I am trying to parse some HTML from files into a PHP variable to send across HTML email, but I am struggling. It doesn't output anything at all when loaded. Only the submit button is echoed. What am I doing wrong? I know it's probably a lot, but can someone please advise me on how to get this to work?
I will end up using AJAX for the submit button so the page isn't reloaded, but the content (at the moment) isn't even displaying. It's a lot of code, so I decided to break it up into files to make it easier to read and easier to inject.
<?php
// Setting mail options
$to = $_POST["clientemail"];
$subject = $_POST["subject"];
// Are we debugging?
$debug = true;
// Set content-type header for sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// Additional headers
$headers .= 'From: CodexWorld<"postmaster#intel-web.co.uk">' . "\r\n";
$headers .= 'Cc: b.ravetta#gmail.com' . "\r\n";
$headers .= 'Bcc: admin#intel-web.co.uk' . "\r\n";
// Place all HTML content into one big fucking message.
$head = file_get_contents("head.html");
$body = file_get_contents("body.html");
$footnotes = file_get_contents("footer.html");
if($_POST["packageid"] == 1)
{
$content = file_get_contents("fb.html");
}
if($_POST["packageid"] == 2)
{
$content = file_get_contents("aw.html");
}
if($_POST["packageid"] == 3)
{
$content = file_get_contents("mobi.html");
};
$messagecontent =
echo $head;
echo $body;
echo $content;
echo $footnotes;
;
// Where the message content ends.
echo "<form method='POST' action=''>
<input type='submit' name='sendmail' value='Send Email'>
</form>";
if (isset($_POST['sendmail']))
if(mail($to,$subject,$messagecontent,$headers)):
$successMsg = 'Email has sent successfully.';
else:
$errorMsg = 'Email sending fail.';
endif;
// Debug Shit
if ($debug)
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting("E_STRICT")
?>
I'm surprised that you even get a submit button at all. Because
$messagecontent =
echo $head;
echo $body;
echo $content;
echo $footnotes;
;
should actually raise a syntax error for an unexpected T_ECHO.
If you want to concatenate a string, that's how you do it:
$messagecontent = $head . $body . $content . $footnotes;
If you fix that, you will still only get the submit button after submitting the form, because while you will send the mail, you do nothing with your success / error message. You might want to do something like
if (isset($_POST['sendmail'])) {
if(mail($to,$subject,$messagecontent,$headers)) {
$successMsg = 'Email has sent successfully.';
echo $successMsg;
} else {
$errorMsg = 'Email sending fail.';
echo $errorMsg;
}
}
(Note: I also changed the syntax of your if statements to an accepted standard. see http://www.php-fig.org/psr/)
Also, you might want to change the error reporting settings in the php.ini and not in the file. Because if you do have a parse error, you won't see it (because the file can't be parsed and so display_errors won't get set to 1.
Related
I am sending a confirmation mail to user to confirm his account. The confirmation mail is styled using HTML and has an href element which points the users to a PHP file where I do the confirmation process. This href link also needs to have a PHP randomstring attached, the same randomstring is saved in Database and is also sent to user so that the cross-checking can be done in PHP once the user clicks on it.
<td align="center" style="margin:0;text-align:center">
<a href="http://aliencreative.wehubs.com/new_alien/email.php?code=<?php echo $randomString; ?>"
style="font-size:21px;line-height:22px;text-decoration:none;color:#ffffff;font-weight:bold;
border-radius:2px;background-color:#0096d3;padding:14px 40px;display:block;
letter-spacing:1.2px" target="_blank">Confirm Alien account now!</a></td>
The PHP code includes the above HTML as follows.
<?php
$randomString=time();
//$random="http://aliencreative.wehubs.com/new_alien/email.php?code=".$randomString;
echo $random;
$to = 'sample#gmail.com';
$subject = "Confirmation mail";
// Get HTML contents from file
$htmlContent = file_get_contents("email_template.php");
// Set content-type for sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// Additional headers
$headers .= 'From: Alien creative control<alien#alien.com>' . "\r\n";
// Send email
if(mail($to,$subject,$htmlContent,$headers)):
$successMsg = 'Email has sent successfully.';
else:
$errorMsg = 'Some problem occurred, please try again.';
endif;
?>
However, the PHP variable is't getting available in the link.
