php form

**Zion Ahead** · 04-23-2007 09:04 AM

I need the php email submit form to work on my server.

When I submit the form, I receive the error below.

Method Not Allowed
The requested method POST is not allowed for the URL /sndinfo.php.

Code:

<?php
	$from_name = $contact_email;	//or $Last_Name, your choice.
	$from_email = $contact_email;	
	$to = 'info@someone.com,info2@someone.com';	
	$subject = 'Question About Dentistry';
	$bcc_name = 'domain.com';	
	$bcc_email = 'user@domain.com';	
	
	$headers .= 'MIME-Version: 1.0' . "\r\n";
	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

	$SendUserToSucess = "thankyou.htm";
	$SendUserToFail = "thankyou.htm";

	$blockwords = ("tramad,tramadol,blogspot,porn,gay,persianblog,kotov,Nasonex,Acyclovir,Elavil,Valtrex,Motrin,Lortab,Ultram,Zovirax,Aciphex,Zithromax,Bentyl,Levitra,Allegra,casino,sex,dotmail,donotmail,diet,pills,ringtones,ringtone,shit,beastiality,phentermine,rape,pussy,****************ing,slut");
	$sendMail = true;
	
	if(!empty($blockwords) && !empty($_POST))
	{
  		$useBlocks = explode(",", $blockwords);
  		foreach($useBlocks as $blockWord)
  		{
    		$blockWord = strtolower(trim($blockWord));
			foreach($_POST as $Name => $Value)
    		{
				if(is_array($Value))
				{
					foreach($Value as $Valuein)
					{
						$Valuein = strtolower(trim($Valuein));
						if(!empty($Valuein) && strpos($Valuein, $blockWord) !== false)
						{
							$sendMail = false;
							break;
						}
					}
				}
				else
				{
					$Value = strtolower(trim($Value));
					if(!empty($Value) && strpos($Value, $blockWord) !== false)
					{
						$sendMail = false;
						break;
					}
				}
    		}
  		}
	}
	
	if($sendMail == true)
	{
		$message .= "<table border=0 cellspacing=2 cellpadding=1>";
		
		foreach($_POST as $name => $data)
		{
			if(is_array($data))
			{
				foreach($data as $datum)
					if($name != 'Submit')
						$message .= "<tr><td align='right' valign='top'>" . str_replace("_", " ", $name) . ":</td><td>&nbsp;</td><td valign='top'>" . str_replace("\r\n", "<br>", str_replace("\'", "'", str_replace('\"', '"', $datum))) . "</td></tr>";
			}
			else
			{
				if($name != 'Submit')
					$message .= "<tr><td align='right' valign='top'>" . str_replace("_", " ", $name) . ":</td><td>&nbsp;</td><td valign='top'>" . str_replace("\r\n", "<br>", str_replace("\'", "'", str_replace('\"', '"', $data))) . "</td></tr>";
			}
		}
		
		$message .= "</table>";

		if(mail($to, $subject, $message, "$headers \n" . "From: $from_name <$from_email>\n" . "Bcc: $bcc_name <$bcc_email>\n") && $sendMail == true)
        {
            header("location:$SendUserToSucess");
            exit;
		}
		else
			$sendMail = false;
	}
	
	if($sendMail == false)
        {
            header("location:$SendUserToFail");
            exit;
        } 
?>

Using php 5.1.4 / centos 4.4
I'm *not* using phpsuexec

**nickp666** · 04-23-2007 02:51 PM

Looks like a .htaccess or VirtualHost directive set to stop the previous page sending $_POST parameters, whats in your .htaccess file?

**nickp666** · 04-23-2007 02:56 PM

are you running the script out of a subfolder or the root?

Are you running mod_security? if so has that picked up any of the form submissions?

