missing @ in URL email query string

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jfkafka
Forum Newbie
Posts: 6
Joined: Sun Feb 22, 2009 5:26 pm

missing @ in URL email query string

Post by jfkafka »

Hi,
after spending a couple days trying to unsuccessfully figure this out,
i've reached the dreaded point of reluctantly admitting i need technical assistance
if available
the issue in question involves an http query string to unsubscribe to a newsletter
via a link at the bottom of the newsletter emailed to a customer
when user clicks on unsubscribe link in their newsletter email, is taken to:
"https://****.com/~MYdomain/unsubscribe.php?email=emailTOunsubscribe@hotmail.com"
fine so far..
however when the unsubscribe button is clicked on the unsubscribe.php page
the url now reads:
"http://www.MYdomain.com/unsubscribe_don ... otmail.com"
please note that the @ is missing from the email address at the end of the URL
this causes the email address not to be found in the customers table
if i add the @ to the URL:
("http://www.MYdomain.com/unsubscribe_don ... otmail.com")
the person is correctly unsubscribed
the code in catalog/unsubscribe.php that seems to be the culprit is:
$email_to_unsubscribe=$_GET['email']; (i modified the original which was $HTTP_GET_VARS- now deprecated)
does anyone know why the @ is missing from the email address?
thank you for your insight
jfkafka
Forum Newbie
Posts: 6
Joined: Sun Feb 22, 2009 5:26 pm

Re: missing @ in URL email query string

Post by jfkafka »

gosh, i'm starting to get a cramp from keeping my fingers crossed,
leave it to me to have a problem with "buggy" code,
it's so kafkaesque!
Randwulf
Forum Commoner
Posts: 63
Joined: Wed Jan 07, 2009 7:07 am

Re: missing @ in URL email query string

Post by Randwulf »

That's odd. I seem perfectly able to pass @s via GET.

It would be very helpful if you posted a few blocks of code.
jfkafka
Forum Newbie
Posts: 6
Joined: Sun Feb 22, 2009 5:26 pm

Re: missing @ in URL email query string

Post by jfkafka »

Hi Randwulf,

Thanks for your response.

The sequence of events:
After signing up for the newsletter, customer receives an email with an optional link
to unsubscribe:
i.e. http://www.safewaydeliveries.com/unsubs ... otmail.com
If clicked the link takes them to the unsubscibe page with the correct URL
But if the unsubscribe button is clicked the URL changes to:
http://www.safewaydeliveries.com/unsubs ... otmail.com //(no @ in email)
and because the @ is missing from the email address the database doesn't delete the customer

I do have search engine friendly URL's installed but when I disabled it the URL changed to:
http://www.safewaydeliveries.com/unsubs ... otmail.com (still no @ in email address).

I also tried not using the .htaccess file in case that was the cause. It didn't help.

Here is the entire code from unsubscribe.php which is an oscommerce contribution.

<?php
////////////////////////////////////////////////////////////////////////////
// $Id: Newsletter Unsubscribe, v 1.0 (/catalog/unsubscribe.php) 2003/01/24
// Programed By: Christopher Bradley
//
// Developed for osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
//
// Released under the GNU General Public License
//
///////////////////////////////////////////////////////////////////////////
// ############ anti aspirateur #########
// require ('aspilock_heap.php');
// ######### anti aspirateur ##########
require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_UNSUBSCRIBE);
$email_to_unsubscribe=$_GET['email'];
$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_UNSUBSCRIBE, '', 'NONSSL'));
$filename_unsubscribe_done=FILENAME_UNSUBSCRIBE_DONE . "?email=" . $email_to_unsubscribe;

////////////////////////////////////////////////////////////////////////////////////////////
?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<?php
if ( file_exists(DIR_WS_INCLUDES . 'header_tags.php') ) {
require(DIR_WS_INCLUDES . 'header_tags.php');
} else {
?>
<title><?php echo TITLE ?></title>
<?php
}
?>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>"

cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
</tr>
</table></td>
</tr>
<tr>
<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
</tr>
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td class="main"><?php echo UNSUBSCRIBE_TEXT_INFORMATION; ?></td>
</tr>
</table></td>
</tr>
<tr>
<td align="center" class="main"><br><?php echo '<a href="' . tep_href_link($filename_unsubscribe_done, '',

'NONSSL') . '">' . tep_image_button('button_unsubscribe.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
</tr>
</table></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>"

cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
</tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>

</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Again, thanks for your reply, Randwulf.
Randwulf
Forum Commoner
Posts: 63
Joined: Wed Jan 07, 2009 7:07 am

Re: missing @ in URL email query string

Post by Randwulf »

I think it's a problem in the tep_href_link() function. Try echoing:

http://www.safewaydeliveries.com/unsubs ... cribe_done (you can right click that link and hit properties to copy it.)

rather than using the tep_href_link() function.
jfkafka
Forum Newbie
Posts: 6
Joined: Sun Feb 22, 2009 5:26 pm

Re: missing @ in URL email query string

Post by jfkafka »

Thanks for your response, Randwulf. I actually tried echoing the variable that
is used to form $filename_unsubscribe_done (namely $email_to_unsubscribe)
when I echoed $email_to_unsubscribe it's already missing the @. So when it's
appended to $filename_unsubscribe_done it's already screwed up. Maybe it's
a hosting security feature? Anyway, thank you very much for taking the time
to help.
Randwulf
Forum Commoner
Posts: 63
Joined: Wed Jan 07, 2009 7:07 am

Re: missing @ in URL email query string

Post by Randwulf »

It could be. Sounds like it's time for hardcore brute force debugging.

Try echoing $_GET['email'] and see if that's different from $email_to_unsubscribe.
jfkafka
Forum Newbie
Posts: 6
Joined: Sun Feb 22, 2009 5:26 pm

Re: missing @ in URL email query string

Post by jfkafka »

Tried that, tried $_REQUEST even $_POST. I put a ticket in with the hosting
to see if they have some feature to strip the @ even though it shows the @
on the initial URL from the newsletter link. Well they said it's nothing on their
end. Thanks once more for your suggestions. I was thinking of iterating through
the address adding the @ until it found a database match but that seems like a poor
solution.
Randwulf
Forum Commoner
Posts: 63
Joined: Wed Jan 07, 2009 7:07 am

Re: missing @ in URL email query string

Post by Randwulf »

There's a better way than iterating the address and querying the db a million times, though it would be far nicer if you could get that @ to show up.

You could add a second column to your email db, email2 or something. In the first column you'd store the proper email address, and in the second column you could store the email with the @ removed.

Then you'd query the database for the row where email2 is the email address without the @.

Alternatively, the unsubscribe link in the emails that you send could have the @ replaced with something weird, like YFK2M, and you'd have the unsubscribe script replace that with an @.
jfkafka
Forum Newbie
Posts: 6
Joined: Sun Feb 22, 2009 5:26 pm

Re: missing @ in URL email query string

Post by jfkafka »

well randwulf, your simply brilliant idea to add a second email field to the db
is a much more elegant workaround than iterating
it now works and i am enormously grateful for your patient and supportive suggestions.
such a relief, thank you for getting me through it.
Post Reply