problems with sending email

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
giles
Forum Commoner
Posts: 34
Joined: Thu Sep 14, 2006 2:34 pm

problems with sending email

Post by giles »

Hi there,

I’ve written a simple mailout script. If appears to work fine for some people, appears to fail with others. The fails are with clients inside Uni’s and Corps ... so I’m wondering if I’m getting spam filtered or something alike. I include my code below. I would greatly appreciate any comments on how I may improve it.

Thanks
Giles

Code: Select all

$to = $email;
		$subject = "the subject";
		$from = "my outgoing address";
		
		$headers = "From: $from";
		$headers.= "Content-Type: text/html; charset=ISO-8859-1 "; 
		$headers .= "MIME-Version: 1.0 ";
		
		$body = "Dear " . $firstname . " " . $surname . ",
		
		my message goes here
		
		" . "Your username is : " . $username . "
		" . "Your password is : " . $password;
		
		this is a comment reinserted from the author
		/*notice there aren't any \r\n after the second two header additions. 
		This is what made this version work correctly*/ 
		
		mail($to,$subject,$body,$headers);
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Where to begin? ;)

I guess $to, $email and others have come from a form? That indicates that you're relying on register_globals to be on in php.ini, so you should really be using $_POST["to"] most likely.
Your script is vulnerable to header injection attacks if the above is true.
Your headers are completely wrongly structured (where are the newlines? Yes, I did read your comment.)

:)

You could download Swift Mailer and save yourself the headache of trying to get this to work.

http://www.swiftmailer.org/

More on header injection:

http://www.securephpwiki.com/index.php/Email_Injection
Secure PHP Wiki wrote:Swift Mailer class is not vulnerable to this attack.
Post Reply