| Re: FORMS, validating mail was sent [message #181901 is a reply to message #181900] |
Fri, 21 June 2013 17:25   |
Tim Streater
Messages: 328
Registered: September 2010
Karma:
|
Senior Member |
|
|
In article <kq20q8$9cc$1(at)news(dot)albasani(dot)net>,
The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
> On 21/06/13 12:27, Tim Streater wrote:
>> In article <kq19lv$pqa$1(at)news(dot)albasani(dot)net>,
>> The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>
>>> On 21/06/13 10:11, Tim Streater wrote:
>>>> In article <51c37641$0$6623$9b4e6d93(at)newsspool2(dot)arcor-online(dot)net>,
>>>> Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
>>>>
>>>> > Am 20.06.2013 22:46, schrieb Gordon Burditt:
>>>> > >> I'm a PHP near-newbie working fairly successfully on creating a
>>>> > secure >> PHP e-mail (mail()) function. It occurs to me that the
>>> only >> way a user >> knows (thinks) a form has been sent, is that I
>>> tell him >> so either in a >> line of code or with a Thank You page.
>>>> > > > Since you're a near-newbie, please save the world from having to
>>>> > > block email from your server, and DO NOT put any variables in email
>>>> > > headers, DO NOT put any variables from the user in email headers,
>>>> > > and DO NOT put any variables set in your form in email headers.
>>>> > > Put them in the body of the mail.
>>>> >
>>>> > Or use at least a good email library which caters for security issues
>>>> > and other "details" regarding correct headers.
>>>> >
>>>> > And one should not forget that not everything could be put in the
>>>> > message body--at least not without proper setting of some headers.
>>>> >
>>>> > > Wrong: From: $email
>>>> > > Right: From: www-data(at)myserver(dot)hostingco(dot)com
>>>> > > > Some servers are going to require that (a) the From: address is
>>>> > > local, (b) the From: address is a valid local user, and perhaps (c)
>>>> > > the user name must match the user id of the code that called the
>>>> > > MTA. In other words, there might be only one correct From: line
>>>> > > you're allowed to use.
>>>> >
>>>> > Indeed, but the OP may *try* if custom From headers are allowed on
>>> his
>>>> > webspace.
>>>> >
>>>> > > (For a mailing list to customers, you're stuck with a variable
>>>> > > in the To:, Cc:, or Bcc: headers. )
>>>> >
>>>> > In my limited experience Cc and Bcc headers *might* be blocked by
>>> the >> ISP.
>>>>
>>>> Well you shouldn't be sending a Bcc: header, now, should you? :-)
>>>
>>> well there is no there way other than sending EACH message
>>> INDIVIDULLY that you can hide other members of the mailing list from
>>> the intended recipient.
>>
>> Here's how I do it in my email client wot I rote.
>>
>> 1) The user (i.e, just me at this point) composes a mail and adds a
>> certain number of destination addresses in the To:, cc:, and bcc: fields.
>>
>> 2) These are then checked for being properly formatted and stored in
>> three strings.
>>
>> 3) At the point the mail is sent, logon to the mail host. Send "MAIL
>> FROM <address>" where 'address' is whatever the user types into the
>> From field or gets put there automatically if the user selects it.
>>
>> 4) The three strings from (2) are converted to arrays of addresses and
>> sent to the host as a series of "RCPT TO <address>".
>>
>> 5) Then send "DATA" followed by the headers such as From:, Subject:
>> Date:, cc:, any content-type and so on, then a blank line and the
>> actual body, encoded and in parts as necessary.
>>
>>
>> So that's one mail sent for all the addresses (above I've left out
>> checking returned statuses, timeouts, etc) with no bcc: line sent. So
>> all the addresses *could* be put in the bcc: field, with no
>> inter-recipient consciousness.
>>
> in MTA terms there is no Bcc: field at all. That's an MUA masking of the
> underlying way SMTP mail works.
Quite.
> The To: and CC: and BBC: headers are parsed to get a list of addresses
> which become the envelope address.
I may do some experiments where I'll do the RCPT-TO correctly but put
junk in the To: and cc: headers to see what happens. I have found that
it doesn't always matter what the From: header says. I was able to
change it to mickey(dot)mouse(at)example(dot)com and the mail arrived at the
destination.
> mail('', $subject, $body, $headers, "-f ".$return_path );
I don't use mail(). I've rolled my own, which seems to work.
--
Tim
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]