For example, if we enter any email in the form, we receive an email spoofing error when submitting the form. However, the form sends without error if we enter an email from the domain of the website.
How do we change the email to be sent from the domain instead of the email submitted from the form?
Thank you in advance for your time and skill. ????????
JavaScript
x
* Server settings */ // $mail->SMTPDebug = SMTP::DEBUG_SERVER; // Enable verbose debug output // $mail->SMTPDebug = 2; $mail->isSMTP(); // Send using SMTP $mail->Host = 'smtp.ipage.com'; // Set the SMTP server to send through $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = 'contact@mikesledztattoo.com'; // SMTP username $mail->Password = 'password'; // SMTP password $mail->SMTPSecure = "tls"; // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` encouraged $mail->Port = 587; // TCP port to connect to, use 465 for `PHPMailer::ENCRYPTION_SMTPS` above // $mail->SMTPSecure = "tls"; // Enable TLS encryption, `ssl` also accepted // $mail->Port = 587; // TCP port to connect to // Name if (array_key_exists('name', $_POST)) { //Limit length and strip HTML tags $name = substr(strip_tags($_POST['name']), 0, 255); } else { $name = ''; $msg .= "Error: invalid name provided (1)"; $err = true; } // Phone if (array_key_exists('phone', $_POST)) { //Limit length and strip HTML tags $phone = substr(strip_tags($_POST['phone']), 0, 15); } else { $phone = 'Not A Valid Phone'; $msg .= "Error: invalid phone number provided (2)"; $err = true; } // Email // Make sure the address they provided is valid before trying to use it if (array_key_exists('email', $_POST) and (PHPMailer::validateAddress($_POST['email'], 'php'))){ // $email = $_POST['email']; $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); } else { $msg .= "Error: invalid email provided"; $err = true; } // Message // Apply some basic validation and filtering to the query / message if (array_key_exists('message', $_POST)) { //Limit length and strip HTML tags $message = nl2br($_POST['message']); // $message = nl2br($_POST['message']); // $message = utf8_encode(filter_var($_POST['message'], FILTER_SANITIZE_STRING)); // $message = htmlspecialchars($_POST['message']); // $message = strip_tags(htmlentities($_POST['message'], ENT_QUOTES),'<br><p>'); } else { $message = ''; $msg = 'No message provided!'; $err = true; } //Recipients $mail->setFrom($_POST['email'], $_POST['name']); $mail->addAddress('personalemail@gmail.com', 'Mike S'); $mail->addReplyTo('$email', '$name'); $mail->Subject = 'MikeSledzTattoo.com Tattoo Inqury - '.$name; $mail->Body = $name . '<br>' . $email . '<br>' . $phone . '<br>' . $message . '<br>'; $mail->AltBody = $name . 'n' . $email . 'n' . $phone . 'n' . $message . 'n'; $mail->isHTML(true); // Set email format to HTML $error_count = 0; $image_count = 0; for ($ct = 0, $ctMax = count($_FILES['userfile']['tmp_name']); $ct < $ctMax; $ct++) { $image_count++; // Extract an extension from the provided filename $ext = PHPMailer::mb_pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION); // Define a safe location to move the uploaded file to, preserving the extension $uploadfile = tempnam(sys_get_temp_dir(), $_FILES['userfile']['name'][$ct]) . '.' . $ext; $filename = $_FILES['userfile']['name'][$ct]; if (move_uploaded_file($_FILES['userfile']['tmp_name'][$ct], $uploadfile)) { if (!$mail->addAttachment($uploadfile, $filename)) { $msg .= 'Failed to attach file '.$image_count.' ' . $filename; } } else { $error_count++; $adds_var = ($error_count > 1 ? 's' : ''); $msg .= "<p>Failed to move image ".$image_count." into the email. This image was too large or corrupted.</p>"; } } /* HTML Email Template*/ ob_start(); include('vendor/htmlemail/index.php'); $mail->Body = ob_get_contents(); ob_end_clean(); // Mail Send Errors or Confirmation if (!$mail->send()) { $msg .= 'Mailer Error: ' . $mail->ErrorInfo; } else { $msg .= ' <br><br><h1 class="entry-title page-title center-text">Tattoo Request Sent!</h1>'; $msg .= ' <div class="last"> <p>Thank you for sharing your dream tattoo details. We appreciate your interest in working with us. Mike Sledz Tattoo will get back to you shortly!</p> </div>'; }}?><!DOCTYPE HTML><html lang="en-US"> <head> <title>Mike Sledz Tattoo | Contact</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="" /> <meta name="keywords" content="" /> <meta name="author" content="" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="robots" content="follow,noindex"> <?php include('head.php'); ?> <!--[if lt IE 9]> <script src="js/html5shiv.js"></script> <script src="js/respond.min.js"></script> <![endif]--> </head> <body class="page-background"> <div class="site-wrapper"> <?php include('nav.php'); ?> <!-- Page Content Holder --> <div id="content" class="site-content"> <div class="content-holder center-relative content-1170"> <?php if ($books == 1) { if (empty($msg)) { ?> <h1 class="entry-title page-title center-text">Request A Tattoo</h1> <p>Please include all necessary information, <em><a target="_blank" href="https://squoosh.app/">consider preparing any large images for email</a>.</em></p> <div class="last"> <div class="contact-form"> <!-- BEGIN FORM STATE --> <form method="post" enctype="multipart/form-data"> <label for="name">Full Name:</label> <input type="text" name="name" id="name" maxlength="255" placeholder="Full Name" required><br> <br> <label for="phone">Phone:</label> <input type="tel" name="phone" id="name" maxlength="15" placeholder="Phone Number" required><br> <br> <label for="email">Email:</label> <input type="email" name="email" id="email" maxlength="255" placeholder="Email" required><br> <br> <label for="message">Tattoo Details <em style="font-size:0.8em;opacity:0.7;">description, where, size, placement</em></label> <textarea cols="30" rows="8" name="message" id="message" placeholder="Tattoo description, where, size, placement" required></textarea><br> <br> <label for="userfile[]">Upload Files <a style="font-size:0.8em;opacity:0.7;" title="20MB Maximum. Holding the ctrl key will allow selection of multiple files">[?]</a></label> <input type="hidden" name="MAX_FILE_SIZE" value="20000000"> <input id="file" type="file" name="userfile[]" multiple="multiple" onchange="javascript:updateList()"> <div id="filelist"></div> <ul> <li>Upload a photo of the location of your body where your tattoo will be placed.</li> <li>Upload any reference photos you may have</li> </ul> <p class="contact-submit-holder"> <input class="agree" type="submit" value="Submit Request"> </p> </form>```Advertisement
Answer
In $mail->setFrom($_POST['email'], $_POST['name']);, replace the $_POST values with a fixed email address which is from your domain. People often use a “noreply@…” type of address for this type of automated email. e.g.:
JavaScript
$mail->setFrom("noreply@yourdomain.com", "Your Company Name");It needn’t be a “real” account with a mailbox necessarily, it just needs to be from the same domain as the server you’re sending it from, otherwise – rightly so – it gets identified as a spoofing / spam attempt.
If you need to know who it came from, put those values into the body of the email. And if you want to be able to hit “reply” and the email go back to the person who filled in the form, put their address in the reply-to header instead – both of which it looks like you’ve already done in this case.