dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
665

inGearX
3.1415 9265
join:2000-06-11
New York

inGearX

Member

did you make any scripts for your self?

let's share ideas ...

we might discover something cool we can use...
inGearX

inGearX

Member

I made a simple PHP script that let's me email ...

my e.php script

<html>
<body><?php
if (isset($_REQUEST['e'])) //if "email" is filled out, send email
  {
  //send email
  $email = $_REQUEST['e'] ; 
  $subject = $_REQUEST['s'] ;
  $message = $_REQUEST['m'] ;
  
  $char1="\'";
  $message = str_replace($char1, "'", $message);
  
  $char2='\"';
  $char2b='"';
  $message = str_replace($char2, $char2b, $message);
  
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/plain; charset=iso-8859-1' . "\r\n";
  
$headers .= 'From: YourEmailAddress@gmail.com' . "\r\n";
$headers .= 'Bcc: YourEmailAddress@gmail.com' . "\r\n";
  
mail($email,$subject, $message, $headers);
  
echo "E-mail sent OK
to: $email<br>
subject: $subject<br>
message: <textarea cols=60 rows=10>$message</textarea><br>
headers: <textarea cols=60 rows=6>$headers</textarea>
";
  }
else
//if "e" is not filled out, display the form
  {
  echo "
  
<html>
<body>
<form method='post' action='e.php' name=form1>
  Email:<br><input size=40 name='e' type='text' /><br>
   
  <a href=\"#\" onclick=\"javascript:form1.e.value='___';form1.s.value='subject line';\" >____</a><br>
<br>
  <br />
  Subject:<br>
<input size=40 name='s' type='text' /><br />
  Message:<br />
  <textarea name='m' rows='15' cols='40'></textarea><br />
  <input type='submit' value=\"send e-mail\"/>
  </form>
</center></body></html>
  
";
  }
?></body>
</html>
 

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

DigitalXeron

Member

said by inGearX:

I made a simple PHP script that let's me email ...

my e.php script

[snip]

May want to ensure this is behind some form of authentication if this is on a publicly accessible webserver, as there is no included authentication and if the script's location is found (search engine bots have a tendency to find stuff quite efficiently, even if it isn't formally listed anywhere really) spammers would have a field day and you could find your MTA on a blacklist quickly.

Mospaw
My socks don't match.

join:2001-01-08
New Braunfels, TX

Mospaw

As DigitalXeron See Profile pointed out, that is a very dangerous script to have on a public computer. Anyone can send as much email as they want using your address, or at least the address provided in the script as the "From" and "BCC". And it will all be coming from the server on which it runs.

I would definitely work some sort of authentication in there to make sure that only those who should be sending email with this script are sending email with this script.

Also, a coding style question: why is the single quote being replaced with a string literal on line 11, but the same thing done with a double quote on line 15 is done with a variable that is used only once? Or for that matter why are the replacements done that way at all. You can do it this way and save a few lines of code and some memory (granted a small amount, but every bit helps):

 
  $char1="\'";
  $message = str_replace($char1, "'", $message);
   
  $char2='\"';
  $char2b='"';
  $message = str_replace($char2, $char2b, $message);
 

becomes

 
  $message = str_replace(array("\'", '\"'), array("'", '"'), $message);
 

I always strive to make my code consistent, neat and concise. At least when possible. :)

More importantly, never ever trust input, especially if you're going to be using it to trigger something like email.

cowboyro
Premium Member
join:2000-10-11
CT

cowboyro to inGearX

Premium Member

to inGearX
I have a bunch of scripts...
-loading my weather station's data into a database and aggregating with external data
-sending an IM when a certain event occurs (kind of deprecated since yahoo has changed their messenger api)
-processing and storing data from my HVAC system's custom monitoring device
-various data collection beacons