php Mail() not returning true

[christofer.peterson27]

I am designing a registration system for users to my site. I want to send an HTML email to them when they register. I copied a majority of this code from another site that I did where the html mail works. This one, however, is returning false. I was hoping to get a fresh set of eyes since I'm not seeing the problem

Thanks for your help:

Code:

if(!$errors)
		{
			$Password = Encrypt($_POST[Password]."Caro-Kann");
			$_POST[Password] = NULL;
			$_POST[Password2] = NULL;
			$First = mysql_escape_string($_POST[First]);
			$Last = mysql_escape_string($_POST[Last]);
			$Email = mysql_escape_string($_POST[Email]);
			$AltEmail = mysql_escape_string($_POST[AltEmail]);
			date_default_timezone_set("America/Denver");
			$LastLogin = date("Y-m-d H:i:s",time());
			$Confirmation = rand(1000,9999);			
			$message = "
<html>
<head>
<link rel=\"stylesheet\" type=\"text/css\" href=\"http://ucdchessclub.com/css/common.css\">
</head>
<body style=\"background: black; color: white;\">
	<div>
		<a href=\"http://ucdchessclub.com\" target=\"_blank\" style=\"float: left; margin-right: 20px; margin-bottom: 20px;\"><img src=\"http://ucdchessclub.com/images/culogo.png\" /></a>
		<h1>UCD Chess Club</h1>
		<p style=\"clear: both;\">Dear $First $Last,</p>
		<p>Thank you for registering an account with the UCD Chess Club!</p>
		<p>In order to verify your account, you will need to log in at <a href=\"http://ucdchessclub.com/signin.php\" target=\"_blank\">http://ucdchessclub.com/signin.php</a>
		   and entering the confirmation code.</p>
		<p>Your confirmation code is:</p>
		<h3>$Confirmation</h3>
		<p>If you have any questions about this email, please reply. If you have difficulty confirming your email address, or you did not sign up to the UCD Chess Club, please
		   contact <a href=\"mailto:admin@ucdchessclub.com\">admin@ucdchessclub.com</a>.
		</p>
		<p>Sincerely,</p>
		<p>Christofer Peterson, UCD Chess Club President</p>
	</div>
</body>
</html>
			";
			$headers = "From: admin@ucdchessclub.com\r\n";
			$headers .= "MIME_Version: 1.0\r\n";
			$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
			$subject = "UCD Chess Club Registration";
			$to = "".$_POST[Email]."";
			if(@mail($to, $subject, $message, $headers))
			{
				$sql = "INSERT INTO member (First,Last,Email,AltEmail,Password,LastLogin,Registered,Confirmation)
									VALUES ('$First','$Last','$Email','$AltEmail','$Password','$LastLogin','$LastLogin','$Confirmation')";
				mysql_query($sql) or die(mysql_error());
				$_SESSION['register'] = NULL;
				$_SESSION[error] = NULL;
				$_SESSION[id]=$row[id];
				$_SESSION[m] = 3;		/* sets confirmation message to say registration successful */
				header('location: ../'.$page.'');
			}
			else
			{
				$_SESSION[e] = 3;		/* sets error message to say mailing system failed. */
				foreach($_POST as $key => $value) $_SESSION['register'][$key] = $value;
				header('location: ../register.php');
			}
		}
		else
		{
			$_SESSION[e] = 2;		/* sets error message to display form errors */
			$_SESSION[error] = $errors;
			foreach($_POST as $key => $value) $_SESSION['register'][$key] = $value;
			header('location: ../register.php');
		}

Sorry if tabs make it hard to read...

[misson]

Note you can use [php] tags on the X10 forums and get colorized PHP code.

There's nothing immediately obvious in the code as to why it fails. You could be running afoul of the X10 mail server's anti-relaying rules, but that's at best a guess.

PHP's mail is woefully inadequate when it comes to sending e-mail or debugging why it doesn't. You may need to try another mailer, such as the PEAR Mail package or PHPMailer, both of which support debugging output as well as various e-mail protocols.

PHP Code:

            $Password = Encrypt($_POST[Password]."Caro-Kann"); 


String indices should be quoted. It shouldn't cause mail to fail, but can cause other problems. Besides, why be so lazy?

Are you encrypting the password or hashing it? It better be the latter, in which case you should change the name of the function so it's not so misleading.

Site-wide salt is better than none, but it won't help much if someone steals the DB and runs an attack on all the passwords. Better to create a nonce for each user and store it in the DB (salt doesn't need to be secret, so it doesn't matter if it gets stolen).

PHP Code:

            $First = mysql_escape_string($_POST[First]); 


The mysql extension is outdated and on it's way to deprecation. Switch to PDO, which supports prepared statements, traversing results and other improvements.

PHP Code:

            $message = "
<html>
   [...]
</html>
            "; 


To make this more readable (that is, not have so many escaped characters), you could use a heredoc, or use single quotes instead of escaped double quotes.

PHP Code:

            $to = "".$_POST[Email].""; 


Is this an attempt to force $to to be a string? If so, it's unnecessary; PHP will juggle types as needed. Moreover, PHP supports type casting.

PHP Code:

                mysql_query($sql) or die(mysql_error()); 


Outputting database error messages to non-admin users discloses too much information. Instead, log the MySQL error message. For some errors (such as those related to missing or invalid values), output your own error message to the user and what action the user can take to address it. For the rest, inform the user that there was an internal error.

Don't use die when outputting HTML. You'll get invalid HTML. Instead, use the existing mechanism to save errors in $_SESSION and redirect to register.php.

Sorry if tabs make it hard to read...

Just the opposite. The indentation helps read block nesting.

[descalzo]

PHP Code:

<?php 

$headers = "From: admin@mysite.x10.bz\r\n";
$headers .= "MIME_Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$subject = "UCD Chess Club Registration";
$to = "mygmailaccount@gmail";
            

if(@mail($to, $subject, $message, $headers)){
  echo "done";
} else {
  echo "not done" ; }

Works on Chopin, and the account doesn't have an 'admin' email account.

Note: if you set the $to variable to the empty string, it fails. If you set it to "foobar", it fails. Do you test to see exactly what you are putting into "$to" ?

[christofer.peterson27]

There is a series of form validation checks that happen before to verify the information before it gets sent to the mail function. I put in some scaffolding and it looked like the data is not being corrupted at all along the way. I cannot figure out why the php mail function won't work. It works on another site (very similar code) that is run off of an x10hosting server. I'm not a professional coder so I know my code is sloppy and outdated but its working right now (for the most part) and that's all I care about.

I tested changing the headers and message content so it is text/plain but that did not help. I'll run a test on the other website and see if it works from there.