|
|
Posted by Ian Rutgers on 05/17/06 23:20
"Ian Rutgers" <irutgers@otima.ca> wrote in message
news:soJag.170479$7a.46739@pd7tw1no...
>
> "robert" <ab@no.spam-alama-ding-dong> wrote in message
> news:uXyag.161$hD5.96@fe04.lga...
>>| //email variable declaration
>> | $email_to = "person@abc.com";
>> | $email_subj = "the form name";
>> | $from_address = "bill@def.com";
>> |
>> | // now we build the message of the email
>> | session_start();
>> | echo $_SESSION['message'];
>> | $the_message = $_SESSION['message'];
>> | // now we send the email
>> | mail($email_to, $email_subj,$the_message,"From: $from_address");
>> //send
>> | the message
>> | ?>
>> |
>> | When I did things this way, Hunger and Liar Lunatic make to the body of
>> the
>> | message, but not the contents of $email_hunger and
>> $email_liar_lunatic.
>> | What I am doing wrong ... is there a better way???
>>
>> man, that's a security hole just waiting to be used! don't store the
>> message
>> in a session variable. ex., i log on as admin and send a sensitive
>> message
>> to user A. next, i try to send a message to user B but the script poops a
>> bit in generating the message but continues to email from the session
>> message...user B now has info that only A should have - things like user
>> names, passwords, financials, etc..
>>
>> i would make/use an email class object...the page with your form should
>> be
>> building your message and sending it via the email class. there's NO need
>> to
>> session anything. this is the same methodology as collecting data and
>> putting it in a db...only here, there's no db - you instead output via
>> email.
>>
>>
> I found an email class object as suggest ... it works but .... how do I
> either put it in the body of the page so it doesn't execute when the page
> loads or put it in another page and transfer the body of the message to
> the other page to have the email formulated??
>
> ... here is the code that is on the php page
>
> <?
> //email variable declaration
> require_once("../includes/mail.class.php");
> $email_hunger = $_POST['jesus_hungry_heart'];
> $email_liar_lunatic = $_POST['jesus_liar_lunatic_true'];
> $email_to = "bill@abc.com";
> $email_subj = "what did jesus claim";
> $from_address = "george@sample.com";
> // now we build the message of the email
>
> $mailout = new mailer;
> $mailout->from(george@sample.com, 'Sender');
> $mailout->add_recipient($email_to);//add a recipient in the to: field
> //$mailout->add_cc('person2@example.com');//carbon copy
> //$mailout->add_bcc('person3@example.com');//blind carbon copy
> $mailout->subject($email_subj);//set subject
> $message = "Hunger:" . $email_hunger ."\n" . "Liar Lunatic" .
> $email_liar_lunatic;
> $mailout->message($message);//set message body
> $mailout->send();//send email(s)
>
This is what I've done to work around the above solution ... is it the right
solution?????
<?
//email variable declaration
require_once("../includes/mail.class.php");
$email_to = "bill@abc.com";
$email_subj = "what did jesus claim";
$from_address = "george@def.com";
$email_address = $_POST['jesus_username'];
$email_hunger = $_POST['jesus_hungry_heart'];
$email_liar_lunatic = $_POST['jesus_liar_lunatic_true'];
// now we build the message of the email
$mailout = new mailer;
$mailout->from('george@def.com', 'Sender');
$mailout->add_recipient($email_to);//add a recipient in the to: field
//$mailout->add_cc('person2@example.com');//carbon copy
//$mailout->add_bcc('person3@example.com');//blind carbon copy
$mailout->subject($email_subj);//set subject
$message = "Hunger:" . $email_hunger ."\n" . "Liar Lunatic" .
$email_liar_lunatic;
$mailout->message($message);//set message body
// test to see if an email address was posted ... if so the form can be
processed
if($email_address!=""){
$mailout->send();//send email(s)
}
else{
echo "An email address was not entered";
}
?>
Navigation:
[Reply to this message]
|