PHP email script

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite












This is my first OOP script, a PHP email script designed for a site I'm working on: ndkutz(.)net. I want a user to be able to send an email to the barbershop owner from the website. I'm self taught and even though I know I'm on the right track I feel absolutely lost. Is my code any good?



<?php

 $error = '';
 $errormsg = '';
 $finalMessage = '';
 $finalName = '';
 $finalSubject = '';
 $finalTo = '';
 $finalHeader = '';
 $sendingEmail = '';

class emailConstruction 

 private $from = "";
 private $name = "";
 private $message = "";

 public function scrubAll($data) 
 $data = htmlspecialchars($data);
 $data = trim($data);
 $data = strip_tags($data);
 return $data;
 

 public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;
 

 public function getFrom()
 return $this->from;
 

 public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;
 

 public function getName()
 return $this->name;
 


 public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;
 

 public function getMessage()
 return $this->message;
 


if(isset($_POST['submit']))
 
 if(empty($_POST['uname']))
 
 $error = 1;
 $errormsg = "Your name is required.";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setName($_POST['uname']);
 
 if(empty($_POST['umail']))
 
 $error = 1;
 $errormsg = "Email address required.";
 return false;
 else 
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setTo($_POST['umail']);
 
 if(empty($_POST['umsg']))
 
 $error = 1;
 $errormsg = "Message is required";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setMessage($_POST['umsg']);
 
 if($error = 0)
 $finalHeader = 'from:' . $finalFrom;
 $finalHeader .='MIME-Version: 1.0rn';
 $finalHeader .='Content-type: text/htmlrn';
 $finalMessage = $createEmail->getMessage();
 $finalName = $createEmail->getName();
 $finalSubject = 'New potiential client by the name of ' . $finalName;
 $finalTo = $createEmail->getTo();

 $sendingEmail = mail($finalTo,$finalSubject,$finalMessage,$finalHeader);
 if($sendingEmail == true)
 
 $emailMessageS = 'Email sent successfully!';
 else
 $emailMessageF = 'Error. Please try again!';
 
 
 
?>



php email




share|improve this question





















  • Welcome to Code Review! This question is incomplete. To help reviewers give you better answers, please add sufficient context to your question. The more you tell us about what your code does and what the purpose of doing that is, the easier it will be for reviewers to help you. Questions should include a description of what the code does
    – Dannnno
    Apr 6 at 2:12










  • It's for a site I'm working on ndkutz dot net. I want a user to be able to send an email to the barbershop owner from the website.
    – Rickie Knight
    Apr 6 at 3:08










  • @Dannnno come on, you you really need a context for sending an email? Well, the purpose of this code is... to send an email.
    – Your Common Sense
    Apr 6 at 5:12






  • 1




    To discuss the code itself: What I find weird is that you have a 'mail' class, but you only use it to store and retrieve 3 values. That's perfectly alright in itself, but why not have a mail class that can actually send a mail for you? In other words, you set the fields needed and then just use a method like: $email->sendTo('receiver@there.you.go'); to send it.
    – KIKO Software
    Apr 6 at 6:56











  • Reiterates the fact that it's my first OO script but thanks.
    – Rickie Knight
    Apr 6 at 7:59
















up vote
1
down vote

favorite












This is my first OOP script, a PHP email script designed for a site I'm working on: ndkutz(.)net. I want a user to be able to send an email to the barbershop owner from the website. I'm self taught and even though I know I'm on the right track I feel absolutely lost. Is my code any good?



<?php

 $error = '';
 $errormsg = '';
 $finalMessage = '';
 $finalName = '';
 $finalSubject = '';
 $finalTo = '';
 $finalHeader = '';
 $sendingEmail = '';

class emailConstruction 

 private $from = "";
 private $name = "";
 private $message = "";

 public function scrubAll($data) 
 $data = htmlspecialchars($data);
 $data = trim($data);
 $data = strip_tags($data);
 return $data;
 

 public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;
 

 public function getFrom()
 return $this->from;
 

 public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;
 

 public function getName()
 return $this->name;
 


 public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;
 

 public function getMessage()
 return $this->message;
 


if(isset($_POST['submit']))
 
 if(empty($_POST['uname']))
 
