Jump to content

Amend Php Script To Comply With Hosts New Security Settings

MacGuyUK

By MacGuyUK
in PHP Coding Help

 Share

Recommended Posts

MacGuyUK Newbie

MacGuyUK

Posted
Posted (edited)

I have a php script that emails a completed order form linked to the script and sends a coppy (cc) to the sender. It has worked for years, until last week - the hosting company now tells me I need to amend the script as it uses the sender's email address as the "from" address and the server now prevents emails with this format as it can contain a spoofed from address. This is the script:

 

<?php
$file = $_POST['file'];
$company = $_POST['company'];
$ordered = $_POST['ordered'];
$email = $_POST['email'];
$date = $_POST['date'];
$po = $_POST['po'];
$requirements = $_POST['requirements'];
/*products*/
$Product1 = $_POST['Product1'];
$Product2 = $_POST['Product2'];
/*TOTAL*/
$total = $Product1
+ $Product2;
/*Sending Email*/


$to = $_POST['to'];
$subject = "Orders by $company";
$message = "
FILE = $file
Company = $company
Ordered = $ordered
Email = $email
Date = $date
PO = $po
Requirements = $requirements


PRODUCTS ----------------------------------------------
Product1 = $Product1
Product2 = $Product2
-----------------------------------------------------------


TOTAL PRODUCTS ORDERED = $total";


$headers = "From: $email\r\n";
$headers .= "Cc: $email\r\n";


if(mail($to, $subject, $message, $headers)
echo "<table width='700' border='0' align='center' cellpadding='5' cellspacing='0'>
<tr>
<td>Thank you for submitting your online <strong>Orders</strong>. A copy of the order has been sent to your email address. Please check all details are correct.<br />
<br />
</td>
</tr>
<tr>
<td><hr width='100%' size='1' noshade='noshade' /></td>
</tr>
</table>";
else
echo "Mail send failure - message not sent";
?>

 

 

This is what the hosts told me to do:

 

 

 

 

 

It's bringing up an error at line

 

if(mail($to, $subject, $message, $headers))

 

It seems the mail server doesn't like the way the from email field has been configured so If if you could re-code it so the from address is explicitly defined as a separate variable entirely. The information below might help:

 

What needs to be included is;

 

1. A variable that tells the script where the email is being sent from; For example; $SendEmail ="enquire@domainname.com";

2. Adding this variable onto the end of the mail() function. Below is a very basic php script demonstrating this:

 

$nameField = $_POST['name'];

$emailField = $_POST['email'];

$SendEmail ="enquiry@domainname.com";

$body = <<< EOD Name: $nameField

Email: $emailField

EOD; $headers = "From: $emailField\r\n";

$headers .= "Content-type: text/html\r\n";

$sucess = mail($webMaster, $emailSubject, $headers, $body, '-f'.$SendEmail);

 

 

The important part here is the '-f'.$SendEmail at the end of the mail() function. The '-f' although not a php command is a sendmail parameter that is telling our mailserver the mail is being sent from the $SendEmail address and nowhere else.

 

And this is how I amended the script:

<?php
$file = $_POST['file'];
$SendEmail ="me@mydomain.com";
$company = $_POST['company'];
$ordered = $_POST['ordered'];
$email = $_POST['email'];
$date = $_POST['date'];
$po = $_POST['po'];
$requirements = $_POST['requirements'];
/*products*/
$Product1 = $_POST['Product1'];
$Product2 = $_POST['Product2'];
/*TOTAL*/
$total = $Product1
+ $Product2;
/*Sending Email*/


$to = $_POST['to'];
$SendEmail ="me@mydomain.com";
$subject = "Orders by $company";
$message = "
FILE = $file
Company = $company
Ordered = $ordered
Email = $email
Date = $date
PO = $po
Requirements = $requirements


PRODUCTS ----------------------------------------------
Product1 = $Product1
Product2 = $Product2
-----------------------------------------------------------


TOTAL PRODUCTS ORDERED = $total";


$headers = "From: $email\r\n";
$headers .= "Cc: $email\r\n";


if(mail($to, $subject, $message, $headers, '-f'.$SendEmail))
echo "<table width='700' border='0' align='center' cellpadding='5' cellspacing='0'>
<tr>
<td>Thank you for submitting your online <strong>Orders</strong>. A copy of the order has been sent to your email address. Please check all details are correct.<br />
<br />
</td>
</tr>
<tr>
<td><hr width='100%' size='1' noshade='noshade' /></td>
</tr>
</table>";
else
echo "Mail send failure - message not sent";
?>

 

But still no result. I have now spent days trying variations on this, all without success. I get a confirmation page, but no emails are sent.

 

Any suggestions would be much appreciated.

 

Thank you

Edited by MacGuyUK
Link to comment
Share on other sites
DavidAM Member

DavidAM

Posted
Posted

You should also change this to your server's email address:

$headers = "From: $email\r\n";

 

You can add a Reply-To header so you can reply to the visitor

 

$headers = "From: $SendEmail\r\n";
$headers = "Reply-To: $email\r\n";
$headers .= "Cc: $email\r\n";

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.