Please try this. Remove file_get_contents and use include with output buffer function. I think this will insert your variable to your template. Please check the below updated code. Anyway your method is not a secure. Please create more complicated random code
<?php
$randomString=time();
//$random="http://aliencreative.wehubs.com/new_alien/email.php?code=".$randomString;
echo $random;
$to = 'sample#gmail.com';
$subject = "Confirmation mail";
// Get HTML contents from file
ob_start();
include "email_template.php";
$htmlContent=ob_get_contents();
ob_end_clean();
// Set content-type for sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// Additional headers
$headers .= 'From: Alien creative control<alien#alien.com>' . "\r\n";
// Send email
if(mail($to,$subject,$htmlContent,$headers)):
$successMsg = 'Email has sent successfully.';
else:
$errorMsg = 'Some problem occurred, please try again.';
endif;
?>
This is the code that I am using to send mail. But to have line breaks in message that is to be delivered in mail is not inserting new lines. I tried using "","/n","/r/n". But i am getting these along with the message or else message is not at all getting delivered.
<?php
$to="******";
$sub="contact_details";
$userdetails="Name:".$_REQUEST["name"];
$userdetails.="<br/>Phone number:".$_REQUEST["phone"];
$userdetails.="<br/>Email:".$_REQUEST["email"]";
$userdetails.="<br/>Message:".$_REQUEST["message"].`"<br>"`;
if($_REQUEST["name"] && $_REQUEST["phone"] && $_REQUEST["email"] && $_REQUEST["message"])
{
$mail=mail($to,$sub,$userdetails);
if($mail){
echo "<script type='text/javascript'>alert('Submitted Successfully!')
</script>";
}
else{
echo"<script type='text/javascript'>alert('Failed!')</script>";
}
}
else {
echo "<script type='text/javascript'>alert('Please enter all fields!');
</script>";
}
?>
Thanks in advance.
The email that you are sending is not html supported, yow will need to add \n and in order to make the html work, you will need to add headers like this:
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= 'From: <webmaster#example.com>' . "\r\n";
$headers .= 'Cc: myboss#example.com' . "\r\n";
mail($to,$subject,$message,$headers);
You have to correct the syntax for errors, you have added extra "(double quote) after email, remove this, and you can use "\n" for adding the line breaks.
<?php
$to="******";
$sub="contact_details";
$userdetails="Name:".$_REQUEST["name"]. "\n";
$userdetails.="<br/>Phone number:".$_REQUEST["phone"]. "\n";
$userdetails.="<br/>Email:".$_REQUEST["email"]. "\n";
$userdetails.="<br/>Message:".$_REQUEST["message"]. "\n";
?>
Also header are not mandatory to send the mail, you can send the mail even if header are not set.
I have built a form builder plugin. The last step is to get the emails to send to the site admin, however, I can't seem to figure out how to make this work. Here is my php mail handler:
if (!empty($errors)) {
// if there are items in our errors array, return those errors
$data['success'] = false;
$data['errors'] = $errors;
} else {
parse_str($_REQUEST['formData'], $formFields);
$html='<html><body>';
foreach ($formFields as $key => $value) {
$html .= '<p><label>' . $key . ' :</label> ' . $value . '</p>';
}
$html .='</body></html>';
$to = get_option('admin_email');
$subject = "Form Submission";
$txt = $html;
$headers = "From: <sam.skirrow#gmail.com>". "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1"."\r\n";
mail($to,$subject,$txt,$headers);
// if there are no errors process our form, then return a message
// show a message of success and provide a true success variable
$data['success'] = true;
$data['message'] = 'Success!';
}
// return all our data to an AJAX call
echo json_encode($data);
You can see in my $to variable I have added get_option('admin_email'); however, doing this breaks my form (as opposed to just writing an email address in.
You need to load WordPress to be able to use their get_option function.
