There is a working feedback handler code:

<? // если не было добавления сообщения, выводим форму if (!$_POST['a']) show_form(); // проверяем данные формы if (!$_POST['name']) show_form("Укажите Ваше имя!"); if (!$_POST['email']) show_form("Укажите Ваш email!"); if (!$_POST['message']) show_form("Вы не заполнили текст сообщения!"); // описываем переменные и rfc заголовки письма // обратный адрес будет указанным адресом отправителя сообщения $from = $_POST['email']; $recipients = ""; // Ваш email $subject=""; $body=$_POST['message']; $headers = $_POST['subject']; if(strpos($_SERVER['SERVER_SOFTWARE'], '(Win32)')===FALSE) { // открываем sendmail и отправляем письмо $mail = popen("/usr/sbin/sendmail -i -f$from -- $recipients", 'w'); $text_headers = "from: $from\nsubject: $subject".$headers; fputs($mail, $text_headers); fputs($mail, "\n"); fputs($mail, $body); // проверяем на ошибку $result = pclose($mail) >> 8 & 0xff; } else $result=(mail($recipients, $subject, $body, "from: ".$from."\r\n".$headers) ? FALSE : TRUE); if ($result) echo "Сообщение не было отправлено!"; else echo "Ваше сообщение отправлено.Администратор свяжется с Вами в ближайшее время!"; ?> 

Everything comes to where it should be, but after sending the message it gives out "Your message has been sent and so on" on the WHITE BACKGROUND completely ignoring the changed design for the website. This is the problem.

What to do?

It is necessary that after sending the page of the site is displayed with this notification in the center. php I know only superficially and really need help.

  • My logic is this (if without Ajax): make one block (div) with the ID "message", in the tsss display = non (hidden); and when the post requests appear, pop up the messages accordingly to the POST. example: if ($ _ POST ['email_result'] == 'OK') {msg = "Successfull!";} else {msg = "";} template.php <div id = "message"> {msg} </ div> - Vfvtnjd

1 answer 1

If I'm not mistaken,

 echo "Ваше сообщение отправлено.Администратор свяжется с Вами в ближайшее время!" 

gives out just text, not html-page. (Browsers can display just text, too.) You have to output html with the right styles. See how other pages are generated and do the same. Perhaps there is a general procedure by which you transfer the content, and it generates html with the necessary header and styles, use it. Maybe you just need to use show_form instead of echo ?

In addition, there is a huge security hole in your code through which not only a qualified hacker, but also a schoolboy like me, will crawl through. You do not check the data that came from the client, and use it as part of the command. You can easily fake, for example, $_POST['email'] , so that it equals "; rm -rf /; echo" . Estimate what becomes with the server?

  • for both items ++++ =) Although nothing will happen to the server, unless of course the server has been launched under the root ... but the site will easily be easily removed) - thunder
  • @thunder: Thank you! - VladD
  • Good time! Thank you all for the answers. For me, almost any information on the topic and about is important. In truth, this "code" is just a gift for spambots and Fri. There is no captcha or infoscana. I understand that :) frisoft with all the consequences ... But he is the only worker out of 20 tested. UNKNOWING pkhp "offend" everyone can. It is sad, but I study. I will look further. Maybe someone knows where to get more or less reliable and working connection? - DAPR