SitePoint Sponsor

User Tag List

Results 1 to 23 of 23
  1. #1
    SitePoint Member Chanzo's Avatar
    Join Date
    Jun 2004
    Location
    Preston
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Need help please.

    Hello, I need help with some PHP for my bands new website I'm creating. I got a free PHP emailer script from an internet source. I have no idea about PHP so I just got it, applied some common sense and got it to work fine.

    It's a contact form for our website whereby you enter your name, email, location, a message and select if you want to be added to a mail list or not. You submit it and get a message saying you were succesful, if you miss out any fields which are required (name, email, message) it says so and says which one you haven't filled in. I then get an email like:

    "Message"

    From, "Name"

    Location: "Location"

    Mailing List: "Yes" or "No"

    It works fine, here is the php (emailform.php) for said contact list:

    Code:
    <html>
    <head>
    <title>Burn Machina Online</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <link rel="stylesheet" href="bmonline.css">
    </head>
    <body bgcolor="#000000" background="graphics/contentback.jpg">
    <center>
      <table width="89%" border="0">
        <tr> 
          <td height="42" colspan="2" class="tiny"> </td>
        </tr>
        <tr> 
          <td width="69%" colspan="2" class="standard"> <p align="center">Thanks for 
              your message to <strong>Burn Machina</strong>, if you asked a question 
              or anything, you'll hear from us real soon.</p>
            </tr>
      </table>
    </center>
    </body>
    
    <!--
    
    Powered by: Email Form Version 1.1 (http://www.phpscriptcenter.com/emailform.php)
    
    -->
    <?php
    
    ///////////////////////////////////////////////
    //                                           //
    // Email Form v 1.1                          //
    // ----------------------------------------- //
    // by Graeme (webmaster@phpscriptcenter.com) //
    // http://www.phpscriptcenter.com            //
    //                                           //////////////////////////////
    // PHP Script CENTER offers no warranties on this script.                //
    // The owner/licensee of the script is solely responsible for any        //
    // problems caused by installation of the script or use of the script    //
    //                                                                       //
    // All copyright notices regarding Email Form, must remain               //
    // intact on the scripts and in the HTML for the scripts.                //
    //                                                                       //
    // (c) Copyright 2001 PHP Script CENTER                                  //
    //                                                                       //
    // For more info on Email Form,                                          //
    // see http://www.phpscriptcenter.com/emailform.php                      //
    //                                                                       //
    ///////////////////////////////////////////////////////////////////////////
    
    // your name
    $yourname = "Karl Chandler";
    
    // your email
    $youremail = "kchandler2000@hotmail.com";
    
    // Default Send Page
    $yourdefaultsend = "http://www.prestone.co.uk/burn/contactsent.html";
    
    ////////////////////////////////////////////////////////////////////////////
    //                      DO NOT EDIT BELOW THIS LINE                       //
    ////////////////////////////////////////////////////////////////////////////
    
    
    
    if($submitform) {
    
    $dcheck = explode(",",$require);
    while(list($check) = each($dcheck)) {
    if(!$$dcheck[$check]) {
    $error .= "Missing $dcheck[$check]<BR>";
    }
    }
    
    if($error) {
    ?>
    <P><CENTER><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0">
      <TR>
        <TD WIDTH="100%">
        <TABLE WIDTH="394" BORDER="0" CELLSPACING="1" CELLPADDING="2">
          <TR>
            <TD WIDTH="26%" BGCOLOR="#99CCFF">
            <P><B><FONT COLOR="#000000" SIZE="-1" FACE="Arial">Error</FONT></B></TD>
          </TR>
       <TR>
            <TD WIDTH="26%">
            <FONT COLOR="#ffffff" SIZE="-1" FACE="Arial"><?php echo $error; ?></FONT></TD> 
          </TR>
        </TABLE></TD>
      </TR>
    </TABLE></CENTER>
    </BODY></HTML>
    <?php
    exit();
    }
    
    if ($fromname) {
    $yeshow = "\nFrom, $fromname\n";
    }
    
    if ($location) {
    $locshow = "\nLocation: $location\n";
    }
    
    if ($mailinglist) {
    $mailshow = "\nMailing List: $mailinglist\n";
    }
    
    mail($toemail,"$subject","
    
    $message
    $yeshow
    $locshow
    $mailshow
    
    ","From: $fromname <$fromemail>")
    
    ;
    
    exit();
    
    } else {
    
    ?>
    </BODY></HTML>
    <?php
    exit();
    
    }
    
    ?>
    And here is the html for the form:

    Code:
        <div style="border:1px solid #999999; width:220px; margin-bottom:15px;background-color:#000000;" align="left"> 
              <P align="center"> 
              <FORM ACTION="emailform.php" METHOD="POST">
                <div align="center"> 
                  <p><span class="standard"><B><font color="#FFFFFF"> Name :</font></B> 
                    </span> 
                    <INPUT NAME="fromname" TYPE="text" SIZE="25">
                    <BR>
                    <span class="standard"><B>Email :</B> </span> 
                    <INPUT NAME="fromemail" TYPE="text" SIZE="25">
                    <BR>
                    <span class="standard"><B>Location :</B></span> 
                    <INPUT NAME="location" TYPE="text" SIZE="25">
                    <BR>
                    <span class="standard"><B><br>
                    Mailing List? :</B></span> 
                    <select name="mailinglist" size="1">
                      <option value="yes" SELECTED>Yes</option>
                      <option value="no">No</option>
                    </select>
                  </p>
                  <p> 
                    <INPUT TYPE="hidden" NAME="sendpage" VALUE="http://www.prestone.co.uk/burn/contactsent.html">
                    <INPUT TYPE="hidden" NAME="subject" VALUE="E-Mail message from Burnmachina.co.uk">
                    <INPUT TYPE="hidden" NAME="toemail" VALUE="kchandler2000@hotmail.com">
                    <INPUT TYPE="hidden" NAME="require" VALUE="fromname,fromemail,message">
                    <span class="standard"><B>Message :</B></span><BR>
                    <textarea name="message" rows="5" cols="22"></textarea>
                  </p>
                </div>
                <P align="center">
                  <INPUT NAME="submitform" TYPE="submit" VALUE="Submit">
                </P>
                </FORM>
              <div align="center"></div>
            </div>
    I have also applied the same principles to editing the free code for a new form for a mailing list subscription thing. Whereby you enter your name, email and select from a dropdown list whether you want to "Subscribe" or "Unsubscribe". When submitted you get the same output ("thanks for message" etc or error) and it is supposed to send me an email like:

    Name: "Name"
    Email: "email"
    Action: "Join" or "Leave"

    But it doesn't bloody work! There are no errors, it says it's thankyous and all looks well but I get no email. I can't figure out why, I don't know much about the code that is behind this, I'm just applying the basic common sense and changing the input names, and $tag things, but to no avail.

