[PHP] Auto Emailer With Attachements

[rabbit]

I never said write it yourself, I said understand it.  Look into output buffering and you MIGHT get an idea of what the script is doing.

[Joe[x86]]

Please stop trolling you jackass.

Please stop trolling you jackass.

[Warrior]

x86] link=topic=16739.msg171312#msg171312 date=1185949898]

Please stop trolling you jackass.

Please stop trolling you jackass.

If he truly is a troll (which I doubt), you're just feeding him.
Sort of silly of you to quote Kp and yet still feed the "troll"

way to fail.

[Michael]

as for the reasons your code doesn't work is the way your calling it and not setting any data! as your email.php i assume is

Code Select Expand


<?php

require_once 'vars.php';

//create a boundary string. It must be unique
//so we use the MD5 algorithm to generate a random hash
$random_hash = md5(date('r', time()));
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: $from\r\nReply-To: $from";
//add boundary string and mime type specification
$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";
//read the atachment file contents into a string,
//encode it with MIME base64,
//and split it into smaller chunks
$attachment = chunk_split(base64_encode(file_get_contents($attachment)));
//define the body of the message.
ob_start(); //Turn on output buffering
?>
--PHP-mixed-<?php echo $random_hash; ?>
Content-Type: multipart/alternative; boundary="PHP-alt-<?php echo $random_hash; ?>"

--PHP-alt-<?php echo $random_hash; ?>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>

--PHP-alt-<?php echo $random_hash; ?>
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>

--PHP-alt-<?php echo $random_hash; ?>--

--PHP-mixed-<?php echo $random_hash; ?>
Content-Type: application/txt; name=<?php echo $saveas; ?>
Content-Transfer-Encoding: base64
Content-Disposition: attachment

<?php echo $attachment; ?>
--PHP-mixed-<?php echo $random_hash; ?>--

<?php
//copy current buffer contents into $message variable and delete current output buffer
$message = ob_get_clean();
//send the email
$mail_sent = @mail($to, $subject, $message, $headers);
//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
echo $mail_sent ? "Mail sent" : "Mail failed";
?>


try this instead make a file named sendemail.php and put in the following code.

Code Select Expand


<?php
Function SendEmail($to, $from, $message, $attachment) {
//create a boundary string. It must be unique
//so we use the MD5 algorithm to generate a random hash
$random_hash = md5(date('r', time()));
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: $from\r\nReply-To: $from";
//add boundary string and mime type specification
$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";
//read the atachment file contents into a string,
//encode it with MIME base64,
//and split it into smaller chunks
$attachment = chunk_split(base64_encode(file_get_contents($attachment)));
//define the body of the message.
ob_start(); //Turn on output buffering
?>
--PHP-mixed-<?php echo $random_hash; ?>
Content-Type: multipart/alternative; boundary="PHP-alt-<?php echo $random_hash; ?>"

--PHP-alt-<?php echo $random_hash; ?>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>

--PHP-alt-<?php echo $random_hash; ?>
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<?php echo $message; ?>

--PHP-alt-<?php echo $random_hash; ?>--

--PHP-mixed-<?php echo $random_hash; ?>
Content-Type: application/txt; name=<?php echo $saveas; ?>
Content-Transfer-Encoding: base64
Content-Disposition: attachment

<?php echo $attachment; ?>
--PHP-mixed-<?php echo $random_hash; ?>--

<?php
//copy current buffer contents into $message variable and delete current output buffer
$message = ob_get_clean();
//send the email
$mail_sent = @mail($to, $subject, $message, $headers);
//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
return $mail_sent ? "Mail sent" : "Mail failed";
}
?>


then make email.php

Code Select Expand


<?php
echo SendEmail($"[email protected]", "[email protected]", "Here is your file...., "path to file and its name");
?>


This way it should work, i don't have the time to test it, but this way you wont need to worry about settings any vars from any other file and can change anything each time you call it.

i gather from this

Code Select Expand


function addtoFile() {
  $myFile = "./list/test.txt";
  $fh = fopen($myFile, 'w') or die("can't open file");

   $query = mysql_query("SELECT * FROM catrequest WHERE new = '1' ORDER BY lastname ASC, firstname");
    while($row = mysql_fetch_array($query)) {
     $stringData = $stringData . $row['lastname'] . ',' . $row['firstname'] . ',' . $row['address1'] . ',' . $row['address2'] . ',' . $row['city'] . ',' . $row['state'] . ',' . $row['zip'] . "
";
    }
    fwrite($fh, $stringData);
    include("./email.php");
}


you want to send it to anyone listed in your mysql db. you just need to make a few changes to email.php which should be easy

[Camel]

Code Select Expand


function addtoFile() {
  $myFile = "./list/test.txt";
  $fh = fopen($myFile, 'w') or die("can't open file");

   $query = mysql_query("SELECT * FROM catrequest WHERE new = '1' ORDER BY lastname ASC, firstname");
    while($row = mysql_fetch_array($query)) {
     $stringData = $stringData . $row['lastname'] . ',' . $row['firstname'] . ',' . $row['address1'] . ',' . $row['address2'] . ',' . $row['city'] . ',' . $row['state'] . ',' . $row['zip'] . "
";
    }
    fwrite($fh, $stringData);
    include("./email.php");
}


1) Initialize your freakin variables (stringData)! If you just so happen to have PHP set up so that all variables are global, and so request variables are loaded in to global variables (both of which are incidentally not the default values), your test.txt is about to get hosed. I'm sure that's not a security risk in your case, but it's something everyone should required to be aware of before being allowed to write PHP.

2) Don't concatenate strings when you don't have to; it's expensive. Instead, put your fwrite() in the loop. Yes, I'm nit-picking; deal with it.

[rabbit]

That's an easy exploit, actually.  As Camel said, if all variables are global, someone could screw with the value of $stringData by passing a value along in GET.

Also, if you ARE going to concat, at least do it in a non VB way: .=
But concat vs fwrite doesn't matter too much, since 1) there's not very much data actually being handled and 2) your function is already inefficient.

And lastly, die()?  Write some error handlers...

And post-lastly, I'm being picky, but I like to stick to standards:
SELECT * FROM `catrequest` WHERE `new` = '1' ORDER BY `lastname` ASC, `firstname`

[Camel]

That's an easy exploit, actually.  As Camel said, if all variables are global, someone could screw with the value of $stringData by passing a value along in GET.

Also, if you ARE going to concat, at least do it in a non VB way: .=
But concat vs fwrite doesn't matter too much, since 1) there's not very much data actually being handled and 2) your function is already inefficient.

And lastly, die()?  Write some error handlers...

And post-lastly, I'm being picky, but I like to stick to standards:
SELECT * FROM `catrequest` WHERE `new` = '1' ORDER BY `lastname` ASC, `firstname`

String concatenation requires allocating a new block of memory that's the size of the two things being concatenated, and then copying memory from both buffers to the new one. Doing lots of tiny concatenations to a large string is extremely inefficient when compared to fwrite().

What's wrong with die()? I use it all the time; it'd be nice if you gave yourself more information about what's going on, such as the function you're in, or the file that failed to open.

[rabbit]

http://us2.php.net/manual/en/function.set-error-handler.php

You can get all the info you want by doing something like that (the example).  Personally, I use a wrapper system and I manually handle most errors (IE: everywhere you could use die()).  I used to use die(), but I got annoyed with it very quickly.

For what he's doing, using concatenation isn't that bad.  If he's writing code for some big site where the function is called a fewhundred times a minute, he should rethink his function.

[Camel]

Infrequent use is not a good argument for bad algorithmic design.