Random Blank Emails?

[FalcorTheDog]

So I have some PHP that sends an email to a user after they register for my website to confirm their email address.

 

80-90% of the time it works perfectly, but every once in a while it will send a blank email to the user (i.e. the email has no body).  I can't for the life of me figure out why this is happening.  I'm tempted to think it might just be a random problem with my host sending email, but I thought I would check here first to see if anyone has any ideas.

 

The code looks something like this:

 

First I generate a code string which I store in the database, so that I can later verify it against the link that I send in the email:

 

$code = md5(time()*rand());

 

then I insert the user into an "unconfirmed" MySQL table (all of the variables here are strings):

$query = "INSERT INTO unconfirmed (username, password, email, birthday, zip, city, state, country, updates, regdate, code) VALUES('$username', '$password', '$email', '$birthday', '$zip', '$city', '$state', '$country', '$updates', '$regdate', '$code')";	

mysql_query($query);

 

...now I know this line of code works 100% of the time, because the user always gets put in the database whether or not the blank email is sent.

 

The next line of code constructs the body of the email:

$message = "Hey " . $username . ",\n\nThanks for registering at [my website]! Simply click the link below to confirm your email address.  Once confirmed, you'll be able to log into [my website] with your account.\n\n" . "http://[my website].com/confirm?username=$username&code=$code\n\nSee you soon on [my website]!";

 

Then I send the email:

mail($email, "[my website] Email Confirmation", $message, "From: [my website] <contact@[my website].com>\r\nBcc: [my email address]");

 

I have it Bcc me, so that I know when a new user registers.  It sends me a blank email too when it happens to the user.

 

Any ideas??  Thanks in advance!

[PFMaBiSmAd]

My guess is your code is not checking if the form was actually submitted (posting your code would tell) and it unconditionally sends an email any time the page is visited, such as when a search engine spiders your site or a bot script requests the URL.

 

Programs only do what the logic says to do. If you are getting blank emails, it is because your form processing page was requested. Unless your logic contains an error that overwrites the values (or perhaps register_globals are on and some unusual variable/post/get/cookie/session combination exists), then your pages was requested without any form data being sent to it.

 

You would need to post your form and your form processing code for anyone in a Forum to be able to help you with what it is doing.

[jonsjava]

I don't think it's bot related, because its happening to users, when they register.  But I agree, we need to see the form.

[FalcorTheDog]

right, it happens to users when they register, so I don't think it's a bot thing.  the code is pretty large, but here is the validation and relevant form elements (sorry it's a bit sloppy):

 

if(isset($_POST['submit']))
{

$connect = mysql_connect("mysql", $mysqlusername, $mysqlpassword);
mysql_select_db('users') or die ('Unable to Select Database!');

$username = $_POST['username'];
    $password = $_POST['password'];
$repeatpassword = $_POST['repeatpassword'];
$email = $_POST['email'];
    $updates = $_POST['updates'];
$month = $_POST['month'];
$day = $_POST['day'];
    $year = $_POST['year'];
$zip = $_POST['zip'];
    $country = $_POST['country'];
$terms = $_POST['terms'];


if($username == "") {
	$errors .= "You didn't enter a username.<br />\n";

}

elseif(strlen($username) < 2 || strlen($username) > 15) {
	$errors .= "Your username must be between 2 and 15 characters.  Try again!<br />\n";	
}

elseif (preg_match("/[^a-zA-Z0-9]+/", $username)) { 
	$errors .= "Your username can only contain letters and numbers.  Try again!<br />\n";
} 


else {
	$dupeusername1 = mysql_query("SELECT * FROM members WHERE username='$username'");
	$dupeusername2 = mysql_query("SELECT * FROM unconfirmed WHERE username='$username'");

	if(mysql_fetch_array($dupeusername1) || mysql_fetch_array($dupeusername2) ) {	
		$errors .= "I'm sorry, that username is already taken!  Please try another.<br />\n";
	}

}



if($password == "") {
	$errors .= "You didn't enter a password.<br />\n";	
}

elseif(strlen($password) < 6) {
	$errors .= "Your password must be at least 6 characters long.  Try again!<br />\n";
}


elseif($password != $repeatpassword) {

	$errors .= "Your passwords don't match!  Try again!<br />\n";

