php sends blank e-mail

Question

For some reason we recieve around 5/10 emails a day from the support page that are empty, no input fields filled in but also no input fields fetched at all. The emails only show the subject.

If we test the form it works fine and the e-mail shows the info we filled and even if we fill in nothing we still recieve an e-mail stating the input field names. In the recordings the website makes of the users on the support page, there doesn't seem te be a user filling in the form at the time we recieve a 'blank' email.

I would some help because i'm completely lost on how to fix this.

Javascript:

$( document ).ready(function() {
      var $form = $('form');
      $form.submit(function() {
        $.post($(this).attr('action'), $(this).serialize(), function(response) {


            $('.email-popup-container').css({
               "transform": "scale(.9)",
          });


            setTimeout(function(){

          $('.email-popup-container').animate({
             "margin-left": "+=1200px",
            "opacity": "0",
        }, 400, function(){

            setTimeout(function(){
                    $('#email-popup').removeClass('is-visible').ready(function(){

                        $('.email-popup-container').css({
                           "transform": "scale(1)",
                      });
                                $('#contact-form')[0].reset();
                                $('.email-popup-container').animate({
                                    "margin-left": "-=1200px",
                                }, 0
                            );
                    });
},150)
setTimeout(function(){
    $.notify(" Thank you! We have recieved your e-mail.", {
      delay: 4000,
      color: "#fff",
      background: "#1AC16D",
      type: "success",
      icon: "check",
      align: "right",
      animationType: "fade"
    });

},400)

          });




      },600)



        }, 'json');
        return false;
      });
    });

php:

// configure
$from = 'New Message - Support Page <istillwebsite@donotreply.com>';
$sendTo = 'New Message - Support Page <sales@istillmail.com>';
$subject = 'Message from iStill Support Page';
$fields = array('name' => 'Name', 'surname' => 'Surname', 'phone' => 'Phone', 'email' => 'Email', 'message' => 'Message'); // array variable name => Text to appear in email
$okMessage = 'Contact form successfully submitted. Thank you, I will get back to you soon!';
$errorMessage = 'There was an error while submitting the form. Please try again later';

// let's do the sending

try
{
    $emailText = "Someone sent a message from the support page\n=============================\n";

    foreach ($_POST as $key => $value) {

        if (isset($fields[$key])) {
            $emailText .= "$fields[$key]: $value\n";
        }
    }

    mail($sendTo, $subject, $emailText, "From: " . $from);

    $responseArray = array('type' => 'success', 'message' => $okMessage);





}
catch (\Exception $e)
{
    $responseArray = array('type' => 'danger', 'message' => $errorMessage);
}

if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    $encoded = json_encode($responseArray);

    header('Content-Type: application/json');

    echo $encoded;
}
else {
    echo $responseArray['message'];
}

?>

Answer 1

This is a super unsafe way to send mails. Someone can just call your .php script and send multiple mails. So it is probably a bot or something like this, that is calling your script.

To prevent this, you can use Google reCaptcha for example.