 $error = 1;
 $errormsg = "Your name is required.";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setName($_POST['uname']);
 
 if(empty($_POST['umail']))
 
 $error = 1;
 $errormsg = "Email address required.";
 return false;
 else 
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setTo($_POST['umail']);
 
 if(empty($_POST['umsg']))
 
 $error = 1;
 $errormsg = "Message is required";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setMessage($_POST['umsg']);
 
 if($error = 0)
 $finalHeader = 'from:' . $finalFrom;
 $finalHeader .='MIME-Version: 1.0rn';
 $finalHeader .='Content-type: text/htmlrn';
 $finalMessage = $createEmail->getMessage();
 $finalName = $createEmail->getName();
 $finalSubject = 'New potiential client by the name of ' . $finalName;
 $finalTo = $createEmail->getTo();

 $sendingEmail = mail($finalTo,$finalSubject,$finalMessage,$finalHeader);
 if($sendingEmail == true)
 
 $emailMessageS = 'Email sent successfully!';
 else
 $emailMessageF = 'Error. Please try again!';
 
 
 
?>



php email




share|improve this question





















  • Welcome to Code Review! This question is incomplete. To help reviewers give you better answers, please add sufficient context to your question. The more you tell us about what your code does and what the purpose of doing that is, the easier it will be for reviewers to help you. Questions should include a description of what the code does
    – Dannnno
    Apr 6 at 2:12










  • It's for a site I'm working on ndkutz dot net. I want a user to be able to send an email to the barbershop owner from the website.
    – Rickie Knight
    Apr 6 at 3:08










  • @Dannnno come on, you you really need a context for sending an email? Well, the purpose of this code is... to send an email.
    – Your Common Sense
    Apr 6 at 5:12






  • 1




    To discuss the code itself: What I find weird is that you have a 'mail' class, but you only use it to store and retrieve 3 values. That's perfectly alright in itself, but why not have a mail class that can actually send a mail for you? In other words, you set the fields needed and then just use a method like: $email->sendTo('receiver@there.you.go'); to send it.
    – KIKO Software
    Apr 6 at 6:56











  • Reiterates the fact that it's my first OO script but thanks.
    – Rickie Knight
    Apr 6 at 7:59












up vote
1
down vote

favorite









up vote
1
down vote

favorite











This is my first OOP script, a PHP email script designed for a site I'm working on: ndkutz(.)net. I want a user to be able to send an email to the barbershop owner from the website. I'm self taught and even though I know I'm on the right track I feel absolutely lost. Is my code any good?



<?php

 $error = '';
 $errormsg = '';
 $finalMessage = '';
 $finalName = '';
 $finalSubject = '';
 $finalTo = '';
 $finalHeader = '';
 $sendingEmail = '';

class emailConstruction 

 private $from = "";
 private $name = "";
 private $message = "";

 public function scrubAll($data) 
 $data = htmlspecialchars($data);
 $data = trim($data);
 $data = strip_tags($data);
 return $data;
 

 public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;
 

 public function getFrom()
 return $this->from;
 

 public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;
 

 public function getName()
 return $this->name;
 


 public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;
 

 public function getMessage()
 return $this->message;
 


if(isset($_POST['submit']))
 
 if(empty($_POST['uname']))
 
 $error = 1;
 $errormsg = "Your name is required.";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setName($_POST['uname']);
 
 if(empty($_POST['umail']))
 
 $error = 1;
 $errormsg = "Email address required.";
 return false;
 else 
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setTo($_POST['umail']);
 
 if(empty($_POST['umsg']))
 
 $error = 1;
 $errormsg = "Message is required";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setMessage($_POST['umsg']);
 
 if($error = 0)
 $finalHeader = 'from:' . $finalFrom;
 $finalHeader .='MIME-Version: 1.0rn';
 $finalHeader .='Content-type: text/htmlrn';
 $finalMessage = $createEmail->getMessage();
 $finalName = $createEmail->getName();
 $finalSubject = 'New potiential client by the name of ' . $finalName;
 $finalTo = $createEmail->getTo();

 $sendingEmail = mail($finalTo,$finalSubject,$finalMessage,$finalHeader);
 if($sendingEmail == true)
 
 $emailMessageS = 'Email sent successfully!';
 else
 $emailMessageF = 'Error. Please try again!';
 
 
 
?>



php email




share|improve this question













This is my first OOP script, a PHP email script designed for a site I'm working on: ndkutz(.)net. I want a user to be able to send an email to the barbershop owner from the website. I'm self taught and even though I know I'm on the right track I feel absolutely lost. Is my code any good?



