Contact form give 403 Forbidden Access on Submit












0















I have the following html and php codes for my contact form. At first when website was uploaded live it worked. After a few days I noticed the contact form was giving 403 forbidden error on submit. I've changed the file permission to 755 and it worked for a short time and then went back to 403 forbidden. Not sure if something wrong with my php or html. Please help.



HTML Code:



<form action="email.php" method="post">
<div class="col-md-12">
<div class="row">
<div class="col-md-6">
<div class="form-group">
<input type="text" class="form-control" name="first-name" placeholder="First Name">
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<input type="text" class="form-control" name="last-name" placeholder="Last Name">
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<input type="text" class="form-control" name="email" placeholder="Email">
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<input type="number" class="form-control" name="phone" placeholder="Phone">
</div>
</div>
<div class="col-md-12">
<div class="form-group">
<textarea name="message" class="form-control" id="" cols="30" rows="7" placeholder="Message"></textarea>
</div>
</div>
<div class="col-md-12">
<div class="form-group">
<input type="submit" value="Send Message" class="btn btn-primary">
</div>
</div>
</div>
</div>
</form>


PHP Code:



<?php 
$firstname = $_POST['first-name'];
$lastname = $_POST['last-name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = $_POST['message'];
$formcontent="From: $firstname $lastname n Email: $email n Phone: $phone
n Message: $message";
$recipient = "main@yaxcheadventuretours.com";
$subject = "Contact Form from $firstname $lastname";
$mailheader = "From: $firstname $lastname $email rn";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo'
<script>
window.onload = function() {
alert("Thank You for reaching out to us!");
location.href = "contact.html";
}
</script>
';
?>









share|improve this question



























    0















    I have the following html and php codes for my contact form. At first when website was uploaded live it worked. After a few days I noticed the contact form was giving 403 forbidden error on submit. I've changed the file permission to 755 and it worked for a short time and then went back to 403 forbidden. Not sure if something wrong with my php or html. Please help.



    HTML Code:



    <form action="email.php" method="post">
    <div class="col-md-12">
    <div class="row">
    <div class="col-md-6">
    <div class="form-group">
    <input type="text" class="form-control" name="first-name" placeholder="First Name">
    </div>
    </div>
    <div class="col-md-6">
    <div class="form-group">
    <input type="text" class="form-control" name="last-name" placeholder="Last Name">
    </div>
    </div>
    <div class="col-md-6">
    <div class="form-group">
    <input type="text" class="form-control" name="email" placeholder="Email">
    </div>
    </div>
    <div class="col-md-6">
    <div class="form-group">
    <input type="number" class="form-control" name="phone" placeholder="Phone">
    </div>
    </div>
    <div class="col-md-12">
    <div class="form-group">
    <textarea name="message" class="form-control" id="" cols="30" rows="7" placeholder="Message"></textarea>
    </div>
    </div>
    <div class="col-md-12">
    <div class="form-group">
    <input type="submit" value="Send Message" class="btn btn-primary">
    </div>
    </div>
    </div>
    </div>
    </form>


    PHP Code:



    <?php 
    $firstname = $_POST['first-name'];
    $lastname = $_POST['last-name'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];
    $message = $_POST['message'];
    $formcontent="From: $firstname $lastname n Email: $email n Phone: $phone
    n Message: $message";
    $recipient = "main@yaxcheadventuretours.com";
    $subject = "Contact Form from $firstname $lastname";
    $mailheader = "From: $firstname $lastname $email rn";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    echo'
    <script>
    window.onload = function() {
    alert("Thank You for reaching out to us!");
    location.href = "contact.html";
    }
    </script>
    ';
    ?>









    share|improve this question

























      0












      0








      0








      I have the following html and php codes for my contact form. At first when website was uploaded live it worked. After a few days I noticed the contact form was giving 403 forbidden error on submit. I've changed the file permission to 755 and it worked for a short time and then went back to 403 forbidden. Not sure if something wrong with my php or html. Please help.



      HTML Code:



      <form action="email.php" method="post">
      <div class="col-md-12">
      <div class="row">
      <div class="col-md-6">
      <div class="form-group">
      <input type="text" class="form-control" name="first-name" placeholder="First Name">
      </div>
      </div>
      <div class="col-md-6">
      <div class="form-group">
      <input type="text" class="form-control" name="last-name" placeholder="Last Name">
      </div>
      </div>
      <div class="col-md-6">
      <div class="form-group">
      <input type="text" class="form-control" name="email" placeholder="Email">
      </div>
      </div>
      <div class="col-md-6">
      <div class="form-group">
      <input type="number" class="form-control" name="phone" placeholder="Phone">
      </div>
      </div>
      <div class="col-md-12">
      <div class="form-group">
      <textarea name="message" class="form-control" id="" cols="30" rows="7" placeholder="Message"></textarea>
      </div>
      </div>
      <div class="col-md-12">
      <div class="form-group">
      <input type="submit" value="Send Message" class="btn btn-primary">
      </div>
      </div>
      </div>
      </div>
      </form>


