Solved

Send email using SSL

Posted on 2006-07-21
7
281 Views
Last Modified: 2013-11-29
Hello experts,

I have created a website using php for an online shop that you can order an item by sending an email to the shop.
In the email the customer enters his/her credit details.In the company that hosts the website has install an SSL certificate.
Now i am in the process to use the SSL in order when the customer send the email to be encrypted and send to the shop securitly.
I tryied to add the absolute path inluding the https://........... the problem is that in the code of the form(order_form.php) the form when is being submited goes to the same page as it has validation for the attributes.So in the form and the attribute action i have put
 <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"> so i cannot use the url https://mywebsite.com/send.php

The problem is that i am not sure how to use the SSL with the mail function of the php.

I would appreciate if you could help me.

Thank you,
Xenia


0
Comment
Question by:xenoula
7 Comments
 
LVL 2

Expert Comment

by:tansofun
ID: 17155076
it sounds like
1 - a user clicks on a link, and
2 - a page with a form appears,
3- they fill in the form,
4 - hit submit, and then
5 -the form sends off the email.

if that is the case
1 - make the link in step 1 to the form https://

you could, instead of using $_SERVER['PHP_SELF'] make a separate php script to handle it.  as in
<form action='https://server/send_email.php'>But, I think the data will be sent to the script in plaintext and not achieve what you want
0
 
LVL 9

Expert Comment

by:Rob_Jeffrey
ID: 17155110
>> when the customer send the email to be encrypted and send to the shop securitly
SSL is a web browser security feature only - it has nothing to do with email.
Having your customers send an email with the credit card information in it is completely *INSECURE* as many email servers store email messages and transmit them as plain text.
I recommend against this method.
Perhaps I have mis-read your question
You can link to the secure (SSL) side via

<form action="https://myservername.com/<? echo $_SERVER['PHP_SELF']; ?>" method="post">
0
 

Author Comment

by:xenoula
ID: 17166088
I tryied to use the link https://............ and in some pages it displays that there are some secure and unsecure items ,do you know why it displays that?

In the page that uses the SSL do I need to change the path of the images and all the other links to the path https://?

Moreover, you suggest that if i use SSL the email will not be encrypted,so you think i have to create a script to encrypt the card details that will be send via email?

Thank you,
Xenia
0
 
LVL 9

Accepted Solution

by:
Rob_Jeffrey earned 250 total points
ID: 17167323
Some pages will display the message box "This page contains both secure and insecure items" when your page is being loaded via HTTPS while images, script files or cascading style sheets are being referenced/loaded by the insecure HTTP.  So - yes - you will need to change the link references.

Unless you come up with a way of encrypting it, email is not secure.  If you do encrypt it you will need to let the recipient decrypt it.  If you send an encrypted email to a customer the customer won't be able to read it without decoding the message.  If the customer is to send you the email they need to know how to encrypt it so you can read it.  I would recommend not sending emails with sensitive or private/confidential information.  
0
 
LVL 5

Assisted Solution

by:floorman67
floorman67 earned 250 total points
ID: 17169328
your system is an insecure and possibly an illegal ecommerce solution.

It is definately immoral and violates every consumer privacy right they should enjoy.

You should restructure it completely for them to input their details and you database them securely, in a protected enviroment/infrastructure, through SSL and encryption.

There are 3rd party open source ecommerce sales site scripts that may lead you in the right direction in your coding:::

http://www.oscommerce.com/
http://www.osc2nuke.com/
http://www.phpshop.org/
http://www.zen-cart.com/

ONLY use email for order and account confirmation and communications.

0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help with PHP 13 27
Link failure 16 32
Log in through ID 5 17
MSSQL - Lock Row from reading by other programs 9 35
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question