    Here is the mailing list PHP code (maillist.php):

    Code:
    <html>
    <head>
    <title>Burn Machina Online</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <link rel="stylesheet" href="bmonline.css">
    </head>
    <body bgcolor="#000000" background="graphics/contentback.jpg">
    <center>
      <table width="89%" border="0">
        <tr> 
          <td height="42" colspan="2" class="tiny"> </td>
        </tr>
        <tr> 
          <td width="69%" colspan="2" class="standard"> <p align="center">Thanks for 
              joining / leave the <strong>Burn Machina</strong> mailing list, the action
    shall be taken promptly. If you opted out, sorry to see you go, you can rejoin at any time.</p>
            </tr>
      </table>
    </center>
    </body>
    <!--
    
    Powered by: Email Form Version 1.1 (http://www.phpscriptcenter.com/emailform.php)
    
    -->
    <?php
    
    ///////////////////////////////////////////////
    //                                           //
    // Email Form v 1.1                          //
    // ----------------------------------------- //
    // by Graeme (webmaster@phpscriptcenter.com) //
    // http://www.phpscriptcenter.com            //
    //                                           //////////////////////////////
    // PHP Script CENTER offers no warranties on this script.                //
    // The owner/licensee of the script is solely responsible for any        //
    // problems caused by installation of the script or use of the script    //
    //                                                                       //
    // All copyright notices regarding Email Form, must remain               //
    // intact on the scripts and in the HTML for the scripts.                //
    //                                                                       //
    // (c) Copyright 2001 PHP Script CENTER                                  //
    //                                                                       //
    // For more info on Email Form,                                          //
    // see http://www.phpscriptcenter.com/emailform.php                      //
    //                                                                       //
    ///////////////////////////////////////////////////////////////////////////
    
    // your name
    $yourname = "Karl Chandler";
    
    // your email
    $youremail = "kchandler2000@hotmail.com";
    
    // Default Send Page
    $yourdefaultsend = "http://www.prestone.co.uk/burn/mailsent";
    
    ////////////////////////////////////////////////////////////////////////////
    //                      DO NOT EDIT BELOW THIS LINE                       //
    ////////////////////////////////////////////////////////////////////////////
    
    
    
    if($submitform) {
    
    $dcheck = explode(",",$require);
    while(list($check) = each($dcheck)) {
    if(!$$dcheck[$check]) {
    $error .= "Missing $dcheck[$check]<BR>";
    }
    }
    
    if($error) {
    ?>
    <P><CENTER><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0">
      <TR>
        <TD WIDTH="100%" BGCOLOR="#004080">
        <TABLE WIDTH="394" BORDER="0" CELLSPACING="1" CELLPADDING="2">
          <TR>
            <TD WIDTH="26%" BGCOLOR="#004080">
            <P><B><FONT COLOR="#ffffff" SIZE="-1" FACE="Verdana">Error</FONT></B></TD>
          </TR>
       <TR>
            <TD WIDTH="26%" BGCOLOR="#ffffff">
            <FONT COLOR="#000000" SIZE="-1" FACE="Verdana"><?php echo $error; ?></FONT></TD> 
          </TR>
        </TABLE></TD>
      </TR>
    </TABLE></CENTER>
    <P><CENTER> </CENTER></P>
    <P><CENTER><FONT SIZE="-2" FACE="Verdana"><B>Powered by:
    </B> <A HREF="http://www.phpscriptcenter.com/emailform.php">Email Form</A> Version 1.1</FONT></CENTER></P>
    </BODY></HTML>
    <?php
    exit();
    }
    
    if ($fromname) {
    $yeshow = "\nFrom: $fromname\n";
    }
    
    if ($fromemail) {
    $emailshow = "\nEmail: $fromemail\n";
    }
    
    if ($maillist) {
    $mailshow = "\nAction: $maillist\n";
    }
    
    mail($toemail,"$subject","
    
    $yeshow
    $emailshow
    $mailshow
    
    ","From: $fromname <$fromemail>");
    
    exit();
    
    } else {
    
    ?>
    </BODY></HTML>
    <?php
    exit();
    
    }
    
    ?>
    And the Html for the input form:

    Code:
    <div align="center">
    <div style="padding:0px; border:1px solid #999999; width:245px; margin: 0px;background-color:#000000;">
                  <form action="maillistform.php" method="post" style="margin:0px;">
                    <div style="margin:10px; font: 11px arial; color: white; text-align:right;">
                      <div style="margin-bottom:5px;"></div>
    Name: <input type="text" name="fromname" size="25" maxlength="60" /><br>
    Email: <input type="text" name="fromemail" size="25" maxlength="100" /><br>
    Mailing List? :</B></span>
    <select name="maillist" size="1">
    <option value="join" SELECTED>Subscribe</option>
    <option value="leave">Unsubscribe</option>
    </select>
    <INPUT TYPE="hidden" NAME="sendpage" VALUE="http://www.prestone.co.uk/burn/mailthanks.html">
    <INPUT TYPE="hidden" NAME="subject" VALUE="Mailing List Action for Burnmachina.co.uk">
    <INPUT TYPE="hidden" NAME="toemail" VALUE="kchandler2000@hotmail.com">
    <INPUT TYPE="hidden" NAME="require" VALUE="fromname,emailaddress,action">
    <input type="submit" name="submit" value="GO" /><br>
    </div>
    </form>
    </div></div>
    If anyone can help me that'd be super excellent great

    If it's something obvious, please don't pity me, I know no PHP!


