Page 1 of 1

problems with sending email

Posted: Tue May 15, 2007 9:54 pm
by giles
Hi there,

I’ve written a simple mailout script. If appears to work fine for some people, appears to fail with others. The fails are with clients inside Uni’s and Corps ... so I’m wondering if I’m getting spam filtered or something alike. I include my code below. I would greatly appreciate any comments on how I may improve it.

Thanks
Giles

Code: Select all

$to = $email;
		$subject = "the subject";
		$from = "my outgoing address";
		
		$headers = "From: $from";
		$headers.= "Content-Type: text/html; charset=ISO-8859-1 "; 
		$headers .= "MIME-Version: 1.0 ";
		
		$body = "Dear " . $firstname . " " . $surname . ",
		
		my message goes here
		
		" . "Your username is : " . $username . "
		" . "Your password is : " . $password;
		
		this is a comment reinserted from the author
		/*notice there aren't any \r\n after the second two header additions. 
		This is what made this version work correctly*/ 
		
		mail($to,$subject,$body,$headers);

Posted: Wed May 16, 2007 12:54 am
by Chris Corbyn
Where to begin? ;)

I guess $to, $email and others have come from a form? That indicates that you're relying on register_globals to be on in php.ini, so you should really be using $_POST["to"] most likely.
Your script is vulnerable to header injection attacks if the above is true.
Your headers are completely wrongly structured (where are the newlines? Yes, I did read your comment.)

:)

You could download Swift Mailer and save yourself the headache of trying to get this to work.

http://www.swiftmailer.org/

More on header injection:

http://www.securephpwiki.com/index.php/Email_Injection
Secure PHP Wiki wrote:Swift Mailer class is not vulnerable to this attack.