Solved

Send email using SSL

Posted on 2006-07-21
7
286 Views
Last Modified: 2013-11-29
Hello experts,

I have created a website using php for an online shop that you can order an item by sending an email to the shop.
In the email the customer enters his/her credit details.In the company that hosts the website has install an SSL certificate.
Now i am in the process to use the SSL in order when the customer send the email to be encrypted and send to the shop securitly.
I tryied to add the absolute path inluding the https://........... the problem is that in the code of the form(order_form.php) the form when is being submited goes to the same page as it has validation for the attributes.So in the form and the attribute action i have put
 <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"> so i cannot use the url https://mywebsite.com/send.php

The problem is that i am not sure how to use the SSL with the mail function of the php.

I would appreciate if you could help me.

Thank you,
Xenia


0
Comment
Question by:xenoula
7 Comments
 
LVL 2

Expert Comment

by:tansofun
ID: 17155076
it sounds like
1 - a user clicks on a link, and
2 - a page with a form appears,
3- they fill in the form,
4 - hit submit, and then
5 -the form sends off the email.

if that is the case
1 - make the link in step 1 to the form https://

you could, instead of using $_SERVER['PHP_SELF'] make a separate php script to handle it.  as in
<form action='https://server/send_email.php'>But, I think the data will be sent to the script in plaintext and not achieve what you want
0
 
LVL 9

Expert Comment

by:Rob_Jeffrey
ID: 17155110
>> when the customer send the email to be encrypted and send to the shop securitly
SSL is a web browser security feature only - it has nothing to do with email.
Having your customers send an email with the credit card information in it is completely *INSECURE* as many email servers store email messages and transmit them as plain text.
I recommend against this method.
Perhaps I have mis-read your question
You can link to the secure (SSL) side via

<form action="https://myservername.com/<? echo $_SERVER['PHP_SELF']; ?>" method="post">
0
 

Author Comment

by:xenoula
ID: 17166088
I tryied to use the link https://............ and in some pages it displays that there are some secure and unsecure items ,do you know why it displays that?

In the page that uses the SSL do I need to change the path of the images and all the other links to the path https://?

Moreover, you suggest that if i use SSL the email will not be encrypted,so you think i have to create a script to encrypt the card details that will be send via email?

Thank you,
Xenia
0
 
LVL 9

Accepted Solution

by:
Rob_Jeffrey earned 250 total points
ID: 17167323
Some pages will display the message box "This page contains both secure and insecure items" when your page is being loaded via HTTPS while images, script files or cascading style sheets are being referenced/loaded by the insecure HTTP.  So - yes - you will need to change the link references.

Unless you come up with a way of encrypting it, email is not secure.  If you do encrypt it you will need to let the recipient decrypt it.  If you send an encrypted email to a customer the customer won't be able to read it without decoding the message.  If the customer is to send you the email they need to know how to encrypt it so you can read it.  I would recommend not sending emails with sensitive or private/confidential information.  
0
 
LVL 5

Assisted Solution

by:floorman67
floorman67 earned 250 total points
ID: 17169328
your system is an insecure and possibly an illegal ecommerce solution.

It is definately immoral and violates every consumer privacy right they should enjoy.

You should restructure it completely for them to input their details and you database them securely, in a protected enviroment/infrastructure, through SSL and encryption.

There are 3rd party open source ecommerce sales site scripts that may lead you in the right direction in your coding:::

http://www.oscommerce.com/
http://www.osc2nuke.com/
http://www.phpshop.org/
http://www.zen-cart.com/

ONLY use email for order and account confirmation and communications.

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question