    Thanks,
    Karl.

  2. #2
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Chanzo
    Code:
    // Default Send Page
    $yourdefaultsend = "http://www.prestone.co.uk/burn/mailsent";
    Should'nt your file have an extension, eg mailsent.html ?
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  3. #3
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Switzerland
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by frezno
    Should'nt your file have an extension, eg mailsent.html ?
    somehow it seems like it doesn't matter. all three vars in:
    // your name
    $yourname = "Karl Chandler";

    // your email
    $youremail = "kchandler2000@hotmail.com";

    // Default Send Page
    $yourdefaultsend = "http://www.prestone.co.uk/burn/contactsent.html";
    are not used at all, so far as I see...

    Also, it can't be that, since that's the part that actually works


    @Chanzo:
    It's probably not the problem, but I would exchange $toemail with $youremail here:
    Code:
    mail($toemail,"$subject","
    
    $yeshow
    $emailshow
    $mailshow
    
    ","From: $fromname <$fromemail>");
    and delete
    Code:
    <INPUT TYPE="hidden" NAME="toemail" VALUE="kchandler2000@hotmail.com">
    from your HTML, as leaving it will make your E-Mail adress available to Spambots.
    Best Regards
    Colin Frei

  4. #4
    SitePoint Evangelist IJoeR's Avatar
    Join Date
    Feb 2003
    Location
    Somewhere in, MD
    Posts
    400
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    does the toemail autofill the "TO" field in an email message? I don't think that is the problem, in fact i think it might cause more problems if you take it out.

    I might be wrong, so his suggestion is a worth a try.

  5. #5
    SitePoint Member Chanzo's Avatar
    Join Date
    Jun 2004
    Location
    Preston
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey guys, thatnks for the quick reply but I tried all the suggestions in here and they didn't work!

    Any more ideas?


  6. #6
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Chanzo, how are you?

    I went over the script you have there but don't have time to look for the problem.

    What I can do is give you this little script that allows you to submit any form to it so that it is sent to a certain email.

    PHP Code:
    <?php
    $to_email
    =$HTTP_POST_VARS['to_email'];
    $subject=$HTTP_POST_VARS['subject'];
    $from_name=$HTTP_POST_VARS['Name'];
    $from_email=$HTTP_POST_VARS['Email'];
    $error_page=$HTTP_POST_VARS['error_page'];
    $thank_you_page=$HTTP_POST_VARS['thank_you_page'];
    /*----------*/
    $m='';
    foreach(
    $HTTP_POST_VARS as $a=>$b){$m.=$a.": ".$b."\n";}
    (
    mail($to_email,$subject,$m,"From: ".$from_name."<".$from_email.">\r\n"))?header("Location: ".$thank_you_page):header("Location: ".$error_page);
    ?>
    Explanation:

    The first six lines are where I catch the "internal" variables sent by the form. Internal meaning that the script uses all the time (the minimum required).
    PHP Code:
    $to_email=$HTTP_POST_VARS['to_email'];
    $subject=$HTTP_POST_VARS['subject'];
    $from_name=$HTTP_POST_VARS['Name'];
    $from_email=$HTTP_POST_VARS['Email'];
    $error_page=$HTTP_POST_VARS['error_page'];
    $thank_you_page=$HTTP_POST_VARS['thank_you_page']; 
    You can edit these to prevent others from using your script for they sites by "hard coding" the $to_email variable. Actually you could also hard code the $subject, $from_name, $error_page and $thank_you_page but then the script would not be as flexible. Hard coding these variables would look like this:
    PHP Code:
    $to_email='you@example.com';
    $subject='your subject';
    $from_name='from person';
    $from_email=$HTTP_POST_VARS['Email'];
    $error_page='http://www.yahoo.com';
    $thank_you_page='http://www.google.com'
    The rest is where the magic happens and I grab everything the script sends and send it to an email. Note: it doesn't make much sense to hard code the persons email so I don't here:
    PHP Code:
    /*----------*/
    $m='';
    foreach(
    $HTTP_POST_VARS as $a=>$b){$m.=$a.": ".$b."\n";}
    (
    mail($to_email,$subject,$m,"From: ".$from_name."<".$from_email.">\r\n"))?header("Location: ".$thank_you_page):header("Location: ".$error_page); 
    You don't need to worry about that part.

    I use this script for my own stuff but I have it filter out some of the stuff that I get on the emails. I could send you that copy if you want but I am giving you this one for simplicity.

    The Form:
    HTML Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Form to be emailed</title>
    <style>
    from{position:relative;}
    form div{text-align:right;clear:both;width:300px;}
    form div label{float:left;}
    form div input,form div textarea{width:150px;float:right;}
    </style>
    </head>
    <body>
    <form method="post" action="emailer.php">
    <div class="form_row"><label>Sender's name</label><input type="text" name="Name" /></div>
    <div class="form_row"><label>Sender's e-mail</label><input type="text" name="Email" /></div>
    <div class="form_row">
    <label>Subcribe me</label>
    <select name="subcribe">
    <option value="Yes">Yes</option>
    <option value="No">No</option>
    </select>
    </div>
    <div class="form_row"><label>Message</label><textarea name="Message"></textarea></div>
    <div class="form_row"><label>Some other stuff</label><textarea name="some other stuff"></textarea></div>
    <div class="form_row">
    <input type="submit" name="Submit" value="Submit" style="width:auto;"/>
    <input type="hidden" name="to_name" value="test recipient"/>
    <input type="hidden" name="to_email" value="you@example.com"/>
    <input type="hidden" name="subject" value="tester subject"/>
    <input type="hidden" name="error_page" value="http://www.yahoo.com/"/>
    <input type="hidden" name="thank_you_page" value="http://www.google.com/"/>
    </div>
    </form>
    </body>
    </html>
    You don't have to use this one but I include it here for illustration purposes.

