Is it possible to include a separate html page in a php email?
Example, create a separate page that has all the content on it I want to email it and then include it in a php mail() on another page as the message?
Thanks
If you meant sending HTML email, yes. You can do that. You just need to add additional headers in the fourth parameter of mail() and pull the information from the HTML file you have using file_get_contents(). Please check this:
http://css-tricks.com/sending-nice-html-email-with-php/
Yes, it's possible exactly how rationalboss explained. Personally I use PEAR for html emails. It's a pain to get started with if you're not familiar to PEAR, but life has improved once I got it going.
Careful though, html/css does not have the same support in email clients that it does in browsers. You can create a beautiful page and find out that most people receive it with huge glitches due to certain CSS rules being ignored.
Best practice last I heard is to keep it simple and use inline styles for everything. Avoid floats and positioning. In fact, I believe it is actually still safer to use tables when dealing with email layouts if you need things to sit next to each other.
And then test in as many email clients as you can. Then cry and try to fix things.
I hear good things about Email on Acid for testing. It's a pay service but they offer a limited test for 3 clients as well.
If you're just doing a relatively simple email then it shouldn't be too bad. But if you're trying to make something that really looks great I recommend doing some googling on styling html specifically for emails.
Related
I'm currently working on an email template building website in PHP (LAMP to be specific) that allows users to paste in their HTML email code and then send it off to their customers.
Obviously with handling this kind of data I need to implement some kind of XSS security. I've scowled the net for weeks trying to find solutions to this and found very few good methods but they don't really work for full HTML documents (which is what I'd be dealing with).
These are the solutions I found and why they don't work for me:
HTMLPurifier:
I think this is the obvious choice for most because it's got the best security and is up to date with industry standards. Although it's main use is supposed to be for HTML fragements/small snippets, I thought I'd give it a go.
The first issue I ran into was that the head tags (and anything inside them) was getting stripped and removed. The head is quite essential in HTML emails so I had to find a way around this...unfortunately, the only fix I could find was to seperate the head from the rest of the email and run each part seperately though HTMLPurifier.
I've yet to try this because it seems very hacky but it seems to be the only way to achieve what I'm after. I'm also not sure on how well HTMLPurifier is at finding XSS in CSS. On top of all that, it doesn't do well in terms of performance with it being such a large library.
HTMLawed:
HTMLawed seemed to be another great option but a few things swayed me from using it.
A) Compared to HTMLPurifier, this seems to be less secure. HTMLawed has several documented security issues at the moment. It's also not widely used yet which is more worrying (only used by about 10 registered companies).
B) It's released under the GPL/GPU License, which effectively means I can't use it on my website unless I'm willing to let people use my service for free.
C) From what I've seen of people talking about it, it seems to strip a lot of tags unless it's heavily configured. I can't have much say here because I've not tried it but that also raises security concerns for me - what if I miss something? what if I can't configure it to keep the elements I want? etc.
These are my questions to you:
Are there any better alternatives to the ones listed above?
Is it possible to code this myself or is that too ambitious and too insecure?
How do the larger email companies tackle this issue (mailchimp, activecampaign, sendinblue, etc.)?
It seem you are sending an HTML content. So then you cannot filter them. You must store HTML in your database. If you filter them using XSS proof, then the HTML will not working properly. By default, all Webmail service disabling Javascript by default like GMail, Yahoo, Roundcube etc.
If you are using WYSIWYG like CKEditor, it automatically remove all <script> tags and also certain unknown attribute. But still you can set it to what to accept and what to remove via CKEditor.config().
If you PHP cannot insert into your database because of some special chars, then you can use SQL prepare statement or encode your HTML input to base64 using base64_encode() then decode it when to use in mail() or PHPMailer::Body.
I'm building an PHP email mailbox script.
How would I make html emails display cleanly as they do in gmail/hotmail.
If I just echo it out it affects the whole page layout.
I could use iframes but surely that isn't the best solution.
If you are looking for the 'best solution' get on board with another open source email library that is doing the same thing you are. Maintaining an email renderer on your own that is safe against script injection and other hacks will simply be too much work for one person.
One example: https://github.com/afterlogic/webmail-lite
Another: http://trac.roundcube.net/
You get the benefit of other developers who use the library maintaining the code base, so if something is broken, all you have to do is pull the latest update (hopefully) and you get the fix. If you find something that needs improving, you can fix it or build it, and make the code better for everyone. I'm really just pitching open source libraries here, however in any commercial context, building your own email renderer without a big team, is a bad idea.
As Marc B stated, I believe an IFrame would be your best bet... but please realize that if you just dump any email HTML code you risk exposing yourself to viruses, Trojans, and malicious HTML/JavaScript code - Your opening Pandora's box on your computer unless you find a good way to sandbox/strip that HTML.
Here's a simple Regex to clean JavaScript at least :
"(?s)<script.*?(/>|</script>)"
Consider the use of some HTML Tidy library (i.e.: PHP.Tidy).
You can pass the text through the library to get well formatted html.
A good practice would be to define a CSS standard behaviour for most tags in the div you're using.