<?php

 $error = '';
 $errormsg = '';
 $finalMessage = '';
 $finalName = '';
 $finalSubject = '';
 $finalTo = '';
 $finalHeader = '';
 $sendingEmail = '';

class emailConstruction 

 private $from = "";
 private $name = "";
 private $message = "";

 public function scrubAll($data) 
 $data = htmlspecialchars($data);
 $data = trim($data);
 $data = strip_tags($data);
 return $data;
 

 public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;
 

 public function getFrom()
 return $this->from;
 

 public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;
 

 public function getName()
 return $this->name;
 


 public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;
 

 public function getMessage()
 return $this->message;
 


if(isset($_POST['submit']))
 
 if(empty($_POST['uname']))
 
 $error = 1;
 $errormsg = "Your name is required.";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setName($_POST['uname']);
 
 if(empty($_POST['umail']))
 
 $error = 1;
 $errormsg = "Email address required.";
 return false;
 else 
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setTo($_POST['umail']);
 
 if(empty($_POST['umsg']))
 
 $error = 1;
 $errormsg = "Message is required";
 return false;
 else
 $error = 0;
 $createEmail = new emailConstruction;
 $createEmail->setMessage($_POST['umsg']);
 
 if($error = 0)
 $finalHeader = 'from:' . $finalFrom;
 $finalHeader .='MIME-Version: 1.0rn';
 $finalHeader .='Content-type: text/htmlrn';
 $finalMessage = $createEmail->getMessage();
 $finalName = $createEmail->getName();
 $finalSubject = 'New potiential client by the name of ' . $finalName;
 $finalTo = $createEmail->getTo();

 $sendingEmail = mail($finalTo,$finalSubject,$finalMessage,$finalHeader);
 if($sendingEmail == true)
 
 $emailMessageS = 'Email sent successfully!';
 else
 $emailMessageF = 'Error. Please try again!';
 
 
 
?>




php email





share|improve this question












share|improve this question




share|improve this question








edited Apr 6 at 3:42
























asked Apr 6 at 1:35









Rickie Knight

84




84











  • Welcome to Code Review! This question is incomplete. To help reviewers give you better answers, please add sufficient context to your question. The more you tell us about what your code does and what the purpose of doing that is, the easier it will be for reviewers to help you. Questions should include a description of what the code does
    – Dannnno
    Apr 6 at 2:12










  • It's for a site I'm working on ndkutz dot net. I want a user to be able to send an email to the barbershop owner from the website.
    – Rickie Knight
    Apr 6 at 3:08










  • @Dannnno come on, you you really need a context for sending an email? Well, the purpose of this code is... to send an email.
    – Your Common Sense
    Apr 6 at 5:12






  • 1




    To discuss the code itself: What I find weird is that you have a 'mail' class, but you only use it to store and retrieve 3 values. That's perfectly alright in itself, but why not have a mail class that can actually send a mail for you? In other words, you set the fields needed and then just use a method like: $email->sendTo('receiver@there.you.go'); to send it.
    – KIKO Software
    Apr 6 at 6:56











  • Reiterates the fact that it's my first OO script but thanks.
    – Rickie Knight
    Apr 6 at 7:59
















  • Welcome to Code Review! This question is incomplete. To help reviewers give you better answers, please add sufficient context to your question. The more you tell us about what your code does and what the purpose of doing that is, the easier it will be for reviewers to help you. Questions should include a description of what the code does
    – Dannnno
    Apr 6 at 2:12










  • It's for a site I'm working on ndkutz dot net. I want a user to be able to send an email to the barbershop owner from the website.
    – Rickie Knight
    Apr 6 at 3:08










  • @Dannnno come on, you you really need a context for sending an email? Well, the purpose of this code is... to send an email.
    – Your Common Sense
    Apr 6 at 5:12






