PHP mailer appends server address in To: field

Tocacar
Tocacar used Ask the Experts™
on

I have a small site that sends out a selection of e:Mails depending on user actions.  All e:Mails are based on the exact same code (copy & pasted with details amended where necessary), but one of the e:Mails gets sent with the server's address appended to the e:mail address in the To: field, like this:

"myemailaddress@abczzz.com"@servername.here

The e:Mail still sends (according to the log) and I don't get an 'undeliverable' bounce back.  I would just like to know why this happening for one of the e:Mails and not the others.

I have copied the PHP pages onto my desktop machine and run the same script from there to see whether it happens regardless of server and it does (only the appended server name is different)!!

The code I'm using is:

 
$ref_name = $_SESSION['logged_in_referee'];
$ref_email = $_SESSION["logged_ref_email"];
$applicant = POST('applicant');
		
$to = str_replace(array("\r", "\n"),"",$ref_email);
$subject = "email subject text here";
$mime_boundary = '_x'.sha1(time()).'x';
					
$headers = <<<HEADERS
From: An email address <anemailaddress@mailtoyou.com>
Reply-to: An email address <anemailaddress@mailtoyou.com>
Cc: An email address <anemailaddress@mailtoyou.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="==PHP-alt$mime_boundary"
HEADERS;

					
$body =  <<<MESSAGE

--==PHP-alt$mime_boundary
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Dear $ref_name

RE: Reference Submitted

Thank you very much for submitting your reference on behalf of $applicant.

Yours sincerely

Programme Administrator
		
		


--==PHP-alt$mime_boundary
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head></head>
<body>
<div class="allcontent">
<h1>Recruitment</h1>
<p>Dear $ref_name,</p>
<h2>Reference Submitted</h2>
<p>Thank you very much for submitting your reference on behalf of $applicant.<br />
<br />
Yours sincerely<br />
<br />
<br />
Programme Administrator<br />
</p>
</body>
</html>
--==PHP-alt$mime_boundary--
MESSAGE;
				

if (!mail($to, $subject, $body, $headers, "-fanemailaddress@mailtoyou.com")) {
				  
fail ("referee confirmation e:Mail failed", true);

}

Open in new window


Any suggestions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Top Expert 2016

Commented:
Regarding this, "I don't get an 'undeliverable' bounce back." - of course not.  Most email servers simply discard things that are unusable.

Author

Commented:
Mmm, whenever I send an e:Mail that the recipient doesn't receive, I usually get a bounce back from the recipient's institute stating that the message is undeliverable.  Don't you?  Regardless, the main jist of the question is why the server address gets appended....  Any ideas?
Most Valuable Expert 2011
Top Expert 2016

Commented:
Since this appears to be a data-dependent problem, can you please explain in layman's terms what this instruction is expected to do?

$to = str_replace(array("\r", "\n"),"",$ref_email);

Also, can you please explain what is the expected value in this:

$ref_email = $_SESSION["logged_ref_email"];

And finally, please provide the ACTUAL email addresses and the ACTUAL URLs involved in the process, thanks! ~Ray
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Author

Commented:
$to = str_replace(array("\r", "\n"),"",$ref_email);

- this is meant to ensure that only one e:Mail address is included in the $to variable.  I had never built a website before creating these pages, so constructed it mainly using what I could find on Google.  Apparently, it is possible to hijack an e:Mail script and use it to spam thousands of e:Mail addresses - this apparently prevents that.

The expected value of $ref_email is the referee's e:Mail address - it is saved in the $_SESSION variable (from the database) when the referee logs into the form.

The URL of the live form is:  https://phd.cancerresearchuk.org/lri/

When an applicant registers they get an e:mail with a password (which works fine).  They login and complete their application, then they get a submission confirmation e:mail (which works fine) and their named referees each get an e:Mail (which also work fine).  When the referee logs in and submits a reference, they get a reference confirmation e:Mail (which is the one the server name gets appended to to the To: address) and the applicant gets an e:Mail letting them know that this referee has just submitted a reference for them (this works fine).

I cannot provide the ACTUAL e:Mail address that the server name gets appended to, because it is whatever is entered as the referee's e:Mail address!

Thank you for your help.
Most Valuable Expert 2011
Top Expert 2016

Commented:
Thanks - that makes much more sense now.  Here is what I would do -- a little differently.

First clean your data base tables once and for all to ensure that only valid email addresses are present in them.  You can use this little script as an example of how to test whether an email address is valid or not.

Next, any time your code receives an external string that purports to be an email address, run it through this kind of validation.  You will have no problems with becoming an open spam relay if you filter the data correctly.

I just wrote an article for EE that you may find helpful.  Unfortunately they have not published it yet.  It shows the design pattern for a registration with email confirmation (and it uses this validation function).  If you look in my public profile here, you will be able to see it when EE gets around to publishing it.

