The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php form

Discussion in 'General Discussion' started by Zion Ahead, Apr 23, 2007.

  1. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    I need the php email submit form to work on my server.

    When I submit the form, I receive the error below.

    Method Not Allowed
    The requested method POST is not allowed for the URL /sndinfo.php.

    Code:
    <?php
    	$from_name = $contact_email;	//or $Last_Name, your choice.
    	$from_email = $contact_email;	
    	$to = 'info@someone.com,info2@someone.com';	
    	$subject = 'Question About Dentistry';
    	$bcc_name = 'domain.com';	
    	$bcc_email = 'user@domain.com';	
    	
    	$headers .= 'MIME-Version: 1.0' . "\r\n";
    	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    
    	$SendUserToSucess = "thankyou.htm";
    	$SendUserToFail = "thankyou.htm";
    
    	$blockwords = ("tramad,tramadol,blogspot,porn,gay,persianblog,kotov,Nasonex,Acyclovir,Elavil,Valtrex,Motrin,Lortab,Ultram,Zovirax,Aciphex,Zithromax,Bentyl,Levitra,Allegra,casino,sex,dotmail,donotmail,diet,pills,ringtones,ringtone,shit,beastiality,phentermine,rape,pussy,fucking,slut");
    	$sendMail = true;
    	
    	if(!empty($blockwords) && !empty($_POST))
    	{
      		$useBlocks = explode(",", $blockwords);
      		foreach($useBlocks as $blockWord)
      		{
        		$blockWord = strtolower(trim($blockWord));
    			foreach($_POST as $Name => $Value)
        		{
    				if(is_array($Value))
    				{
    					foreach($Value as $Valuein)
    					{
    						$Valuein = strtolower(trim($Valuein));
    						if(!empty($Valuein) && strpos($Valuein, $blockWord) !== false)
    						{
    							$sendMail = false;
    							break;
    						}
    					}
    				}
    				else
    				{
    					$Value = strtolower(trim($Value));
    					if(!empty($Value) && strpos($Value, $blockWord) !== false)
    					{
    						$sendMail = false;
    						break;
    					}
    				}
        		}
      		}
    	}
    	
    	if($sendMail == true)
    	{
    		$message .= "<table border=0 cellspacing=2 cellpadding=1>";
    		
    		foreach($_POST as $name => $data)
    		{
    			if(is_array($data))
    			{
    				foreach($data as $datum)
    					if($name != 'Submit')
    						$message .= "<tr><td align='right' valign='top'>" . str_replace("_", " ", $name) . ":</td><td>&nbsp;</td><td valign='top'>" . str_replace("\r\n", "<br>", str_replace("\'", "'", str_replace('\"', '"', $datum))) . "</td></tr>";
    			}
    			else
    			{
    				if($name != 'Submit')
    					$message .= "<tr><td align='right' valign='top'>" . str_replace("_", " ", $name) . ":</td><td>&nbsp;</td><td valign='top'>" . str_replace("\r\n", "<br>", str_replace("\'", "'", str_replace('\"', '"', $data))) . "</td></tr>";
    			}
    		}
    		
    		$message .= "</table>";
    
    		if(mail($to, $subject, $message, "$headers \n" . "From: $from_name <$from_email>\n" . "Bcc: $bcc_name <$bcc_email>\n") && $sendMail == true)
            {
                header("location:$SendUserToSucess");
                exit;
    		}
    		else
    			$sendMail = false;
    	}
    	
    	if($sendMail == false)
            {
                header("location:$SendUserToFail");
                exit;
            } 
    ?>
    
    Using php 5.1.4 / centos 4.4
    I'm *not* using phpsuexec
     
    #1 Zion Ahead, Apr 23, 2007
    Last edited: Apr 23, 2007
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    Looks like a .htaccess or VirtualHost directive set to stop the previous page sending $_POST parameters, whats in your .htaccess file?
     
  3. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    are you running the script out of a subfolder or the root?

    Are you running mod_security? if so has that picked up any of the form submissions?
     