    Explanation:
    Most of it you don't absolutely need but I put it for formating purposess.
    What you need to be concerned with is having this (minimum requirements):
    HTML Code:
    <form method="post" action="emailer.php">
    <input type="text" name="Name" />
    <input type="text" name="Email" />
    <select name="subcribe">
    <option value="Yes">Yes</option>
    <option value="No">No</option>
    </select>
    <input type="submit" name="Submit" value="Submit" style="width:auto;"/>
    <input type="hidden" name="to_name" value="test recipient"/>
    <input type="hidden" name="to_email" value="you@example.com"/>
    <input type="hidden" name="subject" value="tester subject"/>
    <input type="hidden" name="error_page" value="http://www.yahoo.com/"/>
    <input type="hidden" name="thank_you_page" value="http://www.google.com/"/>
    </form>
    If you where to hard code the variables like we did above the you would only need this:
    HTML Code:
    <form method="post" action="emailer.php">
    <input type="text" name="Email" />
    <select name="subcribe">
    <option value="Yes">Yes</option>
    <option value="No">No</option>
    </select>
    <input type="submit" name="Submit" value="Submit" style="width:auto;"/>
    </form>
    Did I loose you? I got lost myself... believe me its simpler I just got carried away trying to help you understand how it works... :S

    If you want, you can just download a copy of both files (attached to this post).

    Feel free to ask me if you need help...!!
    Attached Files Attached Files
    Luis

  7. #7
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can't see the attachment!!!
    Is it supposed to take longer to appear?
    Luis

  8. #8
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Note that what I don't do in mine is check for required fields.
    Luis

  9. #9
    SitePoint Member Chanzo's Avatar
    Join Date
    Jun 2004
    Location
    Preston
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey man, that looks sweet! I'll giev it a shot tomorrow morning when I am less drunk

    I'll let you know how I get on

  10. #10
    SitePoint Member Chanzo's Avatar
    Join Date
    Jun 2004
    Location
    Preston
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In fact, scratch that, I did it just now and it works absolutley spot on! Thank you very kindly Lgomez.

    Is there a way in the mailling list one I'm doing to send user to two different pages for the two different values for "Mailling list" i.e subscription, unsubscription. I.e. if they subscribe send to a page saying "thanks blah blah" and if the unsubscribe to send to a page saying "sorry to see you go blah blah"?

    Thanks a bunch man, 'preciate it!

  11. #11
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's mine adapted to do that. I also added a feature that allows you to decide exactly what's included in the email.

    emailer.php
    PHP Code:
    <?php
     $to_email
    =$HTTP_POST_VARS['to_email'];//Where data is being sent to.
     
    $subject=$HTTP_POST_VARS['subject'];//Email's subject.
     
    $from_name=$HTTP_POST_VARS['Name'];//Sender's name.
     
    $from_email=$HTTP_POST_VARS['Email'];//Sender's email.
     
    $subcribe=$HTTP_POST_VARS['subcribe'];//Subcription request (yes or no).
     
    $error_page=$HTTP_POST_VARS['error_page'];//Error page.
     
    $welcome_page=$HTTP_POST_VARS['welcome_page'];//Welcome page.
     
    $bye_page=$HTTP_POST_VARS['bye_page'];//Farewell page if they unsubscribe.
     
    $exclusions=array('to_email','subject','error_page','welcome_page','bye_page','Submit');// Add variables to this list to exclude them from apearing in the email.
     
     /*----------*/
     
    $m='';
     foreach(
    $HTTP_POST_VARS as $a=>$b){(!in_array($a,$exclusions))?$m.=$a.": ".$b."\n":false;}
     (
    $subcribe=='yes')?$redirect_to=$welcome_page:$redirect_to=$bye_page;
     (
    mail($to_email,$subject,$m,"From: ".$from_name."<".$from_email.">\r\n"))?header("Location: ".$redirect_to):header("Location: ".$error_page);
     
    ?>
    emailer_form.php
    HTML Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
     <html xmlns="http://www.w3.org/1999/xhtml">
     <head>
     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
     <title>Form to be emailed</title>
     <style>
     from{position:relative;}
     form div{text-align:right;clear:both;width:300px;}
     form div label{float:left;}
     form div input,form div textarea{width:150px;float:right;}
     </style>
     </head>
     
     <body>
     <form method="post" action="emailer.php">
     	<div class="form_row"><label>Sender's name</label><input type="text" name="Name" /></div>
     	<div class="form_row"><label>Sender's e-mail</label><input type="text" name="Email" /></div>
     	<div class="form_row">
     		<label>Subcribe me</label>
     		<select name="subcribe">
     			<option value="yes">Yes</option>
     			<option value="no">No</option>
     		</select>
     	</div>
     	<div class="form_row"><label>Message</label><textarea name="Message"></textarea></div>
     	<div class="form_row"><label>Some other stuff</label><textarea name="some other stuff"></textarea></div>
     	<div class="form_row">
     		<input type="submit" name="Submit" value="Submit" style="width:auto;"/>
     		<input type="hidden" name="to_email" value="you@example.com"/>
     		<input type="hidden" name="subject" value="tester subject"/>
     		<input type="hidden" name="error_page" value="http://www.yahoo.com/"/>
     		<input type="hidden" name="welcome_page" value="http://www.google.com/"/>
     		<input type="hidden" name="bye_page" value="http://www.example.com/"/>
     	</div>
     </form>
     </body>
     </html>
    Enjoy!
    Luis

  12. #12
    SitePoint Wizard
    Join Date
    May 2003
    Location
    Berlin, Germany
    Posts
    1,829
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should get a decent php emailer class instead for this problem. get used to not re-inventing wheels. Look out for code that was written already.

    Here is one you could use:

    PHP Code:
    <?php 

    /* A really good mail class -- written by Jesse Lang <jesselang.com> 
    * Features: 
    * Fully MIME-compliant (I hope!) 
    * Multiple message formats 
    * Multiple attachments 
    * all the bells and whistles you want! (I hope!) 
    * SMTP socket or local sendmail transport (maybe someday) 

    * If you make modifications that may be useful to others, please send 
    * them to <j |at| jgdataworks.com>.  I am especially looking for changes 
    * that fix any possible compatability problems with MTAs or MUAs, and any 
    * other features or options that are considered part of the e-mail standards. 

