Jump to content

Need some PHP help.


M0XIE
 Share

Recommended Posts

I run my own website. On this site I have a fake emailer the code is as follows:

<?php
if(isset($_GET['mail']))
{
//The mailing part of the script
if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody'])))
{
if($_POST['emailFrom'] != '')
{
mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
}
else
{
mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
}
}
header( 'Location: http://www.gyears.org/fakemail/pass.php' );
}
else
{
//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

What I would like is after it sends the email to also update a private rss feed I would like to setup. This way I can monitor what is being send out and have a log of it encase something happens. I don't know how to do PHP and i wouldn't know where to begin on making it update to an RSS feed. Help>?

Link to comment
Share on other sites

Oe thing you could do is just add yourself as one of the addresses it send the emails to so you can then monitor them. I would create a seperate email address for this instance of use and that way you know it is only from this php email program yoru running on your site.

Link to comment
Share on other sites

set up a MYSQL Database, and make a copy of every email.

so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin.

CREATE TABLE `email` (
  `ID` int(4) NOT NULL auto_increment,
  `From` varchar(50) collate latin1_general_ci NOT NULL,
  `To` varchar(50) collate latin1_general_ci NOT NULL,
  `Subject` varchar(250) collate latin1_general_ci NOT NULL,
  `Body` text collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-).

<?php
// Database Connection Details
    $dbhost = 'localhost'; // Address to Database
    $dbname = 'mail'; // Name of Database to store Emails
    $dbusername = 'root'; // Username for the Database
    $dbpassword = ''; // Password for the Database

    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");

function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) 
 {
    $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');");
    mysql_query($query);
    return;
 }

if(isset($_GET['mail']))
 {
    //The mailing part of the script
    if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) 
     {
        if($_POST['emailFrom'] != '') 
         {
                mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
            db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']);
         } else {
            mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
            db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']);
         }
     }
    header( 'Location: http://www.gyears.org/fakemail/pass.php' );
 } else {

//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

Hope it works for you.

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

Link to comment
Share on other sites

set up a MYSQL Database, and make a copy of every email.

so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin.

CREATE TABLE `email` (
  `ID` int(4) NOT NULL auto_increment,
  `From` varchar(50) collate latin1_general_ci NOT NULL,
  `To` varchar(50) collate latin1_general_ci NOT NULL,
  `Subject` varchar(250) collate latin1_general_ci NOT NULL,
  `Body` text collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-).

<?php
// Database Connection Details
    $dbhost = 'localhost'; // Address to Database
    $dbname = 'mail'; // Name of Database to store Emails
    $dbusername = 'root'; // Username for the Database
    $dbpassword = ''; // Password for the Database

    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");

function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) 
 {
    $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');");
    mysql_query($query);
    return;
 }

if(isset($_GET['mail']))
 {
    //The mailing part of the script
    if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) 
     {
        if($_POST['emailFrom'] != '') 
         {
                mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
            db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']);
         } else {
            mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
            db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']);
         }
     }
    header( 'Location: http://www.gyears.org/fakemail/pass.php' );
 } else {

//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

Hope it works for you.

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

How would I set up the rss to read from the mysql then? I have been googleing but to no avail.

Link to comment
Share on other sites

set up a MYSQL Database, and make a copy of every email.

so make a DB wif the following fields: ID, (auto inc, key), To, From, Subject, Body. To do this, run this as a SQL command in phpMyAdmin.

CREATE TABLE `email` (
  `ID` int(4) NOT NULL auto_increment,
  `From` varchar(50) collate latin1_general_ci NOT NULL,
  `To` varchar(50) collate latin1_general_ci NOT NULL,
  `Subject` varchar(250) collate latin1_general_ci NOT NULL,
  `Body` text collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

Here is the new page i just wrote, this wll add the email to the Database as well as still send it out. This isnt the nicest way of writing this script, but it works :-).

