There have been problems with my usage of the php mail function.<br /><br />Technical support wrote me this:<br />"If you use email scripts you will need to ensure that they are secure and not<br />capable of being email injected / Exploited."<br /><br />This was the code in my php file:<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />$subject='somthing';<br />$message='Your username is: abc;<br /><br />$headers = "MIME-Version: 1.0\n";<br />$headers .= "Content-type: text/plain; charset=iso-8859-1\n";<br />$headers .= "X-Priority: 3\n";<br />$headers .= "X-MSMail-Priority: Normal\n";<br />$headers .= "X-Mailer: PHP/"."MIME-Version: 1.0\n";<br />$headers .= "From: me\n";<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />What should I change to comply with TC guidelines?<br /><br />Thanks,<br /><br />Gio<!--content-->
Welcome to the forum, Gio<br /><br />You would do yourself better using a form processing script like Ultimate Form Mail that is known to be secure (presently) from header injections.<br /><br />You can find a link to UFM in <a href="http://www.totalchoicehosting.com/forums/index.php?showtopic=24466" target="_blank">this thread</a><!--content-->
Welcome to the forum, Gio!<!--content-->
I agree with TCH-Bruce - try UFM - it's the best I've found.<!--content-->
Welcome to the forums, Gio<!--content-->
welcome to the forums <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forum, Gio. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Hello All,<br /><br />I am bothered by the same issue here, All my sites email functions are shut down and I was asked to use<br />PHPMailer class instead of PHP mail() function<br /><br />However, I installed the class which was not a problem for one function on one script and tested it and got the same result it doesn't work and the mail get's bounced back to me.<br /><br />My issue is this, I don't see how total choice could possible expect each webmaster on their server to use one phpmail program or another when most of the time we purchase these scripts i.e. wowbb, Vbulliten, Linking Scripts and on and on from other sources. To say that we have edit the code to install some other php script just doesn't seem realistic to me. Since what will happen is the script you've decided to promote as secure suddenly get's HACKed by some 8 year old with nothing better todo...LOL and we are back in the same boat again. Not only that but we've spent hundreds of dollors modifing scripts and hundreds of man hours.<br /><br />I'm all for security, hands down but maybe something that gets the job done and would be easier to manage would be best.<br /> <br />If your up for an idea then here is my two cents on this whole mail problem<br /><br />Another way of offering the protection I think you guys are going for would be to give each website an MD5 encryption or hash if you like that must appear<br />in the body of the message. It would be some cyptic word or number that only total choice hosting knows and all we webmasters have to do is<br />add this in the body of all out going mails from scripts using php mail classes or functions....I believe this would be very easy to control....All you guys would need to do is scan outbound mail from the scripts for this MD5 code if you find it then the mail is released if not it's bounced....very simple I think<br /><br />You could even do something like<br />Total choice hosting secret string<br />H7drriLdzmek1<br />you give the above code to the webmasters on a server lets say that code above is = "sever336" and of course you guys know this since you made it up.<br /><br />So you tell me that any script I load on your server that sends mail that this code above must appear somewhere in the body of the message, visible or invisible you don't care.<br /><br />We also must add our domain to your encryption of "server336" which = H7drriLdzmek1<br /><br />So we do something like the following<br />$messagebody . = "what ever our outbound message is: Hello World";<br />$messagebody . = base64_encode( intimateassociates.com )."_".H7drriLdzmek1;<br />$sent = mail( $recipient, $subject, $message, $headers );<br /><br />Now on where ever the mail function sends the message to after that,( I don't know ), but it's on<br />Total Choice hostings side you guys get the mail and parse the body of the mail i.e.<br /><br />list( $domain, $server ) = explode("_",$messagebody); #this may actual need to be in a while loop in case someone actually uses an _ in the body of the message...LOL<br /><br />You guys set up a couple of arrays one for all your server names that are MD5 hashed and all the domain<br />names on each server then do a little compare thing like this<br /><br />foreach ( server_array_domain_list on server as $var) {<br /> if ( base64_decode($domain) == $var AND $server336 == "H7drriLdzmek1" )<br /> $sendmail = TRUE;<br /> else $sendmail = FALSE;<br />}<br /><br />if sendmail true then send the mail else bounce it.<br /><br />Keep in mind how most of this scripts are used, generally speaking we have textarea boxes with a template email that we can edit quickly and easily so all we would need is a base64 encode of our domain name and your secret code and stuff something like this in to our emails that use scripts to send mails<br /><br />ALKJDLlksajfsyw**(a;AJKD==_H7drriLdzmek1<br />you guys explode on _ so now you have a decodeable domain name and a none decodeable secret code to do your comparision.<br /><br />The great thing is if we use HTML mails then this code i.e. ALKJDLlksajfsyw**(a;AJKD==_H7drriLdzmek1<br />can be hidden in the message body between html tags.<br /><br /><br />Anyway just a thought, so whe do we think we'll have mails back up an running??<!--content-->