An excellent book that will give you lots of good examples of practical applications in PHP:
http://www.sitepoint.com/books/phpmysql4/

HTH, ~Ray
<?php // RAY_temp_email_validation.php
error_reporting(E_ALL);



// A FUNCTION TO TEST FOR A VALID EMAIL ADDRESS, RETURN TRUE OR FALSE
function check_valid_email($email)
{
    // IF PHP 5.2 OR ABOVE, WE CAN USE THE FILTER
    // MAN PAGE: http://us3.php.net/manual/en/intro.filter.php
    if (strnatcmp(phpversion(),'5.2') >= 0)
    {
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) return FALSE;
    }
    // IF LOWER-LEVEL PHP, WE CAN CONSTRUCT A REGULAR EXPRESSION
    else
    {
        $regex
        = '/'                       // START REGEX DELIMITER
        . '^'                       // START STRING
        . '[A-Z0-9_-]'              // AN EMAIL - SOME CHARACTER(S)
        . '[A-Z0-9._-]*'            // AN EMAIL - SOME CHARACTER(S) PERMITS DOT
        . '@'                       // A SINGLE AT-SIGN
        . '([A-Z0-9][A-Z0-9-]*\.)+' // A DOMAIN NAME PERMITS DOT, ENDS DOT
        . '[A-Z\.]'                 // A TOP-LEVEL DOMAIN PERMITS DOT
        . '{2,6}'                   // TLD LENGTH >= 2 AND =< 6
        . '$'                       // ENDOF STRING
        . '/'                       // ENDOF REGEX DELIMITER
        . 'i'                       // CASE INSENSITIVE
        ;
        if (!preg_match($regex, $email)) return FALSE;
    }

    // FILTER or PREG DOES NOT TEST IF THE DOMAIN OF THE EMAIL ADDRESS IS ROUTABLE
    $domain = explode('@', $email);
    if ( checkdnsrr($domain[1],"MX") || checkdnsrr($domain[1],"A") ) return TRUE;

    // EMAIL NOT ROUTABLE
    return FALSE;
}




// DEMONSTRATE THE FUNCTION IN ACTION
$e = '';
if (!empty($_GET["e"]))
{
    $e = $_GET["e"];
    if (check_valid_email($e))
    {
        echo "<br/>VALID: $e \n";
    } else
    {
        echo "<br/>BOGUS: $e \n";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="get">
TEST A STRING FOR A VALID EMAIL ADDRESS:
<input name="e" value="<?php echo $e; ?>" />
<input type="submit" />
</form>

Open in new window

Author

Commented:
Hi Ray

Thanks very much for your help - I will have a good look at your code snippet and will keep my eyes peeled for your article as well.  

Can you spot anything wrong with my code as it actually stands though?  The e:Mails stored in the database are definitely correct otherwise the referee wouldn't have received the reference request e:Mail (which has the password they need in order to login and submit a reference).  As I mentioned originally, all other e:Mails are fine, it's just the reference confirmation e:Mail that gets the server name appended to it (but the e:Mail appears still to get sent OK).

Can you think of anything that may be causing this?  I'm just trying to understand it is all.  As I mentioned originally, it happens when the e:Mail gets sent from the live server, or when the pages are hosted on my desktop machine....  Weird.
Most Valuable Expert 2011
Top Expert 2016

Commented:
It could be coming from almost anywhere - even from the mail server (outside of your script).  There may be some kind of special characters in the email address, or the email address may have no "@" in it - something like that.  

You might think about something like this... Capture the "to" field immediately before the mail command is executed and write it to a log file.  See if the server name appears in the log file.  If not, you know that something external to your scripts and data is adding the server name.

Does it happen to 100% of all email addresses that are used in this script?

Author

Commented:
Thanks Ray, writing it to the log file is a great debugging idea, I'll give that a try today.

It happens 100% of the time for recipients in this particular script.  The e:Mail address used in each case is definitely not malformed (they have all received prior e:Mails from the system without this occuring).  

I have several other mail scripts (pretty much exactly the same but obviously with different messaages/ recipients) and it never happens for them (ever).  It's really quite strange.  Our sys admin is convinced that it can't be the mail server because it's only happening for this one script.

I'll do the log file thing and will let you know how I get on.  Thanks again for your help.
Most Valuable Expert 2011
Top Expert 2016

Commented:
OK, that's good info.  Can you please post the ENTIRE script 100% as it exists on your server?  You can obscure any passwords, but please do not add or omit any lines of code.  Thanks!

Author

Commented:
Hi Ray - I've attached the php page.  I've altered the name of the relevant database layout (it's a Filemaker thing), just to be on the safe side (the form is live afterall) - everything else is "as is".

It's a processing page which runs when the referee clicks the 'submit' button on his/ her reference form, hence there's no HTML on it (except for the HTML e:Mail messages!).  I'm no expert, so I'll apologise now for the overall quality of the code!

Thanks again for your help, I appreciate it.
submit-ref.php
Most Valuable Expert 2011
Top Expert 2016

Commented:
There are two mail commands in the script and they look the same to me.  Of course the data in the variables can vary, but at least we see consistent code.