      PHP Code:



      <?php 
      $firstname = $_POST['first-name'];
      $lastname = $_POST['last-name'];
      $email = $_POST['email'];
      $phone = $_POST['phone'];
      $message = $_POST['message'];
      $formcontent="From: $firstname $lastname n Email: $email n Phone: $phone
      n Message: $message";
      $recipient = "main@yaxcheadventuretours.com";
      $subject = "Contact Form from $firstname $lastname";
      $mailheader = "From: $firstname $lastname $email rn";
      mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
      echo'
      <script>
      window.onload = function() {
      alert("Thank You for reaching out to us!");
      location.href = "contact.html";
      }
      </script>
      ';
      ?>









      share|improve this question














      I have the following html and php codes for my contact form. At first when website was uploaded live it worked. After a few days I noticed the contact form was giving 403 forbidden error on submit. I've changed the file permission to 755 and it worked for a short time and then went back to 403 forbidden. Not sure if something wrong with my php or html. Please help.



      HTML Code:



      <form action="email.php" method="post">
      <div class="col-md-12">
      <div class="row">
      <div class="col-md-6">
      <div class="form-group">
      <input type="text" class="form-control" name="first-name" placeholder="First Name">
      </div>
      </div>
      <div class="col-md-6">
      <div class="form-group">
      <input type="text" class="form-control" name="last-name" placeholder="Last Name">
      </div>
      </div>
      <div class="col-md-6">
      <div class="form-group">
      <input type="text" class="form-control" name="email" placeholder="Email">
      </div>
      </div>
      <div class="col-md-6">
      <div class="form-group">
      <input type="number" class="form-control" name="phone" placeholder="Phone">
      </div>
      </div>
      <div class="col-md-12">
      <div class="form-group">
      <textarea name="message" class="form-control" id="" cols="30" rows="7" placeholder="Message"></textarea>
      </div>
      </div>
      <div class="col-md-12">
      <div class="form-group">
      <input type="submit" value="Send Message" class="btn btn-primary">
      </div>
      </div>
      </div>
      </div>
      </form>


      PHP Code:



      <?php 
      $firstname = $_POST['first-name'];
      $lastname = $_POST['last-name'];
      $email = $_POST['email'];
      $phone = $_POST['phone'];
      $message = $_POST['message'];
      $formcontent="From: $firstname $lastname n Email: $email n Phone: $phone
      n Message: $message";
      $recipient = "main@yaxcheadventuretours.com";
      $subject = "Contact Form from $firstname $lastname";
      $mailheader = "From: $firstname $lastname $email rn";
      mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
      echo'
      <script>
      window.onload = function() {
      alert("Thank You for reaching out to us!");
      location.href = "contact.html";
      }
      </script>
      ';
      ?>






      php






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 23 '18 at 18:16









      BuSol ConsultingBuSol Consulting

      32




      32
























          2 Answers
          2






          active

          oldest

          votes


















          0














          10.4.4 403 Forbidden



          The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.



          The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.



          My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.






          share|improve this answer































            0














            Try to look into server error log which will help you and you can get the detailed information from there



            Also, you are redirecting to contact.html page



            location.href = "contact.html";


            Check if the .htaccess has any restriction to .html file



            If you are not seeing this file then you can change setting to view hidden files.






            share|improve this answer


























            • The .htaccess file is empty. The server error says the following:

              – BuSol Consulting
              Nov 23 '18 at 20:01













            • PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

              – BuSol Consulting
              Nov 23 '18 at 20:04











            • OK so these errors are not related to it. Are you using any framework ?

              – Akhilesh
              Nov 24 '18 at 2:25













            • Just sass and bootsrap

              – BuSol Consulting
              Nov 24 '18 at 4:01











            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53451361%2fcontact-form-give-403-forbidden-access-on-submit%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            10.4.4 403 Forbidden



            The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.



            The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.



            My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.






            share|improve this answer




























              0














              10.4.4 403 Forbidden



              The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.



              The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.



              My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.






              share|improve this answer


























                0












                0








                0







                10.4.4 403 Forbidden



                The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.



                The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.



                My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.






                share|improve this answer













                10.4.4 403 Forbidden



                The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.



                The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.



