Mailing problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Longlands
Forum Newbie
Posts: 15
Joined: Tue Oct 25, 2005 3:36 am

Mailing problem

Post by Longlands »

I'm trying to capture a visitor's name and email address to be sent on to my autoresponder (normally this would be don with the autoresponder form, but I need to go to a php script first to do sme other things).

The html form captures the information in 'name' and 'email' and passes them to a php script via POST.

Here is the code I've used in the php script:

Code: Select all

<?php
$name = $_REQUEST['name'];
if ($name=="") {$name="Friend";};
$email = $_REQUEST['email'];

$to = 'tracker@accountname.emailaces.com'; // the autoresponder signup by email address.
$subject = 'Subscribe';
$headers = "From: $name <$email>\n" .
       "MIME-Version: 1.0\r\n" .
       "Content-Type: text/html; charset=utf-8\r\n" .
       "Content-Transfer-Encoding: 8bit\r\n\r\n";

mail($to, $subject, $headers);
?>

An email is being sent to the autoresponder, but the username is logged as 'Nobody' and the email address is nobody@buffalo. etc (my server's root address, I guess).

Something isn't right! Can anyone tell me what?

Thanks.

Martin
User avatar
$phpNut
Forum Commoner
Posts: 40
Joined: Tue May 09, 2006 5:13 pm

Post by $phpNut »

Try using $_POST instead of $_REQUEST ...
Longlands
Forum Newbie
Posts: 15
Joined: Tue Oct 25, 2005 3:36 am

Post by Longlands »

I should have been clearer - the name and email variables are making it through to the php script okay - I've echo'd them and they are there. The problem seems to be that they are not being passed through to my autoresponder via the mail() function properly. I'm thinking that I've just written the $headers part wrong, but that is just a guess.

Martin
User avatar
$phpNut
Forum Commoner
Posts: 40
Joined: Tue May 09, 2006 5:13 pm

Post by $phpNut »

ok from what i gather from php.net

Code: Select all

bool mail ( string to, string subject, string message [, string additional_headers [, string additional_parameters]] )
you have

Code: Select all

mail($to, $subject, $headers);
your missing the content or sting message ...

so:

Code: Select all

mail($to, $subject, $content_b4_headers, $headers);
any help? I won't lie I've never used this function before :)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Also, try changing Content-Transfer-Encoding to 7bit instead of 8bit.
Longlands
Forum Newbie
Posts: 15
Joined: Tue Oct 25, 2005 3:36 am

Post by Longlands »

Thanks guys, it works now!

Martin
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Actually, there is still a serious problem: You don't validate user input...

What if the submitted name has newlines in it? Are you aware of the effects on the mail function?
If you're wondering what i'm talking about: detailed information.
Longlands
Forum Newbie
Posts: 15
Joined: Tue Oct 25, 2005 3:36 am

Post by Longlands »

Hi timvw,

The script I showed was just a proof of concept, so no error checking had been included. That was to be my next task!

However, I wasn't aware of the particular exploit that you pointed out, so I'm very grateful for your input and the link you provided.

Thanks,

Martin.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Glad to help :)

(There are just way too many people that simply copy-paste code samples.. I see it as an extra motivation to make sure they don't copy-paste flawed code ;))
Post Reply