Hi

I use a script on our site for property, campsites for sale etc

When someone makes an enquiry and they make contact, how do I allow it to send the enquiry to me as well as the ad owner?

I'm looking at the page that has the enquiry form and reckon its somewhere within here that I add my email address so it sends me a copy.

echo "<p>";
echo "<a name='contact'></a>";
echo "<form action='mailme.php' method='post' target='_blank'>";
echo "<table class='detailTable' cellspacing=0 border=0 width='90%'>";
echo "<tr>";
echo "<td class='subHeader' colspan=2>Reply to Ad</td>";
echo "</tr>";
echo "<tr>";
echo "<td width='30%'><strong>Contact</strong></td><td>".$member['FName']. " " .$member['LName']."</td>";
echo "</tr><tr>";
echo "<td>Your Email</td><td><input type='text' name='from' validate='email' required='yes' message='Enter Email Address.'></td>";
echo "</tr><tr>";
echo "<td>Subject</td><td><input type='text' name='subject' size='40' validate='text' required='yes' message='Enter Subject.'></td>";
echo "</tr><tr>";
echo "<td>Message</td><td><textarea style='width:100%;height:70px' name='message' >";
echo "Please contact me regarding the following ad: $adurl";
echo "</textarea></td>";
echo "</tr><tr>";
echo "<td>&nbsp;</td><td><input type='submit' onClick='validate(this.form); return document.formSubmit;' value='Send'></td>";
echo "</tr>";
echo "</table>";
echo "<input type='hidden' name='to' value='".$member['Email']."'>";
echo "<input type='hidden' name='oktosend' value='yes'>";
echo "</form>";
echo "</p>";

Cheers
Lee

That is only the form for the user to fill out. You would add your email address within the actual script that processess the form data and sends the email...which will probably be the mail() function on the "mailme.php" page that this form is posting to.

Cheers

Heres the mailme script, what and where can I add my email address?

$max_emails_per_user = 5;

$from = $_POST["from"];
$from = urldecode($from);
if (eregi("\r",$from) || eregi("\n",$from)){
die("No Email Injection Allowed");
}


session_start();
require('mysql.ini.php');
$safePHP = new safePHP();
$post = $safePHP->getSafe($_POST);

$from = $post["from"];
$from = urldecode($from);
if (eregi("\r",$from) || eregi("\n",$from)){
die("No Email Injection Allowed");
}

if($post['oktosend'] == 'yes'){

if( (!isset($_SESSION['sentemails'])) || ($_SESSION['sentemails'] == "") ){
session_register("sentemails");
$_SESSION['sentemails'] = 1;
}
else{
$_SESSION['sentemails'] = intval($_SESSION['sentemails']) + 1;
}

if(intval($_SESSION['sentemails']) > $max_emails_per_user){
echo "<font color='red'>Sorry for security reasons the max number emails for your session has been reached.</font>";
die();
}

$sent = mail($post['to'],$post['subject'],$post['message'],'FROM:'.$post['from']);
if($sent){
echo "<script>alert('Message Sent');window.close();</script>";
}
else{
echo "<h4>Failed to send message</h4>";
}
}

Thanks
Lee

I would do this at the top

$from = $_POST["from"];
$from = urldecode($from);
//add these two lines at the top
$to = $_POST['to'];
$to .= ", me@myaddress.com";
......


and change the mail function at the bottom

$sent = mail($to,$post['subject'],$post['message'],'FROM:'.$post['from']);


Although you could add your address in the form itself, someone would see the message going to multiple recipients by viewing source of the page...and you may want to keep your address private and not be visible in the page source.

This code will however show your address on the recipients email when he receives it. If you want to hide your address from the recipient, you have to change the headers and use the BCC: in the headers, or create a separate mail function to alert you that this message was set to whoever...

Not tried it yet but thanks, really appreciate it

I don't think including my email will be much of a problem


How else can I do it, you mention BCC etc i've no idea on this.

Cheers
Lee

$sent = mail($post['to'],$post['subject'],$post['message'],'FROM:'.$post['from']);This is wrong. Your mailexchanger is not authoritative for the "FROM" domain and hence should not be claiming to be. Send the email from a domain for which the mailexchanger has authority and include the sender details in the body of the mail.