using mail with ob_start

Posted on 2012-08-24
Last Modified: 2012-08-28
i have a report that run monthly automatically and send emails to each customers in the report for this i m using
$output = ob_get_clean();
   echo $output; 
   mail($email,"Hi:". $surname,"<html><body>$output</body></html>","MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n"); 

Open in new window

and i m using this to include it in the body when he clicks he can see his report with chart
echo $url;  
my problem when each customer clicks in the links in the email he get all the customers that i dont want normally each customer get his report ..
that what i get in the email
      Unit Name :
Ballycumber Community Centre      Account Name :
Castlewarren GWS      Customer Name :
Report Date :
01-07-2012      Report Units :
Report Name :
Daily Totals Usage Report
Date      Ballycumber Community Centre Chl Res                        Total
01-07-2012      0.00                        850.00
01-07-2012      0.00                        100.00
Total      0                        950.00
Daily Average      0.00                        0.00

Question by:asaidi
    LVL 29

    Expert Comment

    by:Olaf Doschke
    Well, if you want a mail to contain a link getting data for this one customer only, include a parameter identifiying for which customer to get the report data. It shouldn't be too obvious as in http://yourdomain:8080/campion/css2/monthly.php?customer=name, because then he can also get data for other customers simply by changing the name.

    So while composing the mail create a unique random value you add to the link and store it with the customer id. If the mail link is clicked you see what customer data to return.

    This way your link would look like

    monthly.php would then take the requestid value and lookup the customerid with it. Your customers will not be able to guess which other requestid will give them data for other customers.

    The ideal thing to do, though, is add a login.

    Check for a php session with any request no matter if coming from mail or from the web, if a customer logs in set a session variable with the customerid, if that is not yet set redirect each request to a login page and after login redirect to the original request uri.

    That's applicable anywhere you want to know who is making any request to only return the data he's legitimate to see.

    The pattern of redirect after login is described here:

    Make that a general include in all your php scripts to all pages that need a logged in user to output a user specific page and no matter what url a user bookmarks, if that page needs login, it will redirect to the login, unless the session value set by login is already set.

    Bye, Olaf.

    Author Comment

    Hi Olaf
    the problem that this script will run automatically every month sending emails to all customers in database (automatic report) filled by a user..
    LVL 29

    Accepted Solution

    And what's the propblem with that? The login doesn't occur when the mails are generated, but when the customer clicks the link in his mail.

    The script to generat ethe mails obviously is one of those, to which you don't apply the login check and redirect.

    Bye, Olaf.

    Author Comment

    ok then
    i understood means when the customer clicks on the link he must first logging to see the page
    LVL 29

    Expert Comment

    by:Olaf Doschke
    Yes, but maybe I overlooked you use the same script for generating mails and embedded in the mail for looking at one customers report.

    You need two different entry points. Eg mail.php and display.php, bith include monthyl.php with differing parameterisation. Then you can pout the login redirection code into display.php only and not into mail.php and monthly.php is just containing the code both scripts need to share.

    Look into and

    Bye, Olaf.

    Author Comment

    I think i dont need logging system as the logging is done only for accounts and each account has one or more customers...the account can see all the customers but customer can see only himself
    LVL 29

    Expert Comment

    by:Olaf Doschke
    logging is not login. Otherwise I see what you mean about the number of customer vs accounts.

    Still you only want users of a certain customer to see that customers data. That does sill men the need to login or obfuscate the link so no user of no customer can guess the correct link to data of another customer.

    Bye, Olaf.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now