Add this to the top of your PHP script:
require_once('../../../wp-load.php');
Mail content:
<html><head></head><body><p> Message : 鏽嫌╒杜米土 杯屎</p>Share Link : Press here to enter <br><img src ='http://203.80.1.28/FlippingBook/development/demo/medium/Web081112_P070_medium.jpg' /></body></html>
PHP:
if (isset($_POST["data"])){
$info = explode("&", $_POST["data"]);
$headers = 'MIME-Version: 1.0\r\n';
$headers .= "Content-Type: text/html; charset = \"UTF-8\";\n";
$headers = "From: =?UTF-8?B?" . base64_encode(substr($info[0],strpos($info[0],'=')+1, strlen($info[0]))) . "?=";
$to = substr($info[1],strpos($info[1],'=')+1, strlen($info[1]));
$subject = "=?UTF-8?B?" . base64_encode('日報分享') . "?=";
$message = trim(substr($info[2],strpos($info[2],'=')+1, strlen($info[2])));
$message = '<html><head></head><body><p> Message : '.$message;
$url = substr($info[3],strpos($info[3],'=')+1, strlen($info[3]));
$message = $message. '</p>Share Link : Press here to enter ';
if (isset($info[4])){
$firstImg = substr($info[4],strpos($info[4],'=')+1, strlen($info[4]));
$message = $message."<br><img src ='".$firstImg."' />";
}
if (isset($info[5])){
$secondImg = substr($info[5],strpos($info[5],'=')+1, strlen($info[5]));
$message = $message."<br><img src ='".$secondImg."' />";
}
$message = $message.'</body></html>';
if (mail($to, $subject, $message, $headers))
die ('Mail sent');
else
die ('Fail');
}else{
die ('Fail');
}
I am writing a simple program to send email. However, my mail content is not english based so I used utf-8 to encode.
When I changed the encode method, it can not send the processed html code, instead the mail content is the raw html code shown above, how to fix this problem?
If using PEAR lib is not a problem than you can look for Pear Mail-Mime lib to send mail or HTML contents. More details you can get from here - http://pear.php.net/manual/en/package.mail.mail-mime.example.php
I have a contact form on my website, and everything works like a charm. I am using a anti-injection validation script, that I suspect is supposed to send a notification when somebody attempts to use header injection. I have tested this thouroghly and cannot determine why it will not notify me on the event of an abuse. The script is below.
<?php
/* Set e-mail recipient */
$myemail = "email#gmail.com";
/* Check all form inputs using check_input function */
$subject = check_input($_POST['subject'], "Please enter your name");
$email = check_input($_POST['email'], "Please enter your email");
$form = check_input($_POST['form'], "Please write your message");
function logbad($value)
{
// Start of validation; this is where the problem is
$report_to = "email#gmail.com";
$name = "Matt";
$mail = "$email";
// replace this with your own get_ip function...
$ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty'
: $_SERVER['REMOTE_ADDR'];
$rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty'
: $_SERVER['HTTP_REFERER'];
$ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty'
: $_SERVER['HTTP_USER_AGENT'];
$ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty'
: $_SERVER['REQUEST_URI'];
$rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty'
: $_SERVER['REQUEST_METHOD'];
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 1\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$nama."\" <".$mail.">\r\n\r\n";
#mail
(
$report_to
,"[ABUSE] mailinjection # " .
$_SERVER['HTTP_HOST'] . " by " . $ip
,"Stopped possible mail-injection # " .
$_SERVER['HTTP_HOST'] . " by " . $ip .
" (" . date('d/m/Y H:i:s') . ")\r\n\r\n" .
"*** IP/HOST\r\n" . $ip . "\r\n\r\n" .
"*** USER AGENT\r\n" . $ua . "\r\n\r\n" .
"*** REFERER\r\n" . $rf . "\r\n\r\n" .
"*** REQUEST URI\r\n" . $ru . "\r\n\r\n" .
"*** REQUEST METHOD\r\n" . $rm . "\r\n\r\n" .
"*** SUSPECT\r\n--\r\n" . $value . "\r\n--"
,$headers
);
}
// Check 1
//First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
if(!isset($_SERVER['HTTP_USER_AGENT']))
{
die('Forbidden - You are not authorized to view this page (0)');
exit;
}
// Cek 2
// Make sure the form was indeed POST'ed:
// (requires your html form to use: action="post")
if(!$_SERVER['REQUEST_METHOD'] == "POST")
{
die('Forbidden - You are not authorized to view this page (1)');
exit;
}
// Host names from where the form is authorized
// to be posted from:
$authHosts = array("cover.com");
// Where have we been posted from?