}


if($email == "") {
	$errors .= "You didn't enter an email address.<br />\n";

}

elseif(!checkEmail($email)) {
		$errors .= "Please enter a valid email address! (You will need to confirm it later to register.)<br />\n";
}
else {

	$dupeemail1 = mysql_query("SELECT * FROM members WHERE email='$email'");
	$dupeemail2 = mysql_query("SELECT * FROM unconfirmed WHERE email='$email'");	

	if(mysql_fetch_array($dupeemail1) || mysql_fetch_array($dupeemail2) ) {
		$errors .= "I'm sorry, that email address is already linked to an account!  Only one account is allowed per email address.<br />\n";
	}

}


if($month == "") {
	$errors .= "Please enter the month of your birthday.<br />\n";

}
if($day == "") {
	$errors .= "Please enter the day of your birthday.<br />\n";


}
if($year == "") {
	$errors .= "Please enter the year of your birthday.<br />\n";

}

if( (($month == 4 || $month == 6 || $month == 9 || $month == 11) && $day == 31) || ($month == 2 && $day > 29) || ($month == 2 && $day == 29 && $year%4 != 0)) {
	$errors .= "That birthday doesn't even exist!  Please double check the date you entered.<br />\n";	
}


if($zip == "" && $country == "United States") {
	$errors .= "Please enter your ZIP code.<br />\n";

}
elseif($zip != "" && $country != "United States") {
	$errors .= "If you do not live in the United States, please leave the ZIP code blank!<br />\n";

}

else {

	$validzip = validZIP($zip);

	if((strlen($zip) < 5 || preg_match("/[^0-9]+/", $zip) || !$validzip[0] ) && $country == "United States") {
		$errors .= "Please enter a valid 5-digit ZIP code.<br />\n";

	}
	elseif($country == "United States") {
		$city = $validzip[1];
		$state = $validzip[2];
	}

}




if($terms != "on") {
	$errors .= "You must agree to the Terms of Service and Privacy Policy before registering.<br />\n";
}

if(age("$year-$month-$day") < 13 && !strpos($errors, "exist")) {
 	$errors = "I'm sorry, you must be 13 years old to join.  Please come back soon!<br />\n";

}


if($errors == "") { 

	$password = md5($_POST['password']);

	$birthday = "$year-$month-$day";

	if($updates == "on") {
		$updates = "Yes";
	}
	else {
		$updates = "No";
	}


	$regdate = gmdate("Y-m-d H:i:s", time());

	$code = md5(time()*rand());



	$query = "INSERT INTO unconfirmed (username, password, email, birthday, zip, city, state, country, updates, regdate, code) VALUES('$username', '$password', '$email', '$birthday', '$zip', '$city', '$state', '$country', '$updates', '$regdate', '$code')";	

	mysql_query($query);


	$message = "Hey " . $username . ",\n\nThanks for registering! Simply click the link below to confirm your email address.  Once confirmed, you'll be able to login with your account.\n\n" . "http://mywebsite.com/confirm?username=$username&code=$code\n(If clicking the link doesn't work, just copy and paste it into your broswer.)";

	mail($email, "Email Confirmation", $message, "From: MyWebsite <[email protected]>\r\nBcc: me@ mywebsite.com");
	?>


	<div align="center">
		<h2>Almost there...</h2>
		<fieldset style="width:520px">
		<p>Thanks for registering!<br /><br />A confirmation email has been sent to: <?php echo "$email";?><br />Just click the link in the email to complete your registration!</p>
		<p style="font-size:10px">(You will have 3 days to confirm your email address before your account is deleted from our database.)</p>
		</fieldset>
	</div>
<?php	

}
else {

	$errors = '<div style="color:red">' . $errors . "</div><br />";

	displayForm($errors, $username, $password, $repeatpassword, $email, $updates, $month, $day, $year, $zip, $country, $terms);

}

}

else {

displayForm("", "", "", "", "", "on", "", "", "", "", "", "");

