0

I have the following html and php codes for my contact form. At first when website was uploaded live it worked. After a few days I noticed the contact form was giving 403 forbidden error on submit. I've changed the file permission to 755 and it worked for a short time and then went back to 403 forbidden. Not sure if something wrong with my php or html. Please help.

HTML Code: 

<form action="email.php" method="post">
            <div class="col-md-12">
                <div class="row">
                    <div class="col-md-6">
                        <div class="form-group">
                            <input type="text" class="form-control" name="first-name" placeholder="First Name">
                        </div>
                    </div>
                    <div class="col-md-6">
                        <div class="form-group">
                            <input type="text" class="form-control" name="last-name" placeholder="Last Name">
                        </div>
                    </div>
                    <div class="col-md-6">
                        <div class="form-group">
                            <input type="text" class="form-control" name="email" placeholder="Email">
                        </div>
                    </div>
                    <div class="col-md-6">
                        <div class="form-group">
                            <input type="number" class="form-control" name="phone" placeholder="Phone">
                        </div>
                    </div>
                    <div class="col-md-12">
                        <div class="form-group">
                            <textarea name="message" class="form-control" id="" cols="30" rows="7" placeholder="Message"></textarea>
                        </div>
                    </div>
                    <div class="col-md-12">
                        <div class="form-group">
                            <input type="submit" value="Send Message" class="btn btn-primary">
                        </div>
                    </div>
                </div>
            </div>
            </form>

PHP Code: 

<?php 
$firstname = $_POST['first-name'];
$lastname = $_POST['last-name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = $_POST['message'];
$formcontent="From: $firstname $lastname \n Email: $email \n Phone: $phone 
\n Message: $message";
$recipient = "main@yaxcheadventuretours.com";
$subject = "Contact Form from $firstname $lastname";
$mailheader = "From: $firstname $lastname $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo' 
<script>
window.onload = function() {
    alert("Thank You for reaching out to us!");
    location.href = "contact.html";
}
</script>
';
?>
BuSol Consulting
  • 3
  • 3

3 Answers3

0

10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.

My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.

Gustavo A Garcia
  • 178
  • 1
  • 8
0

Try to look into server error log which will help you and you can get the detailed information from there

Also, you are redirecting to contact.html page

location.href = "contact.html";

Check if the .htaccess has any restriction to .html file

If you are not seeing this file then you can change setting to view hidden files.

Zoe
  • 27,060
  • 21
  • 118
  • 148
Akhilesh
  • 927
  • 1
  • 6
  • 21
  • The .htaccess file is empty. The server error says the following: – BuSol Consulting Nov 23 '18 at 20:01
  • PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6 – BuSol Consulting Nov 23 '18 at 20:04
  • OK so these errors are not related to it. Are you using any framework ? – Akhilesh Nov 24 '18 at 02:25
  • Just sass and bootsrap – BuSol Consulting Nov 24 '18 at 04:01
0

I have the same problem and i solved with encode the textarea value with js and send it like this:

<form onsubmit="return validateForm()" method="post"
      action="...">

    <textarea id="text0" name="text0"></textarea>

    <input type="hidden" name="t0" id="t0"/>
    
    <button id="form_submit_btn" type="submit">
        create
    </button>
</form>

encode content and don't forget clear textarea value

function validateForm() {
        var text0 = document.getElementById('text0');
        var t0 = document.getElementById('t0');
        
        t0.value = b64EncodeUnicode(text0.value);
        $("#text0").empty();
        
        return true;
    }

function b64EncodeUnicode(str) {
        return btoa(encodeURIComponent(str).replace(/%([0-9A-F]{2})/g,
            function toSolidBytes(match, p1) {
                return String.fromCharCode('0x' + p1);
            }));
    }

and finally, get data and decode in php

$t0 = $_POST['t0'];
$t0 = base64_decode($t0);

you can read this answer also :link

if didn't work just empty your textare before submit or put it out of form

m.sajjad.s
  • 711
  • 7
  • 19