Trying to send mass email using checkbox values

[speckytwat]

I'm trying to figure a way to allow members of a website to send email messages via the system without allowing the member to see the email addresses. They should be able to select either just one user, or a number of them, or all of them if they want.

I've got as far as successfully outputting the member data from the mySQL database but can't figure how to get the checkbox values (i.e email addresses, comma separated) into the message.

I've made the recipient a no-reply address and the list of email addresses a BCC, to stop recipients harvesting the addresses.

I just need to know how I can input the checkbox values in, however many the member selects. I found some solutions but none were quite what I was looking for or they just didn't work for whatever reason. Any ideas? Thanks!

<?php
$mysqli = new mysqli("connection details...");

if($mysqli->connect_errno > 0){
    die('Unable to connect to database [' . $mysqli->connect_error . ']');
}

$username = $user->get('username'); //this just grabs the username for the logged-in member

$getuseremail = $mysqli->query("SELECT * from members WHERE Username LIKE '$username'"); //get the member's email address, so the message will appear to come from that email address
    while ($row = $getuseremail->fetch_assoc()) {
        $useremail = $row["Email"];
        $count++;
    }

$getmembers = $mysqli->query("SELECT * FROM members WHERE IsArchived NOT LIKE 'Y' ORDER BY MemberID DESC");
        
        if ($getmembers->num_rows == 0) {
                echo '<p>There are no members on the system at the moment.</p>';
            }
?>
<h1>Send a message to other Members</h1>
<p>Using your email: <?php echo $useremail; ?></p>
<form name="sendmessage" action="send-message-to-members.html" method="post">
<?php
if( isset($_POST['checkbox']) && !empty($_POST['checkbox']) )
  {
 $list = $_POST['checkbox'];
 $to = $list;
 $subject = "Message from Member";
 $body = "$_POST['messagetext'];";
 $headers = "From: " .$useremail;
 "X-Mailer: php";

 $to =  "[email protected]";
 $headerFields = array('BCC: '.$list.', "From: ".$useremail."X-Mailer:    php"');
 if (mail($to, $subject, $body, implode("\r\n", $headerFields))) {
 //if (mail($to, $subject, $body, $headers)) {
  echo("<p>Message sent successfully</p>");
  } else {
  echo("<p>Message delivery failed...</p>");
  }
  exit();
  }

// display the results returned
while ($row = $getmembers->fetch_assoc()) {  
  $memberid = $row["MemberID"];
  $firstname = $row["FirstName"];
  $surname = $row["Surname"];
  $email = $row["Email"];
?>
    <input type="checkbox" name="checkbox[]" id="email1" value=<?php echo $email;?> /><a href="" onclick=""><?php echo $firstname.' '.$surname;?></a><br>
<?php
    $count++ ;
}
<textarea name="messagetext" rows="10" cols="40"></textarea>
<input name="sendmessage" type="submit">
</form>

[requinix]

Don't build a gigantic list of BCCs. Send an email to each recipient individually - that's what BCC basically does anyways.

foreach ($email_to_send_to as $recipient) {
	mail($recipient, ...);
}

Speaking of emails to send to, don't put email addresses into the form. Then anyone can hijack the system to send emails to anyone they want.

Put the member ID into the form, then lookup the email address using the ID. Yes, it's more work, but it's safer. It also gives you the ability to have a member decline to receive emails from the system.

[speckytwat]

Thanks, but what do I do about the checkboxes? How do I get those values into the form? At the moment they're not working.

[ginerjm]

While reading your first post I wondered where you were doing the part about "getting checkboxes".  Then you second post intimates that you probably haven't written it.

 

How do you normally handle a checkbox input?  If it is checked you will get a value from it as specified in the value attribute of that input element.  I would use the record key of the recipients for that.  Loop thru the entire post array and if the name of an element begins with 'cb_' then assume that it id one of your checkbox elements (name them all as "cb_1", "cb_2",,,,) and add that to an array.   Build a comma-separated list of that array using implode and put it in your where clause as "where key in ($array)".  Then build a list of addresses probably using semicolons as separators.

 

PS - Most important in this exercise is that your appl is secure from unwanted users who use it to send out spam to all your addresses.  And hopefully YOU are not doing that as well with addresses that you have culled from god knows where.

[requinix]

You have the checkboxes already:

$list = $_POST['checkbox'];

That's an array of all the values from the checked checkboxes. Using what I said, foreach over it (after changing the values to be IDs), look up the email from the ID, then send the mail() to it.

 

Loop thru the entire post array and if the name of an element begins with 'cb_' then assume that it id one of your checkbox elements (name them all as "cb_1", "cb_2",,,,) and add that to an array.

Uh, no?

[ginerjm]

Ok - so I didn't dig into his code to see that he was using an array.  But otoh, I would suggest that he not use email addresses as the value attribute and instead use a record key so as to avoid people sticking in their own address their as they hack his page.