Jump to content

Recommended Posts

Posted

I run my own website. On this site I have a fake emailer the code is as follows:

<?php
if(isset($_GET['mail']))
{
//The mailing part of the script
if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody'])))
{
if($_POST['emailFrom'] != '')
{
mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
}
else
{
mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
}
}
header( 'Location: http://www.gyears.org/fakemail/pass.php' );
}
else
{
//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

What I would like is after it sends the email to also update a private rss feed I would like to setup. This way I can monitor what is being send out and have a log of it encase something happens. I don't know how to do PHP and i wouldn't know where to begin on making it update to an RSS feed. Help>?

Posted

Oe thing you could do is just add yourself as one of the addresses it send the emails to so you can then monitor them. I would create a seperate email address for this instance of use and that way you know it is only from this php email program yoru running on your site.

Posted

set up a MYSQL Database, and make a copy of every email.

so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin.

CREATE TABLE `email` (
  `ID` int(4) NOT NULL auto_increment,
  `From` varchar(50) collate latin1_general_ci NOT NULL,
  `To` varchar(50) collate latin1_general_ci NOT NULL,
  `Subject` varchar(250) collate latin1_general_ci NOT NULL,
  `Body` text collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-).

<?php
// Database Connection Details
    $dbhost = 'localhost'; // Address to Database
    $dbname = 'mail'; // Name of Database to store Emails
    $dbusername = 'root'; // Username for the Database
    $dbpassword = ''; // Password for the Database

    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");

function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) 
 {
    $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');");
    mysql_query($query);
    return;
 }

if(isset($_GET['mail']))
 {
    //The mailing part of the script
    if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) 
     {
        if($_POST['emailFrom'] != '') 
         {
                mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
            db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']);
         } else {
            mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
            db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']);
         }
     }
    header( 'Location: http://www.gyears.org/fakemail/pass.php' );
 } else {

//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

Hope it works for you.

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

Posted

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

it has to be said pwned!

Posted
set up a MYSQL Database, and make a copy of every email.

so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin.

CREATE TABLE `email` (
  `ID` int(4) NOT NULL auto_increment,
  `From` varchar(50) collate latin1_general_ci NOT NULL,
  `To` varchar(50) collate latin1_general_ci NOT NULL,
  `Subject` varchar(250) collate latin1_general_ci NOT NULL,
  `Body` text collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-).

<?php
// Database Connection Details
    $dbhost = 'localhost'; // Address to Database
    $dbname = 'mail'; // Name of Database to store Emails
    $dbusername = 'root'; // Username for the Database
    $dbpassword = ''; // Password for the Database

    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");

function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) 
 {
    $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');");
    mysql_query($query);
    return;
 }

if(isset($_GET['mail']))
 {
    //The mailing part of the script
    if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) 
     {
        if($_POST['emailFrom'] != '') 
         {
                mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
            db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']);
         } else {
            mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
            db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']);
         }
     }
    header( 'Location: http://www.gyears.org/fakemail/pass.php' );
 } else {

//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

Hope it works for you.

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

How would I set up the rss to read from the mysql then? I have been googleing but to no avail.

Posted

set up a MYSQL Database, and make a copy of every email.

so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin.

CREATE TABLE `email` (
  `ID` int(4) NOT NULL auto_increment,
  `From` varchar(50) collate latin1_general_ci NOT NULL,
  `To` varchar(50) collate latin1_general_ci NOT NULL,
  `Subject` varchar(250) collate latin1_general_ci NOT NULL,
  `Body` text collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-).

<?php
// Database Connection Details
    $dbhost = 'localhost'; // Address to Database
    $dbname = 'mail'; // Name of Database to store Emails
    $dbusername = 'root'; // Username for the Database
    $dbpassword = ''; // Password for the Database

    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");

function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) 
 {
    $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');");
    mysql_query($query);
    return;
 }

if(isset($_GET['mail']))
 {
    //The mailing part of the script
    if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) 
     {
        if($_POST['emailFrom'] != '') 
         {
                mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
            db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']);
         } else {
            mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
            db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']);
         }
     }
    header( 'Location: http://www.gyears.org/fakemail/pass.php' );
 } else {

//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

Hope it works for you.

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

How would I set up the rss to read from the mysql then? I have been googleing but to no avail.

http://www.tizag.com/mysqlTutorial/mysql-p...l-injection.php
Posted

haha i did say that its nopt the nicest way of doing this script, though to my defence, this is a behind the screen SQL script, normaly the user would have no idea about the SQL work behind it.

As for the reading, ill make a dump script now.

Also SomeoneE1se, just wondering, could u show me how u would go about imroving the script?

Normaly i would strip the string of characters, such as "!#$%^&*()'<>?{}[]:;,./-=+" and not allow certant phrases, like "http, https, www"

-=Edit=-

Again a simple. crude script, but gets the job done. sorry its not RSS, but i dont really have any experience in RSS, nor the time to look it up. This will simply dump the contents of the email table, with little UI.

&lt;?php
// Database Connection Details
    $dbhost = 'localhost';
    $dbname = 'mail';
    $dbusername = 'root';
    $dbpassword = '';
    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");
    
    
    $query = ("SELECT * FROM `email`");
    $result=mysql_query($query);
    $num=mysql_numrows($result);
    $i=0;
    
    while ($i &lt; $num) {
        echo ("To: ".mysql_result($result,$i,"To")."&lt;/br&gt;");
        echo ("From: ".mysql_result($result,$i,"From")."&lt;/br&gt;");
        echo ("Subject: ".mysql_result($result,$i,"Subject")."&lt;/br&gt;");
        echo ("Body: ".mysql_result($result,$i,"Body")."&lt;/br&gt;");
        echo ("&lt;/br&gt;&lt;hr&gt;&lt;/br&gt;");
        $i++;
    }
?&gt;

Posted

first the ( ) for the echos are unneeded

second

&lt;?php

echo "&lt;table&gt;n";
while($line = mysql_fetch_array($result, MYSQL_ASSOC){
    echo "&lt;tr&gt;n";
    foreach($line as $line){
        echo "&lt;td&gt;".$line"&lt;/td&gt;n";
    }
    echo "&lt;tr&gt;n";
}
echo "&lt;/table&gt;

?&gt;

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...