Hello rr1024, Welcome to the forums!<br /><br />All that we ask is that the mail script you use is secure and that your authenticating sending.<br /><br />Also since many people do not use HTML email, you can not hide a MD5 string in the email, also processing this in an email would take up valuable server resources.<br /><br />Thanks<br /><br />JimE<!--content-->
Welcome to the forums rr1024<!--content-->
Welcome to the TCH Family Forum!<!--content-->
Welcome to the forum, rr1024. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forums rr1024!<!--content-->
Welcome to the forum, Gio<br /><br />You would do yourself better using a form processing script like Ultimate Form Mail that is known to be secure (presently) from header injections.<br /><br />You can find a link to UFM in <a href="http://www.totalchoicehosting.com/forums/index.php?showtopic=24466" target="_blank">this thread</a><!--content-->
Welcome to the forum, Gio!<!--content-->
I agree with TCH-Bruce - try UFM - it's the best I've found.<!--content-->
Welcome to the forums, Gio<!--content-->
welcome to the forums <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forum, Gio. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Hello All,<br /><br />I am bothered by the same issue here, All my sites email functions are shut down and I was asked to use<br />PHPMailer class instead of PHP mail() function<br /><br />However, I installed the class which was not a problem for one function on one script and tested it and got the same result it doesn't work and the mail get's bounced back to me.<br /><br />My issue is this, I don't see how total choice could possible expect each webmaster on their server to use one phpmail program or another when most of the time we purchase these scripts i.e. wowbb, Vbulliten, Linking Scripts and on and on from other sources. To say that we have edit the code to install some other php script just doesn't seem realistic to me. Since what will happen is the script you've decided to promote as secure suddenly get's HACKed by some 8 year old with nothing better todo...LOL and we are back in the same boat again. Not only that but we've spent hundreds of dollors modifing scripts and hundreds of man hours.<br /><br />I'm all for security, hands down but maybe something that gets the job done and would be easier to manage would be best.<br /> <br />If your up for an idea then here is my two cents on this whole mail problem<br /><br />Another way of offering the protection I think you guys are going for would be to give each website an MD5 encryption or hash if you like that must appear<br />in the body of the message. It would be some cyptic word or number that only total choice hosting knows and all we webmasters have to do is<br />add this in the body of all out going mails from scripts using php mail classes or functions....I believe this would be very easy to control....All you guys would need to do is scan outbound mail from the scripts for this MD5 code if you find it then the mail is released if not it's bounced....very simple I think<br /><br />You could even do something like<br />Total choice hosting secret string<br />H7drriLdzmek1<br />you give the above code to the webmasters on a server lets say that code above is = "sever336" and of course you guys know this since you made it up.<br /><br />So you tell me that any script I load on your server that sends mail that this code above must appear somewhere in the body of the message, visible or invisible you don't care.<br /><br />We also must add our domain to your encryption of "server336" which = H7drriLdzmek1<br /><br />So we do something like the following<br />$messagebody . = "what ever our outbound message is: Hello World";<br />$messagebody . = base64_encode( intimateassociates.com )."_".H7drriLdzmek1;<br />$sent = mail( $recipient, $subject, $message, $headers );<br /><br />Now on where ever the mail function sends the message to after that,( I don't know ), but it's on<br />Total Choice hostings side you guys get the mail and parse the body of the mail i.e.<br /><br />list( $domain, $server ) = explode("_",$messagebody); #this may actual need to be in a while loop in case someone actually uses an _ in the body of the message...LOL<br /><br />You guys set up a couple of arrays one for all your server names that are MD5 hashed and all the domain<br />names on each server then do a little compare thing like this<br /><br />foreach ( server_array_domain_list on server as $var) {<br /> if ( base64_decode($domain) == $var AND $server336 == "H7drriLdzmek1" )<br /> $sendmail = TRUE;<br /> else $sendmail = FALSE;<br />}<br /><br />if sendmail true then send the mail else bounce it.<br /><br />Keep in mind how most of this scripts are used, generally speaking we have textarea boxes with a template email that we can edit quickly and easily so all we would need is a base64 encode of our domain name and your secret code and stuff something like this in to our emails that use scripts to send mails<br /><br />ALKJDLlksajfsyw**(a;AJKD==_H7drriLdzmek1<br />you guys explode on _ so now you have a decodeable domain name and a none decodeable secret code to do your comparision.<br /><br />The great thing is if we use HTML mails then this code i.e. ALKJDLlksajfsyw**(a;AJKD==_H7drriLdzmek1<br />can be hidden in the message body between html tags.<br /><br /><br />Anyway just a thought, so whe do we think we'll have mails back up an running??<!--content-->
Hello rr1024, Welcome to the forums!<br /><br />All that we ask is that the mail script you use is secure and that your authenticating sending.<br /><br />Also since many people do not use HTML email, you can not hide a MD5 string in the email, also processing this in an email would take up valuable server resources.<br /><br />Thanks<br /><br />JimE<!--content-->
Welcome to the forums rr1024<!--content-->
Welcome to the TCH Family Forum!<!--content-->
Welcome to the forum, rr1024. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forums rr1024!<!--content-->