I am new here and this is my first post. Unfortunately, I am not familiar with php coding and so I need help for the following script. I would like to use this code on my website containing download files. I want to add a link or button next to the download link. When clicking the link the script should be executed and send an email to me with a given text.
Now, I read that this code could be a victim to header injection. As I am not familiar with php I do not know what to change to be protected. Is there anyone who might help me out with a solution? This is the code:
<?php
$to = 'name#example.com';
$subject = 'Broken Download-Link';
$from = 'Subject-Title <name#example.com>';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Create email headers
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
// Compose a simple HTML email message
$message = '<html><body>';
$message .= '<h2 style="color:#080;font-weight:normal;">Hello!</h1>';
$message .= '<p style="color:#000;font-size:18px;font-weight:normal;">Text here:</p>';
$message .= '<p style="color:#f40;font-size:22px;font-weight:bold;">Another text here</p>';
$message .= '</body></html>';
// Sending email
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
echo 'Unable to send email. Please try again.';
}
?>
Thank you in advance for any help.
Best regards,
Feechen
Related
This question already has answers here:
php single and double quotes
(2 answers)
Closed 1 year ago.
I have set up the Sendmail client on my localhost xammp server running on my home pc but I am getting the following error:xx-xx-xx xx:xx:xx: Message is missing sender's address. I have gotten it to work when I use the hard code what I want to send, like so:
$msg = "hello world";
mail("example#gmail.com","My subject",$msg, 'From: admin#myEmailClient.com');
but when I try and implement my login validation script It does not work and I get the aforementioned error.
emailvalidation.php
$to = $email;
$sub = 'email verification';
$msg = "<a href='http://localhost/verify.php?vkey=$vkey'>account verification </a>";
$headers = "From: admin#myEmailClient.com \r\n";
$headers = "MIME-Version: 1.0". '\r\n';
$headers = "Content-type:text/html;charset=UTF-8 ". '\r\n';
mail($to, $sub, $msg, $headers);
my email variable is set by the user if that helps, I don't think its a problem with the items being parsed because when I check my database all rows are properly filled in.
thank you for your time
edit
I think it's a problem with the r\n parts, these are the parts that enable HTML in emails. when I get rid of them it works
I'm not sure if I should delete this question because of the speed I was able to solve it but I hope this helps someone who had the same problem as I did.
here is how I solved the problem
$message = "<a href='http://localhost/verify.php?vkey=$vkey'>account verification </a>";
$to = $email;
$subject = 'account validation';
$from = 'admin#myEmailClient.com';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
header("location: index.PHP");
}
I got the solution from here. tutorial republic
I tried sending HTML mails through PHP but nothing is working. I tried two options.
One with file_get_contents:
<?php
$to = 'teas#gmail.com';
$subject = 'Marriage Proposal';
$from = 'support#blabla.com';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Create email headers
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
$message = file_get_contents("email_template.html");
// Sending email
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
echo 'Unable to send email. Please try again.';
}
?>
And one with HTML in a PHP string:
<?php
$to = 'anthony#gmail.com';
$subject = 'Marriage Proposal';
$from = 'peterparker#email.com';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Create email headers
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
// Compose a simple HTML email message
$message = '<html><body>';
$message .= '<h1 style="color:#f40;">Hi Jane!</h1>';
$message .= '<p style="color:#080;font-size:18px;">Will you marry me?</p>';
$message .= '</body></html>';
// Sending email
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
echo 'Unable to send email. Please try again.';
}
?>
The response for both functions is:
Unable to send email. Please try again. Unable to send email. Please
try again.
Can anyone tell me whats wrong?
Just enable the HTML in php mailer
$mail->isHTML(true);
For refrence please see here the example in github
I would like to use <<< to send html email in php. So far i remember it works great previously but not working right now.
//ALL HTML MUST BE LEFT ALLIGNED.
$php_var="variable value";
$body = <<<EmailBody
<html>
<body>
$php_var
</body>
</html>
EmailBody; //EmailBody will not show in Email.
$headers = 'From: info#mydomain.com' . "\r\n" .
'Reply-To: info#mydomain.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$subject="Test HTML Email";
$body="test email from mydomain";
$to="aminulsumon#gmail.com";
mail($to,$subject,$body,$headers); //$header type should be html
any help is highly appreciated.
There should NOT be anything before AND/or after EmailBody;; it being the closing identifier.
Read the documentation on heredoc
Use this:
//ALL HTML MUST BE LEFT ALLIGNED.