Suggest you add error_reporting(E_ALL) to the top of this script.  You may find something odd, like dependence on an undefined variable.  Also suggest you add some data visualization techniques like var_dump() to print out the values in the variables just before you execute the mail command.  You may get that information from the logs, but I have often found that var_dump() is my friend when I had a data-dependent question.

Have a look at this:
http://us3.php.net/manual/en/function.mail.php

Please explain the purpose of the fifth parameter in these mail commands,  thanks.
Line 202
if (!mail($to, $subject, $body, $headers, "-flristudentships@cancer.org.uk")) {
Line 374
if (!mail($to, $subject, $body, $headers, "-flristudentships@cancer.org.uk")) {

Open in new window

Author

Commented:
Thanks Ray.  When I created the forms I var_dumped everything to within an inch of my life and all is as expected.  Also, in my development environment (i.e., my regular desktop computer), I had the error_reporting set to show all errors and notices; just to make sure there were none (and there aren't).  I haven't done the write to log thing yet, but I am going to do it this afternoon.

The fifth parameter on the mail command had to be added because, in our recruitment drive of last year we found that some, but not all, institute firewalls were refusing to let through the mails generated by the site.

By adding that fifth parameter, the problem went away.  We tested it extensively with several institutes worldwide who didn't receive the mails before we added it.  Once it was included in the mail command, they got the e:Mails.  There is a bit about it in the PHP manual's mail function page (the link you posted).  You have to strain your eyes to see it though, it's quite well buried.

Thanks for your help.

Author

Commented:
Just reading my last post back, I realise I forgot to mention something...  The e:Mail address used in the fifth parameter is the e:Mail address we want all messages to 'appear' to have been sent by.  We first tried setting up an e:Mail address for the webserver, but that didn't work...

Don't tell me you're actually learning something from me here Ray....!  That would be too weird.  (I've seen your profile!).
Most Valuable Expert 2011
Top Expert 2016

Commented:
There are standard headers for "from" and "reply to" - these might work as well.

Do something for me, please.  Use the script to send a test message to me at my public profile email address, Ray.Paseur@GMail.com -- I want to see the headers.

Also, you may have considered this earlier, but if not, consider dropping this entire line of work and use Constant Contact for your email campaigns.  They have many full-time professionals who are devoted to ensuring that your email messages go through.  And they are almost embarrassingly inexpensive.  I have run email campaigns since 1999 (before the advent of spam) and I recently started switching my clients to CC.  You cannot imagine what a relief it can be!

Author

Commented:
Hi Ray.  I was already setting the standard From and Reply-To headers in the mail command...

I'm going to register you on the live form so you will get a registration confirmation e:Mail in a few minutes.  I control the backend database, so as long you don't complete and submit an application you won't be considered for studentship! ;o)  Hopefully you'll see everything you need from that e:mail.

Thanks for the hint re; Constant Contact.  I had a quick look at their website - they seem to be an e-marketing company.  What I'm doing here is graduate recruitment.  The application form necessarily has to generate a few e:Mails to support the application and reference gathering process, it's not really an email campaign...


Most Valuable Expert 2011
Top Expert 2016

Commented:
Here in its entirety is the original message I received.  I changed one letter in the password, just in case that needed to be obscured.

What should I be looking for?

Regarding Constant Contact - I use them for a communications solution on several sites (not just email marketing), ranging from a cooking school to a church.  Any time you have to send emails, track the responses, run surveys, etc., they are a great solution.
                                                                                                                                                                                                                                                               
Delivered-To: ray.paseur@gmail.com
Received: by 10.227.145.9 with SMTP id b9cs34371wbv;
        Tue, 19 Oct 2010 06:27:18 -0700 (PDT)
Received: by 10.227.128.201 with SMTP id l9mr6366627wbs.22.1287494825981;
        Tue, 19 Oct 2010 06:27:05 -0700 (PDT)
Return-Path: <lristudentships@cancer.org.uk>
Received: from mail195.messagelabs.com (mail195.messagelabs.com [85.158.138.147])
        by mx.google.com with ESMTPS id eq4si17835574wbb.1.2010.10.19.06.27.05
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 19 Oct 2010 06:27:05 -0700 (PDT)
Received-SPF: neutral (google.com: 85.158.138.147 is neither permitted nor denied by best guess record for domain of lristudentships@cancer.org.uk) client-ip=85.158.138.147;
Authentication-Results: mx.google.com; spf=neutral (google.com: 85.158.138.147 is neither permitted nor denied by best guess record for domain of lristudentships@cancer.org.uk) smtp.mail=lristudentships@cancer.org.uk
X-VirusChecked: Checked
X-Env-Sender: lristudentships@cancer.org.uk
X-Msg-Ref: server-4.tower-195.messagelabs.com!1287494816!37283179!9
X-StarScan-Version: 6.2.4; banners=cancer.org.uk,-,-
X-Originating-IP: [143.65.196.4]
Received: (qmail 4437 invoked from network); 19 Oct 2010 13:26:57 -0000
Received: from unknown (HELO UK-LON-LEXH01.crwin.crnet.org) (143.65.196.4)
  by server-4.tower-195.messagelabs.com with AES128-SHA encrypted SMTP; 19 Oct 2010 13:26:57 -0000
Received: from hyperion.crnet.org (143.65.1.83) by
 uk-lon-lexh01.crwin.crnet.org (10.61.236.42) with Microsoft SMTP Server (TLS)
 id 8.3.83.0; Tue, 19 Oct 2010 14:26:26 +0100
Received: from uk-lif-lbss01.crwin.crnet.org (uk-lif-lbss01.crnet.org
 [143.65.1.53])	by hyperion.crnet.org (8.13.1/8.13.1) with ESMTP id
 o9JDQVRd002589;	Tue, 19 Oct 2010 14:26:31 +0100
Received: by uk-lif-lbss01.crwin.crnet.org (Postfix, from userid 70)	id
 ED4A3314DC5; Tue, 19 Oct 2010 14:26:30 +0100 (BST)
To: <Ray.Paseur@GMail.com>
Subject: LRI PhD Programme | Registration Information
From: LRI PhD Programme Administrator <lristudentships@cancer.org.uk>
Reply-To: LRI PhD Programme Administrator <lristudentships@cancer.org.uk>
CC: <lristudentships@cancer.org.uk>
Content-Type: text/html
Message-ID: <20101019132630.ED4A3314DC5@uk-lif-lbss01.crwin.crnet.org>
Date: Tue, 19 Oct 2010 14:26:30 +0100
X-Scanned-By: MIMEDefang 2.54 on 143.65.1.83
MIME-Version: 1.0
Return-Path: lristudentships@cancer.org.uk


