• Welcome to Valhalla Legends Archive.
 

[PHP] Auto Emailer With Attachements

Started by Insecure, May 28, 2007, 07:34 PM

Previous topic - Next topic

rabbit

I never said write it yourself, I said understand it.  Look into output buffering and you MIGHT get an idea of what the script is doing.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Joe[x86]

Quote from: rabbit on July 13, 2007, 05:57 PM
Please stop trolling you jackass.

Please stop trolling you jackass.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

Warrior

Quote from: Joex86] link=topic=16739.msg171312#msg171312 date=1185949898]
Quote from: rabbit on July 13, 2007, 05:57 PM
Please stop trolling you jackass.

Please stop trolling you jackass.

If he truly is a troll (which I doubt), you're just feeding him.
Sort of silly of you to quote Kp and yet still feed the "troll"

way to fail.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Michael

#18
as for the reasons your code doesn't work is the way your calling it and not setting any data! as your email.php i assume is

<?phprequire_once 'vars.php';//create a boundary string. It must be unique//so we use the MD5 algorithm to generate a random hash$random_hash = md5(date('r', time()));//define the headers we want passed. Note that they are separated with \r\n$headers = "From: $from\r\nReply-To: $from";//add boundary string and mime type specification$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";//read the atachment file contents into a string,//encode it with MIME base64,//and split it into smaller chunks$attachment = chunk_split(base64_encode(file_get_contents($attachment)));//define the body of the message.ob_start(); //Turn on output buffering?>

--PHP-mixed-
<?php echo $random_hash; ?>

Content-Type: multipart/alternative; boundary="PHP-alt-
<?php echo $random_hash; ?>
"

--PHP-alt-
<?php echo $random_hash; ?>

Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>


--PHP-alt-
<?php echo $random_hash; ?>

Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>


--PHP-alt-
<?php echo $random_hash; ?>
--

--PHP-mixed-
<?php echo $random_hash; ?>

Content-Type: application/txt; name=
<?php echo $saveas; ?>

Content-Transfer-Encoding: base64
Content-Disposition: attachment

<?php echo $attachment; ?>

--PHP-mixed-
<?php echo $random_hash; ?>
--

<?php//copy current buffer contents into $message variable and delete current output buffer$message = ob_get_clean();//send the email$mail_sent = @mail($to, $subject, $message, $headers);//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"echo $mail_sent ? "Mail sent" : "Mail failed";?>



try this instead make a file named sendemail.php and put in the following code.


<?phpFunction SendEmail($to, $from, $message, $attachment) {//create a boundary string. It must be unique//so we use the MD5 algorithm to generate a random hash$random_hash = md5(date('r', time()));//define the headers we want passed. Note that they are separated with \r\n$headers = "From: $from\r\nReply-To: $from";//add boundary string and mime type specification$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";//read the atachment file contents into a string,//encode it with MIME base64,//and split it into smaller chunks$attachment = chunk_split(base64_encode(file_get_contents($attachment)));//define the body of the message.ob_start(); //Turn on output buffering?>

--PHP-mixed-
<?php echo $random_hash; ?>

Content-Type: multipart/alternative; boundary="PHP-alt-
<?php echo $random_hash; ?>
"

--PHP-alt-
<?php echo $random_hash; ?>

Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>


--PHP-alt-
<?php echo $random_hash; ?>

Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>


--PHP-alt-
<?php echo $random_hash; ?>
--

--PHP-mixed-
<?php echo $random_hash; ?>

Content-Type: application/txt; name=
<?php echo $saveas; ?>

Content-Transfer-Encoding: base64
Content-Disposition: attachment

<?php echo $attachment; ?>

--PHP-mixed-
<?php echo $random_hash; ?>
--

<?php//copy current buffer contents into $message variable and delete current output buffer$message = ob_get_clean();//send the email$mail_sent = @mail($to, $subject, $message, $headers);//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"return $mail_sent ? "Mail sent" : "Mail failed";}?>



then make email.php


<?phpecho SendEmail($"[email protected]", "[email protected]", "Here is your file...., "path to file and its name");?>