  • 1




    To discuss the code itself: What I find weird is that you have a 'mail' class, but you only use it to store and retrieve 3 values. That's perfectly alright in itself, but why not have a mail class that can actually send a mail for you? In other words, you set the fields needed and then just use a method like: $email->sendTo('receiver@there.you.go'); to send it.
    – KIKO Software
    Apr 6 at 6:56











  • Reiterates the fact that it's my first OO script but thanks.
    – Rickie Knight
    Apr 6 at 7:59















Welcome to Code Review! This question is incomplete. To help reviewers give you better answers, please add sufficient context to your question. The more you tell us about what your code does and what the purpose of doing that is, the easier it will be for reviewers to help you. Questions should include a description of what the code does
– Dannnno
Apr 6 at 2:12




Welcome to Code Review! This question is incomplete. To help reviewers give you better answers, please add sufficient context to your question. The more you tell us about what your code does and what the purpose of doing that is, the easier it will be for reviewers to help you. Questions should include a description of what the code does
– Dannnno
Apr 6 at 2:12












It's for a site I'm working on ndkutz dot net. I want a user to be able to send an email to the barbershop owner from the website.
– Rickie Knight
Apr 6 at 3:08




It's for a site I'm working on ndkutz dot net. I want a user to be able to send an email to the barbershop owner from the website.
– Rickie Knight
Apr 6 at 3:08












@Dannnno come on, you you really need a context for sending an email? Well, the purpose of this code is... to send an email.
– Your Common Sense
Apr 6 at 5:12




@Dannnno come on, you you really need a context for sending an email? Well, the purpose of this code is... to send an email.
– Your Common Sense
Apr 6 at 5:12




1




1




To discuss the code itself: What I find weird is that you have a 'mail' class, but you only use it to store and retrieve 3 values. That's perfectly alright in itself, but why not have a mail class that can actually send a mail for you? In other words, you set the fields needed and then just use a method like: $email->sendTo('receiver@there.you.go'); to send it.
– KIKO Software
Apr 6 at 6:56





To discuss the code itself: What I find weird is that you have a 'mail' class, but you only use it to store and retrieve 3 values. That's perfectly alright in itself, but why not have a mail class that can actually send a mail for you? In other words, you set the fields needed and then just use a method like: $email->sendTo('receiver@there.you.go'); to send it.
– KIKO Software
Apr 6 at 6:56













Reiterates the fact that it's my first OO script but thanks.
– Rickie Knight
Apr 6 at 7:59




Reiterates the fact that it's my first OO script but thanks.
– Rickie Knight
Apr 6 at 7:59










2 Answers
2






active

oldest

votes

















up vote
1
down vote



accepted










There are several issues to review



OOP



First off, it's a good intention but a very bad implementation.

A class should be made on purpose, but this class' purpose is uncertain. Why would you need a class that just prepares the data but not a class that sends the actual email?



In your place I would create a class that has methods like setSubject(), setTo(), setBody() and - most important one - send(). Such a class would have a very good use.



Cargo cult code



No offense, but every operator in your code should be justified. Writing a certain operator only because you've seen it used somewhere makes a cargo cult code (the name is from the story about savages on the Pacific islands creating straw planes during WWII in hopes those will bring cargo as good as real ones). Unfortunately, almost none of them are. Take scrubAll() method for example.




  • htmlspecialchars() and strip_tags() are mutual exclusive functions. Once you run the former, the latter will find nothing to strip. you should apply only one of them and it should be htmlspecialchars() as it does less harm


  • trim() could be useful, but I don't think it's necessary in this case

so it makes your scrubAll function rather useless.




  • stripslashes() used in setfrom() is absolutely of no use. It could have been used under some conditions 10 years ago but in 2018 it makes no sense to call it just in case. I had to use it only once in the recent 5 years, to fix a malformed JSON string.

Security.



Ironically, but despite all these preparations your code is still vulnerable to Mail Injection attack. With user input injected right into headers it's just a textbook example.



At best, you should never put anything from the user input into mail headers. Let alone "From:" header which will likely get your email in spam.



If you want a neat way to reply, make it "Reply-to:" header and validate the entered email, an example could be taken straight from the manual page.



Conclusion.