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));
// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos($fromArray['host'], "www.");
// Make sure the form was posted from an approved host name.
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts))
{
logbad("Form was not posted from an approved host name");
die(' Forbidden - You are not authorized to view this page (2)');
exit;
}
// Attempt to defend against header injections:
$badStrings = array("content-type:",
"mime-version:",
"content-transfer-encoding:",
"multipart/mixed",
"charset=",
"bcc:",
"cc:");
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v)
{
foreach($badStrings as $v2)
{
if(strpos(strtolower($v), $v2) !== false)
{
logbad($v);
die('<strong>Form processing cancelled:<br /></strong> string
(`'.$v.'`)<strong> contains text portions that
are potentially harmful to this server. <br />Your input
has not been sent! <br />Please use your browser\'s
`back`-button to return to the previous page and try
rephrasing your input.</strong>');
exit;
}
}
}
// Made it past spammer test, free up some memory
// and continuing the rest of script:
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
/* If e-mail is not valid show error message */
$addr_spec = '([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
'\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|\\x22([^\\x0d'.
'\\x22\\x5c\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x22)'.
'(\\x2e([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e'.
'\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|'.
'\\x22([^\\x0d\\x22\\x5c\\x80-\\xff]|\\x5c\\x00'.
'-\\x7f)*\\x22))*\\x40([^\\x00-\\x20\\x22\\x28'.
'\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d'.
'\\x7f-\\xff]+|\\x5b([^\\x0d\\x5b-\\x5d\\x80-\\xff'.
']|\\x5c[\\x00-\\x7f])*\\x5d)(\\x2e([^\\x00-\\x20'.
'\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40'.
'\\x5b-\\x5d\\x7f-\\xff]+|\\x5b([^\\x0d\\x5b-'.
'\\x5d\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x5d))*';
if (!preg_match("!^$addr_spec$!", $email))
{
show_error("E-mail address not valid");
}
if (strtolower($_POST['code']) != 'rowingcover') {die('The following error occured: <br />Wrong anti-spam code. <br />
Go back');}
/* Let's prepare the message for the e-mail */
$message = "Cover.com Contact Form
From:
$subject
$email
Message
$form
";
/* Send the message using mail() function */
mail($myemail, $subject, $message, "From: $email");
/* Redirect visitor to the thank you page */
header('Location: contact_received.html');
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<b>Please correct the following error:</b><br />
<?php echo $myError; ?><br />
Go back
</body>
</html>
<?php
exit();
}
?>
I am relatively new to php, so any help would be much appreciated.
Thanks,
Matt
Your problem might be that you are using double quotes with # in your variable:
should be: $report_to = 'email#gmail.com'; or $report_to = "email\#gmail.com";
Just posting as answer from my comment since you got it solved by that.
The thing was that using an array inside a variable without scaping it will result in a empty array in your case which would give you a possible wrong email.
You welcome :)
I have found a few things that might contribute to that.
1)
$mail = "$email";
$email isn't defined (you're inside a function), and there is no reason to put quotes around a variable. This means $mail = "";
2)
$headers .= "From: \"".$nama."\" <".$mail.">\r\n\r\n";
You said $nama instead of $name, this means that line is actually:
$headers .= "From: <>\r\n\r\n";
It's a bit difficult to see the reason. Try defining your subject and message before your mail function (makes it much easier to read).
Don't use the "#mail" as that will NOT tell you any errors it runs into. While debugging, you definitely want error messages.
Try sending a normal text email before you send an HTML error (in that function), it might help make things simple. Then slowly implement HTML, see where it breaks.
This following lines looks wrong.
$mail = "$email"; should be $mail = $email;
#mail( should be just mail( This is probably the line preventing your mail being sent!
mail($myemail, $subject, $message, "From: $email"); should be
mail($myemail, $subject, $message, "From:".$email);
Hope that helps.
Thanks to Prix who answered my question in the comments:
$report_to = "email#gmail.com"; either
use single quote or scape the #
$report_to = 'email#gmail.com'; or
$report_to = "email\#gmail.com"; since
the # is treathed as an array it will
not read as email#gmail.com under
double quotes. – Prix 4 mins ago