-
Posts
6,906 -
Joined
-
Last visited
-
Days Won
99
Posts posted by ginerjm
-
-
To quote your initial post:
I have a website which allows users to send emails in (sic) their behalf. I am using PHPMailer with SMTP using the mailserver provided by my hosting company and setting SetFrom as the user's email.
That statement simply says "I'm hosting an application that people can use to send faked emails out on." Is that what you want to do? I doubt that your hosting company would allow you to continue doing this if you become a pariah among mailservers (which means they do if you are on a shared host.).
I cannot fathom an application that I have ever used for the express purpose of sending someone an email. Sure - sometimes an appl asks if I want to send a link or something similar to another person and those emails do go out with that apps/servers credentials on them, usually with some reference to my id in the message saying who it was sent on behalf of.
What you continue to march on to is in my opinion poor internet behavior. Everything that Gizmola told you in her succinct and spot-on post should be listened to and used to guide you to make a change in your plan.
Emails should always indicate where they came from - NOT some false address that may or may not be real. You say that the supposed client will be placing their own address in the From field, but how do you know this to be true? Your host probably would frown on an appl design that plans on mis-using their mail services in this way and could very well terminate your account.
Please find another way to inform your recipients from whom these emails have been sent. (I already suggested using the Subject line.) Spam is not the way to go and one less spammer in the world is a good thing.
- 1
-
No - I meant if you want to send an email that is truly from you, don't use a web app to do it - use your own email client. Spoofing a part of an email to mis-represent it is one of the biggest problems on the net in this day. That and viruses. And hacking of websites to make them do something not intended by the designer. All of these are fraudulent activities and for you to even consider doing what you propose makes you (sorry) guilty of the same behavior.
If you need to make an email stand out and show who it's from when generating it from your appl., then put that into the Subject.
-
Then send the email from YOUR account where the From address will be properly set to your address. Don't send it from the application which is already designed for a different purpose.
Frankly - apps that allow such behavior are quite possibly the source of many spam messages today.
-
Using someone else's email address as the From address for your email IS a definite red flag to email servers as it should be. Just because you think it is ok to forge a from address to send one simple email doesn't mean that a mail server will think like that. The job of a mail server (IMHO) is to prevent such abuses!!! People do this ALL THE TIME and that is why all of us legitimate email users have to deal with emails coming back from people that we didn't email to or why our IP addresses get blocked because of spam problems. There is absolutely no good reason to use someone else's email address as the from address that is FROM YOU
-
If you post some of your code here you might get more interest. Some of us refuse to click on links to see code posted elsewhere.
- 1
-
You do realize that the value is expressed in seconds? 7200 = 2 hours. If you insist that you Really need to extend a session for that long, bump up that 7200.
Is this some kind of secured or sensitive application? Do you really want a session on an unattended pc to just sit there for someone else to walk up and access?
-
I have to wonder if
foreach ($res as $res)
will work. You are supplanting the $res variable with a new value so you lose the rest of the array!
Try
foreach ($res as $item)
instead and then manipulate $item
-
Gee - all this time I have thought very highly of Jacques' informative posts, even at the cost of sometimes being the target of his rants. His English is quite succinct.
When it comes to whose native language is English, I often wonder about Mac_gyver's use of it since he doesn't seem to have ever learned about proper structure of a paragraph which recommends sentences that begin with an uppercase letter to help make the reading easier. So much of his posts seems to be run-on text because of the fact that my older eyes don't see the little tiny periods that my font (or this site) uses. Caps would make it much easier to read, as I said, and would represent proper composition of an English/American post.
As for the post in question - I think Jacques interpreted post #6 exactly as it was written and I agree whole-heartedly with what he was saying.
-
Where are you setting the email for html content??? You are sending a header to the client, but that's not going to affect the email is it? You're not sending the email to the client - you are sending it to an email address.
Google something like "send html mail" for examples.
-
You have formatted the email properly as an html one, correct? Have you altered your to address to send the email to yourself to see what you actually get?
-
Assuming that you posted your intput followed by the code followed by some output you generated - this doesn't make sense at all. The output is not in the same order as the input. The output is different than the input.
You are not showing us something. How about doing it again and breaking it up so it makes sense to us ordinary people? And show all the code involved!
-
I have no idea what your response is saying. Punctuation and caps might help as well as a re-wording.
-
When one says "terminated by (space)" what will it do at the last field in the line which does not have a space at its end?
-
Are you checking for a MySQL error message?
How are your table fields defined?
-
Why would one want to store a distinct file inside a database table? Afterall it is a stand-alone piece of information that, given a proper name, is easily identified, or if linked to a table that stores attributes about the file, can easily be located and retrieved. There is no need to have the overhead of storing it and retrieving if from MySQL.
Create a folder and create a naming structure and upload the files to that place and save it with a name that matches your defined pattern. Should you need to have other characteristics about the file saved, then save them along with the file's name in a db table.
If backup is your concern, then make a backup folder - either on the same system or on another.
-
You really need to do some reading and teach yourself how things work.
-
1 - your password s/b stored in a secured fashion - never in plain text. Read up on "password_hash".
2 - when you do your query you use the userid to get the record for the user. Then you use "password_verify" to see if the given password matches the one on file. Read up on that function as well.
3 - once your user logs in successfully, store his id and whatever other token you may need to recognize his permissions in $_SESSION variables. That way they are accessible by all the scripts that run during that session. Solves your "passing" problem.
4 - As already said - never store the password anywhere other than in the user record and even then only once it is hashed. Always use a POST method in your login form and not a GET
PS - the use of AND in a where clause is not another query. It is another condition. But as I said - you don't do that here.
Note - be sure that your table definition allows for a large enough value for the hashed password. See what the documentation suggests.
-
So you have a little module that defines paths
/* paths.php
$php_path = "/home/domain/php/";
$lib_path = "/home/domain/public_html/libs/";
...
...
Then in your code you include the above file and in your other includes you use the appropriate path var:
include($php_path . "connect.php");
include($lib_path . "functions.php");
...
...
-
Why not use constants for the path names and include a module that declares all these constants. Then your include simply reference the correct constant the the simple filename. You move things around - update the constants. Make them absolute too!
-
When you get a coding method written then ask for help to perfect it or improve it. Til then enjoy the learning process.
-
We usually help people with their code. Not write their code.
-
Why not read the php manual for functions that facilitate this? Try move_uploaded_file for syntax and examples.
-
Why would you think that you can edit a server-based image that is not totally uploaded yet?
I don't think 45 secs is such a long wait for a large file.
-
You are saying you are concerned about passing parms but your previous examples only referred to files and folder names not in existence. BIG difference.
PHP database not showing in PHPmyadmin
in PHP Coding Help
Posted · Edited by ginerjm
You should add error checking to this script and you should make a decision on whether to use the mysqli functions or the MySQL functions. YOu can't mix them together. Plus - if you took a look at the manual you would see the big highlighted statements telling you NOT to use MySQL stuff. Despite all this, you also use a query statement as an argument to your select db call. That's not going to work.
Personally I prefer PDO