So, take out all getters from your class, call it "sendMail", remove useless functions and add a send() method which should assume the code which is in the global scope now



For the model example you may want to take a look at PHPMailer's usage examples. It is not that I ask you to write something similar but just to look at the way it is called in these examples.






share|improve this answer























  • I appreciate your constructive criticism and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:37










  • Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
    – Rickie Knight
    Apr 7 at 20:43










  • That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
    – Your Common Sense
    Apr 8 at 5:53

















up vote
0
down vote













One point that should be made about your code is this:



public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;



Your setfrom() method is receiving the $from variable. You strip the slashes from it and assign the result to $this->from.



But then, you reassign $this->from to be equal to the original $from. So that essentially ignored the first line.



It's like this:



  • I email you a Word document.

  • You edit the document and save it as a new file. (in line 1 of the
    method)

  • You take my original document and paste it over the copy you just
    edited. (in line 2)

You do this a couple more times:



public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;


public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;



In each case, remove the last line of each function. You have already defined $this->name or $this->message.



Also, you can use multiple functions on a single variable. For that last chunk of code, you could write just this to achieve the same result:



public function setMessage($message) 
 $this->message = wordwrap(scrubAll($data), 70, "<br>");






share|improve this answer





















  • I appreciate your help and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:38










Your Answer




StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f191370%2fphp-email-script%23new-answer', 'question_page');

);

Post as a guest

















2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










There are several issues to review



OOP



First off, it's a good intention but a very bad implementation.

A class should be made on purpose, but this class' purpose is uncertain. Why would you need a class that just prepares the data but not a class that sends the actual email?



In your place I would create a class that has methods like setSubject(), setTo(), setBody() and - most important one - send(). Such a class would have a very good use.



Cargo cult code



No offense, but every operator in your code should be justified. Writing a certain operator only because you've seen it used somewhere makes a cargo cult code (the name is from the story about savages on the Pacific islands creating straw planes during WWII in hopes those will bring cargo as good as real ones). Unfortunately, almost none of them are. Take scrubAll() method for example.




  • htmlspecialchars() and strip_tags() are mutual exclusive functions. Once you run the former, the latter will find nothing to strip. you should apply only one of them and it should be htmlspecialchars() as it does less harm


  • trim() could be useful, but I don't think it's necessary in this case

so it makes your scrubAll function rather useless.




  • stripslashes() used in setfrom() is absolutely of no use. It could have been used under some conditions 10 years ago but in 2018 it makes no sense to call it just in case. I had to use it only once in the recent 5 years, to fix a malformed JSON string.

Security.



Ironically, but despite all these preparations your code is still vulnerable to Mail Injection attack. With user input injected right into headers it's just a textbook example.



At best, you should never put anything from the user input into mail headers. Let alone "From:" header which will likely get your email in spam.



If you want a neat way to reply, make it "Reply-to:" header and validate the entered email, an example could be taken straight from the manual page.



Conclusion.



So, take out all getters from your class, call it "sendMail", remove useless functions and add a send() method which should assume the code which is in the global scope now



For the model example you may want to take a look at PHPMailer's usage examples. It is not that I ask you to write something similar but just to look at the way it is called in these examples.






share|improve this answer























  • I appreciate your constructive criticism and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:37










  • Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
    – Rickie Knight
    Apr 7 at 20:43










  • That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
    – Your Common Sense
    Apr 8 at 5:53














up vote
1
down vote



accepted










There are several issues to review



OOP



First off, it's a good intention but a very bad implementation.

A class should be made on purpose, but this class' purpose is uncertain. Why would you need a class that just prepares the data but not a class that sends the actual email?



In your place I would create a class that has methods like setSubject(), setTo(), setBody() and - most important one - send(). Such a class would have a very good use.



Cargo cult code



No offense, but every operator in your code should be justified. Writing a certain operator only because you've seen it used somewhere makes a cargo cult code (the name is from the story about savages on the Pacific islands creating straw planes during WWII in hopes those will bring cargo as good as real ones). Unfortunately, almost none of them are. Take scrubAll() method for example.




