Home > Archive > PHP Programming > October 2006 > Mailer
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Shelly 2006-10-30, 7:04 pm |
| I am looking for suggestions for the best way to do this. I can hack it out
to make it happen, but I thought I would make use of the expertise to do it
the best way.
I have a form with a drop-down list of users. I want to use a button to
send mail to the user that is currently showing in the drop-down list. When
this button is pressed, I want the user's default email program to come up
with the email address of that person filled in. (the email addresses are
in the database and can be retrieved easily).
I can go to the process of having a separate mail form with a text box and
gathering all the info and then using mail() to send it. Or, I can have the
button exercise some code that runs separate window and exercises a mailto
in the html area with the address filled out and then kills the window,
leaving the user's email reader up there.
Both seem rather cumbersome. Is there an easier way?
Shelly
| |
|
| Shelly wrote:
> I am looking for suggestions for the best way to do this. I can hack
> it out to make it happen, but I thought I would make use of the
> expertise to do it the best way.
>
> I have a form with a drop-down list of users. I want to use a button
> to send mail to the user that is currently showing in the drop-down
> list. When this button is pressed, I want the user's default email
> program to come up with the email address of that person filled in.
> (the email addresses are in the database and can be retrieved easily).
>
> I can go to the process of having a separate mail form with a text
> box and gathering all the info and then using mail() to send it. Or,
> I can have the button exercise some code that runs separate window
> and exercises a mailto in the html area with the address filled out
> and then kills the window, leaving the user's email reader up there.
>
> Both seem rather cumbersome. Is there an easier way?
No.
Either use javascript for a emulate a click on a 'mailto:' link, which is
highly unreliable, or use a form. That would not neccesarily require
another page, just another textarea & button.
Even if (and that's a big if) the UA will grant the 'mailto:' option, there
is no way to know for sure this UA:
1. Knows which is the default email-program.
2. Succeeds in opening the emailprogram.
There is another way: give the users emailadress, and let them open their
emailclient themselves.
--
Rik Wasmus
| |
| Jerry Stuckle 2006-10-30, 7:04 pm |
| Shelly wrote:
> I am looking for suggestions for the best way to do this. I can hack it out
> to make it happen, but I thought I would make use of the expertise to do it
> the best way.
>
> I have a form with a drop-down list of users. I want to use a button to
> send mail to the user that is currently showing in the drop-down list. When
> this button is pressed, I want the user's default email program to come up
> with the email address of that person filled in. (the email addresses are
> in the database and can be retrieved easily).
>
No you don't. This will expose the user's email address to the world.
These will quickly be harvested by 'bots and your users' email addresses
sold to spammers. Don't ever display an email address on a webpage.
> I can go to the process of having a separate mail form with a text box and
> gathering all the info and then using mail() to send it. Or, I can have the
> button exercise some code that runs separate window and exercises a mailto
> in the html area with the address filled out and then kills the window,
> leaving the user's email reader up there.
>
> Both seem rather cumbersome. Is there an easier way?
>
> Shelly
>
>
Use the form. Your textbox can be on the same page or another one.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
| Shelly 2006-10-30, 7:04 pm |
|
"Rik" <luiheidsgoeroe@hotmail.com> wrote in message
news:64989$453edcfb$8259c69c$12384@news1
.tudelft.nl...
> Shelly wrote:
>
> No.
> Either use javascript for a emulate a click on a 'mailto:' link, which is
> highly unreliable, or use a form. That would not neccesarily require
> another page, just another textarea & button.
>
> Even if (and that's a big if) the UA will grant the 'mailto:' option,
> there
> is no way to know for sure this UA:
> 1. Knows which is the default email-program.
> 2. Succeeds in opening the emailprogram.
>
> There is another way: give the users emailadress, and let them open their
> emailclient themselves.
> --
> Rik Wasmus
Thanks, Rik. That is what I was afraid of. The users in this case is the
owner of the site (and not technically savvy). Part of the spec is to be
able to send email to a person on the client list. So, I will simply have a
full page available with a text area and look like a mail form - or just a
text field for the subject and a text area for the message. I will then use
the mail() function. While I am at it, I guess I'll include another button
to send to his entire client list.
It would have been nice if there were a function to open the default email
client from php.
Shelly
| |
| Shelly 2006-10-30, 7:04 pm |
|
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:mMmdnbxEQK61o6LYnZ2dnUVZ_r6dnZ2d@co
mcast.com...
> Shelly wrote:
>
> No you don't. This will expose the user's email address to the world.
> These will quickly be harvested by 'bots and your users' email addresses
> sold to spammers. Don't ever display an email address on a webpage.
I wasn't planning to do that! I only display the username. When the user
(the owner of the site -- not technically saavy) clicks to send an email to
that client, the email address is obtained from the database and stuffed
into the mailer routine.
>
> Use the form. Your textbox can be on the same page or another one.
Two votes for the form -- you and Rik. I trust you guys so I'll go the form
route. I just thought it would be sexier to have his email program brought
up.
Shelly
| |
| Jerry Stuckle 2006-10-30, 7:04 pm |
| Shelly wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:mMmdnbxEQK61o6LYnZ2dnUVZ_r6dnZ2d@co
mcast.com...
>
>
>
> I wasn't planning to do that! I only display the username. When the user
> (the owner of the site -- not technically saavy) clicks to send an email to
> that client, the email address is obtained from the database and stuffed
> into the mailer routine.
