I am given 30 minutes to make a program for a friend (he needs it quickly), and I'm having trouble with the code.

Basically he wants to send emails, but he wants only one email field, and each email to be separated by a space.

This is what I have so far:
index.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Mass Emails</title>
</head>

<body>
<form action="send.php" method="post">
Send mass emails:<br>
Send to: <input name="to" type="text" value="" style="width:500"><br>
# of Emails: <input name="number" type="text" value="" style="width:500"><br>
From: <input name="from" type="text" value="" style="width:500"><br>
Subject: <input name="subject" type="text" value="" style="width:500"><br>
Message: <textarea name="message" rows= cols= style="width:500"></textarea><br>
<input type="submit" value="Send Emails">
</form>

</body>
</html>


send.php
<?php
$from = $_POST['from'];
$subject = $_POST["subject"];
$message = $_POST["message"];
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "Content-Transfer-Encoding: 7bit\r\n";
$headers .= "From: " . $from . "\r\n";
$c = 0;
$emailto = $_POST['to'];
for ($k=0; $k<=count($emailto)-1; $k++) {
$emailto = explode(" ",$emailto[$k]);
}
while($c<=$_POST['number']) {
$mailsent = mail($emailto[$c], $subject, $message, $headers);
}
?>


The problem is the send page won't load. I think it is in a loophole and can't load the send.php page.

Can someone please help me with this? Any help would be nice, and the faster the better.

Thanks!

Loophole? This script is a recipie for spammers!!!!

Never, ever, ever, ever, ever, ever allow people to set your From address (or other headers) from a form!!!

I fixed the loophole. By the way, it does NOT send lots of emails because it developes errors.

Here are the most recent codes. I figured out the problem is in the "For" statement.


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Mass Emails</title>
</head>

<body>
<form action="send.php" method="post">
Send mass emails:<br>
Send to: <input name="to" type="text" value="" style="width:500"><br>
# of Emails: <input name="number" type="text" value="" style="width:500"><br>
From: <input name="from" type="text" value="" style="width:500"><br>
Subject: <input name="subject" type="text" value="" style="width:500"><br>
Message: <textarea name="message" rows= cols= style="width:500"></textarea><br>
<input type="submit" value="Send Emails">
</form>

</body>
</html>


send.php
<?php
$from = $_POST['from'];
$subject = $_POST["subject"];
$message = $_POST["message"];
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "Content-Transfer-Encoding: 7bit\r\n";
$headers .= "From: " . $from . "\r\n";
$c = 1;
$emailto = $_POST['to'];
for ($k=0; $k<=count($emailto)-1; $k++) {
$emailto = explode(" ",$emailto[$k]);
}
while($c<=$_POST['number']) {
$mailsent = mail($emailto[$c], $subject, $message, $headers);
echo $emailto[$c]. "<br>";
if ($mailsent) {
echo "Sent.<br>";
} else {
echo "Failed.<br>";
}
$c++;
}
echo "<br>Done!";
?>

I think you over reacted.
If a security image feature were to be implemented it should be safe enough.

Originally posted by fyrestrtr
Loophole? This script is a recipie for spammers!!!!

Never, ever, ever, ever, ever, ever allow people to set your From address (or other headers) from a form!!!

No, an image won't help here. That helps against automated scripts, but here all of the needed fields are already in the form, so a spammer can enter it by hand easily enough.

Yeah I guess there are some pretty clueless spammers who don't mind pushing out emails one by one, patiently typing in the security image for each mail when they can be doing millions of spams in a day.

Originally posted by hiryuu
No, an image won't help here. That helps against automated scripts, but here all of the needed fields are already in the form, so a spammer can enter it by hand easily enough.

Originally posted by Roy@ENHOST
Yeah I guess there are some pretty clueless spammers who don't mind pushing out emails one by one, patiently typing in the security image for each mail when they can be doing millions of spams in a day.
Read the subject (Mass Emailer), the spec (space separated list), and the code ($_POST[to] is exploded into a loop). I'm not sure exactly what the limit is on a browser text field (I've heard 32k for most), but you can build your own POST of pretty much any size you need. So yes, some key work for each unique message, but plenty of recipients on each POST.

The OP is having problems because he treats $mailto as an array when it's a string. Going with an appropriate foreach loop, instead of a for loop, will also avoid a huge mess that's brewing.