The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/printthread.php 16 require_once
Warning [2] Undefined property: MyLanguage::$archive_pages - Line: 2 - File: printthread.php(287) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/printthread.php(287) : eval()'d code 2 errorHandler->error
/printthread.php 287 eval
/printthread.php 117 printthread_multipage



UserSpice
sending email to a user - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28)
+--- Forum: Modifications and Hackery (https://userspice.com/forums/forumdisplay.php?fid=29)
+--- Thread: sending email to a user (/showthread.php?tid=356)

Pages: 1 2


sending email to a user - LBC - 11-21-2016

Hey mudmin, I have yet another question/challenge Smile

When in the profile of a user (not your own profile but someone else's), I would like to be able to send that user an email using a small form field at the bottom of that page (profile.php).

I understand that the form should retrieve the email address for that specific user from the database, but I am not sure how to go about that really.

Do you have any ideas for that?

Also, is it perhaps possible to hash the email addresses in the DB so they are stored more securely? Or is that not necessary?



sending email to a user - mudmin - 11-21-2016

I'm guessing your system is pretty closed to where it's not a big deal for people to be able to email anyone else in the system.

If you want the email to come from the person who sent the email (as opposed to the system) I would expect a good bit of your emails to go to spam initially. If you want to set some sort of reply-to address in there, you might be able to get by a little better.

The file users/email_test.php has pretty much everything you need to send an email.

So, if you notice, that when you are viewing someone's profile, the page looks like....profile.php?id=2

I've already done the query for you on the profile.php page to get all the info on the user whose profile you're viewing, so
$thatUser->email is the email of the person you're sending to
and
$user->data()->email is the user you're sending from.






sending email to a user - LBC - 11-21-2016

Cool!I will have a go at that soon.

Any thoughts on securing the email address storage in the database?


sending email to a user - mudmin - 11-21-2016

I generally come from the perspective that if your database is directly accessed, you're screwed anyway. They could definitely be hashed. Even bcrypted if someone wanted to. I may pull @PLB and @brian in on this conversation.


sending email to a user - plb - 11-22-2016

I don't see any benefits to securing the email address in the database. If there's something we're missing perhaps you could elaborate or point to a link recommending a best practice or sth...


sending email to a user - LBC - 11-22-2016

Hello plb,

The reason I asked is because I had a profile page which showed the accompanying email address to logged in users and didn't show it to people not logged in. However, when I looked at the page source while not logged in it did actually show the email address. So that was not very secure.

In other words the php was hiding it front-end...but not back-end Smile

That made me wonder if there was a way to secure the email addresses in the database so it wouldn't show up like an email address in the page source.




sending email to a user - mudmin - 11-22-2016

Oh. In that case, you can do

if($user->isLoggedIn(){
//echo email address
}

Then it won't show it, even if you read the page source.


sending email to a user - LBC - 11-23-2016

Hey,

I cannot seem to get that sending an email to a user right.
I'm using this form:

<pre>
Code:
<?php
        if (isset($_POST["submit"])) {

        $name = $_POST['name'];
        $email = $_POST['email'];
        $message = $_POST['message'];
        $human = intval($_POST['human']);
        $from = $user->data()->email['email'];
        $to = $thatUser->email;
        $subject = 'Message from Local Positivity Finder';
        
        $body ="From: $name\n E-Mail: $email\n Message: $message\n";

        // Check if name has been entered
        if (!$_POST['name']) {
            $errName = 'Please enter your name';
        }
        
        // Check if email has been entered and is valid
        if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
            $errEmail = 'Please enter a valid email address';
        }
        
        //Check if message has been entered
        if (!$_POST['message']) {
            $errMessage = 'Please enter your message';
        }
        //Check if simple anti-bot test is correct
        if ($human !== 5) {
            $errHuman = 'Your anti-spam is incorrect';
        }
        
        // If there are no errors, send the email
        if (!$errName && !$errEmail && !$errMessage && !$errHuman) {
        if (mail ($to, $subject, $body)) {
            Redirect::to($us_url_root.'users/contact_success.php');
        } else {
            Redirect::to($us_url_root.'users/contact_error.php');
        }
        }
}

?>
</pre>


Any idea what im doing wrong?


sending email to a user - mudmin - 11-24-2016

I'm taking a look. I need to setup mail on one of my installs.



sending email to a user - mudmin - 11-24-2016

You didn't include your actual form...if you want to paste it on pastebin and give me the link that would probably help, but I can see a few things off the bat...

Code:
$from = $user->data()->email['email'];
should probably be...
Code:
$from = $user->data()->email;

Secondly, you may want to consider using
Code:
$name = Input::get('name');
instead of
Code:
$name = $_POST['name'];

It most likely wouldn't be a problem on sending emails, but that would sanitize the input in case someone was doing something mischievous. Do this especially if you plan on saving a copy of the sent message to the database.

You may not be able to do it for the email address. It's been a while since I've done that.

Either way, try fixing the
Code:
$from = $user->data()->email;

and see if it sends. If not, we can look a little farther.