<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />

</head>

<body>
<br />
<p>Dear Ray<br />
<br />
Thank you for registering to apply for a Cancer Research UK London Research Institute Studentship.<br />
<br />Your password is:<br />
<br />2011-0734_5nGBfjvoRyKglhX<br />
<br />
Please <a href='https://phd.cancerresearchuk.org/lri/app_login.php'>log in and complete your application form</a> before the deadline of 12:00 midnight (GMT) on Friday 19th November 2010.<br />
<br />
Best wishes<br />
<br />
<br />
LRI PhD Programme Administrator</p>
<BR>
This communication is from Cancer Research UK. Our website is at www.cancerresearchuk.org. We are a registered charity in England and Wales (1089464) and in Scotland (SC041666) and a company limited by guarantee registered in England and Wales under number 4325234. Our registered address is Angel Building, 407 St John Street, London, EC1V 4AD. Our central telephone number is 020 7242 0200.<BR>
 <BR>
This communication and any attachments contain information which is confidential and may also be privileged.   It is for the exclusive use of the intended recipient(s).  If you are not the intended recipient(s) please note that any form of disclosure, distribution, copying or use of this communication or the information in it or in any attachments is strictly prohibited and may be unlawful.  If you have received this communication in error, please notify the sender and delete the email and destroy any copies of it.<BR>
 <BR>
E-mail communications cannot be guaranteed to be secure or error free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.  We do not accept liability for any such matters or their consequences.  Anyone who communicates with us by e-mail is taken to accept the risks in doing so.<BR>
</body>
</html>

Open in new window

Author

Commented:
Hi Ray.  I'm confused....  I thought you knew what you were looking for...?  I haven't a clue what you're looking for (you just asked me to send you the e:mail so you could look at the headers; I thought you thought were onto something!).  

Maybe we're losing track of the original question a bit:  Do you have any ideas as to why the server name is being appended to the e:Mail address in the To: field of one particular e:Mail (the reference confirmation e:Mail) but none of the others when all the code is the same and none of the parameters (e:mail addresses or message content) are malformed?

BTW, the server name was being appended to the recipient e:Mail address before the fifth parameter was added to the mail command, so I know it's definitely not that causing it.  Any ideas?
Most Valuable Expert 2011
Top Expert 2016

Commented:
@Tocacar: I object to deleting this because I think we might find the answer, but I need your help.  It is, after all, your issue.

If this email is right but other email addresses are getting it wrong, then we have a different line of inquiry.  Or you need to create a test case that will demonstrate the phenomenon you described.

Please look at the raw email I posted above and tell me which line has the error.  Maybe I am missing something, but I could not find anything wrong with the "to" address line, which appears to be line 30.  

Thanks and regards, ~Ray

Author

Commented:
Hi Ray.  My apologies, I thought we were drifting a bit from the nub of the problem...  I appreciate your willingness to continue to help.

I have included the source code of a problem e:Mail below; see the To: header and you will see the server name appended.