>
"When this button is pressed, I want the user's default email program.."
To send email from the user's email program, you will need to expose
the client's email to the spambots. You do NOT want to do this.
>
>
>
> Two votes for the form -- you and Rik. I trust you guys so I'll go the form
> route. I just thought it would be sexier to have his email program brought
> up.
>
> Shelly
>
>
Personally, I don't think so. But it is a LOT more dangerous!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
| nemo@nemo_spam.com 2006-10-30, 7:04 pm |
| On Wed, 25 Oct 2006 10:44:11 GMT, "Shelly"
<sheldonlg.news@asap-consult.com> wrote:
>
>"Rik" <luiheidsgoeroe@hotmail.com> wrote in message
> news:64989$453edcfb$8259c69c$12384@news1
.tudelft.nl...
>
>Thanks, Rik. That is what I was afraid of. The users in this case is the
>owner of the site (and not technically savvy). Part of the spec is to be
>able to send email to a person on the client list. So, I will simply have a
>full page available with a text area and look like a mail form - or just a
>text field for the subject and a text area for the message. I will then use
>the mail() function. While I am at it, I guess I'll include another button
>to send to his entire client list.
When I do that, I make sure that all the addresses go into the Bcc:
field, otherwise everyone gets to learn everyone else's address. I
read somewhere that if just one machine is infected with worms'n'stuff
everyone then starts to get shed-loads of spam.
>
>It would have been nice if there were a function to open the default email
>client from php.
>
>Shelly
>
| |
| Shelly 2006-10-30, 7:04 pm |
|
<nemo@nemo_spam.com> wrote in message
news:pofvj29bop27b0ct2d89ju80q5g95ul6rl@
4ax.com...
> On Wed, 25 Oct 2006 10:44:11 GMT, "Shelly"
> <sheldonlg.news@asap-consult.com> wrote:
[color=darkred]
> When I do that, I make sure that all the addresses go into the Bcc:
> field, otherwise everyone gets to learn everyone else's address. I
> read somewhere that if just one machine is infected with worms'n'stuff
> everyone then starts to get shed-loads of spam.
Good point. I'll do that.
Shelly
| |
| Shelly 2006-10-30, 7:04 pm |
|
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> "When this button is pressed, I want the user's default email program.."
>
> To send email from the user's email program, you will need to expose the
> client's email to the spambots. You do NOT want to do this.
How is that so? When the button is pressed, I would find the email from a
database and then open the email program. Is it in the passing from the
current form to the email client that is the leak?
Anyway, I implemented a form and used mail().
Shelly
| |
|
| Shelly wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>
>
> How is that so? When the button is pressed, I would find the email
> from a database and then open the email program. Is it in the
> passing from the current form to the email client that is the leak?
Well, a *then* I will find the emailadress is not true. If you want this,
you'll have to look it up earlier, and have it within your HTML/possbly JS
code.]
Jerry is mainly concerned (as am I), that people giving their emailadress
to one party, agreeing to be mailed by them, will not have to worry about
their emailadress being harvested from the source, or from a mail to
others. So, tell us this is on a really secure backend for your client,
which is impossible to access by any other then that client.
> Anyway, I implemented a form and used mail().
Good choice, and make sure that form is not in any way publicly available.
--
Rik Wasmus
| |
| Shelly 2006-10-30, 7:04 pm |
|
"Rik" <luiheidsgoeroe@hotmail.com> wrote in message
news:5cd4a$45402d85$8259c69c$11663@news2
.tudelft.nl...
> Shelly wrote:
>
> Well, a *then* I will find the emailadress is not true. If you want this,
> you'll have to look it up earlier, and have it within your HTML/possbly JS
> code.]
>
> Jerry is mainly concerned (as am I), that people giving their emailadress
> to one party, agreeing to be mailed by them, will not have to worry about
> their emailadress being harvested from the source, or from a mail to
> others. So, tell us this is on a really secure backend for your client,
> which is impossible to access by any other then that client.
>
>
> Good choice, and make sure that form is not in any way publicly available.
> --
> Rik Wasmus
The form is protected. When the admin logs in, I check his password and
privileges. I set a session variable for his username. At the top of each
admin page, I check that username for his privileges. If not met, I leave
that page and divert to a neutral home login page available for all users.
These admin pages are in a separate directory. I could set a session
variable for his privilege as well, but instead I check the database each
time.
Any additional suggestions?
Shelly
| |
| Jerry Stuckle 2006-10-30, 7:04 pm |
| Shelly wrote:
> "Rik" <luiheidsgoeroe@hotmail.com> wrote in message
> news:5cd4a$45402d85$8259c69c$11663@news2
.tudelft.nl...
>
>
>
> The form is protected. When the admin logs in, I check his password and
> privileges. I set a session variable for his username. At the top of each
> admin page, I check that username for his privileges. If not met, I leave
> that page and divert to a neutral home login page available for all users.
> These admin pages are in a separate directory. I could set a session
> variable for his privilege as well, but instead I check the database each
> time.
>
> Any additional suggestions?
>
> Shelly
>
>
Well, first of all, you didn't clarify this is an admin page. If it's a
public page I can easily intercept the email address and spam the hell
out of your users. On an admin form it's a little harder. Virtually
impossible if you use SSL on an admin page. But also if you use an
email form and never send the email address to the user in the first place.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
|
|
|
|
|