    * The (open source) community needs your help.  'Tis more blessed to give than 
    * to receive!  Get involved!  Go to [url]http://www.sf.net/projects/twobit/[/url] or 
    * [url]http://sf.net[/url] to find projects that you can help with.  We all can benefit. 
    */ 

    /*  This program is free software; you can redistribute it and/or modify 
    *  it under the terms of the GNU General Public License as published by 
    *  the Free Software Foundation; either version 2 of the License, or 
    *  (at your option) any later version. 

    *  This program is distributed in the hope that it will be useful, 
    *  but WITHOUT ANY WARRANTY; without even the implied warranty of 
    *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
    *  GNU General Public License for more details. 

    *  You should have received a copy of the GNU General Public License 
    *  along with this program; if not, write to the Free Software 
    *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA 
    */ 


    define('DEBUG'FALSE); 

    define('MM_VERSION''0.2'); 

    define('MM_FILE'1); 
    define('MM_STREAM'2); 


    /****************************************************************************** 
    * Compatibility Code 
    ****************************************************************************** 
    */ 
    if (!function_exists ("mime_content_type")) { 
        function 
    mime_content_type ($file) { 
            return 
    exec ("file -bi " escapeshellcmd($file)); 
        } 


    if(!
    function_exists("stripos")) { 
        function 
    stripos($haystack$needle$offset=0) { 
            return 
    strpos(strtoupper($haystack), strtoupper($needle), $offset); 
        } 


    if (!
    function_exists('file_get_contents')) { 
        function 
    file_get_contents($filename$use_include_path 0) { 
            
    $file = @fopen($filename'rb'$use_include_path); 
            if (
    $file) { 
                if (
    $fsize = @filesize($filename)) { 
                    
    $data fread($file$fsize); 
                } else { 
                    while (!
    feof($file)) { 
                        
    $data .= fread($file1024); 
                    } 
                } 
                
    fclose($file); 
                return 
    $data
            } else { 
                return 
    FALSE
            } 
             
        } 


    /****************************************************************************** 
    * End - Compatibility Code 
    ****************************************************************************** 
    */ 

    class MIMEMail extends MIMEMailCommon 

        
    /* define unique parts of mail */ 
        
    var $Messages
        var 
    $Attachments
         

        function 
    MIMEMail($to FALSE$from FALSE$subject FALSE$message FALSE$attachments FALSE) { 
            
    $this->setHeader('X-Mailer''PHP/MIMEMail '.MIMEMAIL_VERSION); 
            
    $this->Priority('Normal'); 
            
    //if($to) { $this->To( 
            
    return $this
        } 
         
        function 
    From($email$name FALSE) { 
            
    $from = new MIMEMailAddress($email,$name); 
            
    /* set the 'Reply-To' header by default */ 
            
    return $this->setHeader('From'$from) && $this->setHeader('X-Sender'$from) && $this->setHeader('Reply-To'$from); 
        } 
         
        function 
    ReplyTo($email$name FALSE) { 
            
    $replyto = new MIMEMailAddress($email,$name); 
            return 
    $this->setHeader('Reply-To'$replyto) && $this->setHeader('Return-Path'$replyto); 
        } 
         
        function 
    To($email$name FALSE) { 
            if(
    is_array($email)) { 
                
    $addresses $this->parseEmailAddresses($email); 
                foreach(
    $addresses as $e => $n) { 
                    
    $rv &= $this->To($e$n); 
                } 
                return 
    $rv
            } else { 
                return 
    $this->appendHeader('To', new MIMEMailAddress($email,$name)); 
            } 
        } 
         
        function 
    Cc($email$name FALSE) { 
            if(
    is_array($email)) { 
                
    $addresses $this->parseEmailAddresses($email); 
                foreach(
    $addresses as $e => $n) { 
                    
    $rv &= $this->Cc($e$n); 
                } 
                return 
    $rv
            } else { 
                return 
    $this->appendHeader('Cc', new MIMEMailAddress($email,$name)); 
            } 
        } 
         
        function 
    Bcc($email$name FALSE) { 
            if(
    is_array($email)) { 
                
    $addresses $this->parseEmailAddresses($email); 
                foreach(
    $addresses as $e => $n) { 
                    
    $rv &= $this->Bcc($e$n); 
                } 
                return 
    $rv
            } else { 
                return 
    $this->appendHeader('Bcc', new MIMEMailAddress($email,$name)); 
            } 
        } 
         
        function 
    Subject($str) { 
            return 
    $this->setHeader('Subject'$str); 
        } 
         
        function 
    Organization($str) { 
            return 
    $this->setHeader('Organization'$str); 
        } 
         
        function 
    Priority($priority) { 
            if(
    is_numeric($priority)) { 
                switch(
    $priority) { 
                    case 
    1
                    case 
    2
                        
    $MSPriority 'High'
                        break; 
                    case 
    3
                        
    $MSPriority 'Normal'
                        break; 
                    case 
    4
                    case 
    5
                        
    $MSPriority 'Low'
                        break; 
                } 
            } else { 
                
    $MSPriority $priority
                switch(
    $MSPriority) { 
                    case 
    'High'
                        
    $priority 1
                        break; 
                    case 
    'Normal'
                        
    $priority 3
                        break; 
                    case 
    'Low'
                        
    $priority 5
                        break; 
                } 
            } 
            return 
    $this->setHeader('X-Priority'$priority) && $this->setHeader('X-MSMail-Priority'$MSPriority); 
        } 
         
         
         
        function 
    Message($fnameordata$mode) { /* MM_FILE */ 
            
    $message = new MIMEMailMessage($fnameordata$mode); 
            if(!empty(
    $message->data)) { 
                
    $this->Messages[] = $message
                return 
    TRUE
            } else { 
                return 
    FALSE
            } 
        } 

        function 
    MessageFile($filename) { 
            return 
    $this->Message($filenameMM_FILE); 
        } 
         
        function 
    MessageStream($stream) { 
            return 
    $this->Message($streamMM_STREAM); 
        } 

        function 
    Attach($fnameordata$mode$filename FALSE$inline FALSE) { /* MM_FILE */ 
            
