M0XIE Posted September 21, 2007 Posted September 21, 2007 I run my own website. On this site I have a fake emailer the code is as follows: <?php if(isset($_GET['mail'])) { //The mailing part of the script if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) { if($_POST['emailFrom'] != '') { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']); } else { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']); } } header( 'Location: http://www.gyears.org/fakemail/pass.php' ); } else { //The GUI part of the script $title = "Email Script"; echo '<html> <body bgcolor="#000000" text="#FFFFFF"> <form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST"> <table> <tr><td>To:</td><td><input type="text" name="emailTo"></td></tr> <tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr> <tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr> <tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr> <tr><td></td><td><input type="submit" value="Email!"></td></tr> </table> </body> </html>'; } ?> What I would like is after it sends the email to also update a private rss feed I would like to setup. This way I can monitor what is being send out and have a log of it encase something happens. I don't know how to do PHP and i wouldn't know where to begin on making it update to an RSS feed. Help>? Quote
operat0r_001 Posted September 21, 2007 Posted September 21, 2007 was teh url so i ownit .. im mean try it .. Quote
digip Posted September 22, 2007 Posted September 22, 2007 Oe thing you could do is just add yourself as one of the addresses it send the emails to so you can then monitor them. I would create a seperate email address for this instance of use and that way you know it is only from this php email program yoru running on your site. Quote
Deveant Posted September 23, 2007 Posted September 23, 2007 set up a MYSQL Database, and make a copy of every email. so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin. CREATE TABLE `email` ( `ID` int(4) NOT NULL auto_increment, `From` varchar(50) collate latin1_general_ci NOT NULL, `To` varchar(50) collate latin1_general_ci NOT NULL, `Subject` varchar(250) collate latin1_general_ci NOT NULL, `Body` text collate latin1_general_ci NOT NULL, PRIMARY KEY (`ID`) ) Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-). <?php // Database Connection Details $dbhost = 'localhost'; // Address to Database $dbname = 'mail'; // Name of Database to store Emails $dbusername = 'root'; // Username for the Database $dbpassword = ''; // Password for the Database mysql_connect ($dbhost, $dbusername, $dbpassword); @mysql_select_db($dbname) or die( "Unable to select database"); function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) { $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');"); mysql_query($query); return; } if(isset($_GET['mail'])) { //The mailing part of the script if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) { if($_POST['emailFrom'] != '') { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']); db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']); } else { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']); db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']); } } header( 'Location: http://www.gyears.org/fakemail/pass.php' ); } else { //The GUI part of the script $title = "Email Script"; echo '<html> <body bgcolor="#000000" text="#FFFFFF"> <form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST"> <table> <tr><td>To:</td><td><input type="text" name="emailTo"></td></tr> <tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr> <tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr> <tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr> <tr><td></td><td><input type="submit" value="Email!"></td></tr> </table> </body> </html>'; } ?> Hope it works for you. was teh url so i ownit .. im mean try it .. *sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says. header( 'Location: http://www.gyears.org/fakemail/pass.php' ); Quote
SomeoneE1se Posted September 23, 2007 Posted September 23, 2007 was teh url so i ownit .. im mean try it .. *sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says. header( 'Location: http://www.gyears.org/fakemail/pass.php' ); it has to be said pwned! Quote
M0XIE Posted September 25, 2007 Author Posted September 25, 2007 set up a MYSQL Database, and make a copy of every email. so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin. CREATE TABLE `email` ( `ID` int(4) NOT NULL auto_increment, `From` varchar(50) collate latin1_general_ci NOT NULL, `To` varchar(50) collate latin1_general_ci NOT NULL, `Subject` varchar(250) collate latin1_general_ci NOT NULL, `Body` text collate latin1_general_ci NOT NULL, PRIMARY KEY (`ID`) ) Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-). <?php // Database Connection Details $dbhost = 'localhost'; // Address to Database $dbname = 'mail'; // Name of Database to store Emails $dbusername = 'root'; // Username for the Database $dbpassword = ''; // Password for the Database mysql_connect ($dbhost, $dbusername, $dbpassword); @mysql_select_db($dbname) or die( "Unable to select database"); function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) { $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');"); mysql_query($query); return; } if(isset($_GET['mail'])) { //The mailing part of the script