it was working, now it's not

[dhouston]

is there a php programmer who's willing to look at my application?

It goes to an email where an autoreply message is generated. However, the email_it_from is not pulling the correct email address. Instead of it pulling the email address of the person sending the application, it's pulling a secure email address through my host which is godaddy.

It was working on October 3, now it's not. My application is located at www.crossroadstravel.org/application/application.php

[seandisanti]

we can't see your php code by going to your site. you have to include it in your post (preferably surrounded by code tags) in order for us to be of any service beyond speculation.

[dhouston]

<?php
/*
Author
*/


// YOU DO NOT NEED TO CHANGE ANYTHING IN HERE //
include "_validation.php";
$server_validation = true;
include "_configuration.php";
include "_edcrypt.php";

// set-up redirect page
if($send_back_to_form == "yes") {
$redirect_to = $form_page_name."?done=1";
} else {
$redirect_to = $success_page;
}


// make sure we dont have any extra fields
foreach($_POST as $field_name => $field_value) {

if(!in_array($field_name,$fieldlist) && $field_name != "process_f" && $field_name != "answer_p" && $field_name != "enc") {
error_found("unexpected field found: $field_name",$failure_accept_message,$failure_page);
die();
}

}


$out = $reqobj->out();
$val = new validate($out, $_POST);
if($val->error) {
$er = $val->error_string;
error_found($er,$failure_accept_message,$failure_page);
die();
}


if(preg_match("/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i", $email_it_from) && !is_array($email_it_from)) {
$email_it_from= $_POST[$email_it_from];
}

// check for any hacking attempts
class clean {
function comments($message) {
$this->naughty = false;
$this->message = $message;
$bad = array("content-type","bcc:","to:","cc:","href");
$for = array("%0a", "%0d");


// check for HTML/Scripts
$length_was = strlen($this->message);
$this->message = strip_tags($this->message);
if(strlen($this->message) < $length_was) {
$this->naughty = true;
}
}
} // class


// function to handle errors
function error_found($mes,$failure_accept_message,$failure_page) {
if($failure_accept_message == "yes") {
// $qstring = "?prob=".urlencode(base64_encode($mes));
$qstring = "?prob=".urlencode(base64_encode($mes));
} else {
$qstring = "";
}
$error_page_url = $failure_page."".$qstring;
header("Location: $error_page_url");
die();
}










/* validate the encrypted strings */
$dec = false;
$valid = false;

$dec = valEncStr(trim($_POST['enc']), $mkMine);
if($dec == true) {
$valid = true;
} else {
$er = "Field data was incorrect.<br />$dec";
error_found($er,$failure_accept_message,$failure_page);
die();
}


// check the spam question has the correct answer
$ans_one = $_POST['answer_out'];
$fa = new encdec($set_a, $set_b);
$ans_two = $fa->decrypt($_POST['answer_p']);

if($ans_one === $ans_two) {
$valid = true;
} else {
// give a random response
$er = array('Your spam prevention answer was wrong.',
'Your spam prevention answer was not accepted.',
'Sorry but your spam prevention reply was wrong.',
'Your response to spam challenge question was incorrect.');
error_found($er[rand(0,3)],$failure_accept_message,$failure_page);
die();
}



if($valid) {
$email_message = "Please find below a message submitted on ".date("Y-m-d")." at ".date("H:i")."\n\n";

// loop through all form fields submitted
// ignore all fields used for security measures
foreach($_POST as $field_name => $field_value) {
if($field_name == "answer_out" || $field_name == "answer_p" || $field_name == "enc" || $field_name == "process" || $field_name == "process_f") {
// do not email these security details
} else {
// run all submitted content through string checker
// removing any dangerous code
if(is_array($field_value)) {
$this_val = '';
$fvac = count($field_value);
$fvaci=0;
foreach($field_value as $fva) {
$fvaci++;
$this_val .= $fva;
if($fvaci < $fvac) {
$this_val .= ", ";
}
}
} else {
$ms = new clean;
$ms->comments($field_value);
$is_naughty = $ms->naughty;
$this_val = $ms->message;
}
$email_message .= $field_name.": ".$this_val."\n\n";
}
}


$email_message .= "Senders IP Address: ".$_SERVER['REMOTE_ADDR']."\n\n";


if($is_naughty) {
if($accept_suspected_hack == "yes") {
// continue
} else {
// pretend the email was sent
header("Location: $redirect_to");
die();
}
$email_subject = $email_suspected_spam;
}


// create email headers
$headers = 'From: '.$email_it_from."\r\n" .
'Reply-To: '.$email_it_from."\r\n" .
'X-Mailer: PHP/' . phpversion();


if(is_array($email_it_to)) {
foreach($email_it_to as $email_it_to_element) {
@mail($email_it_to_element, $email_subject, $email_message, $headers);
}
} else {
@mail($email_it_to, $email_subject, $email_message, $headers);
}

// redirect
header("Location: $redirect_to");
die("<script>location.replace('$redirect_to')</script>");
}
?>

[seandisanti]

Ok, i looked at the site, and the code provided, and i'm not seeing your issue. you have the sender's email saved in $_POST['email'] by looking at the html on your link. Are you trying to have your script actually send the email AS the person filling out the form? I don't think you can do that...