lovephp Posted September 26, 2012 Share Posted September 26, 2012 how to acheive this, when the user submits the form a email sends to his email with $to and i have CC billing@somesite.com now on $to i do not wish to send the credit card number but on CC i wish to get the full number but how do i get it done? function sendMail($fData) { $orderid = randomPrefix(6); $ip = getRealIpAddr(); date_default_timezone_set('Asia/Calcutta'); $date = date('m/d/Y', time()); $time = date('h:i:s a', time()); $to = $fData['email']; $fname = $fData['fname']; $lname = $fData['lname']; $address1 = $fData['address1']; $address2 = $fData['address2']; $country = $fData['country']; $city= $fData['city']; $state = $fData['state_p']; $phone = $fData['phone']; $card_holder = $fData['cname']; $card_type = $fData['ctype']; $card_number = $fData['cnumber']; $expiry_d = $fData['xdate']; $expiry_m = $fData['xmonth']; $expiry_y = $fData['xyear']; $cvv = $fData['cvv']; $headers = "From: somesite.com <sales@somesite.com>\r\n"; $headers .= "Cc: billing@somesite.com\r\n"; $headers .= "Reply-To: <sales@somesite.com>\r\n"; $headers .= "Return-Path: sales@somesite.com\r\n"; $headers .= 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'Content-type: text/html; charset=us-ascii' . "\r\n"; 'X-Mailer: PHP/' . phpversion(); $message = "<p align=\"center\"><font size=\"+1\" weight=\"bold\" width=\"600px\" color=\"orange\">Order Confirmation!</font><hr color=\"#000000\" size=\"2\"></p> Dear $fname $lname, <br/><br/>\n\n Your order has been successfully placed <br/><br/><br/>\n\n\n <h2>Billing Details</h2> <br/>\n\n <b>Order ID:</b> $orderid <br/> <br/>\n\n <b>Name:</b> $fname $lname<br/> <br/>\n\n <b>Address Line 1:</b> $address1 <br/><br/>\n\n <b>Address Line 2:</b> $address2 <br/><br/>\n\n <b>Country:</b> $country <br/><br/>\n\n <b>City:</b> $city <br/><br/>\n\n <b>State/Province:</b> $state <br/><br/>\n\n <b>Phone Number:</b> $phone <br/><br/>\n\n <b>E-mail Address:</b> $to <br/><br/>\n\n\n <h2>Credit Card Details</h2> <br/>\n\n <b>Name on the Card:</b> $card_holder <br/><br/>\n\n <b>Credit Card Number:</b> $card_number <br/><br/>\n\n <b>Expiration Date:</b> $expiry_d/$expiry_m/$expiry_y <br/><br/>\n\n <b>Cvv Number:</b> $cvv <br/><br/>\n\n <b>Card Type:</b> $card_type <br/><br/>\n\n\n Regards, <br/> \n somesite.com <br/>\n<br/>\n <hr color=\"#000000\" size=\"2\"> <p align=\"center\"> <font size=\"-2\" width=\"600px\" color=\"#333\"> <b>Order placed by:</b> $ip <b>on</b> $date <b>around</b> $time</font>\n <br/> <font size=\"-2\" weight=\"bold\" width=\"600px\" color=\"#615F5F\"> © copyrights <a href=\"http://somesite.com\" target=\"_blank\">www.somesite.com</a> 2012-2013</font></p><br/>\n"; $subject = "(Order Confirmation) - somesite.com!"; mail($to, $subject, $message, $headers); } Quote Link to comment Share on other sites More sharing options...
requinix Posted September 26, 2012 Share Posted September 26, 2012 Two emails. Quote Link to comment Share on other sites More sharing options...
lovephp Posted September 26, 2012 Author Share Posted September 26, 2012 how will i send two at once? im not being able to understand. the form is one the things is only with the CC i wish to get the credit card number on it but on the actual customer submit he should receive all the details but not the credit card number Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 26, 2012 Share Posted September 26, 2012 Build two separate emails, then make two calls to mail() Quote Link to comment Share on other sites More sharing options...
lovephp Posted September 26, 2012 Author Share Posted September 26, 2012 still not getting it. will really be thankful if someone can show me how Quote Link to comment Share on other sites More sharing options...
