I have made an HTML form. It is a sort of a research form and generate scores based on the values entered through some formulae. After I have done with calculating scores, I want to send the scores via an email. Should I use PHP or JavaScript to do that?
thank you
PHP provides a convenient way to send email with the mail() function.
Syntax
mail(to,subject,message,headers,parameters)
Example :
<?php
$to = aa#bbb.com;
$subject = 'results';
$message = 'message ';
$headers = 'From: your_email#xxx.com';
mail($to, $subject, $message, $headers);
?>
You can learn this concept here
You can see examples here
Post your form to a PHP script and you can read the form fields using the $_POST variable. Make sure your form has name="xxx" fields. These will be your $_POST['xxx'] array index names.
You can do the calculations in Javascript,in browser, in clients side.
But sending emails.... you do this via PHP, on the server side.
An example of a PHP script sending the email, as follows
See how I get form field values using $_POST array they come in?
You can build a looong email using lots of variables, just add them to the message.
<?php
$to = $_POST['email'];
$subject = 'Your results';
$message = 'Hello, this is your score email.<br>';
$message.= 'Your result is: '.$_POST['score'];
$headers = 'From: your#email.com';
mail($to, $subject, $message, $headers);
Related
I am stack with my form. I have to send value on e-mail. I don't know php, I know just JS(html, css). I have a very simple file structure, just html, css (a bit JS). I don't have any package manager.
I have to do my form with php.
-I found example, put php code on the top of my html file.
-Added .htaccess file
How I understand I need to use Apache as well, or not?
I don't have any idea about php - right me please some instruction what I have to do in simple way.
You can use PHPMailer to send emails easily. First you need to know how to get post data in PHP. and then store them as new variables then add them in Mail body to send.
Link for the PHPMailer: https://github.com/PHPMailer/PHPMailer
Tutorial for PHPMailer: https://github.com/PHPMailer/PHPMailer/wiki/Tutorial
You have to provide your email and password details in PHPMailer Library
Finally, Your PHP code be like below
<?php
require 'PHPMailerAutoload.php';
$name = $_POST['name'];
$email = $_POST['email'];
$mail = new PHPMailer;
$mail->setFrom('from#example.com', 'Your Name');
$mail->addAddress($email, 'My Friend');
$mail->Subject = 'First PHPMailer Message';
$mail->Body = " Hi! $name This is my first e-mail sent through PHPMailer.';
if(!$mail->send()) {
echo 'Message was not sent.';
echo 'Mailer error: ' . $mail->ErrorInfo;
} else {
echo 'Message has been sent.';
}
Hello what i am trying to get is when i click on a link in the email it captures the subject of email and pass it as a parameter in the url to another page where i can store this subject line.
for example here is my email template code
Download this publication featuring research from Gartner now
in href i would like to pass the email subject as parameter to other page which is a form.
I think this really depends how you generate the email subject and body, when generating the email, if you are using a server side script, you can just put the mail subject variable to the link in the mail.
For example, if you are sending the mail using php mail function, and here are the code to send it.
$to = 'nobody#example.com';
$subject = 'the subject';
//Notice that we just included the subject in $message as part of the link address.
$message = 'xxxx';
$headers = 'From: webmaster#example.com' . "\r\n" .
'Reply-To: webmaster#example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
If you are using other tools, the method will be similar.
If I send an email to someone, and at the bottom of the email is a link.
Lets say the link is, click me.
When user clicks on this link he is taken to a webpage.
This webpage will show "Thank you" and webpage will name will be say thanks.php
How can I show the name (or email) of the person who clicked this link, in his email on this webpage?
i.e. when he clicks the link in the email, and is taken to the webpage thanks.php, how can he see the message:
"Thank you Amit Gupta"
or
"Thank you amit00000000#fmail.com"
while Amit Gupta and/or amit00000000#fmail.com shall be taken from the email in which he clicked on this link.
I will be grateful if you provide the answer of this question.
Thanks a lot in advance.
When you send the email:
Generate a unique identifier
Put it in the link (e.g. in the query string of the URL)
Store it with the name in a database
When the link is clicked:
Look up the id in the database
Get the data you stored with it
Output that data to the page
You should try something like this, but you have to complement it to your needs.
register.php: (or whatever)
<?php
$id = uniqid();
$link = 'linktoyourfile/thanks.php?id=' . $id;
// TODO: save $id in a database in relation with the email of your user
// and then send the $link variable to the given email address.
