Create your own email list!

[BlaineSch]

Creating an email list by BlaineSch

I am sure a very common script would be an email list where users can provide an email address and get updates on the website. So I will show you how to make an email list.

First lets create a database for this to work with:

Code:

mysql_query("CREATE TABLE `emails` (
    `id` INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
    `email` VARCHAR(45) NOT NULL ,
    `validated` INT(1) DEFAULT 0 ,
    `date` DATETIME NOT NULL)") or die(mysql_error()); 


This isnt a database tutorial so you guys will have to ask me in the replies how this one works if you cant figure it out.

Secondly we need them to have an input form so they can add their email address to the list.

Code:

<?PHP
//join.php
?><br />
<form method="post">
<input type="text" name="email" value="">
<br /><input type="submit" value="Join Mailing List!">
</form>

Again should be simple enough? Now we need to make sure that this is atleast somewhat valid. So lets add some PHP code to the top:

Code:

<?PHP
//join.php
function checkemail($email) {
    //start at the beginning "^"
    //first letter cant be weird alpha numeric only "[a-zA-Z0-9]"
    //the next part is most of the username can be alpha numeric
        //periods, underscores, and sometimes subtract signs
        //"[a-zA-Z0-9\.\_\-]+" the plus sign means it can match more than one character
    //needs only 1 at sign after the username "@"
    //match the first part of the domain name "[a-zA-Z0-9\_\-]+"
    //needs one period here
    //then excess stuff for odd syntax domain names like .co.uk
    $regex = "^[a-zA-Z0-9][a-zA-Z0-9\.\_\-]+@[a-zA-Z0-9\_\-]+\.[a-zA-Z\_\-\.]+";
    $emails = ereg_replace($regex, "", $email);
    if(strlen($emails) == 0) {
        //since its using ereg_replace there should be nothing left if
        //this worked correctly
        return true;
    }
    //why bother wasting more code doing an else? obviously the return true wont get this far :P
    return false;
}
if($_POST && checkemail($_POST['email'])) {
    //insert code here
    echo "yes it works";
}
?><br />
<form method="post">
<input type="text" name="email" value="">
<br /><input type="submit" value="Join Mailing List!">
</form>

I put a lot of comments in there so you guys can read through that - but basically I created a function that just replaces out a regular expression and if it replaced out all the characters then its a correct email format.

Now to really make sure its valid. Email them with a confirmation code in it. There are a few different approaches to doing this. You can either add another field to the database or do some weird encryption with a salt or something. Since I dont want to add another field I will go with the second approach.

Possible things to use for the the code:

• email address
• id number
• join time
• salts
• md5
• sha1

For this tutorial I will simply use the email address, salt, and both md5 & sha1.

Code:

$hash = md5(sha1("sdlfjlwe+-CODE-+23423LK@J342".$_POST['email']."r#@#nlas(_CALL_)09@LJksd")); 


I usually create a simple .dat file with the email contents so that they are easily editable in an admin panel so I will do that.

Dear [User],

Click the link below if you wish to keep receiving emails from us.

http://www.site.com/validate.php?hash=[Hash]&email=[Email]

Thank you,
Site Staff
[User] <[Email]>
Activate your account!

Note that [User] and [Hash] will be dynamic content. We will not create a function that sends them the email with the hash link. Also note the last 2 lines are not part of the email. The last line is the Subject of the email, and second to last is the "from" part of the email. We also need to check if the email already exists.

Code:

<?PHP
//join.php
function checkemail($email) {
    //start at the beginning "^"
    //first letter cant be weird alpha numeric only "[a-zA-Z0-9]"
    //the next part is most of the username can be alpha numeric
        //periods, underscores, and sometimes subtract signs
        //"[a-zA-Z0-9\.\_\-]+" the plus sign means it can match more than one character
    //needs only 1 at sign after the username "@"
    //match the first part of the domain name "[a-zA-Z0-9\_\-]+"
    //needs one period here
    //then excess stuff for odd syntax domain names like .co.uk
    $regex = "^[a-zA-Z0-9][a-zA-Z0-9\.\_\-]+@[a-zA-Z0-9\_\-]+\.[a-zA-Z\_\-\.]+";
    $emails = ereg_replace($regex, "", $email);
    if(strlen($emails) == 0) {
        //since its using ereg_replace there should be nothing left if
        //this worked correctly
        return true;
    }
    //why bother wasting more code doing an else? obviously the return true wont get this far :P
    return false;
}
function emailuser($email, $hash) {
    //get the contents of the dat file
    $data = file_get_contents('email_template.dat');
    
    //username will be the first part of the email before the @ sign
    $user = explode('@', $email);
    
    //use simple string replaces to get those out
    $data = str_replace('[User]', $user[0], $data);
    $data = str_replace('[Hash]', $hash, $data);
    $data = str_replace('[Email]', $email, $data);
    
    //break the data file up by lines
    //because the last 2 are not part of the email
    $lines = explode("\n", $data);
    
    //define the subject
    $subject = $lines[count($lines)-1]; //last line
    
    //define from
    $from = $lines[count($lines)-2]; //seconds to last is from
    
    //take out the last 2 lines from the email
    unset($lines[count($lines)-1]);
    unset($lines[count($lines)-1]);
    
    //returns all but last and second to last lines
    $body = implode("\n", $lines);
    
