Solved

Send email using SSL

Posted on 2006-07-21
7
298 Views
Last Modified: 2013-11-29
Hello experts,

I have created a website using php for an online shop that you can order an item by sending an email to the shop.
In the email the customer enters his/her credit details.In the company that hosts the website has install an SSL certificate.
Now i am in the process to use the SSL in order when the customer send the email to be encrypted and send to the shop securitly.
I tryied to add the absolute path inluding the https://........... the problem is that in the code of the form(order_form.php) the form when is being submited goes to the same page as it has validation for the attributes.So in the form and the attribute action i have put
 <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"> so i cannot use the url https://mywebsite.com/send.php

The problem is that i am not sure how to use the SSL with the mail function of the php.

I would appreciate if you could help me.

Thank you,
Xenia


0
Comment
Question by:xenoula
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Expert Comment

by:tansofun
ID: 17155076
it sounds like
1 - a user clicks on a link, and
2 - a page with a form appears,
3- they fill in the form,
4 - hit submit, and then
5 -the form sends off the email.

if that is the case
1 - make the link in step 1 to the form https://

you could, instead of using $_SERVER['PHP_SELF'] make a separate php script to handle it.  as in
<form action='https://server/send_email.php'>But, I think the data will be sent to the script in plaintext and not achieve what you want
0
 
LVL 9

Expert Comment

by:Rob_Jeffrey
ID: 17155110
>> when the customer send the email to be encrypted and send to the shop securitly
SSL is a web browser security feature only - it has nothing to do with email.
Having your customers send an email with the credit card information in it is completely *INSECURE* as many email servers store email messages and transmit them as plain text.
I recommend against this method.
Perhaps I have mis-read your question
You can link to the secure (SSL) side via

<form action="https://myservername.com/<? echo $_SERVER['PHP_SELF']; ?>" method="post">
0
 

Author Comment

by:xenoula
ID: 17166088
I tryied to use the link https://............ and in some pages it displays that there are some secure and unsecure items ,do you know why it displays that?

In the page that uses the SSL do I need to change the path of the images and all the other links to the path https://?

Moreover, you suggest that if i use SSL the email will not be encrypted,so you think i have to create a script to encrypt the card details that will be send via email?

Thank you,
Xenia
0
 
LVL 9

Accepted Solution

by:
Rob_Jeffrey earned 250 total points
ID: 17167323
Some pages will display the message box "This page contains both secure and insecure items" when your page is being loaded via HTTPS while images, script files or cascading style sheets are being referenced/loaded by the insecure HTTP.  So - yes - you will need to change the link references.

Unless you come up with a way of encrypting it, email is not secure.  If you do encrypt it you will need to let the recipient decrypt it.  If you send an encrypted email to a customer the customer won't be able to read it without decoding the message.  If the customer is to send you the email they need to know how to encrypt it so you can read it.  I would recommend not sending emails with sensitive or private/confidential information.  
0
 
LVL 5

Assisted Solution

by:floorman67
floorman67 earned 250 total points
ID: 17169328
your system is an insecure and possibly an illegal ecommerce solution.

It is definately immoral and violates every consumer privacy right they should enjoy.

You should restructure it completely for them to input their details and you database them securely, in a protected enviroment/infrastructure, through SSL and encryption.

There are 3rd party open source ecommerce sales site scripts that may lead you in the right direction in your coding:::

http://www.oscommerce.com/
http://www.osc2nuke.com/
http://www.phpshop.org/
http://www.zen-cart.com/

ONLY use email for order and account confirmation and communications.

0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The viewer will learn how to dynamically set the form action using jQuery.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question