digitalecartoons

I've made a flash form which uses this script to send the input by mail: <?php // initialize variables for To and Subject fields $to = 'info@testing.nl'; $subject = 'Een testmail'; $from = $_POST["from"]; $email = $_POST["email"]; $comments = $_POST["comments"]; // build message body from variables received in the POST array $message = "Van: $from \n\n"; $message .= "Email: $email \n\n"; $message .= "Bericht: $comments"; $message = stripslashes($message); //convert flash line breaks $message= str_replace("\r", "\n", $message); $message=nl2br($message); // add additional email headers for more user-friendly reply $additionalHeaders = "From: $from <".$email.">\r\n"; $additionalHeaders .= "Reply-To: ".$email."\r\n"; $additionalHeaders .= "MIME-Version: 1.0\r\n"; $additionalHeaders .= "Content-type: text/html; charset=utf-8\r\n"; // send email message $OK = mail($to, $subject, $message, $additionalHeaders); // let Flash know what the result was if ($OK) { echo 'sent=OK'; } else { echo 'sent=failed&reason='. urlencode('Er is een probleem met de server. Probeer het later nog eens.'); } ?> Works a bit besides accented characters like é ë ä ó ö ú etc. For example: when I use 'René' in the From field it arrives like 'RenX', but in text mode as in html mode. The From fiels displays 'RenX' I mean. When in text mode, the body text of the email displays 'René' however. When I view the mail in html mode, it also displays 'RenX' in the From field, but the body text displays 'rené'. How to I make it display René both in the From field and the body text? And both in text mode as in html mode?

Could I leave it out (since as far as I know 7 bit is default), or is there some reason why that line is often present in html mail scripts? Here's an article by Kevin Yank about mixed html/text php mailing which also contains several 'content-transfer-encoding: 7-bit' lines: http://www.sitepoint.com/article/advanced-email-php/4

$email_message .= "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type:text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $email_txt . "\n". "--{$mime_boundary}\n" . "Content-Type:text/html; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $email_htm ; This is part of a html mail with alternative text version. I often see this Content-Transfer-Encoding: 7bit line in scripts like these and I'm wondering if it's necessary since 7bit is default? So why do a lot of people put it in?

Reading it again still puzzles me. I get it that the [ must be escaped by a backslash, but why would double backslashes be necessary here? This should work the same: $joketext = eregi_replace('\[ b ]', '<strong>', $joketext); The single backslash sees to it that [ b ] is taken literally and not as a regex code only allowing 'b'. What am I missing? (ps, the [ b ] should be without the spaces before/after the b, but that's a bold code in here)

Im using this line to send variables to Flash: echo "&myVar=$myVar&"; Just because I noticed that on some php servers this doesn't work: echo "myVar=$myVar"; But again, on some it does work. What's the purpose of putting "&" characters in front and after the variable declarations? And what php server setting wants them to be there and which doesn't?

But so it first searches for the 1st part \r\n then for the 2nd and finaly 3rd? I mean when there are 3 OR options a|b|c it first does a, then b, then c in that order?

So how does that work exactly with preg_replace? Is there some kind of order? Lets take part of this text as string: "occurrence of \r\n into TWO line break" so when using: $message = preg_replace('~\r\n|\r|\n~', "\r\n", $message); to turn things into proper \r\n newline codes it first searches for \r\n, making it \r\n so it would remain: "occurrence of \r\n into TWO line break" then it would replace \r for \r\n, making it "occurrence of \r\n\n into TWO line break" finally it would replace \n for \r\n making it "occurrence of \r\r\n\r\n into TWO line break" Thats the way I see it , but it probably doesn't work that way with preg_replace and those 3 options seperated by an OR character?

That doesn't work cause the newlines are allready replaced, think because of stripslashes. I want to have flash send a mail as plain text mail. Certain characters in the message part will be escaped. Magic quotes like ' will become \'. Zo normally, when I would submit a text like Mike O'Brien, it would appear as Mike O/'Brien in the plain text mail php sends. I want to get rid of that so I though of using stripsslashes. But that also erases things like newlines \n So it appears because when I send myself a text with several paragraphs, the plain text mail puts all those paragraphs behind each other insteas of beginning each paragraph on a new line. How should I do it otherwise?

I think it's because I've used stripslashes, but I've use that so that entered names like O'Brien don't appear as O\'Brien in the mail message. How can I fix this?