}

function displayForm($errors, $username, $password, $repeatpassword, $email, $updates, $month, $day, $year, $zip, $country, $terms) {

?>



<div id="divWrapper">
<div id="divHeading">Join the Community: It's Free!</div>

<?php

echo $errors;


?>

<div id="divCenterContent">

<form name="register" method="post" action="register.php" onsubmit="return validate();" >

<table style="margin-left:100px;">
      
      <tr>
        <td>* Choose a Username:</td>
        <td><input class="textfield" name="username" type="text" value="<?php echo $username; ?>" size="20" maxlength="15" /></td>
   
      </tr>
      <tr>
        <td>* Password:</td>
        <td><input class="textfield" name="password" type="password" value="<?php echo $password; ?>" size="20" /></td>
      </tr>
  <tr>
        <td>* Re-type Password:</td>
        <td><input class="textfield" name="repeatpassword" type="password" value="<?php echo $repeatpassword; ?>" size="20" /></td>
      </tr>
      <tr>
        <td>* Email Address:</td>
        <td><input class="textfield" name="email" type="text" value="<?php echo $email; ?>" size="30" maxlength="50" /></td>
      </tr>
  <tr>
        <td></td>
        <td><input class="textfield" name="updates" type="checkbox" <?php if($updates == "on") echo ' checked="checked" '; ?> />Get monthly updates from Ziguana</td>
      </tr>
      <tr>
        <td>* Date of Birth:</td>
        <td>
        <select class="textfield" name="month">
        <option value="">Month:</option>
        
        <?php

	$m = 1;
	foreach ($months as $eachmonth) {

		if($m < 10) {
			$m = "0" . $m;
		}

		$selected = "";

		if($month == $m) {
			$selected =' selected="selected"';
		}

    		echo "<option value=\"$m\"$selected>$eachmonth</option>";
		$m++;
	}

	?>

    </select>
    <select class="textfield" name="day">
        <option value="">Day:</option>
        <?php

	for($d = 1; $d <= 31; $d++) {

		if($d < 10) {
			$d = "0" . $d;
		}

		$selected = "";

		if($day == $d) {
			$selected =' selected="selected"';
		}


		echo "<option value=\"$d\"$selected>$d</option>\n";
	}


	?>

    </select>
    <select class="textfield" name="year">
        <option value="">Year:</option>
        
        <?php

	for($y = 2007; $y >= 1907; $y--) {

		$selected = "";

		if($year == $y) {
			$selected =' selected="selected"';
		}

		echo "<option value=\"$y\"$selected>$y</option>\n";
	}


	?>


    </select>
        
        
        </td>
      </tr>

  <tr>
        <td>* ZIP Code:</td>
        <td><div style="font-size:12px"><input class="textfield" name="zip" type="text" value="<?php echo $zip; ?>" size="10" maxlength="5" /> (Leave blank if outside United States)</div></td>
      </tr>
 <tr>

        <td>* Country:</td>
        <td>
	<select class="textfield" name="country">
        
        <?php

	foreach ($countries as $eachcountry) {

		$selected = "";

		if($country == $eachcountry) {
			$selected =' selected="selected"';
		}

    		echo "<option value=\"$eachcountry\"$selected>$eachcountry</option>";
	}
	?>
	</select>
	</td>
      </tr>
        <tr>

        <td colspan="2" align="center"><br /><input name="terms" type="checkbox" <?php if($terms == "on") echo ' checked="checked" '; ?>/> I agree to the <a class="greenlink" href="/info/terms" target="_blank">Terms of Service</a> and <a class="greenlink" href="/info/privacy" target="_blank">Privacy Policy</a>.</td>
      </tr>
     <tr>
         <td colspan="2" align="center">
<br />
     <input name="submit" type="submit" value="Join Now!" /></td>
      </tr>
  </table>

  </form>

 

 

I'm really stumped here...

 

[FalcorTheDog]

any ideas?

[Ironphp]

Is there any correlation between the players you have found not to receive an email and the information they have submitted?

 

Perhaps you should run a script to create the same user over and over, verify the email to see if it is okay, rise and repeat. If it never creates a blank email, perhaps it has to do with the information they inserted.