Sending Email with PHP

Asif Ahmed

In our last post, we saw how to create the front end form (with some HTML5 spice) that will help us send emails to anyone! What we will be creating is the ability to send emails to anyone from anyone. This could be also known as “email spoofing“. Even though it is really easy to write a script that can spoof emails, luckily, any good mail client should be able to detect that these emails are spam. Though email spoofing is an illegitimate use of the PHP mail function, sometimes on your website you will need to use PHP mail to send your users a quick email. Let’s go over the basics of how to use the PHP mail function.

The documentation on the PHP website for the mail function┬áis incredibly solid. Here is the mail function – mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] ). It takes a “to” parameter…this is where you want to send the email. It takes a subject and message parameters (pretty self-explanatory). It also takes a string of additional headers. This is where you specify who is sending the email and what the reply-to email address is. You can also “CC” or “BCC” people with this parameter. Let’s combine this mail function with our previous form. Some sample PHP to use this mail function is below.

<?php

if($_POST){
	$to = $_POST['to'];
	$from = $_POST['from'];
	$subject = $_POST['subject'];
	$message = $_POST['message'];

	$headers   = array();
	$headers[] = "MIME-Version: 1.0";
	$headers[] = "Content-type: text/plain; charset=iso-8859-1";
	$headers[] = "From: Random Person <".$from.">";
	$headers[] = "Subject: {$subject}";
	$headers[] = "X-Mailer: PHP/".phpversion();

	if(mail($to, $subject, $message, implode("\r\n", $headers))){
		echo "Email sent successfully";
	}
	else{
		echo "failure sending email";
	}
}

?>

In our code we parse the $_POST variable to get the to, from, subject, and message fields. If you remember all these fields are required on the front end form due to the required attribute. We also create an array of headers, then end up converting this array into a string that is separated by “\r\n”. We must remember that when we create this “header” string we must separate each header with a “\r\n”. We check if the email was sent successfully and print out a message to the user depending on success/failure. Although we can check if it was sent successfully, we cannot check if the email was received successfully.

The entire code is duplicated below. This include the front end form and PHP mail script. I would include a link to the actual email spoofing script, but that seems like it could get me into trouble. You can just copy/paste the script below on your website, however.

<?php

if($_POST){
	$to = $_POST['to'];
	$from = $_POST['from'];
	$subject = $_POST['subject'];
	$message = $_POST['message'];

	$headers   = array();
	$headers[] = "MIME-Version: 1.0";
	$headers[] = "Content-type: text/plain; charset=iso-8859-1";
	$headers[] = "From: Random Person <".$from.">";
	$headers[] = "Subject: {$subject}";
	$headers[] = "X-Mailer: PHP/".phpversion();

	if(mail($to, $subject, $message, implode("\r\n", $headers))){
		echo "Email sent successfully";
	}
	else{
		echo "failure sending email";
	}
}

?>
<!doctype html>
<html>
<head>
	<title>PHP Email</title>
	<style>
	body {
		font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
	}
	:invalid { 
	  border-color: #e88;
	  -webkit-box-shadow: 0 0 5px rgba(255, 0, 0, .8);
	  -moz-box-shadow: 0 0 5px rbba(255, 0, 0, .8);
	  -o-box-shadow: 0 0 5px rbba(255, 0, 0, .8);
	  -ms-box-shadow: 0 0 5px rbba(255, 0, 0, .8);
	  box-shadow:0 0 5px rgba(255, 0, 0, .8);
	}

	:required {
	  border-color: #88a;
	  -webkit-box-shadow: 0 0 5px rgba(0, 0, 255, .5);
	  -moz-box-shadow: 0 0 5px rgba(0, 0, 255, .5);
	  -o-box-shadow: 0 0 5px rgba(0, 0, 255, .5);
	  -ms-box-shadow: 0 0 5px rgba(0, 0, 255, .5);
	  box-shadow: 0 0 5px rgba(0, 0, 255, .5);
	}
	form {
	  width:300px;
	  margin: 20px auto;
	}

	input, textarea {
	  border:1px solid #ccc;
	  width:300px;
	  min-height:30px;
	  display:block;
	  margin-bottom:15px;
	  margin-top:5px;
	  outline: none;

	  -webkit-border-radius:5px;
	  -moz-border-radius:5px;
	  -o-border-radius:5px;
	  -ms-border-radius:5px;
	  border-radius:5px;
	}
	input {
		font-size:18px;
	}
	textarea{
		height: 300px;
	}

	input[type=submit] {
	  background:none;
	  padding:10px;
	}
	</style>
</head>
<body>
	<form method="post">
	<h3>Send Email with PHP</h3>
	<label>To</label><input type="email" autofocus required placeholder="who is this email for?" name="to"/>
	<label>From</label><input type="email" required placeholder="who is this email from?" name="from"/>
	<label>Subject</label><input type="text" required placeholder="what is this email about?" name="subject"/>
	<label>Body</label><textarea required name="message"></textarea>
	<input type="submit" value="Submit" />
</body>
</html>
  • tomi

    Hello, thanks for the tutorial, the reply-to email field is not included in your final script. Please how do I pass it into the mail function and which other settings need to be done.

    Thanks

    • Asif Ahmed

      Hey tomi,

      You would add a reply-to header within the header variable. Something like below

      $headers[] = "Reply-To: Recipient Name ";

      For a good mail reference check out – PHP Mail Documentation