<?php
// Database Connection Details
    $dbhost = 'localhost'; // Address to Database
    $dbname = 'mail'; // Name of Database to store Emails
    $dbusername = 'root'; // Username for the Database
    $dbpassword = ''; // Password for the Database

    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");

function db_insert($sqlTo, $sqlFrom, $sqlSubject, $sqlBody) 
 {
    $query = ("INSERT INTO `email` ( `ID`,`From`,`To`,`Subject`,`Body`) VALUES ( NULL,'$sqlFrom','$sqlTo','$sqlSubject','$sqlBody');");
    mysql_query($query);
    return;
 }

if(isset($_GET['mail']))
 {
    //The mailing part of the script
    if((isset($_POST['emailTo']))&&(isset($_POST['emailSubject']))&&(isset($_POST['emailBody']))) 
     {
        if($_POST['emailFrom'] != '') 
         {
                mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody'], 'From: ' . $_POST['emailFrom']);
            db_insert($_POST['emailTo'], $_POST['emailFrom'], $_POST['emailSubject'], $_POST['emailBody']);
         } else {
            mail($_POST['emailTo'], $_POST['emailSubject'], $_POST['emailBody']);
            db_insert($_POST['emailTo'], "Anonymous", $_POST['emailSubject'], $_POST['emailBody']);
         }
     }
    header( 'Location: http://www.gyears.org/fakemail/pass.php' );
 } else {

//The GUI part of the script
$title = "Email Script";
echo '<html>

<body bgcolor="#000000" text="#FFFFFF">
<form action="' . $_SERVER['PHP_SELF'] . '?mail=Send" method="POST">
<table>
<tr><td>To:</td><td><input type="text" name="emailTo"></td></tr>
<tr><td>From:</td><td><input type="text" name="emailFrom"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="emailSubject"></td></tr>
<tr><td>Body:</td><td><textarea name="emailBody"></textarea></td></tr>
<tr><td></td><td><input type="submit" value="Email!"></td></tr>
</table>
</body>
</html>';
}
?>

Hope it works for you.

was teh url so i ownit .. im mean try it ..

*sigh* im rather contempt about ur "owning" abilities, when u cant even pick up the line in his code that says.

header( 'Location: http://www.gyears.org/fakemail/pass.php' );

How would I set up the rss to read from the mysql then? I have been googleing but to no avail.

http://www.tizag.com/mysqlTutorial/mysql-p...l-injection.php
Link to comment
Share on other sites

haha i did say that its nopt the nicest way of doing this script, though to my defence, this is a behind the screen SQL script, normaly the user would have no idea about the SQL work behind it.

As for the reading, ill make a dump script now.

Also SomeoneE1se, just wondering, could u show me how u would go about imroving the script?

Normaly i would strip the string of characters, such as "!#$%^&*()'<>?{}[]:;,./-=+" and not allow certant phrases, like "http, https, www"

-=Edit=-

Again a simple. crude script, but gets the job done. sorry its not RSS, but i dont really have any experience in RSS, nor the time to look it up. This will simply dump the contents of the email table, with little UI.

&lt;?php
// Database Connection Details
    $dbhost = 'localhost';
    $dbname = 'mail';
    $dbusername = 'root';
    $dbpassword = '';
    mysql_connect ($dbhost, $dbusername, $dbpassword);
    @mysql_select_db($dbname) or die( "Unable to select database");
    
    
    $query = ("SELECT * FROM `email`");
    $result=mysql_query($query);
    $num=mysql_numrows($result);
    $i=0;
    
    while ($i &lt; $num) {
        echo ("To: ".mysql_result($result,$i,"To")."&lt;/br&gt;");
        echo ("From: ".mysql_result($result,$i,"From")."&lt;/br&gt;");
        echo ("Subject: ".mysql_result($result,$i,"Subject")."&lt;/br&gt;");
        echo ("Body: ".mysql_result($result,$i,"Body")."&lt;/br&gt;");
        echo ("&lt;/br&gt;&lt;hr&gt;&lt;/br&gt;");
        $i++;
    }
?&gt;

Link to comment
Share on other sites

first the ( ) for the echos are unneeded

second

&lt;?php

echo "&lt;table&gt;n";
while($line = mysql_fetch_array($result, MYSQL_ASSOC){
    echo "&lt;tr&gt;n";
    foreach($line as $line){
        echo "&lt;td&gt;".$line"&lt;/td&gt;n";
    }
    echo "&lt;tr&gt;n";
}
echo "&lt;/table&gt;

?&gt;

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...