FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » Imported messages » comp.lang.php » FORMS, validating mail was sent
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: FORMS, validating mail was sent [message #181871 is a reply to message #181855] Thu, 20 June 2013 20:46 Go to previous messageGo to previous message
gordonb.k0cb7 is currently offline  gordonb.k0cb7
Messages: 1
Registered: June 2013
Karma:
Junior Member
> I'm a PHP near-newbie working fairly successfully on creating a secure
> PHP e-mail (mail()) function. It occurs to me that the only way a user
> knows (thinks) a form has been sent, is that I tell him so either in a
> line of code or with a Thank You page.

Since you're a near-newbie, please save the world from having to
block email from your server, and DO NOT put any variables in email
headers, DO NOT put any variables from the user in email headers,
and DO NOT put any variables set in your form in email headers.
Put them in the body of the mail.

Wrong: From: $email
Right: From: www-data(at)myserver(dot)hostingco(dot)com

Some servers are going to require that (a) the From: address is
local, (b) the From: address is a valid local user, and perhaps (c)
the user name must match the user id of the code that called the
MTA. In other words, there might be only one correct From: line
you're allowed to use.

(For a mailing list to customers, you're stuck with a variable
in the To:, Cc:, or Bcc: headers. )

Wrong: Subject: Contact form from $email
Right: Subject: Contact form - read body to tell who it's from.

Wrong: Subject: Order for $itemname
Right: Subject: Order



(Consider what happens if $email='me(at)gmail(dot)com\rCc: victim1(at)gmail(dot)com,
victim2(at)gmail(dot)com, victim3(at)gmail(dot)com, ..., victim99(at)gmail(dot)com', and
$address (used in the body) contains a 5-page-long ad for body part
enlargement)

> With that in mind, is there any way with PHP to actually tell that a
> message was actually sent? That it at least was mailed out?

The return value from the mail() function is about as good as you
can get. The mail was handed off to the MTA.

> I came across retval() and thought that might be way to do it, but I
> misinterpreted it, thinking it was a PHP function, which it turns out to
> not be. Therefore I'm looking for some way to authenticate that the
> e-mail actually left the server.

It can actually take an incredible number of DNS lookups and alias
file searches to determine if the mail is even *SUPPOSED* to leave
the server (that is, the destination is not local to the server),
especially since shared hosted web servers tend to have lots of
different DNS hostnames all pointing at them.

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: strange one
Next Topic: how to change old ereg?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Jun 26 13:00:18 GMT 2024

Total time taken to generate the page: 0.04378 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software