Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Send email using SSL

Posted on 2006-07-21
7
Medium Priority
?
302 Views
Last Modified: 2013-11-29
Hello experts,

I have created a website using php for an online shop that you can order an item by sending an email to the shop.
In the email the customer enters his/her credit details.In the company that hosts the website has install an SSL certificate.
Now i am in the process to use the SSL in order when the customer send the email to be encrypted and send to the shop securitly.
I tryied to add the absolute path inluding the https://........... the problem is that in the code of the form(order_form.php) the form when is being submited goes to the same page as it has validation for the attributes.So in the form and the attribute action i have put
 <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"> so i cannot use the url https://mywebsite.com/send.php

The problem is that i am not sure how to use the SSL with the mail function of the php.

I would appreciate if you could help me.

Thank you,
Xenia


0
Comment
Question by:xenoula
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Expert Comment

by:tansofun
ID: 17155076
it sounds like
1 - a user clicks on a link, and
2 - a page with a form appears,
3- they fill in the form,
4 - hit submit, and then
5 -the form sends off the email.

if that is the case
1 - make the link in step 1 to the form https://

you could, instead of using $_SERVER['PHP_SELF'] make a separate php script to handle it.  as in
<form action='https://server/send_email.php'>But, I think the data will be sent to the script in plaintext and not achieve what you want
0
 
LVL 9

Expert Comment

by:Rob_Jeffrey
ID: 17155110
>> when the customer send the email to be encrypted and send to the shop securitly
SSL is a web browser security feature only - it has nothing to do with email.
Having your customers send an email with the credit card information in it is completely *INSECURE* as many email servers store email messages and transmit them as plain text.
I recommend against this method.
Perhaps I have mis-read your question
You can link to the secure (SSL) side via

<form action="https://myservername.com/<? echo $_SERVER['PHP_SELF']; ?>" method="post">
0
 

Author Comment

by:xenoula
ID: 17166088
I tryied to use the link https://............ and in some pages it displays that there are some secure and unsecure items ,do you know why it displays that?

In the page that uses the SSL do I need to change the path of the images and all the other links to the path https://?

Moreover, you suggest that if i use SSL the email will not be encrypted,so you think i have to create a script to encrypt the card details that will be send via email?

Thank you,
Xenia
0
 
LVL 9

Accepted Solution

by:
Rob_Jeffrey earned 1000 total points
ID: 17167323
Some pages will display the message box "This page contains both secure and insecure items" when your page is being loaded via HTTPS while images, script files or cascading style sheets are being referenced/loaded by the insecure HTTP.  So - yes - you will need to change the link references.

Unless you come up with a way of encrypting it, email is not secure.  If you do encrypt it you will need to let the recipient decrypt it.  If you send an encrypted email to a customer the customer won't be able to read it without decoding the message.  If the customer is to send you the email they need to know how to encrypt it so you can read it.  I would recommend not sending emails with sensitive or private/confidential information.  
0
 
LVL 5

Assisted Solution

by:floorman67
floorman67 earned 1000 total points
ID: 17169328
your system is an insecure and possibly an illegal ecommerce solution.

It is definately immoral and violates every consumer privacy right they should enjoy.

You should restructure it completely for them to input their details and you database them securely, in a protected enviroment/infrastructure, through SSL and encryption.

There are 3rd party open source ecommerce sales site scripts that may lead you in the right direction in your coding:::

http://www.oscommerce.com/
http://www.osc2nuke.com/
http://www.phpshop.org/
http://www.zen-cart.com/

ONLY use email for order and account confirmation and communications.

0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question