PHP Mail Script Problem

did they give you the error message? or any other information?

Your version of PHP is different?

$_POST['email'] or $_GET['email']

Yes, sorry I didn't post that.
[Mon May  3 21:53:54 2004] [error] (13)Permission denied: Apache::SubProcess exec of /usr/local/users/bl/s/p/spca4pets/php4.3.3 failed'

BTW ~ I'm don't know what that means cause I'm not a programmer...
Suzanne ~ I'm not really sure what you mean, but why would it work on my site and not on theirs

that's doesn't look like it's the scripts fault. could they possibly have something else in there script that is causing the error? maybe placing exit(); below header(); would fix it; IF it's the scripts fault.

s0da ~ do you mean to do this??:

Quote: <?
$email = $_request['email'] ;
$message = $_request['message'] ;

mail( "myemailaddress", "feedback form results",
$message, "from: $email" );
header( "location: http://www.spca4pets.org/thankyou.htm" );
exit();
?>

Once again, my apologies...I'm not familiar with this language at all.

yes. are you able to test on there server? or atleast get the server/php config or something.

I don't know ( I feel like such a dumbass) lol ~ I wouldn't even know where to begin. I'll try what you just said and if that doesn't fix it.. I'll be back ~ brb

dont worry it's not your fault at all. all the code above is correct. it'll prolly end up being their fault.

LOL...I guess so, cause I tried another script and that didn't work and it's just so aggravatting grrrrrrr....anyways, thanks alot s0da ~ I hope I hear from them with some explanations as to why this isn't working.

BTW ~ am I supposed to enable something on that site? I tried everything LOL.. I thought everyone had an Apache thingie...LOL I know, I'm so ignorant, but that's okay cause I won't be for long...I really hate not knowing what I'm doing here, but that's why these kinds of boards are really great

nah. i dunno what that error means. but i know it's not the scripts fault.

It would fail on yours not theirs because different servers have different server configurations.

1. You likely have a different version of PHP on the new server from your own server, and settings in the php.ini vary enough to be causing problems. If $_request['var'] is not working, try changing it to (with all caps) one of these: if the method is post, you'd use $_POST['var'], if the method is get, you'd use $_GET['var']

http://www.php.net/manual/en/reserved.variables.php#reserved.variables.request
http://www.php.net/manual/en/reserved.variables.php#reserved.variables.post

2. The email "script" you're using is very insecure and allows for all sorts of mayhem. There is no data checking at all.

http://www.php.net/manual/en/security.variables.php

3. You should respect the case of these global variables -- $_REQUEST['var'], not $_request['var'] -- as good coding standards

4. You should check to see using phpinfo() whether you have sendmail installed, as well as other configuration changes.

http://www.php.net/phpinfo

***

In general, you shouldn't install scripting that allows user input that doesn't verify and strip that input of dangerous characters.

Some basic error checking and protection:

Suzanne ~ thanks so much for your time in writing that...I truly appeciate it ~
I did get an email from Bizland and they stated that they were "working" on this...so, I'll keep ya'll posted.

In the interium, I'll be snooping about this Board and php tutorials ~ I need to understand this language.

The script is now working *yay* LOL ~ Looks like it was their problem afterall

Yes and no. Your script is still very insecure and dangerous as is.

yeah, on the secure aspect. you were using an outside variable (_GET, _POST, _REQUEST) inwich users can take advantage of if the correct measures are not taken care of to prevent such things. i guess for example i could have issued a command to attach /etc/passwd to the message or something where you placed "from: $email".

Links:
[url]http://www.zend.com/zend/art/art-oertli.php]Zend: Secure Programming in PHP[/url]
[url]http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=php+security]php security[/url]
[url]http://www.google.com/search?num=20&hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&newwindow=1&safe=off&c2coff=1&q=php+mysql+security]php mysql security[/url]

I think the error was caused by a bad apache configuration. The apache user most likely had insufficient permissions to run the php interpreter.

Mark ~ I think you're right about that ~ not that I'd really know, but it appears they were having some type of problems and had to have techs look into it.

Catarina, I renamed this thread so we all know what it's about instead of feeling like we need to call 911...

Suzanne ~ I used your code and it's working! Thanks so much!!! WOOHOO!!! Now I can have a life LOL HUGs!!

;D hugs!

Hugs to you too s0da!! ...and it's off to the land of nod for me! weee I'm soooo happy! HAHA....xoxox

s0da's not going to wash for a week now

lol well, good! At least it's a little more secure, too.