using mail with ob_start

Posted on 2012-08-24
Medium Priority
Last Modified: 2012-08-28
i have a report that run monthly automatically and send emails to each customers in the report for this i m using
$output = ob_get_clean();
   echo $output; 
   mail($email,"Hi:". $surname,"<html><body>$output</body></html>","MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n"); 

Open in new window

and i m using this to include it in the body when he clicks he can see his report with chart
echo $url;  
my problem when each customer clicks in the links in the email he get all the customers that i dont want normally each customer get his report ..
that what i get in the email
      Unit Name :
Ballycumber Community Centre      Account Name :
Castlewarren GWS      Customer Name :
Report Date :
01-07-2012      Report Units :
Report Name :
Daily Totals Usage Report
Date      Ballycumber Community Centre Chl Res                        Total
01-07-2012      0.00                        850.00
01-07-2012      0.00                        100.00
Total      0                        950.00
Daily Average      0.00                        0.00

Question by:asaidi
  • 4
  • 3
LVL 30

Expert Comment

by:Olaf Doschke
ID: 38332329
Well, if you want a mail to contain a link getting data for this one customer only, include a parameter identifiying for which customer to get the report data. It shouldn't be too obvious as in http://yourdomain:8080/campion/css2/monthly.php?customer=name, because then he can also get data for other customers simply by changing the name.

So while composing the mail create a unique random value you add to the link and store it with the customer id. If the mail link is clicked you see what customer data to return.

This way your link would look like

monthly.php would then take the requestid value and lookup the customerid with it. Your customers will not be able to guess which other requestid will give them data for other customers.

The ideal thing to do, though, is add a login.

Check for a php session with any request no matter if coming from mail or from the web, if a customer logs in set a session variable with the customerid, if that is not yet set redirect each request to a login page and after login redirect to the original request uri.

That's applicable anywhere you want to know who is making any request to only return the data he's legitimate to see.

The pattern of redirect after login is described here: http://stackoverflow.com/questions/2308003/php-redirect-to-previous-after-logging-in

Make that a general include in all your php scripts to all pages that need a logged in user to output a user specific page and no matter what url a user bookmarks, if that page needs login, it will redirect to the login, unless the session value set by login is already set.

Bye, Olaf.

Author Comment

ID: 38340414
Hi Olaf
the problem that this script will run automatically every month sending emails to all customers in database (automatic report) filled by a user..
LVL 30

Accepted Solution

Olaf Doschke earned 2000 total points
ID: 38340644
And what's the propblem with that? The login doesn't occur when the mails are generated, but when the customer clicks the link in his mail.

The script to generat ethe mails obviously is one of those, to which you don't apply the login check and redirect.

Bye, Olaf.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 38341945
ok then
i understood means when the customer clicks on the link he must first logging to see the page
LVL 30

Expert Comment

by:Olaf Doschke
ID: 38342024
Yes, but maybe I overlooked you use the same script for generating mails and embedded in the mail for looking at one customers report.

You need two different entry points. Eg mail.php and display.php, bith include monthyl.php with differing parameterisation. Then you can pout the login redirection code into display.php only and not into mail.php and monthly.php is just containing the code both scripts need to share.

Look into http://php.net/manual/de/function.include.php and http://www.php.net/manual/de/function.require.php

Bye, Olaf.

Author Comment

ID: 38342034
I think i dont need logging system as the logging is done only for accounts and each account has one or more customers...the account can see all the customers but customer can see only himself
LVL 30

Expert Comment

by:Olaf Doschke
ID: 38342125
logging is not login. Otherwise I see what you mean about the number of customer vs accounts.

Still you only want users of a certain customer to see that customers data. That does sill men the need to login or obfuscate the link so no user of no customer can guess the correct link to data of another customer.

Bye, Olaf.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question