Received:  from hyperion.crnet.org (143.65.1.83) by uk-lon-lexh01.crwin.crnet.org (10.61.236.42) with Microsoft SMTP Server (TLS) id 8.3.83.0; Mon, 18 Oct 2010 15:13:28 +0100
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Received:  from uk-lif-lbss01.crwin.crnet.org (uk-lif-lbss01.crnet.org [143.65.1.53])	by hyperion.crnet.org (8.13.1/8.13.1) with ESMTP id o9IEDWZD002558;	Mon, 18 Oct 2010 15:13:32 +0100
X-MimeOLE: Produced By Microsoft Exchange V8.3
Received:  by uk-lif-lbss01.crwin.crnet.org (Postfix, from userid 70)	id 4836D3129D1; Mon, 18 Oct 2010 15:13:32 +0100 (BST)
x-ms-exchange-organization-authas: Internal
x-ms-exchange-organization-authmechanism: 10
x-ms-exchange-organization-authsource: UK-LON-LEXH01.crwin.crnet.org
x-scanned-by: MIMEDefang 2.54 on 143.65.1.83
Content-class: urn:content-classes:message
Subject: LRI PhD Programme | Reference Confirmation
Date: Mon, 18 Oct 2010 15:13:32 +0100
Message-ID: <20101018141332.4836D3129D1@uk-lif-lbss01.crwin.crnet.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: LRI PhD Programme | Reference Confirmation
Thread-Index: ActuzqLWRCOWddNHTwqCfQAnFAm+0Q==
From: "lristudentships" <lristudentships@cancer.org.uk>
To: <"random.email@cancer.org.uk"@uk-lif-lbss01.crwin.crnet.org>
Cc: "lristudentships" <lristudentships@cancer.org.uk>
Reply-To: "lristudentships" <lristudentships@cancer.org.uk>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" =
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<style type=3D"text/css">
body {
background-color:#FFFFFF;
font-size:100%;
font-family: Verdana, Geneva, sans-serif;
margin-top: 0px;
}

h1 { =20
font-size:1em;
font-weight:300;
padding-top:15px;
padding-bottom:5px;
color:#EC008C;
border-bottom-color:#EC008C;
border-bottom-width:thin;
border-bottom-style:dashed;
}

h2 {
font-size:0.8em;
color:#1D0096;
padding-top:0px;
margin-top:0px;

}

p {
font-size:0.8em;
}

a:link {
color: #EC008C;=09
font-size:0.975em;
}


a:visited {
color: #EC008C;
font-size:0.975em;
}


a:hover {
color: #1D0096;
font-size:0.975em;
}

.allcontent {
width:780px;
margin-left:auto;
margin-right:auto;
}

.header {
background-image: url(../blue_bg.png);
background-repeat: repeat;
height:95px;
}

</style>
</head>
<body>
<div class=3D"allcontent">
<table width=3D"780" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" =
summary=3D"Header table for page">
<tr>
<td bgcolor=3D"#003399"><a  href=3D"http://www.cancerresearchuk.org" =
title=3D"Link to Cancer Research UK homepage. This will open in a new =
window." target=3D"_blank">
<img =
src=3D"http://london-research-institute.co.uk/images/pf/LRI_topnav_logo.g=
if" width=3D"220" height=3D"83" border=3D"0" alt=3D"Cancer Research UK =
Logo" title=3D"Cancer Research UK logo" /></a></td>
<td bgcolor=3D"#003399"><img =
src=3D"http://london-research-institute.co.uk/images/pf/blue_bg.gif" =
width=3D"36" height=3D"91" border=3D"0" alt=3D"" /></td>
<td bgcolor=3D"#003399"><a  =
href=3D"http://www.london-research-institute.org.uk/" title=3D"Link to =
London Research Institute homepage. This will open in a new window." =
target=3D"_blank"><img =
src=3D"http://london-research-institute.co.uk/images/pageheading/LRI_head=
ings.gif" width=3D"360" height=3D"83" border=3D"0" alt=3D"London =
Research Institute" title=3D"London Research Institute" /></a></td>
<td bgcolor=3D"#003399"><img =
src=3D"http://london-research-institute.co.uk/images/pf/blue_bg.gif" =
width=3D"144" height=3D"91" border=3D"0" alt=3D"" /></td>
</tr>
<tr>
<td colspan=3D"4"><img =
src=3D"http://london-research-institute.co.uk/images/pf/shim.gif" =
height=3D"1" border=3D"0" alt=3D"" /></td>
</tr>
</table>
<h1>LRI PhD Recruitment</h1>
<p>Dear Ref2Title Ref2Name Ref2Surname,</p>
<h2>Reference Submitted</h2>
<p>Thank you very much for submitting your reference on behalf of Dummy Registration.<br />
<br />
Yours sincerely<br />
<br />
<br />
LRI PhD Programme Administrator<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
</p>
</body>
</html>

Open in new window

Most Valuable Expert 2011
Top Expert 2016

Commented:
Amazing! The email you sent me looks nothing like the email you posted here.

Subject: LRI PhD Programme | Registration Information
Subject: LRI PhD Programme | Reference Confirmation

You've got to test the correct script if you want to get useful debugging information.  Please let's make sure we are on the same page.  First, use the failing script to send me the email, then use the code snippet to post the PHP source code for the failing script.  Thanks.

Author

Commented:
Hi Ray

I'm sorry for the confusion.  When you originally asked me to send you an e:Mail, I thought it was because you were interested in seeing what the headers looked like with the use of the fifth parameter in the PHP mail command...  I knew that that wasn't anything to do with my original question, so I just registered you on the site so you would receive an e:Mail sent using the PHP command that had the fifth parameter included.

