PHP Script to accept email via HTTP and connect to MYSQL then forward

Beginners - Learning PHP
#1

Hi I am very new to PHP and learning every day, I useing a service to forward email data via HTTP to a script called email.php.
I want the script to accept the data via $_POST. Also I want the script to change the $_POST[‘to’] to = $username and search the database and get the $forward_email so the script can send the email on.
I might be missing something here, or I might be going the wrong way about doing it. The code I have got so far is below:

[php]<?php
header(“Content-type: text/plain”);

require “…/site_scripts/connect_to_mysql.php”;

$_POST['to'] = "$username";


 mysql_select_db("database") or die(mysql_error());

$data = mysql_query(“SELECT $username FROM users LIMIT 1”)
or die(mysql_error());
while($info = mysql_fetch_array( $data ))
{

$info[‘username’] = “$username”;
$info[‘forward_email’] = “$forward_email”;
$info[‘status’] = “$status”;

$to = “$forward_email”;
$subject = $_POST[‘headers’][‘Subject’];
$plain = $_POST[‘plain’];
$html = $_POST[‘html’];
$reply = $_POST[‘reply_plain’];

if (mail($to, $subject, $plain)) {
header(“HTTP/1.0 200 OK”);
echo(‘success’);
}else{
header(“HTTP/1.0 403 OK”);
echo(‘user not allowed here’);
}
exit;

?>

[/php]

#2

You seem completely new to PHP by the mistakes you are making. I’ll try to explain all your problems and correct your script.

Let’s break it down line by line

[php]<?php
header(“Content-type: text/plain”);[/php]
This header is up to you. However, if you’re not outputting raw text, some navigators will complain.

[php]require “…/site_scripts/connect_to_mysql.php”; [/quote]

Nothing wrong in the require besides the relative path, which prevents you from moving your script to another directory.

[php] $_POST[‘to’] = “$username”;[/php]
This is MAJORLY wrong and recurs multiple times in your code. PHP is a left-to-right language. When you say “x = y”, it really means “set x to y” and not “set y to x” as you seem to believe. In addition, $_POST is a superglobal, which is inherently bad to modify.

The proper syntax is [php]$username = $_POST[‘to’];[/php]

[php] mysql_select_db(“database”) or die(mysql_error());
$data = mysql_query(“SELECT $username FROM users LIMIT 1”)
or die(mysql_error()); [/php]
This is wrong on a multiple of occasions, only one is major, though. The format for a select is SELECT field,field2,field3 FROM database WHERE if clause LIMIT limits, NOT SELECT whatevervalueIgot FROM users (which is what you just did).

The correct syntax, judging by the fields you use later, is:

[php]
$data = mysql_query(“SELECT username, forward_email,status FROM users WHERE username=’”.mysql_real_escape_string($username)."’") or die(mysql_error());[/php]

Please note that this code is vulnerable to SQL injection, but less than your original one. Consider learning PDO instead of using the mysql_ branch of functions.

[php] while($info = mysql_fetch_array( $data ))
{[/php]
Works.

[php] $info[‘username’] = “$username”;
$info[‘forward_email’] = “$forward_email”;
$info[‘status’] = “$status”;[/php]
Same thing as before. Correction:

[php]$forward_email = $info[‘forward_email’];
$status = $info[‘status’];[/php]

  [php]

$to = “$forward_email”;
$subject = $_POST[‘headers’][‘Subject’];
$plain = $_POST[‘plain’];
$html = $_POST[‘html’];
$reply = $_POST[‘reply_plain’];

if (mail($to, $subject, $plain)) {
header(“HTTP/1.0 200 OK”);
echo(‘success’);
}else{
header(“HTTP/1.0 403 OK”);
echo(‘user not allowed here’);
}
exit;
[/php]

There is one thing majorly wrong in your code, but it is not due to PHP itself. It’s HTTP/1.0 403 Forbidden and not 403 OK. IE8 will be thrown off by the “OK” in there.

In addition, consider sending more headers for your email - From, To, Reply-To, content-type. That will help your email go through spamfilters.

Sponsor our Newsletter | Privacy Policy | Terms of Service