**nickp666** · 04-23-2007 02:57 PM

Poxy vbulletin - See above

**Zion Ahead** · 04-23-2007 03:03 PM

.htaccess does not exist

<VirtualHost xxx.xxx.70.2>
ServerAlias domain.com
ServerAdmin webmaster@domain.com
DocumentRoot /home/nyrw12/public_html
BytesLog domlogs/domain.com-bytes_log
User nyrw12
Group nyrw12
ServerName www.domain.com

User nyrw12
Group nyrw12
CustomLog /usr/local/apache/domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/nyrw12/public_html/cgi-bin/
</VirtualHost>

**nickp666** · 04-23-2007 03:14 PM

ok, that doesnt look like the cause, there has to be a directive either in a htaccess or in the httpd.conf somewhere preventing the POST method

**Zion Ahead** · 04-23-2007 03:20 PM

mod_sec log is blank oddly

# WEB-ATTACKS wget command attempt
SecFilterSelective THE_REQUEST "wget "

# WEB-ATTACKS uname -a command attempt
SecFilterSelective THE_REQUEST "uname -a"

# WEB-ATTACKS .htgroup access
SecFilterSelective THE_REQUEST "\.htgroup"

# WEB-ATTACKS .htaccess access
SecFilterSelective THE_REQUEST "\.htaccess"

# WEB-CLIENT Javascript URL host spoofing attempt
SecFilter "javascript\://"

# WEB-MISC cross site scripting $img src=javascript$ attempt
SecFilter "img src=javascript"

# WEB-MISC cd..
SecFilterSelective THE_REQUEST "cd\.\."

# WEB-MISC ///cgi-bin access
SecFilterSelective THE_REQUEST "///cgi-bin"

# WEB-MISC /cgi-bin/// access
SecFilterSelective THE_REQUEST "/cgi-bin///"

# WEB-MISC /~root access
SecFilterSelective THE_REQUEST "/~root"

# WEB-MISC /~ftp access
SecFilterSelective THE_REQUEST "/~ftp"

# WEB-MISC htgrep attempt
SecFilterSelective THE_REQUEST "/htgrep" chain
SecFilter "hdr=/"

# WEB-MISC htgrep access
SecFilterSelective THE_REQUEST "/htgrep" log,pass

# WEB-MISC .history access
SecFilterSelective THE_REQUEST "/\.history"

# WEB-MISC .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history"

# WEB-MISC /~nobody access
SecFilterSelective THE_REQUEST "/~nobody"

# WEB-PHP PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script"

# WEB-PHP strings overflow
SecFilterSelective THE_REQUEST "\?STRENGUR"

# WEB-PHP PHPLIB remote command attempt
SecFilter "_PHPLIB\[libdir\]"

***

<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec.user.conf"
</IfModule>

***

**Vinayak** · 04-23-2007 03:20 PM

Try removing the bcc fields, and check.

**nickp666** · 04-23-2007 03:22 PM

grep your http logs from the shell for the script name:

grep "file.php" /usr/local/apache/domlogs/domain.com

**Zion Ahead** · 04-23-2007 03:28 PM

I do not have an htaccess file as I stated.

I've attached an httpd.conf without the virtual hosts, not sure what else to look for

Using php 5.2.1 now.

**Zion Ahead** · 04-23-2007 03:36 PM

Code:

root@server [~]# grep sndinfo.php /usr/local/apache/domlogs/domain.com
75.74.49.115 - - [23/Apr/2007:08:34:04 -0500] "POST /sndinfo.php HTTP/1.1" 405 324 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
69.113.30.103 - - [23/Apr/2007:09:37:44 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
75.74.49.115 - - [23/Apr/2007:09:45:19 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:09:55:12 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:11:03:09 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:11:38:37 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:14:24:42 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:14:33:22 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:14:33:32 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
69.113.30.103 - - [23/Apr/2007:14:49:06 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
69.113.30.103 - - [23/Apr/2007:14:49:29 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
75.74.49.115 - - [23/Apr/2007:15:05:29 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
75.74.49.115 - - [23/Apr/2007:15:07:30 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"

**ckh** · 04-24-2007 12:36 AM

What's the source for the form that is doing the posting??

**serversphere** · 04-24-2007 06:36 AM

Originally Posted by ckh

What's the source for the form that is doing the posting??

Agreed, usually with a method error like this (when it's not apache config) the culprit is the posting page pointing to an invalid page. I do see in your first post you say:

Method Not Allowed
The requested method POST is not allowed for the URL /sndinfo.php.

Could the problem be that leading slash? Weird, but worth a shot. Also weird you got a 405, then 302 errors in your log post...

LinkBack

Thread Tools

php form

Ffs

PHP Contact Form

Email PHP form

PHP form mail not being transmitted in PHP 5.0.4

PHP Form Processing Help