views:

52

answers:

1

Everytime I test the email is send correctly. (I have tested in PC: IE6, IE7, IE8, Safari, Firefox, Chrome. MAC: Safari, Firefox, Chrome.)

Nome: Jon Doe
Empresa: Star 
Cargo: Developer
Email:  [email protected]
Telefone: 090909222988
Assunto:  Subject here..

But I keep recieving emails like this from costumers:

Nome:
Empresa:
Cargo:
Email:
Telefone:
Assunto:

CONTACT_FORM.PHP

    <form name="frm" id="frm">                
    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >Nome<font style="color:#EE3063;">*</font></div>
    <div  class="campoFormulario inputDeCampo" ><input class="texto textocinzaescuro"  size="31" name="Cnome" id="Cnome" value=""/></div>


    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >Empresa<font style="color:#EE3063;">*</font></div>
    <div  class="campoFormulario inputDeCampo" ><input class="texto textocinzaescuro"  size="31"  name="CEmpresa"  id="CEmpresa" value=""/></div>

    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >Cargo</div>
    <div  class="campoFormulario inputDeCampo" ><input class="texto textocinzaescuro"  size="31"  name="CCargo" id="CCargo" value=""/></div>

    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >Email<font style="color:#EE3063;">*</font></div>
    <div  class="campoFormulario inputDeCampo" ><input class="texto textocinzaescuro"  size="31"  name="CEmail" id="CEmail" value=""/></div>


    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >Telefone</div>
    <div  class="campoFormulario inputDeCampo" ><input class="texto textocinzaescuro"  size="31"  name="CTelefone" id="CTelefone" value=""/></div>

    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >Assunto<font style="color:#EE3063;">*</font></div>
    <div  class="campoFormulario inputDeCampo" ><textarea class="texto textocinzaescuro"  name="CAssunto" id="CAssunto" rows="2" cols="28"></textarea></div>

    <div  class="campoFormulario nomeDeCampo texto textocinzaescuro" >&nbsp;</div>
    <div  class="campoFormulario inputDeCampo" style="text-align:right;" ><input id="Cbutton" class="texto textocinzaescuro"  type="submit" name="submit" value="Enviar" /></div>
    </form>





<script type="text/javascript">

$(function() {
    $("#Cbutton").click(function() {

      if(validarForm()){
           var Cnome = $("input#Cnome").val(); 
           var CEmpresa = $("input#CEmpresa").val(); 
           var CEmail = $("input#CEmail").val();
           var CCargo = $("input#CCargo").val(); 
           var CTelefone = $("input#CTelefone").val(); 
           var CAssunto = $("textarea#CAssunto").val(); 


          var dataString = 'nome='+ Cnome + '&Empresa=' + CEmpresa + '&Email=' + CEmail + '&Cargo=' + CCargo + '&Telefone=' + CTelefone + '&Assunto=' + CAssunto;
          //alert (dataString);return false;

          $.ajax({
        type: "POST",
        url: "http://www.myserver.com/index.php/pt/envia", 
        data: dataString,
        success: function() {
          $('#frm').remove();
          $('#blocoform').append("<br />Obrigado. <img id='checkmark' src='http://www.myserver.com/public/images/estrutura/ok.gif' /><br />Será contactado brevemente.<br /><br /><br /><br /><br /><br />")
          .hide()
          .fadeIn(1500);

        }
          });
     } 
     return false; 

    });


  });

function validarForm(){
    var error = 0;

    if(!validateNome(document.getElementById("Cnome"))){ error = 1 ;}            
    if(!validateNome(document.getElementById("CEmpresa"))){ error = 1 ;}           
    if(!validateEmail(document.getElementById("CEmail"))){ error = 1 ;}            
        if(!validateNome(document.getElementById("CAssunto"))){ error = 1 ;}            

     if(error == 0){
        //frm.submit();
            return true;
     }else{
            alert('Preencha os campos correctamente.');
            return false;
         }
    }

function validateNome(fld){
        if( fld.value.length == 0  ){
        fld.style.backgroundColor = '#FFFFCC';
        //alert('Descrição é um campo obrigatório.');
        return false;
        }else {
           fld.style.background = 'White';
       return true;
        }
}

function trim(s)
{
  return s.replace(/^\s+|\s+$/, '');
}

function validateEmail(fld) {
    var tfld = trim(fld.value);                       
    var emailFilter = /^[^@]+@[^@.]+\.[^@]*\w\w$/ ;
    var illegalChars= /[\(\)\<\>\,\;\:\\\"\[\]]/ ;

    if (fld.value == "") {
        fld.style.background = '#FFFFCC';
            //alert('Email é um campo obrigatório.');
        return false;
    } else if (!emailFilter.test(tfld)) {
            //alert('Email inválido.');
        fld.style.background = '#FFFFCC';
        return false;
    } else if (fld.value.match(illegalChars)) {
        fld.style.background = '#FFFFCC';
            //alert('Email inválido.');
        return false;
    } else {
        fld.style.background = 'White';
       return true;
    }
}
</script>

FUNCTION ENVIA (email sender):

function envia()
    {
        $this->load->helper(array('form', 'url'));

        $nome = $_POST['nome'];
        $empresa = $_POST['Empresa'];
        $cargo = $_POST['Cargo'];
        $email = $_POST['Email'];
        $telefone = $_POST['Telefone'];
        $assunto = $_POST['Assunto'];

        $mensagem =     "   Nome:".$nome."
    Empresa:".$empresa."
    Cargo:".$cargo."
    Email:".$email."
    Telefone:".$telefone."
    Assunto:".$assunto."";

    $headers = 'From: [email protected]' . "\r\n" .
'Reply-To: no-reply' . "\r\n" .
'X-Mailer: PHP/' . phpversion();

        mail('[email protected]', $mensagem, $headers);

    }
+2  A: 

You are doing only client-side validation. Turn off javascript in your browser, and click 'submit' on the form without doing anything else. You'll get a blank email.

Client-side validation is only half the story. It's nice, but consider it optional. As far as the server goes, anything coming in _POST _GET _COOKIE etc is hostile. Validate it (if you're using client-side validation, then yes, you are validating it twice) and sanitize it and only then use it.

gregmac
The _POST done in jquery (javascript). Then when I turn off javascript in my browser nothing happens, because nothing is _POSTed.
Code Burn