  • htmlspecialchars() and strip_tags() are mutual exclusive functions. Once you run the former, the latter will find nothing to strip. you should apply only one of them and it should be htmlspecialchars() as it does less harm


  • trim() could be useful, but I don't think it's necessary in this case

so it makes your scrubAll function rather useless.




  • stripslashes() used in setfrom() is absolutely of no use. It could have been used under some conditions 10 years ago but in 2018 it makes no sense to call it just in case. I had to use it only once in the recent 5 years, to fix a malformed JSON string.

Security.



Ironically, but despite all these preparations your code is still vulnerable to Mail Injection attack. With user input injected right into headers it's just a textbook example.



At best, you should never put anything from the user input into mail headers. Let alone "From:" header which will likely get your email in spam.



If you want a neat way to reply, make it "Reply-to:" header and validate the entered email, an example could be taken straight from the manual page.



Conclusion.



So, take out all getters from your class, call it "sendMail", remove useless functions and add a send() method which should assume the code which is in the global scope now



For the model example you may want to take a look at PHPMailer's usage examples. It is not that I ask you to write something similar but just to look at the way it is called in these examples.






share|improve this answer























  • I appreciate your constructive criticism and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:37










  • Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
    – Rickie Knight
    Apr 7 at 20:43










  • That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
    – Your Common Sense
    Apr 8 at 5:53












up vote
1
down vote



accepted







up vote
1
down vote



accepted






There are several issues to review



OOP



First off, it's a good intention but a very bad implementation.

A class should be made on purpose, but this class' purpose is uncertain. Why would you need a class that just prepares the data but not a class that sends the actual email?



In your place I would create a class that has methods like setSubject(), setTo(), setBody() and - most important one - send(). Such a class would have a very good use.



Cargo cult code



No offense, but every operator in your code should be justified. Writing a certain operator only because you've seen it used somewhere makes a cargo cult code (the name is from the story about savages on the Pacific islands creating straw planes during WWII in hopes those will bring cargo as good as real ones). Unfortunately, almost none of them are. Take scrubAll() method for example.




  • htmlspecialchars() and strip_tags() are mutual exclusive functions. Once you run the former, the latter will find nothing to strip. you should apply only one of them and it should be htmlspecialchars() as it does less harm


  • trim() could be useful, but I don't think it's necessary in this case

so it makes your scrubAll function rather useless.




  • stripslashes() used in setfrom() is absolutely of no use. It could have been used under some conditions 10 years ago but in 2018 it makes no sense to call it just in case. I had to use it only once in the recent 5 years, to fix a malformed JSON string.

Security.



Ironically, but despite all these preparations your code is still vulnerable to Mail Injection attack. With user input injected right into headers it's just a textbook example.



At best, you should never put anything from the user input into mail headers. Let alone "From:" header which will likely get your email in spam.



If you want a neat way to reply, make it "Reply-to:" header and validate the entered email, an example could be taken straight from the manual page.



Conclusion.



So, take out all getters from your class, call it "sendMail", remove useless functions and add a send() method which should assume the code which is in the global scope now



For the model example you may want to take a look at PHPMailer's usage examples. It is not that I ask you to write something similar but just to look at the way it is called in these examples.






share|improve this answer















There are several issues to review



OOP



First off, it's a good intention but a very bad implementation.

A class should be made on purpose, but this class' purpose is uncertain. Why would you need a class that just prepares the data but not a class that sends the actual email?



In your place I would create a class that has methods like setSubject(), setTo(), setBody() and - most important one - send(). Such a class would have a very good use.



Cargo cult code



No offense, but every operator in your code should be justified. Writing a certain operator only because you've seen it used somewhere makes a cargo cult code (the name is from the story about savages on the Pacific islands creating straw planes during WWII in hopes those will bring cargo as good as real ones). Unfortunately, almost none of them are. Take scrubAll() method for example.




  • htmlspecialchars() and strip_tags() are mutual exclusive functions. Once you run the former, the latter will find nothing to strip. you should apply only one of them and it should be htmlspecialchars() as it does less harm


  • trim() could be useful, but I don't think it's necessary in this case

so it makes your scrubAll function rather useless.




  • stripslashes() used in setfrom() is absolutely of no use. It could have been used under some conditions 10 years ago but in 2018 it makes no sense to call it just in case. I had to use it only once in the recent 5 years, to fix a malformed JSON string.