                My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 23 '18 at 18:23









                GusGus

                847




                847

























                    0














                    Try to look into server error log which will help you and you can get the detailed information from there



                    Also, you are redirecting to contact.html page



                    location.href = "contact.html";


                    Check if the .htaccess has any restriction to .html file



                    If you are not seeing this file then you can change setting to view hidden files.






                    share|improve this answer


























                    • The .htaccess file is empty. The server error says the following:

                      – BuSol Consulting
                      Nov 23 '18 at 20:01













                    • PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

                      – BuSol Consulting
                      Nov 23 '18 at 20:04











                    • OK so these errors are not related to it. Are you using any framework ?

                      – Akhilesh
                      Nov 24 '18 at 2:25













                    • Just sass and bootsrap

                      – BuSol Consulting
                      Nov 24 '18 at 4:01
















                    0














                    Try to look into server error log which will help you and you can get the detailed information from there



                    Also, you are redirecting to contact.html page



                    location.href = "contact.html";


                    Check if the .htaccess has any restriction to .html file



                    If you are not seeing this file then you can change setting to view hidden files.






                    share|improve this answer


























                    • The .htaccess file is empty. The server error says the following:

                      – BuSol Consulting
                      Nov 23 '18 at 20:01













                    • PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

                      – BuSol Consulting
                      Nov 23 '18 at 20:04











                    • OK so these errors are not related to it. Are you using any framework ?

                      – Akhilesh
                      Nov 24 '18 at 2:25













                    • Just sass and bootsrap

                      – BuSol Consulting
                      Nov 24 '18 at 4:01














                    0












                    0








                    0







                    Try to look into server error log which will help you and you can get the detailed information from there



                    Also, you are redirecting to contact.html page



                    location.href = "contact.html";


                    Check if the .htaccess has any restriction to .html file



                    If you are not seeing this file then you can change setting to view hidden files.






                    share|improve this answer















                    Try to look into server error log which will help you and you can get the detailed information from there



                    Also, you are redirecting to contact.html page



                    location.href = "contact.html";


                    Check if the .htaccess has any restriction to .html file



                    If you are not seeing this file then you can change setting to view hidden files.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Nov 23 '18 at 19:00









                    Zoe

                    11.3k74078




                    11.3k74078










                    answered Nov 23 '18 at 18:30









                    AkhileshAkhilesh

                    626




                    626













                    • The .htaccess file is empty. The server error says the following:

                      – BuSol Consulting
                      Nov 23 '18 at 20:01













                    • PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

                      – BuSol Consulting
                      Nov 23 '18 at 20:04











                    • OK so these errors are not related to it. Are you using any framework ?

                      – Akhilesh
                      Nov 24 '18 at 2:25













                    • Just sass and bootsrap

                      – BuSol Consulting
                      Nov 24 '18 at 4:01



















                    • The .htaccess file is empty. The server error says the following:

                      – BuSol Consulting
                      Nov 23 '18 at 20:01













                    • PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

                      – BuSol Consulting
                      Nov 23 '18 at 20:04











                    • OK so these errors are not related to it. Are you using any framework ?

                      – Akhilesh
                      Nov 24 '18 at 2:25













                    • Just sass and bootsrap

                      – BuSol Consulting
                      Nov 24 '18 at 4:01

















                    The .htaccess file is empty. The server error says the following:

                    – BuSol Consulting
                    Nov 23 '18 at 20:01







                    The .htaccess file is empty. The server error says the following:

                    – BuSol Consulting
                    Nov 23 '18 at 20:01















                    PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

                    – BuSol Consulting
                    Nov 23 '18 at 20:04





                    PHP Notice: Undefined index: first-name in /home/yaxche/public_html/email.php on line 2 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: last-name in /home/yaxche/public_html/email.php on line 3 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: email in /home/yaxche/public_html/email.php on line 4 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: phone in /home/yaxche/public_html/email.php on line 5 [21-Nov-2018 23:30:49 UTC] PHP Notice: Undefined index: message in /home/yaxche/public_html/email.php on line 6

                    – BuSol Consulting
                    Nov 23 '18 at 20:04













                    OK so these errors are not related to it. Are you using any framework ?

                    – Akhilesh
                    Nov 24 '18 at 2:25







                    OK so these errors are not related to it. Are you using any framework ?

                    – Akhilesh
                    Nov 24 '18 at 2:25















                    Just sass and bootsrap

                    – BuSol Consulting
                    Nov 24 '18 at 4:01





                    Just sass and bootsrap

                    – BuSol Consulting
                    Nov 24 '18 at 4:01


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53451361%2fcontact-form-give-403-forbidden-access-on-submit%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Berounka

                    Sphinx de Gizeh

                    Different font size/position of beamer's navigation symbols template's content depending on regular/plain...