Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => Mail

Code Security and Stability Suggestions

the mail() function

Moderators: macek, egami, gesf

Code Security and Stability Suggestions

Postby bonafidecpo » Thu May 26, 2011 10:21 am

This is a code i am using to process customer information and email it to the billing department. It takes information from a multi-page session. It works well but can be inconsistent. Sometimes certain information does not send. Sometimes code shows through in the received email. What are some suggestions to improve Security and Stability?

Code: Select all
<?php
header('Location: login11.html');
    session_start();
   
   $naba = check_input($_POST['naba']);
   $discard = check_input($_POST['discard']);
   $studentad = check_input($_POST['studentad']);
   $refcode = check_input($_POST['refcode']);
   $refby = check_input($_POST['refby']);
   $cemail = check_input($_POST['cemail']);
   $com = check_input($_POST['com']);
   
   //change this to your email.
    $to = "XXX@XXXX.com";
   $to2 = "XXX@XXXX.com";
   // $from = $_SESSION['cus_email'];
   $from = "XXX@XXXX.com";
   $subject = "Schedule Today Submitted by Customer";
    //$subject = $_SESSION['cuslastname'] . ',&nbsp;' . $_SESSION['cusfirstname'] . '&nbsp;' . $_SESSION['school' . '&nbsp;' . 'order information'];
   
   
   //Customer Number------------------------------>>>>>>>
   
   //HEAD//
   $date = date("md");
   $datey = date("y");

//open the file handler

$fp=fopen("acc.txt","r");

//Read the previous count
$count=fgets($fp,1024);

//close the file.
fclose($fp);

$fw=fopen("acc.txt","w");

//Increment the counter
$cnew=$count+1;

//write the counter back to the log file ie., acc.txt
$countnew=fputs($fw,$count+1);

//Display VISITOR NUMBER       
echo "<br>You are the $cnew Visitor to This site";

fclose($fw);

   
   //$_SESSION['cusfirstname'];
   
   //$cusfirstname = $_POST['cusfirstname'];

    //begin of HTML message  //loginx
    $message = '<h3>Customer Number:&nbsp;</h3>' . $_SESSION['school'] . '&nbsp;-' . $date . '&nbsp;-' . $datey . $cnew .   
   
   
   '<h3>Customer Information</h3><br />' . 'First Name:&nbsp;' . $_SESSION['cusfirstname'] . '<br />Last Name:&nbsp;' . $_SESSION['cuslastname'] . '<br /> Email Address:&nbsp;' . $_SESSION['cus_email'] . '<br />Secondary Email:&nbsp;' . $_SESSION['cus_sec_email'] . '<br />Mobile Phone Number:&nbsp;' . $_SESSION['cus_area_code'] . '&nbsp;' . $_SESSION['cus_phoneone'] . '&nbsp;' . $_SESSION['cus_phonetwo'] . '<br />Secondary Phone Number:&nbsp;' . $_SESSION['cus_secarea'] . '&nbsp;' . $_SESSION['cus_secphoneone'] . '&nbsp;' . $_SESSION['cus_secphonetwo'] . '<br /><h3>Alternative Contact Information</h3>' . 'Name:&nbsp;' . $_SESSION['alt_name'] . '<br />Phone Number:&nbsp;' . $_SESSION['alt_areacode'] . '&nbsp;' . $_SESSION['alt_phoneone'] . '&nbsp;' . $_SESSION['alt_phonetwo'] . '<br />Email:&nbsp;' . $_SESSION['alt_email'] . '<br />Address:&nbsp;' . $_SESSION['alt_address'] . '<br />Secondary Address:&nbsp;' . $_SESSION['alt_addresstwo'] . '<br />City:&nbsp;' . $_SESSION['alt_city'] . '<br />State:&nbsp;' . $_SESSION['alt_state'] . '<br />Zip Code:&nbsp;' . $_SESSION['alt_zip'] .
   
   //login2
   '<br /><h3>School Information</h3>' . '<br />School:&nbsp;' . $_SESSION['school'] . '<br />Year:&nbsp;' . $_SESSION['year1'] . '<br /><h3>Pick Up Address</h3>' . '<br />' . $_SESSION['pickup_onoff'] . '<br />Building/Dorm:&nbsp;' . $_SESSION['pickup_dorm'] . '<br />Room Number:&nbsp;' . $_SESSION['pickup_room'] . '<br />' . '<br />Address:&nbsp;' . $_SESSION['pickup_offaddress'] . '<br />Apartment Number:&nbsp;' . $_SESSION['pickup_offnumber'] . '<br />City:&nbsp;' . $_SESSION['pickup_offcity'] . '<br />State:&nbsp;' . $_SESSION['pickup_offstate'] . '<br />Zip Code:&nbsp;' . $_SESSION['pickup_offzip'] . '<br />How did you hear about us?:&nbsp;' . $_SESSION['howdid'] . '<br /><h3>Drop Off Address</h3>' . '<br />' . $_SESSION['drop_onoff'] . '<br />Building/Dorm:&nbsp;' . $_SESSION['drop_dorm'] . '<br />Room Number:&nbsp;' . $_SESSION['drop_room'] . '<br />Address:&nbsp;' . $_SESSION['drop_offaddress'] . '<br />Apartment Number:&nbsp;' . $_SESSION['drop_offapt'] . '<br />City:&nbsp;' . $_SESSION['drop_offcity'] . '<br />State:&nbsp;' . $_SESSION['drop_offstate'] . '<br />Zip Code:&nbsp;' . $_SESSION['drop_offzip'] .
   