This way it should work, i don't have the time to test it, but this way you wont need to worry about settings any vars from any other file and can change anything each time you call it.

i gather from this

function addtoFile() {
  $myFile = "./list/test.txt";
  $fh = fopen($myFile, 'w') or die("can't open file");

   $query = mysql_query("SELECT * FROM catrequest WHERE new = '1' ORDER BY lastname ASC, firstname");
    while($row = mysql_fetch_array($query)) {
     $stringData = $stringData . $row['lastname'] . ',' . $row['firstname'] . ',' . $row['address1'] . ',' . $row['address2'] . ',' . $row['city'] . ',' . $row['state'] . ',' . $row['zip'] . "
";
    }
    fwrite($fh, $stringData);
    include("./email.php");
}


you want to send it to anyone listed in your mysql db. you just need to make a few changes to email.php which should be easy

Camel


function addtoFile() {
  $myFile = "./list/test.txt";
  $fh = fopen($myFile, 'w') or die("can't open file");

   $query = mysql_query("SELECT * FROM catrequest WHERE new = '1' ORDER BY lastname ASC, firstname");
    while($row = mysql_fetch_array($query)) {
     $stringData = $stringData . $row['lastname'] . ',' . $row['firstname'] . ',' . $row['address1'] . ',' . $row['address2'] . ',' . $row['city'] . ',' . $row['state'] . ',' . $row['zip'] . "
";
    }
    fwrite($fh, $stringData);
    include("./email.php");
}


1) Initialize your freakin variables (stringData)! If you just so happen to have PHP set up so that all variables are global, and so request variables are loaded in to global variables (both of which are incidentally not the default values), your test.txt is about to get hosed. I'm sure that's not a security risk in your case, but it's something everyone should required to be aware of before being allowed to write PHP.

2) Don't concatenate strings when you don't have to; it's expensive. Instead, put your fwrite() in the loop. Yes, I'm nit-picking; deal with it.

rabbit

That's an easy exploit, actually.  As Camel said, if all variables are global, someone could screw with the value of $stringData by passing a value along in GET.

Also, if you ARE going to concat, at least do it in a non VB way: .=
But concat vs fwrite doesn't matter too much, since 1) there's not very much data actually being handled and 2) your function is already inefficient.

And lastly, die()?  Write some error handlers...

And post-lastly, I'm being picky, but I like to stick to standards:
SELECT * FROM `catrequest` WHERE `new` = '1' ORDER BY `lastname` ASC, `firstname`
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Camel

Quote from: rabbit on September 18, 2007, 08:47 AM
That's an easy exploit, actually.  As Camel said, if all variables are global, someone could screw with the value of $stringData by passing a value along in GET.

Also, if you ARE going to concat, at least do it in a non VB way: .=
But concat vs fwrite doesn't matter too much, since 1) there's not very much data actually being handled and 2) your function is already inefficient.

And lastly, die()?  Write some error handlers...

And post-lastly, I'm being picky, but I like to stick to standards:
SELECT * FROM `catrequest` WHERE `new` = '1' ORDER BY `lastname` ASC, `firstname`

String concatenation requires allocating a new block of memory that's the size of the two things being concatenated, and then copying memory from both buffers to the new one. Doing lots of tiny concatenations to a large string is extremely inefficient when compared to fwrite().

What's wrong with die()? I use it all the time; it'd be nice if you gave yourself more information about what's going on, such as the function you're in, or the file that failed to open.

rabbit

http://us2.php.net/manual/en/function.set-error-handler.php

You can get all the info you want by doing something like that (the example).  Personally, I use a wrapper system and I manually handle most errors (IE: everywhere you could use die()).  I used to use die(), but I got annoyed with it very quickly.

For what he's doing, using concatenation isn't that bad.  If he's writing code for some big site where the function is called a fewhundred times a minute, he should rethink his function.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Camel

Infrequent use is not a good argument for bad algorithmic design.