 |  |  |  |  |  |  |  |
PHP - subscribers' email
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi, everybody,
I'm new to PHP and I'm setting up a web page in which I want to include a subscribing box for the visitor to send me his email.
I've found this code on the internet and adapted to my neccessity but I want to know if it's okay or not. I wonder if somewhere in the code should appear the destination to which the email has to be send.
Also, do I need an extra file with php extension and linked to the html file in which the code is, like we do with css files? Here's my code Thanks :rolleyes:
Mohaydee
<Div class="subscribebox">
<title>Email Form </title>
</head>
<body>
<form method="post" action="sendeail.php">
<?php
$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
?>
<input type="hidden" name="ip" value="<?php echo $ipi ?>" />
<input type="hidden" name="httpref" value="<?php echo $httprefi ?>" />
<input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" />
Your Name: <br />
<input type="text" name="visitor" size="25" background color="#FFFF00" />
<br />
Your Email:<br />
<input type="text" name="visitormail" size="25" background color="FFFF00"/>
<br />
<strong>Subscribe to the Newsletter</strong <br />
<br>
<br />
<input type="submit" value="Send Mail" />
<br />
</form>
</body>
</html>
</Div>
I'm new to PHP and I'm setting up a web page in which I want to include a subscribing box for the visitor to send me his email.
I've found this code on the internet and adapted to my neccessity but I want to know if it's okay or not. I wonder if somewhere in the code should appear the destination to which the email has to be send.
Also, do I need an extra file with php extension and linked to the html file in which the code is, like we do with css files? Here's my code Thanks :rolleyes:
Mohaydee
<Div class="subscribebox">
<title>Email Form </title>
</head>
<body>
<form method="post" action="sendeail.php">
<?php
$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
?>
<input type="hidden" name="ip" value="<?php echo $ipi ?>" />
<input type="hidden" name="httpref" value="<?php echo $httprefi ?>" />
<input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" />
Your Name: <br />
<input type="text" name="visitor" size="25" background color="#FFFF00" />
<br />
Your Email:<br />
<input type="text" name="visitormail" size="25" background color="FFFF00"/>
<br />
<strong>Subscribe to the Newsletter</strong <br />
<br>
<br />
<input type="submit" value="Send Mail" />
<br />
</form>
</body>
</html>
</Div>
First off, you need to add a enctype to your form tag and add a name to your submit button (to be used for submission) like this
[html]
<form method="post" action="sendeial.php" enctype="multipart/form-data">
<!-- all your form code -->
<button type="submit" name="submitBtn" value="Send Mail">SendMail</button>
[/html] And as long as this is the same file as you are posting to {sendeial.php} you can place something along these lines at the top of the page:
[php]
<?
if (isset($_POST['submitBtn']) && $_POST['submitBtn'] == 'Send Mail') {
$clean = array();
foreach( $_POST as $key => $val) {
$clean[$key] = htmlentities($val, ENT_QUOTES);
}
$to = 'you@yourdomain.com';
$headers = ""; // you can add Bcc and Cc addresses here
$subject = "You have a new subscriber to your site!\n\n";
$body = "Name: " . trim($clean['visitor']) . "\n";
$body .= "Email: " . trim($clean['visitormail']) . "\n";
$body .= "IP: " . $clean['ip'] . "\n" ;
$body .= "Referrer: " . $clean['httpref'] . "\n";
$body = "User Agent: " . $clean['httpagent'];
if ( !mail($ot, $subject, $body, $headers)) {
echo "There was a problem sending the email, i might want to write this to a flat file just in case"
}
}
?>
[/php]
You should always clean your input, this is why I do a foreach on the post data and run it through htmlentities(). This is a bare minimum, you might also want to add some error detection in case the email is mal formatted or there were some empty fields.
I also wrapped the mail function call in a if statement so you can handle a failure gracefully. You will need to make sure you can send emails on youre server.
I didnt try to run this code, so there might be some syntax errors in there, I got fat fingers sometimes. You will need to play with it for your specific deployment.