    //now.. mail it!
    if(mail($email, $subject, $body, 'From: '.$from)) {
        return true;
    }
    return false;
}
if($_POST && checkemail($_POST['email'])) {
    //insert code here
    $hash = md5(sha1("sdlfjlwe+-CODE-+23423LK@J342".$_POST['email']."r#@#nlas(_CALL_)09@LJksd"));
    $date = date('Y-m-d H:i:s');
    $query = mysql_query("SELECT * FROM `emails` WHERE `email`='$_POST[email]' LIMIT 1");
    if(mysql_num_rows($query) == 0) {
        if(emailuser($_POST['email'], $hash)) {
            echo "Validation email sent!";
            mysql_query("INSERT INTO `emails` SET `email`='$_POST[email]', `date`='$date'");
        } else {
            echo "Unknown error occured, please try again.";
        }
    } else {
        echo "You are already in the database!";
    }
}
?><br />
<form method="post">
<input type="text" name="email" value="">
<br /><input type="submit" value="Join Mailing List!">
</form>

Dont worry about putting GET data into the query, because the same method passed the "checkemail()" function its fine.

Now lets create "validate.php" so we can validate it all. Basically we will get an address like "validate.php?hash=&email=" and from what I can tell md5 only contains letters and numbers, I dont think it includes capital letters but ill go ahead and count them in my page. I am going to use my old checkemail() function to check if its even a valid email before I query the database. I might recomment creating a functions.php file if you have a bunch of shared functions.

Code:

<?PHP
//validate.php
function checkemail($email) {
    //start at the beginning "^"
    //first letter cant be weird alpha numeric only "[a-zA-Z0-9]"
    //the next part is most of the username can be alpha numeric
        //periods, underscores, and sometimes subtract signs
        //"[a-zA-Z0-9\.\_\-]+" the plus sign means it can match more than one character
    //needs only 1 at sign after the username "@"
    //match the first part of the domain name "[a-zA-Z0-9\_\-]+"
    //needs one period here
    //then excess stuff for odd syntax domain names like .co.uk
    $regex = "^[a-zA-Z0-9][a-zA-Z0-9\.\_\-]+@[a-zA-Z0-9\_\-]+\.[a-zA-Z\_\-\.]+";
    $emails = ereg_replace($regex, "", $email);
    if(strlen($emails) == 0) {
        //since its using ereg_replace there should be nothing left if
        //this worked correctly
        return true;
    }
    //why bother wasting more code doing an else? obviously the return true wont get this far :P
    return false;
}
$hash = ereg_replace('[^a-zA-Z0-9]', '', $_GET['hash']);
if(checkemail($_GET['email'])) {
    $hash2 = md5(sha1("sdlfjlwe+-CODE-+23423LK@J342".$_GET['email']."r#@#nlas(_CALL_)09@LJksd"));
    if($hash2 == $hash) {
        mysql_query("UPDATE `emails` SET `validated`=1 WHERE `email`='$_GET[email]'") or die(mysql_error());
        echo "You are now validated";
    } else {
        echo "Incorrect hash key";
    }
}
?>

Now lets edit the email file!

Code:

<?PHP
//file you want to appear
$file_name = 'email_template.dat';

//sees if you entered in the righ password - edit the password here with your md5
if(md5($_POST['password'])=='1f3870be274f6c49b3e31a0c6728957f') {
    //fopen to edit it starting from the beginning of the file
    $handle = fopen($file_name, 'w');
    fwrite($handle, $_POST['data']); 
    echo "Update Successful.<br /><br />";
}
//gets the contents and displays
$file = file_get_contents($file_name);
echo '<br />'.
    '<form method="post"><input type="text" name="password"><br />'.
    '<textarea style="width:1000px;height:650px;" name="data">'.
        $file.
    '</textarea><br />'.
    '<input type="submit" value="Update">'.
    '</form><br /><br />';
?>

This will need more security but this is not a security tutorial so im just showing you some basics. Basically you enter in your password and then edit the file - if the password is wrong nothing happens. Edit the password above. Now what about emailing everybody?

Code:

<?PHP
include('functions.php');
//check if password matches - be sure to change this since you dont know this md5
if(md5($_POST['password'])=='1f3870be274f6c49b3e31a0c6728957f') {
    //only send to validated emails!
    $query = mysql_query("SELECT * FROM `emails` WHERE `validated`=1");
    while($row=mysql_fetch_assoc($query)) {
        //this is the mail function to mail the jizz juice
        mail($row[email], $_POST['subject'], $_POST['body'], 'From: '.$_POST['from']);
    }
    //pretty little sent message
    echo "Sent!";
}
?><br />
<form method="post">
    <table cellpadding="0" cellspacing="0" border="0">
    <tr>
        <td>Subject: </td>
        <td><input type="text" name="subject"></td>
    </tr>
    <tr>
        <td>From: </td>
        <td><input type="text" name="from"></td>
    </tr>
    <tr>
        <td>Password: </td>
        <td><input type="text" name="password"></td>
    </tr>
    <tr>
        <td colspan="2"><textarea name="body" style="width:400px;height:300px;"></textarea></td>
    </tr>
    </table>
    <input type="submit" value="Mass Mail!">
</form>

[Xav]

Nice tutorial.

Looking briefly at it, consider this line:

Code:

<form method="post">

There should be an action attribute that links it to the other file. Otherwise, the form isn't going to send the data anywhere.

[BlaineSch]

I know in Firefox it does reload the same page. I think I tried it in IE7 or 6.. I cant remember and it worked there as well - just reloading the same page so I didn't think it was 'required' just a field available if you had more than one page - but im not very familiar with HTML standards besides the annoying slash at the end of some tags eg: <br />

But again I am sure if somebody didn't know HTML to begin with this tutorial wouldn't come in handy unless they were just going to copy/paste.

[Jordan]

Very nice. +rep