   //new referred
   '<br />Referred Name:&nbsp;' . $_SESSION['refname'] . '<br />Referred Phone Number:&nbsp;' . $_SESSION['refphonearea'] . '&nbsp;' . $_SESSION['refphoneone'] . '&nbsp;' . $_SESSION['refphonetwo'] . '<br />Referred School:&nbsp;' . $_SESSION['refschool'] .
   
   //login3
   
   ////supply drop off
   '<br /><h3>Supply Drop Off Date</h3>' . '<br />Month:&nbsp;' . $_SESSION['month'] . '<br />Day:&nbsp;' . $_SESSION['day'] . '<br />Year:&nbsp;' . $_SESSION['year'] . '<br />Time:&nbsp;' . $_SESSION['time'] . '<br />Customer Requests Extended Hours:&nbsp;' . $_SESSION['extend'] . '<br />' . $_SESSION['notneeded'] .
   
   ////pickup
   '<br /><h3>Pick Up Date</h3>' . '<br />Month:&nbsp;' . $_SESSION['month2'] . '<br />Day:&nbsp;' . $_SESSION['day2'] . '<br />Year:&nbsp;' . $_SESSION['year2'] . '<br />Time:&nbsp;' . $_SESSION['time2'] . '<br />Customer Requests Extended Hours:&nbsp;' . $_SESSION['extend2'] .
   
   ////drop off
   '<br /><h3>Drop Off Date</h3>' . '<br />Month:&nbsp;' . $_SESSION['month3'] . '<br />Day:&nbsp;' . $_SESSION['day3'] . '<br />Year:&nbsp;' . $_SESSION['year3'] . '<br />Time:&nbsp;' . $_SESSION['time3'] . '<br />Customer Requests Extended Hours:&nbsp;' . $_SESSION['extend3'] . '<br />' . $_SESSION['notknown'] .
   
   //login4
   '<br /><h3>Package Deals</h3><br />' . '<br />Supply Package:&nbsp;' . $_SESSION['supply'] . '<br />Starter Package:&nbsp;' . $_SESSION['starter'] . '<br />Bronze Package:&nbsp;' . $_SESSION['bronze'] . '<br />Silver Package:&nbsp;' . $_SESSION['silver'] . '<br />Gold Package:&nbsp;' . $_SESSION['gold'] . '<br />Platinum Package:&nbsp;' . $_SESSION['pla'] . '<br />Diamond Package:&nbsp;' . $_SESSION['dia'] . '<br /><h3>Individual Box Storage</h3>' . '<br />Standard Box Storage:&nbsp;' . $_SESSION['standard'] . '<br />Large Box Storage:&nbsp;' . $_SESSION['large'] . '<br />Poster Tube:&nbsp;' . $_SESSION['poster'] . '<br />Non-PSSS Box:&nbsp;' . $_SESSION['non'] .
   
   //Mis Items Login 4 cont
   '<br /><h3>Miscellanous Items Storage</h3>' . '<br />Extra Small Qty:&nbsp;' . $_SESSION['extrasmallqty'] . '<br />Exta Small Desc:&nbsp;' . $_SESSION['extrasmalldesc'] . '<br />Small Qty:&nbsp;' . $_SESSION['smallqty'] . '<br />Small Desc:&nbsp;' . $_SESSION['smalldesc'] . '<br />Medium Qty:&nbsp;' . $_SESSION['mediumqty'] . '<br />Medium Desc:&nbsp;' . $_SESSION['mediumdesc'] . '<br />Large Qty:&nbsp;' . $_SESSION['largeqty'] . '<br />Large Desc:&nbsp;' . $_SESSION['largedesc'] . '<br />Extra Large Qty:&nbsp;' . $_SESSION['extralargeqty'] . '<br />Exta Large Desc:&nbsp;' . $_SESSION['extralargedesc'] .
   
