Jump to content

multipart mail not sending correctly


brentman

Recommended Posts

I am trying to send a basic email that is multipart via the mail() function in php. I am not interested in using PHPmail. This should be very light weight.

 

Currently when I send email to gmail, it is sending the html part as plain text so all the tags are showing.

 

Here is my code:

//GET VAR INPUT
$to = htmlentities($_GET['to']);
$friendly_from = htmlentities($_GET['friendly_from']);
$email_from = htmlentities($_GET['email_from']);
$subject = htmlentities($_GET['subject']);
$text = htmlentities($_GET['text']);
$html = htmlentities($_GET['html']);

//SEND EMAIL
# Setup mime boundary
$mime_boundary = 'Multipart_Boundary_x' . md5(time()) . 'x';

$headers  = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\r\n";
$headers .= "Content-Transfer-Encoding: 7bit\r\n";
$headers .= "Reply-To: " . $email_from . " \r\n";

# Add in plain text version
$body.= "--$mime_boundary\n";
$body.= "Content-Type: text/plain; charset=\"charset=us-ascii\"\n";
$body.= "Content-Transfer-Encoding: 7bit\n\n";
$body.= $text;
$body.= "\n\n";

# Add in HTML version
$body.= "--$mime_boundary\n";
$body.= "Content-Type: text/html; charset=\"UTF-8\"\n";
$body.= "Content-Transfer-Encoding: 7bit\n\n";
$body.= $html;
$body.= "\n\n";

# End email
$body.= "--$mime_boundary--\n"; # <-- Notice trailing --, required to close email body for mime's

# Finish off headers
$headers .= "From: " . $friendly_from . " <" . $email_from . ">\r\n";
$headers .= "X-Sender-IP: " . $_SERVER[SERVER_ADDR] . "\r\n";
$headers .= 'Date: ' . date('n/d/Y g:i A') . "\r\n";

# Mail it out
return mail($to, $subject, $body, $headers);

Here is what I am receiving. (And yes I can accept html emails).

 

email_result.png

Link to comment
https://forums.phpfreaks.com/topic/297193-multipart-mail-not-sending-correctly/
Share on other sites

htmlentities() would be used on the CONTENT being put into the html markup, that you want to be rendered literally as typed, and also making any javascript/css/html markup in the content, inert.

 

if your $_GET['html']/$html IS the html markup for the page, no, you would not pass it through htmlentities().

 

i'm hoping that you have some security in place to prevent just anyone from submitting whatever they want to your code?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.