Security.



Ironically, but despite all these preparations your code is still vulnerable to Mail Injection attack. With user input injected right into headers it's just a textbook example.



At best, you should never put anything from the user input into mail headers. Let alone "From:" header which will likely get your email in spam.



If you want a neat way to reply, make it "Reply-to:" header and validate the entered email, an example could be taken straight from the manual page.



Conclusion.



So, take out all getters from your class, call it "sendMail", remove useless functions and add a send() method which should assume the code which is in the global scope now



For the model example you may want to take a look at PHPMailer's usage examples. It is not that I ask you to write something similar but just to look at the way it is called in these examples.







share|improve this answer















share|improve this answer



share|improve this answer








edited Apr 6 at 12:34


























answered Apr 6 at 12:19









Your Common Sense

2,415524




2,415524











  • I appreciate your constructive criticism and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:37










  • Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
    – Rickie Knight
    Apr 7 at 20:43










  • That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
    – Your Common Sense
    Apr 8 at 5:53
















  • I appreciate your constructive criticism and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:37










  • Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
    – Rickie Knight
    Apr 7 at 20:43










  • That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
    – Your Common Sense
    Apr 8 at 5:53















I appreciate your constructive criticism and will implement your changes.
– Rickie Knight
Apr 7 at 1:37




I appreciate your constructive criticism and will implement your changes.
– Rickie Knight
Apr 7 at 1:37












Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
– Rickie Knight
Apr 7 at 20:43




Hey, @Your Common Sense. Can you do me a huge favor. Can you please give me a beginner PHP project that can be coded OOP style? I've googled but I went to your profile and I see that you are a PHP wiz and I would specifically like your advice.
– Rickie Knight
Apr 7 at 20:43












That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
– Your Common Sense
Apr 8 at 5:53




That's a hard task, to assign such a project. I need to think of one. Did you finish with email class yet?
– Your Common Sense
Apr 8 at 5:53












up vote
0
down vote













One point that should be made about your code is this:



public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;



Your setfrom() method is receiving the $from variable. You strip the slashes from it and assign the result to $this->from.



But then, you reassign $this->from to be equal to the original $from. So that essentially ignored the first line.



It's like this:



  • I email you a Word document.

  • You edit the document and save it as a new file. (in line 1 of the
    method)

  • You take my original document and paste it over the copy you just
    edited. (in line 2)

You do this a couple more times:



public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;


public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;



In each case, remove the last line of each function. You have already defined $this->name or $this->message.



Also, you can use multiple functions on a single variable. For that last chunk of code, you could write just this to achieve the same result:



public function setMessage($message) 
 $this->message = wordwrap(scrubAll($data), 70, "<br>");






share|improve this answer





















  • I appreciate your help and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:38














up vote
0
down vote













One point that should be made about your code is this:



public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;



Your setfrom() method is receiving the $from variable. You strip the slashes from it and assign the result to $this->from.



But then, you reassign $this->from to be equal to the original $from. So that essentially ignored the first line.



It's like this:



  • I email you a Word document.

  • You edit the document and save it as a new file. (in line 1 of the
    method)

  • You take my original document and paste it over the copy you just
    edited. (in line 2)

You do this a couple more times:



public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;


public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;



In each case, remove the last line of each function. You have already defined $this->name or $this->message.



Also, you can use multiple functions on a single variable. For that last chunk of code, you could write just this to achieve the same result:



public function setMessage($message) 
 $this->message = wordwrap(scrubAll($data), 70, "<br>");






share|improve this answer





















  • I appreciate your help and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:38












up vote
0
down vote










up vote
0
down vote









One point that should be made about your code is this:



public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;



Your setfrom() method is receiving the $from variable. You strip the slashes from it and assign the result to $this->from.



But then, you reassign $this->from to be equal to the original $from. So that essentially ignored the first line.



It's like this:



  • I email you a Word document.

  • You edit the document and save it as a new file. (in line 1 of the
    method)

  • You take my original document and paste it over the copy you just
    edited. (in line 2)

You do this a couple more times:



public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;


public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;



In each case, remove the last line of each function. You have already defined $this->name or $this->message.



