Sending Mail via HREF onclick

Marcel73

Greetings,
I have a php script called "mail.php" located in my /scripts dir that has a function called send_confirmation($usr).

I have another php page as follows:

<?php
include("scripts/mail.php");
$email = $_SESSION['email'];
?>
<HTML><HEAD><TITLE>Confirmation</TITLE></HEAD><BODY>
<a href="#" onClick="send_confirmation(&quot;<?= $email; ?>&quot;)">Send Confirmation</a> 
</BODY>
</HTML>

What I am trying to do is have a php page call a php function in another script, from a link.

Can you tell me what is wronge with my code. I get an error in my browser when I click the "Send Confirmation" link.

Thanks,
Marcel Sammut

rehfeld

you have a few problems

1-your html is malformed

try


<a href="#" onClick="send_confirmation('<?= $email; ?>')">Send Confirmation</a>

2- you never even define a js function called 'send_confirmation'

3- why even use js?

just do this...


<a href="http://yourwebsite/confirm.php?id=<?php echo $email; ?>">Send Confirmation</a>

1 thing though, you shouldnt confirm exactly like that. anybody could just goto http://yourwebsite/confirm.php?id=email@example.org

to fake a confirmation. your idea of using js also has this vulnerability.

the solution is to create a unique id for each person, and then store it in your database, and assosciate it to the email address

<?php

$confirmation_id = uniqid();

// now store $confirmation_id in your db w/ thier email


?>
<a href="http://yourwebsite/confirm.php?id=<?php echo $confirmation_id; ?>">Send Confirmation</a>

then in confirm.php


$id = $_GET['id'];


// now approve this id in your db, and approve the email connected to it. done.

Marcel73

Thanks for your comments.

Since I really don't want to involve another scripting language in my site, I decided to use a form to post a PHP page with the method name and arguments as you mentioned in you example.

This works fine and now I also have access to IMAP using strickly PHP.

Cheers,
Marcel