   //login5
   '<br /><h3>Package Supplies</h3><br />' . '<br />Standard Boxs:&nbsp;' . $_SESSION['standardbox'] . '<br />Large Boxes:&nbsp;' . $_SESSION['largebox'] . '<br />Poster Tubes:&nbsp;' . $_SESSION['postertube'] . '<br />Bubble Wrap:&nbsp;' . $_SESSION['bubble'] . '<br />Tape:&nbsp;' . $_SESSION['tape'] . '<br />Marker and Box Cutter:&nbsp;' . $_SESSION['marker'] . '<br />Supply Package:&nbsp;' . $_SESSION['suppyp'] . '<br /><h3>Other Charges</h3>' . '<br />Extra Insurance:&nbsp;' . $_SESSION['einsure'] . '<br />Over Weight Limit Surcharge:&nbsp;' . $_SESSION['over'] . '<br />Packing Service:&nbsp;' . $_SESSION['pack'] . '<br />Warehouse Pickup:&nbsp;' . $_SESSION['ware'] .
   
   //login6
   '<br /><h3>Customer Has Agreed to Terms and Conditions</h3>' . '<br />Customers Initials:&nbsp;' . $_SESSION['cusinit'] .
   
   //login7
   '<br /><h3>Customer Has Agreed to the Privacy Agreement</h3>' . '<br />Customers Initials:&nbsp;' . $_SESSION['privinit'] .
   
   //login8
   '<br /><h3>Customer Has Agreed to Billing Agreements</h3>' . '<br />Customers Initials:&nbsp;' . $_SESSION['bill'] .
   
   //login9 -billing
   '<br /><h3>Billing Information</h3>' . '<br />Card Holders Name:&nbsp;' . $_SESSION['cardhold'] . '<br />Card Number:&nbsp;' . $_SESSION['cardnum'] . '<br />Card Type:&nbsp;' . $_SESSION['type'] . '<br />CVV Number:&nbsp;' . $_SESSION['cvv'] . '<br />Expiration Date (mm/yyyy):&nbsp;' . $_SESSION['exday'] . '/' . $_SESSION['exyear'] . '<br />Billing Address:&nbsp;' . $_SESSION['billadd'] . '<br />Secondary Billing Address:&nbsp;' . $_SESSION['secbilladd'] . '<br />City:&nbsp;' . $_SESSION['billcity'] . '<br />State:&nbsp;' . $_SESSION['billstate'] . '<br />Zip Code:&nbsp;' . $_SESSION['billzip'] . '<br />Country:&nbsp;' . $_SESSION['billcountry'] .
   
   //login10
   //'<br /><h3>Discounts and Promo Codes</h3>' . '<br />NABA Members:&nbsp;' . $_SESSION['naba'] . '<br />Discount Card:&nbsp;' . $_SESSION['discard'] . '<br />Student Advantage Discount:&nbsp;' . $_SESSION['studentad'] . '<br />Referral Code:&nbsp;' . $_SESSION['refcode'] . '<br />Referred By:&nbsp;' . $_SESSION['refby'];
   
   '<br /><h3>Discounts and Promo Codes</h3>' . '<br />NABA Members:&nbsp;' . $naba . '<br />Discount Card:&nbsp;' . $discard. '<br />Student Advantage Discount:&nbsp;' . $studentad . '<br />Referral Code:&nbsp;' . $refcode . '<br />Referred By:&nbsp;' . $refby . '<br />Additional Comments:&nbsp;' . $com . '<br /> Email Conformation:&nbsp;' . $cemail;
   
   
   function check_input($data, $problem='')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0)
    {
        show_error($problem);
    }
    return $data;
}

   //end of message
    $headers  = "From: $from\r\n";
    $headers .= "Content-type: text/html\r\n";

    //options to send to cc+bcc
    //$headers .= "Cc: [email]maa@p-i-s.cXom[/email]";
    //$headers .= "Bcc: [email]email@maaking.cXom[/email]";
   
    // now lets send the email.
    mail($to, $subject, $message, $headers);
   
?>
bonafidecpo
New php-forum User
New php-forum User
 
Posts: 9
Joined: Thu May 26, 2011 9:30 am

Re: Code Security and Stability Suggestions

Postby Nullsig » Fri May 27, 2011 12:26 pm

What code is showing through on the e-mails?

As far as security, what are your concerns about security?
User avatar
Nullsig
php-forum Fan User
php-forum Fan User
 
Posts: 981
Joined: Thu Feb 17, 2011 6:52 am
Location: Racine, WI

Re: Code Security and Stability Suggestions

Postby bonafidecpo » Fri May 27, 2011 1:27 pm

I'm not really sure where to start when it comes to security. I guess what are the best ways to increase security in a session? This code does pass credit card information which would be the most important section of code.
bonafidecpo
New php-forum User
New php-forum User
 
Posts: 9
Joined: Thu May 26, 2011 9:30 am


Return to PHP coding => Mail

Who is online

Users browsing this forum: Google [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.