Also, you can use multiple functions on a single variable. For that last chunk of code, you could write just this to achieve the same result:



public function setMessage($message) 
 $this->message = wordwrap(scrubAll($data), 70, "<br>");






share|improve this answer













One point that should be made about your code is this:



public function setfrom($from)
 $this->from = stripslashes($from);
 $this->from = $from;



Your setfrom() method is receiving the $from variable. You strip the slashes from it and assign the result to $this->from.



But then, you reassign $this->from to be equal to the original $from. So that essentially ignored the first line.



It's like this:



  • I email you a Word document.

  • You edit the document and save it as a new file. (in line 1 of the
    method)

  • You take my original document and paste it over the copy you just
    edited. (in line 2)

You do this a couple more times:



public function setName($name)
 $this->name = scrubAll($name);
 $this->name = $name;


public function setMessage($message)
 $this->message = scrubAll($data);
 $this->message = wordwrap($data,70,"<br />");
 $this->message = $message;



In each case, remove the last line of each function. You have already defined $this->name or $this->message.



Also, you can use multiple functions on a single variable. For that last chunk of code, you could write just this to achieve the same result:



public function setMessage($message) 
 $this->message = wordwrap(scrubAll($data), 70, "<br>");







share|improve this answer













share|improve this answer



share|improve this answer











answered Apr 6 at 13:57









pbarney

1306




1306











  • I appreciate your help and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:38
















  • I appreciate your help and will implement your changes.
    – Rickie Knight
    Apr 7 at 1:38















I appreciate your help and will implement your changes.
– Rickie Knight
Apr 7 at 1:38




I appreciate your help and will implement your changes.
– Rickie Knight
Apr 7 at 1:38












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f191370%2fphp-email-script%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Chat program with C++ and SFML

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 2 down vote favorite This is my client code: (My server is very similar at the moment but I will upload it below this one just in case somebody wants to run it) #include <SFML/Graphics.hpp> #include <SFML/Network.hpp> #include <thread> int main() sf::RenderWindow main_win(sf::VideoMode(800, 800), "Chatcy!"); main_win.setPosition(sf::Vector2i(sf::VideoMode::getDesktopMode().width/2 -400, sf::VideoMode::getDesktopMode().height/2 -400)); main_win.setVerticalSyncEnabled(true); //chatcy logo sf::Texture chatcy; chatcy.loadFromFile("image_chatcy.png"); sf::Sprite logo; logo.setTexture(chatcy); //200x800 //font sf::Font font; font.loadFromFile("FreeSerif.ttf"); //name sf::String name("Client"); name += ": "; //text input area and background sf::RectangleShape in_backg
Read more

Function to Return a JSON Like Objects Using VBA Collections and Arrays

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 1 down vote favorite My goal is to create a compact function that can create a JSON Like object from JSON string. I want a function with a small footprint that I or anyone who wants to use it, can simply paste into a module and use. At 61 lines of code, I am happy with its size and portability. Here is an image of JSON Object created from string data using a ScriptControl . Although the Locals Window displays the properties and values correctly, the object itself is extremely difficult to work with. This image shows an object created using getJSONCollection . Because it is made of VBA Collections and Arrays, it is very easy to work with. Option Explicit Private Function getJSONCollection(ByVal Value As Variant, Optional ScriptEngine As Object) As Variant Const DELIMITER As String = "||" Dim col As Collection, JSON As Object, KeyNam
Read more

Will my employers contract hold up in court?

Image
Clash Royale CLAN TAG #URR8PPP up vote 8 down vote favorite 2 When I started a new job back in July of 2017, I signed a contract that had the following bindings or restrictions if I was ever to leave the company: Cannot work for a competitor within 25 miles of current companies location for the next two years Cannot offer my services to any organization within 25 miles of current companies location for the next two years Now, when mentioned “my services” this can be related to my profession of website design. This contract seems incredibly binding, 2 years in length, and I’m looking to see if it would actually hold up in an Arizona court. contract employment non-compete arizona share | improve this question edited Aug 7 at 15:35 feetwet ♦ 13.8k 9 37 85 asked Aug 6 at 19:05 Alex S. 46 2 What does your company do and what services do they provide? What is your role (i.e. internal work or work for customers).
Read more