Solved

Send email using SSL

Posted on 2006-07-21
7
277 Views
Last Modified: 2013-11-29
Hello experts,

I have created a website using php for an online shop that you can order an item by sending an email to the shop.
In the email the customer enters his/her credit details.In the company that hosts the website has install an SSL certificate.
Now i am in the process to use the SSL in order when the customer send the email to be encrypted and send to the shop securitly.
I tryied to add the absolute path inluding the https://........... the problem is that in the code of the form(order_form.php) the form when is being submited goes to the same page as it has validation for the attributes.So in the form and the attribute action i have put
 <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"> so i cannot use the url https://mywebsite.com/send.php

The problem is that i am not sure how to use the SSL with the mail function of the php.

I would appreciate if you could help me.

Thank you,
Xenia


0
Comment
Question by:xenoula
7 Comments
 
LVL 2

Expert Comment

by:tansofun
ID: 17155076
it sounds like
1 - a user clicks on a link, and
2 - a page with a form appears,
3- they fill in the form,
4 - hit submit, and then
5 -the form sends off the email.

if that is the case
1 - make the link in step 1 to the form https://

you could, instead of using $_SERVER['PHP_SELF'] make a separate php script to handle it.  as in
<form action='https://server/send_email.php'>But, I think the data will be sent to the script in plaintext and not achieve what you want
0
 
LVL 9

Expert Comment

by:Rob_Jeffrey
ID: 17155110
>> when the customer send the email to be encrypted and send to the shop securitly
SSL is a web browser security feature only - it has nothing to do with email.
Having your customers send an email with the credit card information in it is completely *INSECURE* as many email servers store email messages and transmit them as plain text.
I recommend against this method.
Perhaps I have mis-read your question
You can link to the secure (SSL) side via

<form action="https://myservername.com/<? echo $_SERVER['PHP_SELF']; ?>" method="post">
0
 

Author Comment

by:xenoula
ID: 17166088
I tryied to use the link https://............ and in some pages it displays that there are some secure and unsecure items ,do you know why it displays that?

In the page that uses the SSL do I need to change the path of the images and all the other links to the path https://?

Moreover, you suggest that if i use SSL the email will not be encrypted,so you think i have to create a script to encrypt the card details that will be send via email?

Thank you,
Xenia
0
 
LVL 9

Accepted Solution

by:
Rob_Jeffrey earned 250 total points
ID: 17167323
Some pages will display the message box "This page contains both secure and insecure items" when your page is being loaded via HTTPS while images, script files or cascading style sheets are being referenced/loaded by the insecure HTTP.  So - yes - you will need to change the link references.

Unless you come up with a way of encrypting it, email is not secure.  If you do encrypt it you will need to let the recipient decrypt it.  If you send an encrypted email to a customer the customer won't be able to read it without decoding the message.  If the customer is to send you the email they need to know how to encrypt it so you can read it.  I would recommend not sending emails with sensitive or private/confidential information.  
0
 
LVL 5

Assisted Solution

by:floorman67
floorman67 earned 250 total points
ID: 17169328
your system is an insecure and possibly an illegal ecommerce solution.

It is definately immoral and violates every consumer privacy right they should enjoy.

You should restructure it completely for them to input their details and you database them securely, in a protected enviroment/infrastructure, through SSL and encryption.

There are 3rd party open source ecommerce sales site scripts that may lead you in the right direction in your coding:::

http://www.oscommerce.com/
http://www.osc2nuke.com/
http://www.phpshop.org/
http://www.zen-cart.com/

ONLY use email for order and account confirmation and communications.

0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question