/*
//Something like this:
$subject = 'Subject';
$message = 'Click here to activate or what ever';
$header = 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header .= 'To: ' . 'His Name <' . $mail . '>' . "\r\n";
$header .= 'From: Your Name <your#email.com>' . "\r\n";
mail($mail, $subject, $message, $header);
*/
?>
thanks.php:
<?php
if (isset($_GET['id'])) {
$id = $_GET['id'];
// TODO: read the email from the database with the $id variable
// and set it to the $email variable
echo 'Thank you '. $email;
}
?>
Before you send the email to the user from your system, you will maintain a tracking id of that mail in your database across the user, this tracking id could be
$tracking_id = md5($uid . time());
$uid -> is the user_id
And in the link you add this tracking_id as the query parameter, so when the user clicks the link, you can search for this tracking_id and lookup in database for the user this link was.
Example url: http://abcd.com/thankyou.php?tracking_id=12352342345
Then you can display the user details you want, also along with that you can capture the click details and consider this email as read email.
On click of the link parse the email text to get the From Email and send it as a parameter to the GET request.
I found the following contact form script online and I want to find out if it is secure, and if it is not how I might make it more secure. I just went back to the page where I think I got the code a long time ago and I see one commentor said :
"client side validation is only for user conveneicne, it doens't prevent spam, hackers, or annoying web devs. All a hacker has to do is create their own HTML file without javascript. Spam bots wouldn't even use the form they'll just parse it for the id's and send raw packets. Always check input on the server, never trust the user. "
I'm not exactly sure what that means, but hoping if someone sees a vulnerability in the code below it the comment may make more sense :
<?php
$EmailFrom = Trim(stripslashes($_POST['Email']));
$EmailTo = "info#mysite.com";
$Subject = "Customer Inquiry from MySite.com";
$Name = Trim(stripslashes($_POST['Name']));
$Tel = Trim(stripslashes($_POST['Tel']));
$Email = Trim(stripslashes($_POST['Email']));
$Message = Trim(stripslashes($_POST['Message']));
// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mysite.com/contact-us-error.php\">";
exit;
}
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mysite.com/contact-us-success.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mysite.com/contact-us-error.php\">";
}
?>
Thanks for taking a look
You need to understand why some things aren't secure, not just ask people when you don't know.
First of all, you mentioned client-side validation. Are there any constraints you're trying to validate client-side? For instance, is there javascript (or maybe an HTML attribute) that prevents the user from typing more than a certain number of characters in the body of the email?
If so, and if you count this as a security breach, then the page is not secure. If I wanted to abuse your site in this way, I couldn't do it just by visiting the site in the normal way with a browser. But that doesn't stop me from sending whatever I want over the network. I could use something like curl ( http://curl.haxx.se/ ) to send a long request to your server; your server would have no way of knowing it wasn't from a browser, wouldn't check its length, and would send the email.
There's another way an attacker can use the server for something it's clearly not intended for. Namely, they can add extra headers. For instance, suppose they wanted to add the header MyHeader: something malicious. They could send a request in which $_POST['Email'] was the following string:
me#example.com>\r\nMyHeader: something malicious\r\nJunkHeader: junk
Then, the string "From: <$EmailFrom>" would look like this:
From: <me#example.com>
MyHeader: something malicious
JunkHeader: junk>
And those are the headers that would be sent. (I added a line of junk so that the extra > at the end wouldn't appear as part of MyHeader interfere with whatever nefarious plan I was attempting.)
Presumably because of this vulnerability, according to http://uk1.php.net/manual/en/function.mail.php : "The additional_parameters parameter is disabled in safe_mode and the mail() function will expose a warning message and return FALSE when used." (From PHP4.2.3 onwards.)
To fix this, I suppose it is sufficient to check that $EmailFrom contains no newline characters, and refuse to send the email if it does.
I was wondering if it is possible to email a value which is returned by a function in javascript? or do i have to use php/ajax?
From the following example, I want to email abc to myself? How can it be done?
<html>
<head><script>
var t = "abc";
function test(){
return t;}
</script></head>
<body onload = "test()">
</body></html>
You'll need to post it to your server via XHR, then your server can email it.
Here is a very good explanation from another similar question:
You can't send an email with javascript,
the closest you can get
would be a mailto which opens the
default email client - but that won't
send anything.
Email should be sent from the server -
submit the form in the normal way, and
construct the email on the server and
send it....
Another answer there gives some details about using mailto.
There's no direct method. I would use jQuery' $.post to post the relevant information to a PHP page which would then mail it using, at it's simplest, the aptly-named mail function.
In one of the script tags of the main page or in a separate .js file:
$.post("mailer.php", {data: "abc"}, function(data) {
// Alert yourself whether it was successful if you want
});
And mailer.php (replace these with your own values):
<?php
$to = 'nobody#example.com';
$subject = 'the subject';
$message = $_POST['data'];
$headers = 'From: webmaster#example.com';
mail($to, $subject, $message, $headers);
?>