DavidAM Posted September 26, 2012 Share Posted September 26, 2012 how to acheive this, ... on $to i do not wish to send the credit card number but on CC i wish to get the full number but how do i get it done? First: Sending credit card numbers in an email is a very, VERY bad idea! It may even be illegal. Emails are not secure and may be intercepted. Second: The CC message is always going to be the same as the TO message. There is no way around that. The CC stands for Carbon COPY; and a copy is the same as the original. Third: Sending credit card numbers in an email is a VERY BAD IDEA. To send different messages, you will have to invoke the mail() function separately. P.S. Did I mention that sending credit card numbers in an email is a VERY BAD IDEA? If I ever found out that a company I dealt with was doing that, I would definitely report them to the Credit Card Company, and would NEVER do business with them again. ... on the actual customer submit he should receive all the details but not the credit card number That makes no sense. It is the customer's credit card number anyway, why would you not want him to see it. Unless, you don't want the customer to know that you are being careless with their credit card number so you want to hide the fact that you put the data in an insecure email. Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 26, 2012 Share Posted September 26, 2012 (edited) You should NOT be sending credit card information in ANY emails! That's crazy. If you are going to do that please tell me what your site is so I can be sure to never go there and to tell everyone I know not to go there. But, to your question I really don't know what the confusion is: $message1 = "This is the message for the first email"; $message2 = "This is the message for the second email"; $subject = "(Order Confirmation) - somesite.com!"; //Send first email mail($recipient1, $subject, $message1, $headers1); //Send second email mail($recipient2, $subject, $message2, $headers2); You would, of course, want to define the recipient and headers separately as well if they are going to two different recipients. Edited September 26, 2012 by Psycho Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 26, 2012 Share Posted September 26, 2012 (edited) You know how to send one mail. Do it twice. With two different bodies. Remove the CC from the first and second a second mail to that address. Edit: We really need to fix the reply-already-posted-type notification. What the above posters said. Edited September 26, 2012 by Jessica Quote Link to comment Share on other sites More sharing options...
lovephp Posted September 26, 2012 Author Share Posted September 26, 2012 The number will only go to the billing dept Quote Link to comment Share on other sites More sharing options...
lovephp Posted September 26, 2012 Author Share Posted September 26, 2012 thanks soo muchhhhhh guys really thankful. and yes its not safe but got no other way either. cheers all Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 26, 2012 Share Posted September 26, 2012 There is always a better way. Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 26, 2012 Share Posted September 26, 2012 (edited) thanks soo muchhhhhh guys really thankful. and yes its not safe but got no other way either. cheers all I try to refrain from using derogatory comments towards others (at least in this forum), but you are a flaming idiot if you think this is acceptable in any way shape or form. You have NO control over what servers an email will pass through from the origination to the destination. All it takes is one server that has been compromised by someone running a sniffer looking for patterns such as CC numbers. And the CC info for every single customer could be compromised. Edited September 26, 2012 by Psycho Quote Link to comment Share on other sites More sharing options...
Christian F. Posted September 26, 2012 Share Posted September 26, 2012 I got three ways for you: Use a pre-existing webshop solution, with pre-approved credit card modules. Pay someone else do do this for you, someone who actually knows what's required. Use a database, and learn how to properly encrypt the data. Listed from the most desirable to the least, with the first two being pretty even. Latter one is only acceptable if you're truly willing to spend all of the time required to actually learn this stuff, and implement it correctly. Failure to do so will lead to your company being blacklisted from the CC companies, and possibly reported to the authorities for failure to comply with the law (federal law, if you're in the US, if I'm not totally mistaken). Quote Link to comment Share on other sites More sharing options...
lovephp Posted September 26, 2012 Author Share Posted September 26, 2012 Chill guys its not mine eh someone asked me to do it so i made it. Quote Link to comment Share on other sites More sharing options...
requinix Posted September 26, 2012 Share Posted September 26, 2012 Chill guys its not mine eh someone asked me to do it so i made it. As a contractor it is part of your duty to inform the client about the stupid things they want being stupid. Then you provide alternatives and put up a fight until either side gets angry and gives up. Quote Link to comment Share on other sites More sharing options...
DavidAM Posted September 26, 2012 Share Posted September 26, 2012 Chill guys its not mine eh someone asked me to do it so i made it. The responsible thing to do is to refuse to do it, and tell them why. Then find out what their needs actually are, and offer a solution that will both solve the problem and protect them. If a credit card is compromised because of one of these emails, they can be held responsible for losses and face big fines. At the very least, you need to tell them what you have learned about the dangers and legalities of sending CC info in an email: Official PCI Security Standards Council Site Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.