sending email to a user

LBC · 11-21-2016, 08:49 AM

Hey mudmin, I have yet another question/challenge Smile

When in the profile of a user (not your own profile but someone else's), I would like to be able to send that user an email using a small form field at the bottom of that page (profile.php).

I understand that the form should retrieve the email address for that specific user from the database, but I am not sure how to go about that really.

Do you have any ideas for that?

Also, is it perhaps possible to hash the email addresses in the DB so they are stored more securely? Or is that not necessary?

**mudmin** · 11-21-2016, 04:54 PM

I'm guessing your system is pretty closed to where it's not a big deal for people to be able to email anyone else in the system.

If you want the email to come from the person who sent the email (as opposed to the system) I would expect a good bit of your emails to go to spam initially. If you want to set some sort of reply-to address in there, you might be able to get by a little better.

The file users/email_test.php has pretty much everything you need to send an email.

So, if you notice, that when you are viewing someone's profile, the page looks like....profile.php?id=2

I've already done the query for you on the profile.php page to get all the info on the user whose profile you're viewing, so
$thatUser->email is the email of the person you're sending to
and
$user->data()->email is the user you're sending from.

LBC · 11-21-2016, 05:21 PM

Cool!I will have a go at that soon.

Any thoughts on securing the email address storage in the database?

**mudmin** · 11-21-2016, 07:23 PM

I generally come from the perspective that if your database is directly accessed, you're screwed anyway. They could definitely be hashed. Even bcrypted if someone wanted to. I may pull @PLB and @brian in on this conversation.

plb · 11-22-2016, 05:32 AM

I don't see any benefits to securing the email address in the database. If there's something we're missing perhaps you could elaborate or point to a link recommending a best practice or sth...

LBC · 11-22-2016, 06:52 AM

Hello plb,

The reason I asked is because I had a profile page which showed the accompanying email address to logged in users and didn't show it to people not logged in. However, when I looked at the page source while not logged in it did actually show the email address. So that was not very secure.

In other words the php was hiding it front-end...but not back-end Smile

That made me wonder if there was a way to secure the email addresses in the database so it wouldn't show up like an email address in the page source.

**mudmin** · 11-22-2016, 07:17 AM

Oh. In that case, you can do

if($user->isLoggedIn(){
//echo email address
}

Then it won't show it, even if you read the page source.

LBC · 11-23-2016, 09:09 AM

Hey,

I cannot seem to get that sending an email to a user right.
I'm using this form:

<pre>

Code:
<?php

        if (isset($_POST["submit"])) {

        $name = $_POST['name'];

        $email = $_POST['email'];

        $message = $_POST['message'];

        $human = intval($_POST['human']);

        $from = $user->data()->email['email']; 

        $to = $thatUser->email; 

        $subject = 'Message from Local Positivity Finder';

        $body ="From: $name\n E-Mail: $email\n Message: $message\n"; 

        // Check if name has been entered

        if (!$_POST['name']) {

            $errName = 'Please enter your name';

        }

        // Check if email has been entered and is valid

        if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {

            $errEmail = 'Please enter a valid email address';

        }

        //Check if message has been entered

        if (!$_POST['message']) {

            $errMessage = 'Please enter your message';

        }

        //Check if simple anti-bot test is correct

        if ($human !== 5) {

            $errHuman = 'Your anti-spam is incorrect';

        }

        // If there are no errors, send the email

        if (!$errName && !$errEmail && !$errMessage && !$errHuman) {

        if (mail ($to, $subject, $body)) {

            Redirect::to($us_url_root.'users/contact_success.php');

        } else {

            Redirect::to($us_url_root.'users/contact_error.php');

        }

        }

}

?>

</pre>

Any idea what im doing wrong?

**mudmin** · 11-24-2016, 04:20 PM

I'm taking a look. I need to setup mail on one of my installs.

**mudmin** · 11-24-2016, 04:48 PM

You didn't include your actual form...if you want to paste it on pastebin and give me the link that would probably help, but I can see a few things off the bat...

Code:
$from = $user->data()->email['email'];

should probably be...

Code:
$from = $user->data()->email;

Secondly, you may want to consider using

Code:
$name = Input::get('name');

instead of

Code:
$name = $_POST['name'];

It most likely wouldn't be a problem on sending emails, but that would sanitize the input in case someone was doing something mischievous. Do this especially if you plan on saving a copy of the sent message to the database.

You may not be able to do it for the email address. It's been a while since I've done that.

Either way, try fixing the

Code:
$from = $user->data()->email;

and see if it sends. If not, we can look a little farther.

Login




Remember me Lost Password?