I get empty mails although PHP mail() is thoroughly checked

Question

I am new to php and i am using a simple form with post on a homepage to send me an email.

This is the form:

<form data-abide action="anfrage.php" method="post">
        	<fieldset>
        		<div class="row">
        			<div class="large-12 columns">
        				<label>Firma
        					<input type="text" name="firm" placeholder="Firma" />
        				</label>
        			</div>
        		</div>
        		<div class="row">
        				<div class="large-4 columns">
        					<label>Anrede
        						<select name="salutation">
        							<option value="-">-</option>
        							<option value="Herr">Herr</option>
        							<option value="Frau">Frau</option>
        						</select>
        					</label>
        				</div>
        			<div class="large-8 columns">
        				<label>Name <small>benötigt</small>
        					<input type="text" name="name" placeholder="Ansprechpartner" required pattern="[a-zA-Z]+">
        				</label>
        				<small class="error">Bitte geben Sie einen Ansprechpartner an!</small>
        			</div>
        		</div>
        		<div class="row">
        			<div class="large-4 columns">
        				<label>Adresse <small>benötigt</small> 
        					<input type="text" name="address" placeholder="Strasse, PLZ, Stadt" />
        				</label>
        				<small class="error">Bitte geben Sie eine Adresse an!</small>
        			</div>
        			<div class="large-4 columns">
        				<label>eMail <small>benötigt</small>
        					<input type="eMail" name="email" placeholder="eMail" required/>
        				</label>
        				<small class="error">Bitte geben Sie eine gültige eMail-Adresse an!</small>
        			</div>
        			<div class="large-4 columns">
        				<label>Telefon <small>benötigt</small>
        					<input type="text" name="phoneno" placeholder="0123 0815..." required/>
        				</label>
        				<small class="error">Bitte geben Sie eine gültige Telefonnummer an!</small>
        			</div>
        		</div>
        		<div class="row">
        			<div class="large-6 columns">
        				<label>Art der Anfrage</label>
        				<input type="radio" name="radio" id="dryhire" value="Vermietung"><label for="dryhire">Vermietung</label>
        				<input type="radio" name="radio" id="event" value="Veranstaltung"><label for="event">Veranstaltung</label>
        				<input type="radio" name="radio" id="consultation" value ="Beratung"><label for="consultation">Beratung</label>
        			</div>
        		</div>
        		<div class="row">
        			<div class="large-12 columns">
        				<label>Was können wir für Sie tun?<small>benötigt</small>
        					<textarea name="text" placeholder="Erläutern Sie uns kurz was Sie wann und wo benötigen." required pattern=""></textarea>
        				</label>
        				<small class="error">Bitte erläutern Sie kurz Ihr Anliegen!</small>
        			</div>
        		</div>
        		<div class="antispam">Wenn Sie kein Roboter sind lassen sie diesen Bereich einfach leer: <input type="text" name="url" /></div>
        		<button class="large-12 columns button" type="submit">ANFRAGEN</button>
        	</fieldset>
        </form>

The anfrage.php looks like this:

<?php
$to          = "anfrage@myhomepage.de";  
$subject     = $_POST["radio"];  
$email       = $_POST["email"];  
$returnPage = 'http://myhomepage.de#success';  
$returnErrorPage = 'http://myhomepage.de#error';  

$dodgy_strings = array(  
                "content-type:"  
                ,"mime-version:"  
                ,"multipart/mixed"  
                ,"bcc:"  
);  

function is_valid_email($email) {  
    return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+  
[a-z]{2,6}))$#si', $email);  
}  

function contains_bad_str($str_to_test) {  
    $bad_strings = array(  
        "content-type:"  
        ,"mime-version:"  
        ,"multipart/mixed"  
        ,"Content-Transfer-Encoding:"  
        ,"bcc:"  
        ,"cc:"  
        ,"to:"  
    );  

foreach($bad_strings as $bad_string) {  
        if(eregi($bad_string, strtolower($str_to_test))) {  
            header("Location: " . $returnErrorPage);  
            exit;  
        }  
    }  
}  

function contains_newlines($str_to_test) {  
   if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {  
        header("Location: " . $returnErrorPage);  
        exit;  
   }  
}  

function isEmpty($str_to_test){  
    return preg_match('/\S/', $str_to_test);  
}  

function checkFormCompletion($str_to_test){  
    contains_bad_str($str_to_test);  
    if(isEmpty($str_totest)){  
        header("Location: " . $returnErrorPage);  
        exit;  
    }  
    else  
        return $str_to_test;  
}  

if($_SERVER['REQUEST_METHOD'] != "POST"){  
    header("Location: " . $returnErrorPage);  
    exit;  
}  

if (!is_valid_email($email)) {  
    header("Location: " . $returnErrorPage);  
    exit;  
}  

$body .= "Firma: " .checkFormCompletion($_POST['firm']);  
$body .= "\n";  
$body .= "Ansprechpartner: " .checkFormCompletion($_POST['salutation']) ." "   
.checkFormCompletion($_POST['name']);  
$body .= "\n";  
$body .= "Adresse: " .checkFormCompletion($_POST['address']);  
$body .= "\n";  
$body .= "Telefonnummer: " .checkFormCompletion($_POST['phoneno']);  
$body .= "\n";  
$body .= "\n";  
$body .= "Anfrage: " .checkFormCompletion($_POST['text']);  

contains_bad_str($email);  
contains_bad_str($subject);  

contains_newlines($email);  
contains_newlines($subject);  

checkFormCompletion($subject);  

if(isset($_POST['url']) && $_POST['url'] == ''){  
    $mailSent = @mail($to, $subject, $body, "From: ".$email);  
}  
else {  
    header("Location: " . $returnErrorPage);  
}  

if($mailSent == TRUE) {  
   header("Location: " . $returnPage);  
} else {  
   header("Location: " . $returnErrorPage);  
}  

exit();   
?>  

Although imho no empty email should get through to me, I keep on getting EMails like this:

To: anfrage@myhomepage.de  
From: bflaccus@anyaddressyoucanimagine.com  
Subject:  
Body:  
Firma:  
Ansprechpartner: Herr 59d4f7714f4d7  
Adresse:  
Telefonnummer:  
Anfrage:  

Someties it is just one EMail a day, sometimes it is thirty+.
I have no idea why I keep on getting those EMails. Do you have any idea how to avoid it? Or do you know where there is a security problem in my anfrage.php?

Thanks in advance!


Show source
| email   | php   | spam-prevention   | email-spam   2017-10-04 22:10 1 Answers

Answers to I get empty mails although PHP mail() is thoroughly checked ( 1 )

  1. 2017-10-04 22:10

    You have a typo in your checkFormCompletion function so it will always evaluate field as empty.

    function checkFormCompletion($str_to_test){  
        contains_bad_str($str_to_test);  
        if(isEmpty($str_totest)){   // $str_totest should be $str_to_test
    

    You know that PHP already has a function for checking if a variable is empty, right? empty

Leave a reply to - I get empty mails although PHP mail() is thoroughly checked

◀ Go back