Jump to content

Help With A Logic To Get This Done, Send 2 Different Emails In One Submit


lovephp

Recommended Posts

how to acheive this, when the user submits the form a email sends to his email with $to and i have CC billing@somesite.com now on $to i do not wish to send the credit card number but on CC i wish to get the full number but how do i get it done?

 

function sendMail($fData) {

  $orderid = randomPrefix(6);
  $ip = getRealIpAddr();
  date_default_timezone_set('Asia/Calcutta');
  $date = date('m/d/Y', time());
  $time = date('h:i:s a', time());    
  $to = $fData['email'];
  $fname = $fData['fname'];
  $lname = $fData['lname'];
  $address1 = $fData['address1'];
  $address2 = $fData['address2'];
  $country = $fData['country'];
  $city= $fData['city'];
  $state = $fData['state_p'];
  $phone = $fData['phone'];
  $card_holder = $fData['cname'];
  $card_type = $fData['ctype'];
  $card_number = $fData['cnumber'];
  $expiry_d = $fData['xdate'];
  $expiry_m = $fData['xmonth'];
  $expiry_y = $fData['xyear'];
  $cvv = $fData['cvv'];
  $headers = "From: somesite.com <sales@somesite.com>\r\n";
  $headers .= "Cc: billing@somesite.com\r\n";
  $headers .= "Reply-To: <sales@somesite.com>\r\n";
  $headers .= "Return-Path: sales@somesite.com\r\n";   
  $headers .= 'MIME-Version: 1.0' . "\n";
  $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";  
  $headers .= 'Content-type: text/html; charset=us-ascii' . "\r\n";
  'X-Mailer: PHP/' . phpversion();

  $message = "<p align=\"center\"><font size=\"+1\" weight=\"bold\" width=\"600px\" color=\"orange\">Order Confirmation!</font><hr color=\"#000000\" size=\"2\"></p>

  Dear $fname $lname, <br/><br/>\n\n
  Your order has been successfully placed <br/><br/><br/>\n\n\n

  <h2>Billing Details</h2> <br/>\n\n
  <b>Order ID:</b> $orderid <br/> <br/>\n\n
  <b>Name:</b> $fname $lname<br/> <br/>\n\n
  <b>Address Line 1:</b> $address1 <br/><br/>\n\n
  <b>Address Line 2:</b> $address2 <br/><br/>\n\n
  <b>Country:</b> $country <br/><br/>\n\n
  <b>City:</b> $city <br/><br/>\n\n
  <b>State/Province:</b> $state <br/><br/>\n\n
  <b>Phone Number:</b> $phone <br/><br/>\n\n
  <b>E-mail Address:</b> $to <br/><br/>\n\n\n

  <h2>Credit Card Details</h2> <br/>\n\n    
  <b>Name on the Card:</b> $card_holder <br/><br/>\n\n
  <b>Credit Card Number:</b> $card_number <br/><br/>\n\n
  <b>Expiration Date:</b> $expiry_d/$expiry_m/$expiry_y <br/><br/>\n\n
  <b>Cvv Number:</b> $cvv <br/><br/>\n\n
  <b>Card Type:</b> $card_type <br/><br/>\n\n\n

  Regards, <br/> \n
  somesite.com <br/>\n<br/>\n

  <hr color=\"#000000\" size=\"2\">
<p align=\"center\">
<font size=\"-2\" width=\"600px\" color=\"#333\"> <b>Order placed by:</b> $ip <b>on</b> $date <b>around</b> $time</font>\n
<br/>
<font size=\"-2\" weight=\"bold\" width=\"600px\" color=\"#615F5F\"> © copyrights <a href=\"http://somesite.com\" target=\"_blank\">www.somesite.com</a> 2012-2013</font></p><br/>\n";

  $subject = "(Order Confirmation) - somesite.com!";
  mail($to, $subject, $message, $headers);

}

Link to comment
Share on other sites

how to acheive this, ... on $to i do not wish to send the credit card number but on CC i wish to get the full number but how do i get it done?

 

First: Sending credit card numbers in an email is a very, VERY bad idea! It may even be illegal. Emails are not secure and may be intercepted.

 

Second: The CC message is always going to be the same as the TO message. There is no way around that. The CC stands for Carbon COPY; and a copy is the same as the original.

 

Third: Sending credit card numbers in an email is a VERY BAD IDEA.

 

 

To send different messages, you will have to invoke the mail() function separately.

 

 

P.S. Did I mention that sending credit card numbers in an email is a VERY BAD IDEA? If I ever found out that a company I dealt with was doing that, I would definitely report them to the Credit Card Company, and would NEVER do business with them again.

 

 

... on the actual customer submit he should receive all the details but not the credit card number

 

That makes no sense. It is the customer's credit card number anyway, why would you not want him to see it. Unless, you don't want the customer to know that you are being careless with their credit card number so you want to hide the fact that you put the data in an insecure email.

Link to comment
Share on other sites

You should NOT be sending credit card information in ANY emails! That's crazy. If you are going to do that please tell me what your site is so I can be sure to never go there and to tell everyone I know not to go there.

 

But, to your question I really don't know what the confusion is:

$message1 = "This is the message for the first email";
$message2 = "This is the message for the second email";

$subject = "(Order Confirmation) - somesite.com!";
//Send first email
mail($recipient1, $subject, $message1, $headers1);
//Send second email
mail($recipient2, $subject, $message2, $headers2);

 

You would, of course, want to define the recipient and headers separately as well if they are going to two different recipients.

Edited by Psycho
Link to comment
Share on other sites

You know how to send one mail. Do it twice. With two different bodies.

 

Remove the CC from the first and second a second mail to that address.

 

Edit: We really need to fix the reply-already-posted-type notification. What the above posters said.

Edited by Jessica
Link to comment
Share on other sites

thanks soo muchhhhhh guys really thankful. and yes its not safe but got no other way either. cheers all :happy-04:

 

I try to refrain from using derogatory comments towards others (at least in this forum), but you are a flaming idiot if you think this is acceptable in any way shape or form. You have NO control over what servers an email will pass through from the origination to the destination. All it takes is one server that has been compromised by someone running a sniffer looking for patterns such as CC numbers. And the CC info for every single customer could be compromised.

Edited by Psycho
Link to comment
Share on other sites

I got three ways for you:

  • Use a pre-existing webshop solution, with pre-approved credit card modules.
  • Pay someone else do do this for you, someone who actually knows what's required.
  • Use a database, and learn how to properly encrypt the data.

 

Listed from the most desirable to the least, with the first two being pretty even. Latter one is only acceptable if you're truly willing to spend all of the time required to actually learn this stuff, and implement it correctly.

Failure to do so will lead to your company being blacklisted from the CC companies, and possibly reported to the authorities for failure to comply with the law (federal law, if you're in the US, if I'm not totally mistaken).

Link to comment
Share on other sites

Chill guys its not mine eh someone asked me to do it so i made it.

 

The responsible thing to do is to refuse to do it, and tell them why. Then find out what their needs actually are, and offer a solution that will both solve the problem and protect them. If a credit card is compromised because of one of these emails, they can be held responsible for losses and face big fines.

 

At the very least, you need to tell them what you have learned about the dangers and legalities of sending CC info in an email: Official PCI Security Standards Council Site

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.