if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) { if($_POST['emailFrom'] != '') { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']); db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']); } else { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']); db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']); } } header( 'Location: http://www.gyears.org/fakemail/pass.php' ); } else { //The GUI part of the script $title = "Email Script"; echo '<html> <body bgcolor="#000000" text="#FFFFFF"> <form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST"> <table> <tr><td>To:</td><td><input type="text" name="emailTo"></td></tr> <tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr> <tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr> <tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr> <tr><td></td><td><input type="submit" value="Email!"></td></tr> </table> </body> </html>'; } ?> Hope it works for you. was teh url so i ownit .. im mean try it .. *sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says. header( 'Location: http://www.gyears.org/fakemail/pass.php' ); How would I set up the rss to read from the mysql then? I have been googleing but to no avail. Quote
SomeoneE1se Posted September 25, 2007 Posted September 25, 2007 set up a MYSQL Database, and make a copy of every email. so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin. CREATE TABLE `email` ( `ID` int(4) NOT NULL auto_increment, `From` varchar(50) collate latin1_general_ci NOT NULL, `To` varchar(50) collate latin1_general_ci NOT NULL, `Subject` varchar(250) collate latin1_general_ci NOT NULL, `Body` text collate latin1_general_ci NOT NULL, PRIMARY KEY (`ID`) ) Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-). <?php // Database Connection Details $dbhost = 'localhost'; // Address to Database $dbname = 'mail'; // Name of Database to store Emails $dbusername = 'root'; // Username for the Database $dbpassword = ''; // Password for the Database mysql_connect ($dbhost, $dbusername, $dbpassword); @mysql_select_db($dbname) or die( "Unable to select database"); function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) { $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');"); mysql_query($query); return; } if(isset($_GET['mail'])) { //The mailing part of the script if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) { if($_POST['emailFrom'] != '') { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']); db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']); } else { mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']); db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']); } } header( 'Location: http://www.gyears.org/fakemail/pass.php' ); } else { //The GUI part of the script $title = "Email Script"; echo '<html> <body bgcolor="#000000" text="#FFFFFF"> <form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST"> <table> <tr><td>To:</td><td><input type="text" name="emailTo"></td></tr> <tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr> <tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr> <tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr> <tr><td></td><td><input type="submit" value="Email!"></td></tr> </table> </body> </html>'; } ?> Hope it works for you. was teh url so i ownit .. im mean try it .. *sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says. header( 'Location: http://www.gyears.org/fakemail/pass.php' ); How would I set up the rss to read from the mysql then? I have been googleing but to no avail. http://www.tizag.com/mysqlTutorial/mysql-p...l-injection.php Quote
Deveant Posted September 26, 2007 Posted September 26, 2007 http://www.tizag.com/mysqlTutorial/mysql-p...l-injection.php haha i did say that its nopt the nicest way of doing this script, though to my defence, this is a behind the screen SQL script, normaly the user would have no idea about the SQL work behind it. As for the reading, ill make a dump script now. Also SomeoneE1se, just wondering, could u show me how u would go about imroving the script? Normaly i would strip the string of characters, such as "!#$%^&*()'<>?{}[]:;,./-=+" and not allow certant phrases, like "http, https, www" -=Edit=- Again a simple. crude script, but gets the job done. sorry its not RSS, but i dont really have any experience in RSS, nor the time to look it up. This will simply dump the contents of the email table, with little UI. <?php // Database Connection Details $dbhost = 'localhost'; $dbname = 'mail'; $dbusername = 'root'; $dbpassword = ''; mysql_connect ($dbhost, $dbusername, $dbpassword); @mysql_select_db($dbname) or die( "Unable to select database"); $query = ("SELECT * FROM `email`"); $result=mysql_query($query); $num=mysql_numrows($result); $i=0; while ($i < $num) { echo ("To: ".mysql_result($result,$i,"To")."</br>"); echo ("From: ".mysql_result($result,$i,"From")."</br>"); echo ("Subject: ".mysql_result($result,$i,"Subject")."</br>"); echo ("Body: ".mysql_result($result,$i,"Body")."</br>"); echo ("</br><hr></br>"); $i++; } ?> Quote
SomeoneE1se Posted September 26, 2007 Posted September 26, 2007 first the ( ) for the echos are unneeded second <?php echo "<table>n"; while($line = mysql_fetch_array($result, MYSQL_ASSOC){ echo "<tr>n"; foreach($line as $line){ echo "<td>".$line"</td>n"; } echo "<tr>n"; } echo "</table> ?> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.