Create a DIV container that you assign width (and height if needed) to, and make sure you add an overflow property to match your design. This should keep your email HTML from interfering with your layout.
UPDATE
A DIV container still assures you that you can constrain the size of the display box and with appropriate CSS acts similar to an iframe without all the baggage.
If you are worried about the code in the email, strip_tags would seem a better solution than the regex. You can define a list of tags to leave alone and still be confident of stripping the rest.
I am looking for creative heuristics to detect if an HTML email was not just opened, but also likely read.
Currently, we embed an img tag linking to a PHP script, which marks anonymously in the database that the email was opened. (We can assume here that the users we're interested in told Outlook it was OK to display the images.)
This method is okay, but it's hard to tell what it means - if they clicked the email just to get it marked as read, if they keyed through it while skipping through other mails, or if they genuinely read and enjoyed the email.
My latest try was to implement a delay of 10 seconds on the image download before making the database call marking the mail as read, however it seems that Outlook finishes the request in the background, even if they skip out of the email. Does anyone have any creative recommendations that may work better?
It's kind of unethical in my opinion to do this without your user's knowing. That's why so many email clients go to measures to protect against this.
I know this might not really help you, but if your user genuinely read and enjoyed the email couldn't you just add an HTML anchor in the email that they can click on to go to your website and you can add a tracking code to that to figure out who it was / which email address clicked on the link at the bottom of your email. Something along those lines just seems like a better method to me. Maybe that's just me though.
Hmm, tough one without the use of javascript, and as we know, most email clients have their security too high to use javascript.
Not putting much thought into it, could you use PHP's shutdown function, and have the image "loop" load....basically meaning that the image will never completely load because we are stopping it on the server side with a loop. Will Outlook still try and download the image after a timeout - will it timeout?
It seems like you are dealing with two different issues...trying to harness Outlook and trying to do something that most people don't want.
This is why there are offers and links like "click here for 10% off coupon" or "read more".
From a marketing standpoint this would be a true test if people are interested in your emails....but I guess that wasn't your question ;)
I have seen a few companies recently that are releasing "live" email content. This basically means that each time you open the email the content changes. I have looked into this and it appears that not only the image, but the text of these emails is also changing. . .
The only possibility that I have thought of to do this is with an iframe or changing images with the same url.
Does anyone have an idea of how this is being accomplished ? \
It would be easiest to find out if you just looked into the source code of one of those live emails.
Otherwise the most likely solution are <iframe>s. The support in mail clients is not encompassing however: http://www.campaignmonitor.com/blog/post/3219/do-iframes-work-in-email/
So I would assume this is mostly used for small areas, and/or with an <iframe ..><p>alternative content</p></iframe> area. That's the most likely approach to follow in lieu of scripting support.
The exchanging <img> variant is more widely supported, but harder to implement. You would need to take a screenshot of your website, and link it remotely in the mail. You can mitigate the non-clickability with an <area> but would have to ensure that your website screenshot doesn't change the layout then - because you can only ever adapt the remote image, not the sent html emails.
It's quite possible that both approaches might be combined. But it's quite some effort to provide an iframe and a static img screenshot as alternative. Only one thing is for sure, embedded Flash content can be ruled out for your "live" emails. http://www.campaignmonitor.com/blog/post/1974/the-truth-about-1/
I have a place where I want users to submit emails for newsletter subs and a place to submit an entire contact form. Zero php knowledge outside of know that it can do what I need.
There's a mail function built-in, take a look at
http://php.net/manual/en/function.mail.php
you will however, need to format the email body with the form data posted, of course.
Check out FormToEmail. From their site:
FormToEmail is a PHP form mail script.
It comes in a free version and a Pro
version. It processes web forms and
sends the contents of the form to you
by email. It will process any form. It
doesn't make forms but it comes with
HTML code for a basic contact form
that you can use on your website. It
is very secure and cannot be hijacked
by spammers. It is very simple to
install, you only need to add your
email address to it. Step-by-step
instructions written in plain English.
Actually, you don't need to do any php programming to create a such a setup. There are plenty of mailing list software apps available and you can grab a formmail script (like the one from Matt's Script Archive) and build the html with the right fields.
Use the mail function.
However be aware that you need to specify the correct headers yourself if you want to use html in your emails!
A common beginner's mistake is assuming you can simply use html tags with mail and it should work automatically.
Figured this was worth mentioning, since you are wanting to do a newsletter. If you try sending the email, and the raw html tags seem to appear in the message, this is your issue :)
As someone who is a PHP know-nothing, I often look for easy solutions to complex problems. Using a super simple PHP form can have some downsides such as getting massive amounts of spam if you don't have any measures to prevent that, setting up those measures is hard to do if you do not have any knowledge of PHP.
Here is what I found, there is a script here: http://www.dagondesign.com/articles/secure-php-form-mailer-script/
that you can download at no charge and the developer seems to have a lot guidance on how to install and use. I was able to set it up and get it to work.. not without having to spend quite of bit of time reading and trouble shooting. Hope that helps you.