$php_var="variable value";
$body = <<<EmailBody
<html>
<body>
$php_var
</body>
</html>
EmailBody;
$headers = 'From: info#mydomain.com' . "\r\n" .
'Reply-To: info#mydomain.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$subject="Test HTML Email";
$body="test email from mydomain";
$to="aminulsumon#gmail.com";
mail($to,$subject,$body,$headers); //$header type should be html
Having something (space, text, etc.) after the closing identifier, will result in the following error:
Parse error: syntax error, unexpected end of file in....(path to file) on line X
had error reporting been set
http://php.net/manual/en/function.error-reporting.php
Add this just before your opening <?php tag:
error_reporting(E_ALL);
ini_set('display_errors', 1);
Remove the comment on the end of:
EmailBody; //EmailBody will not show in Email.
So it is only:
EmailBody;
Also you define $body twice, so take out:
$body="test email from mydomain";
Here is one basic example to send html in email -
$to = 'abcd#gmail.com';
$from = "sender#gmail.com"; // sender
$subject = "Test email";
$message = '<html><body>';
$message .= "<p>This is The Email Address</p><br><span class='nonLink'>responder#example.com</span>";
$message .= '<br/>click here to complete your registration';
$message .= '</body></html>';
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset: utf8\r\n";
// Additional headers
$headers .= "From: <$from>" . "\r\n";
// Mail it
if (mail($to, $subject, $message, $headers)){
echo "email sent successfully";
}
How can I send email notification to my users who gave registration details in my form using php?
I have code which runs perfectly to get emails to me, but now I also want to same details to my users.
I am trying to use "$from" into my array at "$to" but getting no email.
my mail.php
<?php
$subject = "Email Notification";
$message = "Thank you for your email";
$message = "Your Registering details are as follows:";
$message .= "<br><br>";
$message .= "<table border='1'>";
$message .= "<tr><td>Name</td><td>".$_POST['name']."</td></tr>";
$message .= "<tr><td>Email</td><td>".$_POST['email']."</td></tr>";
$message .= "</table>";
$from = $_POST['email'];
$to = array('my_address#example.com', 'my_address2#example.com', $from);
$lp = "notification#example.com";
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
$headers .= 'from: '.$lp .'' . "\r\n" .
'Reply-To: '.$lp.'' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
foreach($to as $row)
{
mail($row,$subject,$message,$headers);
}
echo "Mail Sent.";
die;
?>
It's pretty common that on shared hosting you need to send an email from an "existing email", at least match the domain. Maybe that's why the emails are not being sent?
So for example, if your domain is "www.my-awesome-domain.com", you can't send email headers
"from: example#example.com"
Instead, make sure to send emails from your domain, and ideally an existing email box, for example:
"from: office#my-awesome-domain.com"
Hope it helps! :)
<?php
$to = 'abc#gmail.com';
$subject = 'the subject';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$message = file_get_contents('http://domain.com/newsletter.html');
$headers = 'From: xyz#gmail.com' . "\r\n" .
'Reply-To: xyz#gmail.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
?>
This in my mail code. Here I am sending my newsletter to my existing customer.
Can anyone help me how can I send/open the newsletter as the page through mail ?
I suggest you use the following, yet you won't be able to use an http:// call, because this goes against security reasons.
By doing so, anyone could include whatever they want from whatever website. The file must reside on your server in order for the following to work.
Making use of the include(), ob_start() and ob_get_clean() functions.
You must use a relative path to the file you wish to include.
<?php
ob_start();
include 'file.xxx';
$message = ob_get_clean();
$to= 'email#example.com';
$subject = 'the subject';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: email#example.com' . "\r\n" .
'Reply-To: email#example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail($to, $subject, $message, $headers)){
echo "Message sent.";
}
else{
echo "There was a problem. Check your logs.";
}
?>
Footnotes:
I quote jsalonen from a comment: "Keep in mind that CSS support in email readers is (probably intentionally) very limited: campaignmonitor.com/css - so if it works in a regular browser, it may or may not work in an email reader."
Most Email clients such as Google will ignore CSS, so it's best to use inline CSS.
Images:
Another thing you will need to do is, if you are using images, then that's where you will need to use an http:// call to the image location(s).
I.e.: <img src="http://www.example.com/images/image_1.jpg">
if allow_url_fopen is available in the ini file, you can do this:
$html = file_get_contents('http://domain.com/newsletter.html');
$message = $html;
The reason this should work is because most email clients can read emails sent as HTML (as long as you're sending emails as HTML and not just plaintext emails).
You can use echo htmlspecialchars($html); to see what HTML you're sending.