    $attachment = new MIMEMailAttachment($fnameordata$mode$filename$inline); 
            if(!empty(
    $attachment->data)) { 
                
    $this->Attachments[] = $attachment
                return 
    TRUE
            } else { 
                return 
    FALSE
            } 
        } 
         
        function 
    AttachFile($file$filename FALSE$inline FALSE) { 
            return 
    $this->Attach($fileMM_FILE$filename$inline); 
        } 
         
        function 
    AttachStream($stream$filename$inline FALSE) { 
            return 
    $this->Attach($streamMM_STREAM$filename$inline); 
        } 
             
        function 
    parseEmailAddresses($data) { 
            if(
    is_array($data)) { 
                foreach(
    $data as $d) { 
                    
    $addys[] = $this->parseEmailAddresses($d); 
                } 
                foreach(
    $addys as $addy) { 
                    
    $addresses array_merge($addresses$addy); 
                } 
                return 
    $addresses
            } else { 
                if(
    $addys preg_match_all("/(\"(.*?)\"\s+)?<?([\w\._-]+\@([\w_-]+\.)+[\w_-]+)>?/"$data$matches)) { 
                    for(
    $i=0;$i<$addys;$i++) { 
                        
    $addresses[$matches[3][$i]] = (!empty($matches[2][$i])?$matches[2][$i]:FALSE); 
                    } 
                    return 
    $addresses
                } else { 
                    return 
    FALSE
                } 
            } 
        } 
             
         
        function 
    Send($SMTP FALSE) { 
            
    $isMime sizeof($this->Messages) > || sizeof($this->Attachments); 
            
    $multiMessage sizeof($this->Messages) > 1
            if(
    $isMime) { 
                
    $Mail['Headers'] .= "MIME-Version: 1.0".$this->LB
            } 

            
    $Mail['Headers'] .= $this->printHeader('From'); 

            for(
    $i=0;$i<sizeof($this->Headers['To']);$i++) { 
                
    $Mail['To'][] = $this->getHeader('To',$i); 
            } 
            
    $Mail['To'] = implode(',',$Mail['To']); 
             
            
    $Mail['Headers'] .= $this->printHeader('Cc'); 
            
    $Mail['Headers'] .= $this->printHeader('Bcc'); 
            
    $Mail['Headers'] .= $this->printHeader('Reply-To'); 
            
    $Mail['Headers'] .= $this->printHeader('Return-Path'); 
             
            
    $Mail['Subject'] .= $this->getHeader('Subject'); 
             
            foreach(
    $this->Headers as $name => $value) { 
                if(
    is_scalar($value) && substr($name,0,2) == 'X-') { 
                    
    $Mail['Headers'] .= $this->printHeader($name); 
                } 
            } 

            if(
    $isMime) { 
                
    $MailBoundary "<<<:" md5(uniqid(mt_rand(), 1)); 
                
    $Mail['Headers'] .= "Content-Type: multipart/mixed;".$this->LB."\tboundary=\"".$MailBoundary."\"".$this->LB
                
    $Mail['Body'] .= 'This is a multi-part message in MIME format.'.$this->LB
                
    $Mail['Body'] .= $this->LB.'--'.$MailBoundary.$this->LB
                if(
    $multiMessage) { 
                    
    $MessageBoundary "<<<:" md5(uniqid(mt_rand(), 1)); 
                    
    $Mail['Body'] .= "Content-Type: multipart/alternative;".$this->LB."\tboundary=\"".$MessageBoundary."\"".$this->LB
                } 
            } 
            if(
    sizeof($this->Messages)) { 
                foreach(
    $this->Messages as $message) { 
                    if(
    $multiMessage) { $Mail['Body'] .= $this->LB.'--'.$MessageBoundary.$this->LB; } 
                    
    /* content type, encoding */ 
                     
                    
    $Mail[($isMime?'Body':'Headers')] .= $message->printHeader('Content-Type',';','charset="'.$message->getCharset().'"'). 
                        
    $message->printHeader('Content-Transfer-Encoding'); 
                    if(
    $isMime) { $Mail['Body'] .= $this->LB; } 
                    
    /* content */ 
                    
    $Mail['Body'] .= $message->getData().$this->LB
                } 
                if(
    $multiMessage) { 
                    
    $Mail['Body'] .= $this->LB.'--'.$MessageBoundary.'--'.$this->LB
                } 
            } 
            if(
    $isMime) { 
                if(
    sizeof($this->Attachments)) { 
                    foreach(
    $this->Attachments as $attachment) { 
                        
    $Mail['Body'] .= $this->LB.'--'.$MailBoundary.$this->LB
                        
    $Mail['Body'] .= $attachment->printHeader('Content-Type',';','name="'.$attachment->getFilename().'"'). 
                            
    $attachment->printHeader('Content-Transfer-Encoding'). 
                            
    $attachment->printHeader('Content-Disposition',';','filename="'.$attachment->getFilename().'"').$this->LB
                        
    $Mail['Body'] .= $attachment->getData().$this->LB
                    } 
                } 
                
    $Mail['Body'] .= $this->LB.'--'.$MailBoundary.'--'.$this->LB
            } 
             
            if(
    DEBUG) { 
                print 
    $Mail['Headers'].$Mail['Subject'].$Mail['Body']; 
                return 
    TRUE
    //        } else if($SMTP) { 
    //            return $this->SMTP($Mail['To'], $Mail['Subject'], $Mail['Body'], trim($Mail['Headers'])); 
            
    } else { 
                return 
    mail($Mail['To'], $Mail['Subject'], $Mail['Body'], trim($Mail['Headers'])); 
            } 
        } 
         