The problem e:Mail has always been 'Reference Confirmation'.  I was able to post the source of the e:Mail in my previous post because this is the test I ran for myself when I noticed the problem occurring for other users.  In order to send this message to you I need to complete an application on the site, submit it then enter a reference with you as the referee (then you would get the Reference Confirmation e:Mail).  I' reluctant to do this because the recruitment system is 'live' and I'm pretty sure the headers (etc) will look the same as the code I posted above.  What is it that you're hoping to spot?

Tocacar
Most Valuable Expert 2011
Top Expert 2016

Commented:
What is it that you're hoping to spot?  I am hoping to spot the source of the error!

Here is what I suggest you do.  Create a simple test script that duplicates the email part of the "reference confirmation" - a script that injects the error string just like the live script does.  Post that test script here, and use it to send me an email.  Then we will at least have the script and the data aligned consistently.

I'll check back later today, ~Ray

Author

Commented:
Now we're getting to the nub of my original question!  The problem ONLY occurs on the Reference Confirmation e:Mail generated by my site.  I cannot recreate the problem in any other use of the PHP mail command.

1.  NONE of the other e:Mails generated by the site append the server name to the recipient's e:Mail address.

2.  Any other e:Mail I try to generate with a standalone PHP mail command does NOT append the server name to the recipient e:Mail address.

Ray, it's *only* happening for the Reference Confirmation e:Mail generated by my site's ref_submit.php page!  That's the only place.  It doesn't happen anywhere else.  I cannot recreate it outside of that specific use of the mail command.  That's why I'm trying to understand it.  I hope this is now clear.

Most Valuable Expert 2011
Top Expert 2016

Commented:
OK, please post the ENTIRE COMPLETE CODE of the script that is doing this.  You can obscure any DB passwords, but make NO OTHER CHANGES AT ALL.  Thanks.

Author

Commented:
I already did - it's the submit-ref.php page that I attached to an earlier post (see above).  

When the referee clicks the submit button on the reference page, submit-ref.php is called which saves the reference to the database and then sends the referee (and applicant) an e:Mail confirming receipt of the reference.

I'm sorry if I'm being a bit thick Ray.  I am trying to provide you with what you need (honest), but I'm aware might not be your perception.  I do appreciate your help.
Most Valuable Expert 2011
Top Expert 2016
Commented:
OK, let's try running this.  I think there may be a clue if we can see the $to addresses.
<?php

// check for session variables
session_start();
	
include("includes/FileMaker.php");
include("includes/functions.php");
 
	
if (isset($_SESSION["logged_in_referee"]))

{
		
   
   $fm = db_connect();
  
   $recid = POST('recid');
	
   $values['d_Ref_NameTitle']    						= POST('title');
			$values['d_Ref_NameFirst']    						= POST('namefirst');
			$values['d_Ref_NameLast']    						 = POST('namelast');
			$values['d_Relationship']    	 					= POST('relationship');
			$values['d_Ability_Academic']   				= POST('academic');
			$values['d_PerformanceExams']    			= POST('exams');
			$values['d_PerformancePractical']   = POST('practical');
			$values['d_OrganisationSkills']    	= POST('organisation');
			$values['d_Ability_Writing'] 							= POST('writing');
			$values['d_Ability_Speaking']   				= POST('speech');
			$values['d_InterpersonalSkills']    = POST('interaction');
			$values['d_Responsible']   									= POST('responsibility');
			$values['d_Reliability']    								= POST('reliability');
			$values['d_Initiative']    									= POST('initiative');
			$values['d_Rank']    															= POST('rank');
			$values['d_GradeExpected'] 									= POST('grade');
			$values['d_Comments']   												= POST('comments');

    
   clean($values);


   $record = $fm->getRecordById("web_references_reference",$recid);
    
   foreach($values as $fieldName=>$fieldValue) 
			{
        $record->setField($fieldName,$fieldValue);
   }
	
	  $record->setField('w_Submit','Yes');
    
   $result = $record->commit();
   $error = error_check($result);
    
	  if (!$error) {
	
   //Send email confirmation email to referee
		
		$ref_name = $_SESSION['logged_in_referee'];
		$ref_email = $_SESSION["logged_ref_email"];
		$applicant = POST('applicant');
		
		$to = str_replace(array("\r", "\n"),"",$ref_email);

// PRINT THE TO ADDRESS
echo "<pre>";
echo '_SESSION["logged_ref_email"]';
var_dump($to);
echo "</pre>";

		$subject = "LRI PhD Programme | Reference Confirmation";
		$mime_boundary = '_x'.sha1(time()).'x';
					
		$headers = <<<HEADERS
From: LRI PhD Studentships <lristudentships@cancer.org.uk>
Reply-to: LRI PhD Studentships <lristudentships@cancer.org.uk>
Cc: LRI PhD Studentships <lristudentships@cancer.org.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="==PHP-alt$mime_boundary"
HEADERS;

					
		$body =  <<<MESSAGE

--==PHP-alt$mime_boundary
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Dear $ref_name

RE: Reference Submitted

Thank you very much for submitting your reference on behalf of $applicant.

