\n";

mail($to, $subject, $message, $headers, $_POST['email']);

header('Location: ../../ad.php?token='.$_POST['token'].'&success=message+sent');
exit;

PHP:

 

Thanks KangBroke! Got this working. Fixed the error you noticed and removed the extra parameter in mail(). I guess both the headers and the argument was a bad idea.

 

Well in your original code you had

$subject = 'Front Page Reply';
$message = wordwrap($_POST['message'], 70);
$headers = 'MIME-Version: 1.0\r\n';
$headers .= 'Content-type: text/html; charset=iso-8859-1\r\n';
$headers .= 'From: '.$_POST['email'].'' . "\r\n" .
'Reply-To: '.$_POST['email'].'' . "\r\n" .
'Return-Path: '.$_POST['email'].'' . "\r\n" .

And you left of the ' . "\r\n" at the end of the first line of $headers
Also on the 2nd line you left of the ' . "\r\n"
Then finally on the Return-Path you had it ending with a . not a ;
The 5th parameter likely did not matter at that point.

 

That's clear. I didn't realise \r\n was required. I had notice that showing up in my emails too when using them to get a new line. \r\n that's return newline?

 

All 3 of them represent the end of a line. But...

\r (Carriage Return) - moves the cursor to the beginning of the line without advancing to the next line

\n (Line Feed) - moves the cursor down to the next line without returning to the beginning of the line - *In a nix environment \n moves to the beginning of the line.

\r\n (End Of Line)- a combi of \r and \n

Source:Exasm

 

Some advice... NEVER blindly dump $_POST (or $_GET or $_REQUEST or any other user input) into the headers field. PARTICULARLY in the headers field.

A good rule of thumb for the $to, $subject, and $additional_headers parameters to mail, ALWAYS strip out carriage returns, linefeeds, AND semi-colons as they have special meanings that could allow people to hijack your mail form!

I also find it's handy to define CRLF, it just feels cleaner to me... and this is 2016 not 1996, use utf-8 since if your document is worth a flying **** it's already set up and using that.

I use this function to sanitize the values if they are going into those fields for mail()

function mailPost($index) {
	return 
		array_key_exists($index, $_POST) ?
		str_replace(["\r", "\n", ';'], ' ', $_POST[$index]) :
		'';
}

Code (markup):

*note* PHP 5.4+ array in there!

So my handling of that would be something more like this:

define('CRLF', "\r\n");

function mailPost($index) {
	return 
		array_key_exists($index, $_POST) ?
		str_replace(["\r", "\n", ';'], ' ', $_POST[$index]) :
		'';
}

$subject = 'Front Page Reply';
$message = wordwrap($_POST['message'], 70);
$from = mailPost('email');
$headers = 
	'MIME-Version: 1.0' . CRLF .
	'X-Mailer: PHP/' . phpversion() . CRLF .
	'Content-type: text/html; charset=utf-8' . CRLF .
	'From: ' . $from . CRLF .
	'Reply-To: ' . $from . CRLF .
	'Return-Path: ' . $from . CRLF;

mail($userEmail, $subject, $message, $headers);

header('Location: ../../ad.php?token='.$_POST['token'].'&success=message+sent');

exit;

Code (markup):

NOT that I'd be using some goofy header redirect (WHY the **** do people do this?) or calling exit, since I tend to do the 'one index to rule them all' approach to PHP development. You don't want an accidental resend, put a random hash into the form as a hidden input and into your session, and compare that, invalidating it every request be it passing validation (sending the mail) or failing (so resend the form populated)