    /*    function SMTP($to, $subject, $body, $headers = '') { 
             
            if(preg_match("/^From:\s+(.*?)$this->LB/m", $headers, $matches)) { 
                $from = $matches[1]; 
            } 
            //ini_set(sendmail_from, $from); 
            $socket = fsockopen (ini_get("SMTP"), ini_get("smtp_port"), $errno, $errstr, 30) or die("Could not talk to the sendmail server!"); 
            $rcv = fgets($socket, 1024); 
             
            print $rcv; 
            fclose($socket);         
            //ini_restore(sendmail_from); 
            return TRUE; 
        } 
    */ 



    class 
    MIMEMailContent extends MIMEMailCommon 

        var 
    $data
        var 
    $charset
        var 
    $filename
             
        
    /* encodings: 7bit, quoted-printable, base64 (for html) */ 
        
    function MIMEMailContent($fnameordata$mode) { 
            if(
    $mode == MM_FILE) { 
                if(
    $data file_get_contents($fnameordata)) { 
                    
    $this->setFilename(basename($fnameordata)); 
                    
    $fnameordata $data
                    unset(
    $data); 
                } else { 
                    return 
    FALSE
                } 
            } 
            
    /* we should have data by now */ 
            
    $this->setContentType($this->getContentType($fnameordata)); 
            
    $this->data $fnameordata
             
            
    $this->setCharsetFromContentType(); 
            switch(
    $this->getHeader('Content-Type')) { 
                case 
    'text/plain'
                    
    $encoding '7bit'
                    break; 
                case 
    'text/html'
                default: 
                    
    $encoding 'base64'
                    break; 
            } 
            
    $this->setContentTransferEncoding($encoding); 
            return 
    $this
        } 
         
        function 
    setContentType($type) { 
            return 
    $this->setHeader('Content-Type',$type); 
        } 

        function 
    setContentTransferEncoding($encoding) { 
            return 
    $this->setHeader('Content-Transfer-Encoding'$encoding); 
        } 
         
        function 
    getContentType($content FALSE) { 
            
    $tmpfile $this->toTempfile($content); 
            if(
    file_exists($tmpfile)) { 
                
    $ct mime_content_type($tmpfile); 
                
    unlink($tmpfile); 
                return 
    $ct
            } else { 
                return 
    FALSE
            } 
        } 
         
        function 
    getData() { 
            switch(
    $this->getHeader('Content-Transfer-Encoding')) { 
                case 
    '7bit'
                case 
    'quoted-printable'
                    return 
    $this->data
                    break; 
                case 
    'base64'
                    return 
    chunk_split(base64_encode($this->data)); 
                case 
    FALSE
                    return 
    $this->data
                    break; 
                default: 
                    return 
    $this->data
                    break; 
            }; 
        } 

        function 
    toTempfile($content FALSE) { 
            
    $filename tempnam(getenv('TEMP'), 'MMTMP'); 
            
    $fp fopen($filename'wb'); 
            if(
    $content !== FALSE) { 
                
    fwrite($fp$content); 
            } else { 
                
    fwrite($fp$this->data); 
            } 
            
    fclose($fp); 
            return 
    $filename
        } 

        function 
    setCharset($charset) { 
            
    $this->charset $charset
            return 
    TRUE
        } 
         
        function 
    getCharset() { 
            return 
    $this->charset
        } 

        function 
    setCharsetFromContentType() { 
            
    $ct $this->getHeader('Content-Type'); 
            if((
    $csI stripos($ct'charset=')) === FALSE) { 
                return 
    FALSE
            } 
            
    $cs substr($ct$csI); 
            
    $ct substr($ct0$csI); 
            
    $ct str_replace(';','',$ct); 
            
    $this->setContentType(trim($ct)); 
            
    $cs explode('='str_replace('"','',$cs)); 
            return 
    $this->setCharset($cs[1]); 
        } 
         
        function 
    setFilename($fname) { 
            
    $this->filename $fname
            return 
    TRUE
        } 
         
        function 
    getFilename() { 
            return 
    $this->filename
        } 
         


    class 
    MIMEMailMessage extends MIMEMailContent 

         
         
        function 
    MIMEMailMessage($fnameordata$mode) { 
            
    $this->charset 'iso-8859-1'
            if(
    $this->MIMEMailContent($fnameordata$mode) === FALSE) { return FALSE; } 
            return 
    $this
        } 
             


    class 
    MIMEMailAttachment extends MIMEMailContent 


         
        function 
    MIMEMailAttachment($fnameordata$mode$filename FALSE$inline FALSE) { 
            if(
    $this->MIMEMailContent($fnameordata$mode) === FALSE) { return FALSE; } 
            if(
    $filename !== FALSE) { $this->setFilename($filename); } 
            
    $this->setContentDisposition($inline); 
            return 
    $this
        }     
         
        function 
    setContentDisposition($inline) { 
            return 
    $this->setHeader('Content-Disposition',($inline?'inline':'attachment')); 
        } 
         

         


    class 
    MIMEMailCommon 


        
    /* define common members and functions */ 
        
    var $Headers
         
        var 
    $LB "\n"
         
        function 
    MIMEMailCommonObject() { 
            return 
    $this
        } 

        function 
    printHeader($name$delim ','$params FALSE) { 
            if(!isset(
    $this->Headers[$name])) { 
                return 
    ''
            } 
            
    $str ''
            if(
    is_array($this->Headers[$name])) { 
                foreach(
    $this->Headers[$name] as $element) { 
                    
    $str .= $delim
                    if(
    is_object($element)) { 
                        
    $str .= $element->toString(); 
                    } else if(
    is_scalar($element)) { 
                        
    $str .= $element
                    } 
                } 
                
    $str substr($str,1); // to remove extra delimiter 
            
    } else if(is_object($this->Headers[$name])) { 
                
    $str .= $this->Headers[$name]->toString(); 
            } else if(
    is_scalar($this->Headers[$name])) { 
                