This should be enough to get you going. Good luck
Sn4rf3r
[html]
<form method="post" action="sendeial.php" enctype="multipart/form-data">
<!-- all your form code -->
<button type="submit" name="submitBtn" value="Send Mail">SendMail</button>
[/html] And as long as this is the same file as you are posting to {sendeial.php} you can place something along these lines at the top of the page:
[php]
<?
if (isset($_POST['submitBtn']) && $_POST['submitBtn'] == 'Send Mail') {
$clean = array();
foreach( $_POST as $key => $val) {
$clean[$key] = htmlentities($val, ENT_QUOTES);
}
$to = 'you@yourdomain.com';
$headers = ""; // you can add Bcc and Cc addresses here
$subject = "You have a new subscriber to your site!\n\n";
$body = "Name: " . trim($clean['visitor']) . "\n";
$body .= "Email: " . trim($clean['visitormail']) . "\n";
$body .= "IP: " . $clean['ip'] . "\n" ;
$body .= "Referrer: " . $clean['httpref'] . "\n";
$body = "User Agent: " . $clean['httpagent'];
if ( !mail($ot, $subject, $body, $headers)) {
echo "There was a problem sending the email, i might want to write this to a flat file just in case"
}
}
?>
[/php]
You should always clean your input, this is why I do a foreach on the post data and run it through htmlentities(). This is a bare minimum, you might also want to add some error detection in case the email is mal formatted or there were some empty fields.
I also wrapped the mail function call in a if statement so you can handle a failure gracefully. You will need to make sure you can send emails on youre server.
I didnt try to run this code, so there might be some syntax errors in there, I got fat fingers sometimes. You will need to play with it for your specific deployment.
This should be enough to get you going. Good luck
Sn4rf3r
•
•
Join Date: Sep 2005
Posts: 1,073
Reputation: 
Solved Threads: 66
Hi mohaydee,
Unlike CSS which which is interpreted by the browser as formatting and styles for the HTML, PHP is interpreted by the server into HTML that is sent to the browser.
The "action" of your form:
<form method="post" action="sendeail.php">
defines the page that the form data will be sent to. A better comparison to a HTML form is a HTML Link.
eg:
<a href="sendeail.php">Send Mail</a>
This is the same as:
<form action="sendeail.php" method="get">
<input type="submit" value="Send Mail" />
</form>
A form however, allows use interaction where a link does not.
As for the PHP code you need in "sendeail.php", sn4rf3r gave a really good example.
The only other security issue I'd worry about is cleaning your mail headers before placing them in the php mail() function.
see: http://www.securephpwiki.com/index.php/Email_Injection
Unlike CSS which which is interpreted by the browser as formatting and styles for the HTML, PHP is interpreted by the server into HTML that is sent to the browser.
The "action" of your form:
<form method="post" action="sendeail.php">
defines the page that the form data will be sent to. A better comparison to a HTML form is a HTML Link.
eg:
<a href="sendeail.php">Send Mail</a>
This is the same as:
<form action="sendeail.php" method="get">
<input type="submit" value="Send Mail" />
</form>
A form however, allows use interaction where a link does not.
As for the PHP code you need in "sendeail.php", sn4rf3r gave a really good example.
The only other security issue I'd worry about is cleaning your mail headers before placing them in the php mail() function.
see: http://www.securephpwiki.com/index.php/Email_Injection
www.fijiwebdesign.com - web design and development and fun
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!
I agree with all the above comments except for the for enctype.
multipart/form-data is only need when you are using the input tag of the tpye file.
I think that you need to use
application/x-www-form-urlencoded
but then this is the value set be default, so you don't need to set it. Is that corect? (Sorry been awake for about 38 hours, getting read for a new software release on monday!!)
I also think that it would be better to get the ipaddr, httpagent, httpref in the actual sendmail script otherwise any user who wants to send you fake information can just edit the source code of the form and send you what they like.
multipart/form-data is only need when you are using the input tag of the tpye file.
I think that you need to use
application/x-www-form-urlencoded
but then this is the value set be default, so you don't need to set it. Is that corect? (Sorry been awake for about 38 hours, getting read for a new software release on monday!!)
I also think that it would be better to get the ipaddr, httpagent, httpref in the actual sendmail script otherwise any user who wants to send you fake information can just edit the source code of the form and send you what they like.
|
Similar Threads
Other Threads in the PHP Forum
- Previous Thread: undefined variable error
- Next Thread: exporting variable sets help
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
# 5.2.10 alexa apache api array beginner binary broken cakephp checkbox class clean clients cms code cron curl database date directory display dissertation dropdown dynamic echo echo$_get[x]changingitintovariable... email encode error fairness file files folder form forms function functions google href htaccess html image images include indentedsubcategory insert ip javascript joomla legislation limit link local login mail memberships menu mlm multiple multipletables mysql mysqlquery newsletters oop open paypal pdf persist php problem provider query radio random recursion remote rss script search server sessions sms sockets source space spam sql syntax system table tutorial update upload url validator variable video web youtube