Yours sincerely

LRI PhD Programme Administrator
		
		


--==PHP-alt$mime_boundary
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<style type="text/css">
body {
background-color:#FFFFFF;
font-size:100%;
font-family: Verdana, Geneva, sans-serif;
margin-top: 0px;
}

h1 {  
font-size:1em;
font-weight:300;
padding-top:15px;
padding-bottom:5px;
color:#EC008C;
border-bottom-color:#EC008C;
border-bottom-width:thin;
border-bottom-style:dashed;
}

h2 {
font-size:0.8em;
color:#1D0096;
padding-top:0px;
margin-top:0px;

}

p {
font-size:0.8em;
}

a:link {
color: #EC008C;	
font-size:0.975em;
}


a:visited {
color: #EC008C;
font-size:0.975em;
}


a:hover {
color: #1D0096;
font-size:0.975em;
}

.allcontent {
width:780px;
margin-left:auto;
margin-right:auto;
}

.header {
background-image: url(../blue_bg.png);
background-repeat: repeat;
height:95px;
}

</style>
</head>
<body>
<div class="allcontent">
<table width="780" cellspacing="0" cellpadding="0" border="0" summary="Header table for page">
<tr>
<td bgcolor="#003399"><a  href="http://www.cancerresearchuk.org" title="Link to Cancer Research UK homepage. This will open in a new window." target="_blank">
<img src="http://london-research-institute.co.uk/images/pf/LRI_topnav_logo.gif" width="220" height="83" border="0" alt="Cancer Research UK Logo" title="Cancer Research UK logo" /></a></td>
<td bgcolor="#003399"><img src="http://london-research-institute.co.uk/images/pf/blue_bg.gif" width="36" height="91" border="0" alt="" /></td>
<td bgcolor="#003399"><a  href="http://www.london-research-institute.org.uk/" title="Link to London Research Institute homepage. This will open in a new window." target="_blank"><img src="http://london-research-institute.co.uk/images/pageheading/LRI_headings.gif" width="360" height="83" border="0" alt="London Research Institute" title="London Research Institute" /></a></td>
<td bgcolor="#003399"><img src="http://london-research-institute.co.uk/images/pf/blue_bg.gif" width="144" height="91" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="4"><img src="http://london-research-institute.co.uk/images/pf/shim.gif" height="1" border="0" alt="" /></td>
</tr>
</table>
<h1>LRI PhD Recruitment</h1>
<p>Dear $ref_name,</p>
<h2>Reference Submitted</h2>
<p>Thank you very much for submitting your reference on behalf of $applicant.<br />
<br />
Yours sincerely<br />
<br />
<br />
LRI PhD Programme Administrator<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
</p>
</body>
</html>
--==PHP-alt$mime_boundary--
MESSAGE;
				

				if (!mail($to, $subject, $body, $headers, "-flristudentships@cancer.org.uk")) {
				  
				  fail
				  ("referee confirmation e:Mail failed", true);
				 }	
				 
				 
		
		
		
		//Send email confirmation email to applicant (first, get applicants email address - this is was not hidden on previous page to protect the applicant's privacy)
		
				    
		$record = $fm->getRecordById("web_references_reference", $recid);
		
		//check to see if there was an error in finding the user's record and save result to a variable
		$error = error_check($record);   
		
		
		// if the query doesnt execute, show an error message
		if (!$error) 
		{
				
				$applicant = $record->getField('Applicants::c_NameFull');
		
				$to = str_replace(array("\r", "\n"),"",$record->getField('Applicants::d_Email'));

// PRINT THE TO ADDRESS
echo "<pre>";
echo "record->getField('Applicants::d_Email')";
var_dump($to);
echo "</pre>";
				
				$subject = "LRI PhD Programme | Reference Submitted";
				$subject = "LRI PhD Programme | Reference Confirmation";
				$mime_boundary = '_x'.sha1(time()).'x';
					
				$headers = <<<HEADERS
From: LRI PhD Studentships <lristudentships@cancer.org.uk>
Reply-to: LRI PhD Studentships <lristudentships@cancer.org.uk>
Cc: LRI PhD Studentships <lristudentships@cancer.org.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="==PHP-alt$mime_boundary"
HEADERS;

					
				$body =  <<<MESSAGE

--==PHP-alt$mime_boundary
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Dear $applicant

RE: Reference Submitted

This is to confirm that one of your named referees, $ref_name, has submitted a reference to support your application to the Cancer Research UK London Research Institute PhD Programme.

If you did not name $ref_name as a referee, please inform us urgently.  Thank you.

