Tech Form to sendmail dynamic email?

[Publisher Bucks]

I have a form that I'm using that currently works well using the following sendmail.php file:

Quote:

<?php
if(isset($_POST['email'])) {

// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "[email protected]";
$email_subject = "Subject";

}

// validation expected data exists
if(!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['phone']) ||
!isset($_POST['page']) ||
!isset($_POST['message'])) {
}

$name = $_POST['name']; // required
$phone = $_POST['phone']; // required
$email = $_POST['email']; // required
$page = $_POST['page']; // required
$message = $_POST['message']; // required

$email_message = "Form details below.\n\n";

function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}

$email_message .= "name: ".clean_string($name)."\n";
$email_message .= "phone: ".clean_string($phone)."\n";
$email_message .= "email: ".clean_string($email)."\n";
$email_message .= "page: ".clean_string($page)."\n";
$email_message .= "message: ".clean_string($message)."\n";

// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>

My question is this, how would I go about changing the above to dynamically change the $email_to field of the script?

What I'd like to be able to do is have a form on a page (with a unique id assigned to it) that will pull the user who uploaded the document to the databases registered email and, when the html form is filled out, it sends the email to them directly, without having to type their email address in the html form itself, does that make sense?

So if John submitted a document that is available on documents.php?id=123 it pulls his email from the registered user database (via the array if possible) and prefills the form (with a hidden field) so all my proofer has to do is fill out the message field and hit submit.

This is the current form HTML I'm using:

Quote:

<form action="https://www.domain.com/sendmail.php" method="post" class="wpcf7-form" novalidate="novalidate">
<input type="hidden" name="page" value="about"/>
<div style="display: none;">
</div>
<p>Your Name (required)<br/>
<span class="wpcf7-form-control-wrap your-name"><input type="text" name="name" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" aria-required="true" aria-invalid="false"/></span> </p>
<p>Your Phone (required)<br/>
<span class="wpcf7-form-control-wrap your-email"><input type="email" name="phone" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email" aria-required="true" aria-invalid="false"/></span> </p>
<p>Your Email (required)<br/>
<span class="wpcf7-form-control-wrap your-email"><input type="email" name="email" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email" aria-required="true" aria-invalid="false"/></span> </p>
<p>Your Message<br/>
<span class="wpcf7-form-control-wrap your-message"><textarea name="message" cols="40" rows="10" class="wpcf7-form-control wpcf7-textarea" aria-invalid="false"></textarea></span> </p>
<p>&nbsp;<br>
<input type="submit" value="Send" class="wpcf7-form-control wpcf7-submit"/></p>
<div class="wpcf7-response-output wpcf7-display-none"></div></form>

Is this even possible to do?

[zijlstravideo]

Instead of using POST through a form to insert the user's email, you'll just get it from the database instead.

Check if user is logged in. If so, get the user's email from the database and set the variable.

You don't have to submit the email address (HTTP POST) using the form page, but rather verify and add the user's email address on the sendemail.php page. This will also prevent anyone who isn't logged in to the website, from sending a POST request to that link directly.

If you do the email address validation part on the form page, someone can just bypass the whole form page by making a direct POST request to the sendemail.php file directly (and abuse it to send spam).

Also, the code for your sendemail.php page isn't secure... at all!

[fuzebox]

The questions are getting more and more basic.

[plsureking]

Quote:

Originally Posted by fuzebox

The questions are getting more and more basic.

people keep answering this so he keeps posting here instead of googling.



#

[brassmonkey]

my post was erased LOL

[Publisher Bucks]

Quote:

Originally Posted by zijlstravideo

Also, the code for your sendemail.php page isn't secure... at all!

Yeah it isnt live yet, im just working on getting the basics setup, thank you ,thats exactly the info i was looking for too