    $str .= $this->Headers[$name]; 
            } 
            
    $str $name.': '.$str
            if(
    $params !== FALSE) { 
                
    $str .= $delim.' '.$params
            } 
            
    $str .= $this->LB
             
            return 
    $str
        } 
         
        function 
    getHeader($name$index 0) { 
            if(isset(
    $this->Headers[$name])) { 
                if(
    is_array($this->Headers[$name])) { 
                    if(
    is_object($this->Headers[$name][$index])) { 
                        return 
    $this->Headers[$name][$index]->toString(); 
                    } else { 
                        return 
    $this->Headers[$name][$index]; 
                    } 
                } else if(
    is_object($this->Headers[$name])) { 
                    return 
    $this->Headers[$name]->toString(); 
                } else { 
                    return 
    $this->Headers[$name]; 
                } 
            } else { 
                return 
    FALSE
            } 
        } 
         
        function 
    setHeader($name$value) { 
            
    $this->Headers[$name] = $value
            return 
    TRUE
        } 
         
        function 
    appendHeader($name$value) { 
            if(isset(
    $this->Headers[$name])) { 
                if(
    is_array($this->Headers[$name])) { 
                    
    $this->Headers[$name][] = $value
                } else { 
                    
    $this->Headers[$name] = array($this->Headers[$name], $value); 
                } 
                return 
    TRUE
            } else { 
                return 
    $this->setHeader($name$value); 
            } 
        } 
         
        function 
    removeHeader($name) { 
            unset(
    $this->Headers[$name]); 
        } 



    class 
    MIMEMailAddress 

        var 
    $email
        var 
    $name FALSE
         
        function 
    MIMEMailAddress($email$name FALSE) { 
            
    // should do proper regex checks on email 
            
    $this->email $email
            if(
    $name !== FALSE) { $this->name $name; }     
            return 
    $this
        } 
         
        function 
    toString($useName TRUE) { 
            
    $str ''
            if(
    $useName && $this->name !== FALSE) { $str .= '"'.$this->name.'" <'; } 
            
    $str .= $this->email
            if(
    $useName && $this->name !== FALSE) { $str .= '>'; } 
            return 
    $str
        } 


    /* Usage example: 
    $mailobj = new MIMEMail(); 
    $mailobj->From('sentfrom@myhost.com', 'I am the sender'); 
    $mailobj->To('receive@yourhost.com'); 
    $mailobj->ReplyTo('replyto@myhost.com'); 
    $mailobj->Subject('This is a neat PHP mail class!'); 
    $mailobj->setHeader('X-Mailer', 'PHP/MIMEMail'); 

    $mailobj->MessageStream('<html><head><title>title</title></head><body>This is an html page.</body></html>'); 
    $mailobj->MessageFile('test.txt'); 
    $mailobj->AttachFile('test.txt'); 
    $mailobj->AttachFile('../imgs/img.jpg'); 

    $mailobj->Send(); 
    */ 

    ?>
    license: GPL

  13. #13
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ...or you could try that... jejeje!
    Luis

  14. #14
    SitePoint Wizard
    Join Date
    May 2003
    Location
    Berlin, Germany
    Posts
    1,829
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In fact it is a very good one with one of the best designs you could have for this problem/task.

  15. #15
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It looks very complete. I'll try it some time soon.

    Thanks,
    Luis

  16. #16
    SitePoint Member
    Join Date
    May 2004
    Location
    Denmark
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I like the idea with the mailer class. I just have a security question...

    how do you prevent a spammer from exploiting the mailer scripts?

  17. #17
    SitePoint Wizard
    Join Date
    May 2003
    Location
    Berlin, Germany
    Posts
    1,829
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well how could one exploit the mailer scripts?

  18. #18
    SitePoint Member
    Join Date
    May 2004
    Location
    Denmark
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know it might sound a bit far fetched.

    If you create a script setting the correct variables and submit them with post to the mailer script.

    If the to: email address is one of the variables supplied by the input form you may send email to anyone.

    I have seen attempts to exploit the old formmail.pl script this way on the webservers I administrate.

  19. #19
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can edit these to prevent others from using your script for they sites
    It is up to you to make sure you secure your scripts.

    The emailer class provided above by DarkAngelBGE is clearly much better than my option but it's also a lot more advanced and probably hard to understand for a less experienced user (ie. Chanzo).

    Both scripts could be exploited if no attention is given to preventing it.
    Luis

  20. #20
    SitePoint Member
    Join Date
    May 2004
    Location
    Denmark
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you have some recommendations on how to secure the scripts?
    I'm trying to secure my scripts and the best solution I can come up with is to examine the $_SERVER['http_referer']. But this is not waterprof. Not all browsers sends this variable.

    Should I start a new thread on the subject, or do you have any ideas you wan't to share here?

  21. #21
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm sure there are many ways of doing that but off the top of my head I can sugest
    • Checking that no more that x number of submitions are sent from the same referer in a specified period of time.
    • Use sessions to identify users and prevent exploits.
    • Don't allow more than x submitions per x ammount of time (regardless of refferer).
    It depends on your requirements and what trade offs you are willing to make. I'll give it a little more thought when I have more time and will let you know if I come up with any ideas.
    Luis

  22. #22
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Miami, Florida - Caracas, Venezuela
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    By the way, I don't think many people will find it useful or entertaining to exploit a script that sends emails only to you (I hope).

    You shouldn't leave the recipient's address open to submitions.
    Luis

  23. #23
    SitePoint Member
    Join Date
    May 2004
    Location
    Denmark
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I'll try a combination of sessions, referer and making sure that it isn't possible to specify a to email address when it isn't wanted.

    I'll try to describe the challenge I face. I'm the admin of a system with 50-100 websites. They need a script equivalent to formmail.pl. Since most of the webdesigners have no knowledge of PHP i need a script that handles mailing of input from forms in a simple way. It would be nice to find a safe way to include the to address in the form. I think two conditions must be met to allow this:
    1. The refering website must be on my server
    2. the address should be presented in a manner that doesn't make it exploitable to spammers (eg. address_at_hostname_com).
    If all the webdesigners knew PHP i would make an include file that starts a session telling the mailer script that the referer is valid. Since many of the designers use frontpage or dreamweaver this is not always possible. Because of that I'll use 1 or 2 steps in 'authenticating' refering webpages: Check if a valid session exists if that isn't the case the $_SESSION['http_referer'] must be a page from the same host. If none of these requirements are met the script won't send anything.
    I'm considering a third method, placing a textfile on the server with the e-mail address but it seems to me that this aproach is just as complicated as including a PHP file.



    Thankyou for your help so far


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •