[campbell]

I have a contact form and I want to have multiple recipients but I keep seeing scripts like this, which don't secure the email address of the recipients.

My current script is like this in the contact form file. However, the email isn;t being sent to the selected recipient. How can I fix that?

Quote:

<tr>
<td><p>Recipient</p></td>
<td><select name="Recipient" size="1" id="Recipient">
<option value="test1">John Doe 1</option>
<option value="test2">John Doe 2</option>
<option value="test3">John Doe 3</option>
</select>
</td>
</tr>

And like this in the processing script.

Quote:

$emailTo = 'test1'=> 'test1@live.com','test2'=> 'test2@hotmail.com','test3'=> 'test3@yahoo.com';
$rows[0]->extraemail = $emails[$_POST['Recipient']];

[pgo]

How is that not securing the email address again? I don't see any emails in that HTML.

[ooyes]

yes what do you mean i dont see any in the HTML too

[campbell]

Sorry my mad. I keep seeing scripts like this.

Quote:

<tr>
<td><p>Recipient</p></td>
<td><select name="Recipient" size="1" id="Recipient">
<option value="'test1@live.com">John Doe 1</option>
<option value="test2@hotmail.com">John Doe 2</option>
<option value="test3@yahoo.com">John Doe 3</option>
</select>
</td>
</tr>

However, I know that script can get those email address spam bombed.

So I tried that script shown above, but it isn't sending the emails. So what do I do?

[haku]

You can use this:

Code:

<?php
   switch($_POST['Recipient']
   {
      case "test1":
         $email_to = "test1@live.com";
         break;
      case "test2:
         $email_to = "test2@hotmail.com;
         break:
      case "test3":
         $email_to = "test3@yahoo.com";
         break;
   }
?>

[campbell]

Here is the full script. I tried that thing you told me to insert, but it never worked.

Quote:

<?PHP
################################################## ####
# #
# Forms To Go 3.2.5 #
# Bebosoft #
# #
################################################## ####



DEFINE('kOptional', true);
DEFINE('kMandatory', false);




error_reporting(E_ERROR | E_WARNING | E_PARSE);
ini_set('track_errors', true);

function DoStripSlashes($FieldValue)
{
if ( get_magic_quotes_gpc() ) {
if (is_array($FieldValue) ) {
return array_map('DoStripSlashes', $FieldValue);
} else {
return stripslashes($FieldValue);
}
} else {
return $FieldValue;
}
}

#----------
# FilterCChars:

function FilterCChars($TheString)
{
return preg_replace('/[\x00-\x1F]/', '', $TheString);
}

#----------
# Validate: Email

function check_email($email, $optional)
{
if ( (strlen($email) == 0) && ($optional === kOptional) ) {
return true;
} elseif ( eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email) ) {
return true;
} else {
return false;
}
}



if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ClientIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ClientIP = $_SERVER['REMOTE_ADDR'];
}

$FTGName = DoStripSlashes( $_REQUEST['Name'] );
$FTGEmail = DoStripSlashes( $_REQUEST['Email'] );
$FTGSubject = DoStripSlashes( $_REQUEST['Subject'] );
$FTGRecipient = DoStripSlashes( $_REQUEST['Recipient'] );
$FTGMessage = DoStripSlashes( $_REQUEST['Message'] );
$FTGSubmit = DoStripSlashes( $_REQUEST['Submit'] );


# Fields Validations

$ValidationFailed = false;

if (!check_email($FTGEmail, kOptional)) {
$ValidationFailed = true;
$FTGEmail_errmsg = 'The email address entered is invalid. ';
$ErrorList .= $FTGEmail_errmsg . '<br/>';
}


# Include message in error page and dump it to the browser

if ($ValidationFailed === true) {

$ErrorPage = '<html><head><title>Error</title></head><body>Errors found: <!--VALIDATIONERROR--></body></html>';

$ErrorPage = str_replace('<!--VALIDATIONERROR-->', $ErrorList, $ErrorPage);
$ErrorPage = str_replace('<!--FIELDVALUE:Name-->', $FTGName, $ErrorPage);
$ErrorPage = str_replace('<!--FIELDVALUE:Email-->', $FTGEmail, $ErrorPage);
$ErrorPage = str_replace('<!--FIELDVALUE:Subject-->', $FTGSubject, $ErrorPage);
$ErrorPage = str_replace('<!--FIELDVALUE:Recipient-->', $FTGRecipient, $ErrorPage);
$ErrorPage = str_replace('<!--FIELDVALUE:Message-->', $FTGMessage, $ErrorPage);
$ErrorPage = str_replace('<!--FIELDVALUE:Submit-->', $FTGSubmit, $ErrorPage);
$ErrorPage = str_replace('<!--ERRORMSG:Email-->', $FTGEmail_errmsg, $ErrorPage);


echo $ErrorPage;
exit;

}
# Email to Form Owner

$emailSubject = FilterCChars("Mount Olive Contact Form");

$emailBody = "Name : $FTGName\n"
. "Email : $FTGEmail\n"
. "Subject : $FTGSubject\n"
. "Recipient : $FTGRecipient\n"
. "Message : $FTGMessage\n"
. "";

$emailTo = switch($_POST['Recipient']
{
case "test1":
$email_to = "test1@live.com";
break;
case "test2":
$email_to = "test2@hotmail.com";
break;
case "test3":
$email_to = "test3@yahoo.com";
break;
}

$emailFrom = FilterCChars("noreply@mountoliveadventist.org");

$emailHeader = "From: $emailFrom\n"
. "MIME-Version: 1.0\n"
. "Content-type: text/plain; charset=\"ISO-8859-1\"\n"
. "Content-transfer-encoding: 8bit\n";

mail($emailTo, $emailSubject, $emailBody, $emailHeader);


# Include message in the success page and dump it to the browser

$SuccessPage = '<html><head><title>Success</title></head><body>Form submitted successfully. It will be reviewed soon.</body></html>';

$SuccessPage = str_replace('<!--FIELDVALUE:Name-->', $FTGName, $SuccessPage);
$SuccessPage = str_replace('<!--FIELDVALUE:Email-->', $FTGEmail, $SuccessPage);
$SuccessPage = str_replace('<!--FIELDVALUE:Subject-->', $FTGSubject, $SuccessPage);
$SuccessPage = str_replace('<!--FIELDVALUE:Recipient-->', $FTGRecipient, $SuccessPage);
$SuccessPage = str_replace('<!--FIELDVALUE:Message-->', $FTGMessage, $SuccessPage);
$SuccessPage = str_replace('<!--FIELDVALUE:Submit-->', $FTGSubmit, $SuccessPage);

echo $SuccessPage;
exit;
?>

[pgo]

You have to at least do more than copy/paste it in and then ditch it if it doesn't work.

Try learning how it works and fixing it. It's very easy. The values "test1" and so on are not defined in your form, so obviously the switch function isn't going to make a match.

[campbell]

Quote:

<tr>
<td><p>Recipient</p></td>
<td><select name="Recipient" size="1" id="Recipient">
<option value="test1">John Doe 1</option>
<option value="test2">John Doe 2</option>
<option value="test3">John Doe 3</option>
</select>
</td>
</tr>

I did have the values in the main form assigned like this. It still didn;t work.

[haku]

At least some of your problems lie here:

Code:

$emailTo = switch($_POST['Recipient']
{
case "test1":
$email_to = "test1@live.com";
break;
case "test2":
$email_to = "test2@hotmail.com";
break;
case "test3":
$email_to = "test3@yahoo.com";
break;
}

You are missing a bracket, and you are declaring $email_to outside the function as well as inside the function. I don't know if you can set it outside the function like that, but if you can, then you will need to remove it from inside the function. But I think you should just define it inside the function.