doctorbill
asked on
php mailer
I have set up a php mailer application which sends out emails to clients for payment as a weblink in the body of the email
When they click on the link the following url is accessed (the InvNo will obviously change depending on the client):
http://ticktockit.dyndns.biz:888/ticktock_int/results_invoices_IDSel_Client.php?invNo=295
How can I send this url as an encrypted url or as a url which is not visible?
Is https the only way?
When they click on the link the following url is accessed (the InvNo will obviously change depending on the client):
http://ticktockit.dyndns.biz:888/ticktock_int/results_invoices_IDSel_Client.php?invNo=295
How can I send this url as an encrypted url or as a url which is not visible?
Is https the only way?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The idea will be to put this on my official hosted website (hosted by names.co.uk) which has a working database, so the dyndns will not be an issue
Here is the code:
This is the part that concerns me:
$paypal = $_GET['invPaypal'];
'.$break.'<a href='.$paypal.' style="text-decoration:non e"><p style="font-size:30px; color: #808080">Click Here to go to payment web page</p></a>';
I want to be able to encode this to stop the possibility of injection or changing the database reference
Here is the code:
<?php require_once('../Connections/TickTockDB.php'); ?>
<?php
error_reporting(E_ALL);
require("/phpmailertest/PHPMailer_5.2.4/class.phpmailer.php");
$breakecho = "<br />";
echo $_GET['invPath'];
echo $breakecho.$_GET['emailAddress'];
echo $breakecho.$_GET['invTotal'];
echo $_GET['invDetails'];
echo $breakecho.$_GET['invPaypal'];
//$path = '2205-Invoice-British Friends of BAR-ILAN University-No.265-1453153496.pdf';
//$path = '../ticktockInt/documents/Invoices/PaidInvoice-Perfect Travel Ltd-No.284-1482266230.pdf';
$location = "../";
$break = "<br />";
$pound = "£";
$space = " ";
$path = $_GET['invPath'];
$url = '';
$mailaddress = $_GET['emailAddress'];
$invdetails = $_GET['invDetails'];
$invoicetotal = $_GET['invTotal'];
$paypal = $_GET['invPaypal'];
$name= 'test.pdf';
$encoding = 'base64';
$type = 'application/pdf';
$mail = new PHPMailer;
$mail->setFrom('info@ticktockit.net', 'TickTockIT');
$mail->addAddress($mailaddress, 'My Contact');
//$mail->addAddress('bill@inventas.co.uk', 'My Contact');
//$mail->addStringAttachment(file_get_contents($path), 'invoice.pdf');
//$mail->addAttachment($path, $name, $encoding, $type);
//$mail->addStringAttachment($path, $name, $encoding, $type);
$mail->addAttachment($path);
$mail->AddEmbeddedImage('images/payment.gif', 'PaypalImage');
$mail->Subject = 'Invoice from TickTockIT';
$mail->Body = $Body;
$mail->IsHTML(true);
$mail->Body = 'Attached Invoice for the following IT work:
'.$break.'Invoice Amount:'.$space.$pound.''.$invoicetotal.'
'.$break.'Details:'.$invdetails.'
'.$break.$break.'Paypal Link:'.$space.$paypal.'
'.$break.$break.'</a><img src="cid:PaypalImage" />
'.$break.'<a href='.$paypal.' style="text-decoration:none"><p style="font-size:30px; color: #808080">Click Here to go to payment web page</p></a>';
if(!$mail->send()) {
echo 'Message was not sent.';
echo 'Mailer error: ' . $mail->ErrorInfo;
} else {
echo 'Message has been sent.';
}
?>
This is the part that concerns me:
$paypal = $_GET['invPaypal'];
'.$break.'<a href='.$paypal.' style="text-decoration:non
I want to be able to encode this to stop the possibility of injection or changing the database reference
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all
Completed
Completed
ASKER
https://your-domain.com/order-$hash - where $hash is a random 32 byte code or some other hash
--------------------
The password protection is another issue which I can overcome using .htaccess
Yes - I am just trying to "obfuscate http://ticktockit.dyndns.biz:888/ticktock_int/results_invoices_IDSel_Client.php?invNo=295 which you can do by code" - exactly
How does one do this?