I'm having my flash form send it's data as plain text mail. When I enter a couple of paragraphs in the message field and receive the plain text mail, all paragraphs are put in a row instead that every paragraph starts at a new line. So I get this: Bericht: Dit is een nieuwe alineaDit zou op een nieuwe regel moeten beginnenDeze regel eigenlijk ook Instead of this: Bericht: Dit is een nieuwe alinea Dit zou op een nieuwe regel moeten beginnen Deze regel eigenlijk ook Can't use nl2br cause I'm using plain text mail, but what should I do to fix this? Actionscript: Versturen.onRelease = function() { mySendVars = new LoadVars(); myLoadVars = new LoadVars(); mySendVars.naam = naam.text; mySendVars.email = email.text; mySendVars.bericht = bericht.text; mySendVars.sendAndLoad("mailform.php", myLoadVars, "POST"); gotoAndStop(2); PHP code: $naam = stripslashes(utf8_decode($_POST["naam"])); $email = stripslashes(utf8_decode($_POST["email"])); $bericht = stripslashes(utf8_decode($_POST["bericht"])); $message = "Naam:\r\n".$naam."\r\n\r\n"; $message .= "Emailadres:\r\n".$email."\r\n\r\n"; $message .= "Bericht:\r\n".$bericht."\r\n"; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\r\n"; $headers .= "From: ".mb_encode_mimeheader($naam, "iso-8859-1", "Q")." <".$email.">\r\n"; mail($to, $subject, $message, $headers); }

Ok, so the quote "PHP assumes that strings are ISO-8859-1" like someone told me isn't completely true? Can you explain this: when I have a php file which only echoes the é character, the browser defaults to iso-8859-1. When I change the browser charset to unicode it displays a question mark instead, but when I refresh the page or type in the php link again, it switches back to iso 8859 again. Even though I haven't specifically set it as such.

Where does it say that on php.net, that iso8859 is the default charset for strings? Can't find anything about it.

What I'm trying to do is allowing my mailform.php script only to be access if the user is on my website and submitting it's form. What I don't want to allow: 1. typing www.test.com/mailform.php... it should echo an error message 2. using my mailform.php script in another website 3. a user first setting the session id by visiting my site and then do point 1 or 2 I thought that that's was what sessions are all about, but I was able to bypassing in by doing point 3 Here's where I've learned about sessions and protecting my php script: http://apptools.com/phptools/forms/forms7.php

You're right, it doesn't end upon changing a website. But I now don't completely understand how to use session for securing a form script. This is what I've got now: <?php session_start(); $_SESSION["domino"] = true; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> //rest of page showing flash movie This sets the session upon visiting my site. When the form sends its data to the mailform.php: <?php session_start(); if(!isset($_SESSION["domino"])){ //error message 'forbidden access' exit; } else { session_destroy(); unset ($_SESSION["domino"]); //rest of script: processing the form input } This checks for the session-id. This should verify that the user sent the form through my website. According to tutorials and the use of sessions in mailforms anyway. But I've found a way to bypass this. If I know the mailform is at www.test.com/mailform.php, I wouldn't get access to it accessing it directly. As it shouldn't. But when I know it's at www.test.com/mailform.php, all I have to to is type www.test.com (or www.test.com/index.php) to have the session set. Then I could do anything I want, visit other sites, whatever. As long as I don't close the browser. And finally, to abuse the mailform.php file, I just have to type in www.test.com/mailform.php and I get access, cause the session is still set. That way I could always make use of the php script even when I'm not supposed to. Am I using session not correctly? I thought session-id's should prevent such a thing?

"A session ends when the user loses the browser or after leaving the site, the server will terminate the session after a predetermined period of time, commonly 30 minutes duration" The 'session ends after user leaves the site' part doesn't work with me In the starting page, setsession.php, the session is first set. <?php session_start(); $_SESSION["domino"] = true; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head>rest document </html> The php script, getsession.php, checks for the existance of this session id: <?php session_start(); if(!isset($_SESSION["domino"])){ echo "session is unset"; exit; } else { echo "sessionis is set"; rest php script } ?> When typing getsession.php into the address bar, I get a 'session is unset', which is ok since the session hasn't been set yet. On visiting setsession.php and typing getsession.php again, I get a 'session is set', which is ok too cause the session has been set in setsession.php But when I do the following in the exact same order: - go to setsession.php (session is set) - go to any other page e.g. www.startrek.com - type in getsession.php in the address bar Then I still get a 'session is set' as if the session id hasn't ended on leaving the website. How is this possible?