Yours sincerely

LRI PhD Programme Administrator



--==PHP-alt$mime_boundary
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<style type="text/css">
body {
background-color:#FFFFFF;
font-size:100%;
font-family: Verdana, Geneva, sans-serif;
margin-top: 0px;
}

h1 {  
font-size:1em;
font-weight:300;
padding-top:15px;
padding-bottom:5px;
color:#EC008C;
border-bottom-color:#EC008C;
border-bottom-width:thin;
border-bottom-style:dashed;
}

h2 {
font-size:0.8em;
color:#1D0096;
padding-top:0px;
margin-top:0px;

}

p {
font-size:0.8em;
}

a:link {
color: #EC008C;	
font-size:0.975em;
}


a:visited {
color: #EC008C;
font-size:0.975em;
}


a:hover {
color: #1D0096;
font-size:0.975em;
}

.allcontent {
width:780px;
margin-left:auto;
margin-right:auto;
}

.header {
background-image: url(../blue_bg.png);
background-repeat: repeat;
height:95px;
}

</style>
</head>
<body>
<div class="allcontent">
<table width="780" cellspacing="0" cellpadding="0" border="0" summary="Header table for page">
<tr>
<td bgcolor="#003399"><a  href="http://www.cancerresearchuk.org" title="Link to Cancer Research UK homepage. This will open in a new window." target="_blank">
<img src="http://london-research-institute.co.uk/images/pf/LRI_topnav_logo.gif" width="220" height="83" border="0" alt="Cancer Research UK Logo" title="Cancer Research UK logo" /></a></td>
<td bgcolor="#003399"><img src="http://london-research-institute.co.uk/images/pf/blue_bg.gif" width="36" height="91" border="0" alt="" /></td>
<td bgcolor="#003399"><a  href="http://www.london-research-institute.org.uk/" title="Link to London Research Institute homepage. This will open in a new window." target="_blank"><img src="http://london-research-institute.co.uk/images/pageheading/LRI_headings.gif" width="360" height="83" border="0" alt="London Research Institute" title="London Research Institute" /></a></td>
<td bgcolor="#003399"><img src="http://london-research-institute.co.uk/images/pf/blue_bg.gif" width="144" height="91" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="4"><img src="http://london-research-institute.co.uk/images/pf/shim.gif" height="1" border="0" alt="" /></td>
</tr>
</table>
<h1>LRI PhD Recruitment</h1>
<p>Dear $applicant,</p>
<h2>Reference Submitted</h2>
<p>This is to confirm that one of your named referees, $ref_name, has submitted a reference to support your application to the Cancer Research UK London Research Institute PhD Programme.<br />
<br />
If you did not name $ref_name as a referee, please inform us urgently.  Thank you.<br />
<br />
<br />
Yours sincerely<br />
<br />
<br />
LRI PhD Programme Administrator<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
</p>
</body>
</html>
--==PHP-alt$mime_boundary--
MESSAGE;
		
				
				if (!mail($to, $subject, $body, $headers, "-flristudentships@cancer.org.uk")) {
				  
				  fail("applicant reference confirmation e:Mail failed", true);
				 }	
			
				 
				
			} else if ($error) {
	
				fail ("Database error: " . $error, true);
				exit;
	
			}
				 
				 
	
		setup_page("LRI PhD Recruitment", "Reference Submitted");
		?>
		<br /><p>Thank you for submitting a reference on behalf of <?php echo POST('applicant');?>. You should receive a confirmation e:Mail shortly.
		<br />
  <br />
  <a href="ref_page1.php?recid=<?php echo $recid;?>&amp;token=<?php echo $record->getField('w_RefereeSecurityToken');?>" class="logged_in"><img src="btn_back.png" alt="Back" /></a></p>
		<?php
		
	} else if ($error) {
	
		fail ("Database error: " . $error, true);
		exit;
	
	}
	
} else {

	// inform the user of this, show the links and stop executing this script
	fail ("code: sync_client_server", true);
		
}


include("footer.html");


?> 

Open in new window

Author

Commented:
Ray - this must be why you have a gazillion points!

The problem is being caused by the e:Mail address in the $_SESSION variable being in quotes ("").  This is happening because, when the referee logs in, one of the required credentials is their e:Mail address.  In order to authenticate the referee I search the e:Mail address (and password) field in the database.  I need to put the e:Mail address from the $_POST into a variable with quotes around it and use that for the search (otherwise the database thinks the '@' sign is a search operand and doesn't work as expected).  

Unfortunately, I then go on to store that quoted variable in the $_SESSION after the record was found in the database (instead of storing the $_POST value, which obviously isn't in quotes).  

So, the server is adding it's name to the end of the recipient e:Mail address because it has quotes around it!  It wasn't preventing the e:Mail being sent, I just couldn't see why it was doing it for one e:Mail and not the others (I don't replicate this mistake anywhere else).

You're a genius (and a sage, a wizard, guru, master....).  THANK YOU for your help *and* your patience!  Awarding points now.


 
Most Valuable Expert 2011
Top Expert 2016

Commented:
Great! Glad we found it.  Here is how I would handle an email address in the POST array:

$eml = mysql_real_escape_string(trim($_POST["email"]));
$sql = "SELECT my_key FROM my_table WHERE my_email = '$eml' LIMIT 1";

...etc...

In PHP programming, var_dump() is almost always your best friend ;-)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial