Page 1 of 1

HTML confirmation email

Posted: Tue Jun 10, 2008 11:44 am
by papapax
Hi,

I have been struggling for a while to figure out how to send a simple HTML confirmation mail with our company logo attached at the head and a short, thanks for booking etc. message in the body and a signature at the foot.

the url to the form is http://www.XXXXXX.co.uk/prototype/reservation.html
real URL removed by moderator for security reasons. See your PM here.

Currently the form is working fine but only sends text email confirmations. I am predominantly a web designer that inherited the project, I managed to get it working up to this point, but have been stumped on how to get the response confirmation mail to send in HTML.

Any help would be appreciated, the code is attached.

Kind Regards,
Frank

the code follow:

<?php

<!--- Needed for fasthosts -------->
ini_set("sendmail_from", "email@somedomain.com");


// Receiving variables
@$title = addslashes($_POST['title']);
@$username = addslashes($_POST['username']);
@$surname = addslashes($_POST['surname']);
@$email = addslashes($_POST['email']);
@$phone = addslashes($_POST['phone']);
@$postcode = addslashes($_POST['postcode']);
@$guests = addslashes($_POST['guests']);
@$dateinput = addslashes($_POST['dateinput']);
@$time = addslashes($_POST['time']);
@$enquiry = addslashes($_POST['enquiry']);



//Sending Email to form owner
$pfw_header = "From: $email\n"
. "Reply-To: $email\n";
$pfw_subject = "Tapa Tapa booking Enquiry";
$pfw_email_to = "eamil@email.com";
$pfw_message = "Title: $title\n"
. "First Name: $username\n"
. "Surname: $surname\n"
. "email: $email\n"
. "Phone Number: $phone\n"
. "Postcode: $postcode\n"
. "Number of guests: $guests\n"
. "Date: $dateinput\n"
. "Time: $time\n"
. "Additional enquiry: $enquiry\n";
@mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header ) ;


//Sending auto respond Email to visitor
$pfw_header = "From: eamil@email.com\n"
. "Reply-To: o2@tapatapa.com\n";
$pfw_subject = "Your Tapa Tapa booking enquiry received";
$pfw_email_to = "$email";
$pfw_message = "Dear $username,\n"
. "\n"
. "Thank you for your booking enquiry, please note this is not a confirmed reservation we shall be in touch to confirm shortly.\n"
. "\n"
. "Kind Regards,\n"
. "The Tapa Tapa Team";
@mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header ) ;

//saving record in a text file
$pfw_file_name = "velvetcard.csv";
$pfw_first_raw = "title,username,surname,email,phone,postcode,guests,dateinput,time,enquiry\r\n";
$pfw_values = "$title,$username,$surname,$email,$phone,$postcode,$guests,$dateinput,$time,$enquiry\r\n";
$pfw_is_first_row = false;
if(!file_exists($pfw_file_name))
{
$pfw_is_first_row = true ;
}
if (!$pfw_handle = fopen($pfw_file_name, 'a+')) {
die("Cannot open file ($pfw_file_name)");
exit;
}
if ($pfw_is_first_row)
{
if (fwrite($pfw_handle, $pfw_first_raw ) === FALSE) {
die("Cannot write to file ($pfw_filename)");
exit;
}
}
if (fwrite($pfw_handle, $pfw_values) === FALSE) {
die("Cannot write to file ($pfw_filename)");
exit;
}
fclose($pfw_handle);

$confirmation = true;
header('Location: reservation.html?confirmation');
?>

Re: HTML confirmation email

Posted: Tue Jun 10, 2008 1:43 pm
by andym01480
Shouldn't be too hard to do!

Code: Select all

<?php
 
<!--- Needed for fasthosts -------->
ini_set("sendmail_from", "email@somedomain.com");
 
 
// Receiving variables
@$title = addslashes($_POST['title']);
@$username = addslashes($_POST['username']);
@$surname = addslashes($_POST['surname']);
@$email = addslashes($_POST['email']);
@$phone = addslashes($_POST['phone']);
@$postcode = addslashes($_POST['postcode']);
@$guests = addslashes($_POST['guests']);
@$dateinput = addslashes($_POST['dateinput']);
@$time = addslashes($_POST['time']);
@$enquiry = addslashes($_POST['enquiry']);
 
 
 
//Sending Email to form owner
// To send HTML mail, the Content-type header must be set
$pfw_header  = 'MIME-Version: 1.0' . "\r\n";
$pfw_header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$pfw_header .= "From: $email\n"
. "Reply-To: $email\n";
$pfw_subject = "Tapa Tapa booking Enquiry";
$pfw_email_to = "eamil@email.com";
 
//Now format your message like an html page including the img tag! See the manual at http://www.php.net  look up mail for an example
$pfw_message = "Title: $title\n"
. "First Name: $username\n"
. "Surname: $surname\n"
. "email: $email\n"
. "Phone Number: $phone\n"
. "Postcode: $postcode\n"
. "Number of guests: $guests\n"
. "Date: $dateinput\n"
. "Time: $time\n"
. "Additional enquiry: $enquiry\n";
@mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header ) ;
 
 
//Sending auto respond Email to visitor
// To send HTML mail, the Content-type header must be set
$pfw_header  = 'MIME-Version: 1.0' . "\r\n";
$pfw_header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$pfw_header .= "From: eamil@email.com\n"
. "Reply-To: o2@tapatapa.com\n";
$pfw_subject = "Your Tapa Tapa booking enquiry received";
$pfw_email_to = "$email";
//format email as html....
$pfw_message = "Dear $username,\n"
. "\n"
. "Thank you for your booking enquiry, please note this is not a confirmed reservation we shall be in touch to confirm shortly.\n"
. "\n"
. "Kind Regards,\n"
. "The Tapa Tapa Team";
@mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header ) ;
 
//saving record in a text file
$pfw_file_name = "velvetcard.csv";
$pfw_first_raw = "title,username,surname,email,phone,postcode,guests,dateinput,time,enquiry\r\n";
$pfw_values = "$title,$username,$surname,$email,$phone,$postcode,$guests,$dateinput,$time,$enquiry\r\n";
$pfw_is_first_row = false;
if(!file_exists($pfw_file_name))
{
$pfw_is_first_row = true ;
}
if (!$pfw_handle = fopen($pfw_file_name, 'a+')) {
die("Cannot open file ($pfw_file_name)");
exit;
}
if ($pfw_is_first_row)
{
if (fwrite($pfw_handle, $pfw_first_raw ) === FALSE) {
die("Cannot write to file ($pfw_filename)");
exit;
}
}
if (fwrite($pfw_handle, $pfw_values) === FALSE) {
die("Cannot write to file ($pfw_filename)");
exit;
}
fclose($pfw_handle);
 
$confirmation = true;
header('Location: reservation.html?confirmation'); 
?>
Much bigger issue now!
You are very vulnerable to spammers using the form to send millions of spam emails out to people, because none of the data is getting checked. Especially as you have given us the URL! Of particular danger is email! search for email verification

Re: HTML confirmation email

Posted: Tue Jun 10, 2008 5:58 pm
by rmessa
You should set the content type:

Code: Select all

$to = "your@email.com";
$subject = "Test email";
$body = "This is the body<p>\nIt contains HTML<p>\n<ul>\n";
foreach ($form as $k=>$v) {
        $body .= "\t<li>$k = ". stripslashes($v) ."<br>\n";
}
$body .= "</ul>\n";
 
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
mail($to, $subject, $body, $headers);
 
search for captha in a search engine to prevent spam

http://mobile.sybrain.com
ERP for WAP

Re: HTML confirmation email

Posted: Tue Jun 10, 2008 6:08 pm
by andym01480
Captcha alone isn't enough - they have been broken. e.g. http://blogs.zdnet.com/security/?p=1232&tag=nl.e539

You must always validate form input even with captcha, especially as you are emailing and adding it to a file on your server.