  4. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
  5. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    .htaccess does not exist

    <VirtualHost xxx.xxx.70.2>
    ServerAlias domain.com
    ServerAdmin webmaster@domain.com
    DocumentRoot /home/nyrw12/public_html
    BytesLog domlogs/domain.com-bytes_log
    User nyrw12
    Group nyrw12
    ServerName www.domain.com

    User nyrw12
    Group nyrw12
    CustomLog /usr/local/apache/domlogs/domain.com combined
    ScriptAlias /cgi-bin/ /home/nyrw12/public_html/cgi-bin/
    </VirtualHost>
     
  6. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    ok, that doesnt look like the cause, there has to be a directive either in a htaccess or in the httpd.conf somewhere preventing the POST method
     
  7. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    mod_sec log is blank oddly


    # WEB-ATTACKS wget command attempt
    SecFilterSelective THE_REQUEST "wget "

    # WEB-ATTACKS uname -a command attempt
    SecFilterSelective THE_REQUEST "uname -a"

    # WEB-ATTACKS .htgroup access
    SecFilterSelective THE_REQUEST "\.htgroup"

    # WEB-ATTACKS .htaccess access
    SecFilterSelective THE_REQUEST "\.htaccess"

    # WEB-CLIENT Javascript URL host spoofing attempt
    SecFilter "javascript\://"

    # WEB-MISC cross site scripting \(img src=javascript\) attempt
    SecFilter "img src=javascript"

    # WEB-MISC cd..
    SecFilterSelective THE_REQUEST "cd\.\."

    # WEB-MISC ///cgi-bin access
    SecFilterSelective THE_REQUEST "///cgi-bin"

    # WEB-MISC /cgi-bin/// access
    SecFilterSelective THE_REQUEST "/cgi-bin///"

    # WEB-MISC /~root access
    SecFilterSelective THE_REQUEST "/~root"

    # WEB-MISC /~ftp access
    SecFilterSelective THE_REQUEST "/~ftp"

    # WEB-MISC htgrep attempt
    SecFilterSelective THE_REQUEST "/htgrep" chain
    SecFilter "hdr=/"

    # WEB-MISC htgrep access
    SecFilterSelective THE_REQUEST "/htgrep" log,pass

    # WEB-MISC .history access
    SecFilterSelective THE_REQUEST "/\.history"

    # WEB-MISC .bash_history access
    SecFilterSelective THE_REQUEST "/\.bash_history"


    # WEB-MISC /~nobody access
    SecFilterSelective THE_REQUEST "/~nobody"

    # WEB-PHP PHP-Wiki cross site scripting attempt
    SecFilterSelective THE_REQUEST "<script"

    # WEB-PHP strings overflow
    SecFilterSelective THE_REQUEST "\?STRENGUR"

    # WEB-PHP PHPLIB remote command attempt
    SecFilter "_PHPLIB\[libdir\]"



    ***

    <IfModule mod_security.c>
    SecFilterEngine On
    SecFilterCheckURLEncoding On
    SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 0
    SecFilterDefaultAction "deny,log,status:406"
    SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
    Include "/usr/local/apache/conf/modsec.user.conf"
    </IfModule>


    ***
     
  8. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    267
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    Try removing the bcc fields, and check.
     
  9. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    grep your http logs from the shell for the script name:

    grep "file.php" /usr/local/apache/domlogs/domain.com
     
  10. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    I do not have an htaccess file as I stated.

    I've attached an httpd.conf without the virtual hosts, not sure what else to look for

    Using php 5.2.1 now.
     

    Attached Files:

  11. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Code:
    root@server [~]# grep sndinfo.php /usr/local/apache/domlogs/domain.com
    75.74.49.115 - - [23/Apr/2007:08:34:04 -0500] "POST /sndinfo.php HTTP/1.1" 405 324 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    69.113.30.103 - - [23/Apr/2007:09:37:44 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    75.74.49.115 - - [23/Apr/2007:09:45:19 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:09:55:12 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:11:03:09 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:11:38:37 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:14:24:42 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:14:33:22 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:14:33:32 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    69.113.30.103 - - [23/Apr/2007:14:49:06 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    69.113.30.103 - - [23/Apr/2007:14:49:29 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    75.74.49.115 - - [23/Apr/2007:15:05:29 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
    75.74.49.115 - - [23/Apr/2007:15:07:30 -0500] "POST /sndinfo.php HTTP/1.1" 302 5 "http://www.domain.com/contactus.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
     
  12. ckh

    ckh Well-Known Member

    Joined:
    Dec 6, 2003
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Phoenix, AZ
    cPanel Access Level:
    DataCenter Provider
    What's the source for the form that is doing the posting??
     
  13. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Agreed, usually with a method error like this (when it's not apache config) the culprit is the posting page pointing to an invalid page. I do see in your first post you say:
    Could the problem be that leading slash? Weird, but worth a shot. Also weird you got a 405, then 302 errors in your log post...
     
    #13 mctDarren, Apr 24, 2007
    Last edited: Apr 24, 2007
Loading...

Share This Page