Anonymous Email System

Get paid 100$ to write an article. Read about our program and see how you can make 100$ by writing an article.

get the feedDo you like our posts? Wanna stay informed and be the first to know when we publish new content?
subscribe to our newsletterWeekly newsletters with the best websites organized by categories and other news.

In this day and age, email addresses are under attack by hackers, spammers, and spambots. If you have a Web site in which you want registered users to be able to communicate with each other, an anonymous email system is the perfect solution. The sender does not see the receiver’s email address, the receiver does not see the sender’s email address, and you do not need a database store the messages. Abstract: Users access a page, email.php, with variable `id` set to a string. The page reads the value of `id.` The script searches the site’s user database to see if there is a record of the string in a column called `EmailKey.` If it exists in only one instance, a form is displayed with objects to accept a subject and message body. When the form is submitted, the message is sent to the email address associated with the `EmailKey` that matches `id.` In a nutshell, this is how users can send emails without ever revealing their email addresses to the public. Prerequisites. This script requires a user database with the following (or similar) columns: ID, Username, Password, Email, EmailKey Both ID and EmailKey need to be unique values. This script assumes you also have some basic functions written: loggedIn() This function returns true the view of our page is logged in either by a session or cookie. Users must be logged in to use the anonymous email system. getID() This function returns the value in the ID field of a logged in user. We will use it as a way to access the logged-in user’s information in the database. Outline I. Creating a database II. Generating a random, unique string III. Checking whether `id` contains a valid value IV. Email script V. Parts put together VI. Conclusion

I. Creating a database This script requires a database for holding user information. This is the database I will use to store user information:

CREATE TABLE `users` (
  `ID` int(11) NOT NULL auto_increment,
  `Username` varchar(255) NOT NULL,
  `Password` varchar(255) NOT NULL,
  `Email` varchar(255) NOT NULL,
  `EmailKey` varchar(64) NOT NULL,
  PRIMARY KEY  (`ID`)
);

II. Generating a random, unique string When assigning users a random string, it is imperative that it is unique. It simply will not work otherwise. Here is a function that I use to generate a random string, making sure it is not a duplicate value:

function generateRandomKey($length)
{
	$chars = "abcdefghijklmnopqrstuvwxyz0123456789";
	$string = "";
	do{
		for($i=0; $i<$length;$i++)
		{
			$pos = rand(0,35);
			$string .= $chars[$pos];
		}
		$query = mysql_query("SELECT `EmailKey` FROM `users` WHERE `EmailKey` = '$string'");
		$num_rows= mysql_num_rows($query) or die(mysql_error());
	}while($num_rows !=0);
	return $string;
}

III. Checking `ID` Now we are ready for an HTML form. What the form contains depends on whether or not the id is associated with a user. Logically, our first step is to check if $id is set. If it is not set, we echo an error message. Next, we take $id and search for a matching `EmailKey.` If none are found, we echo another error message. Finally, if the query returns one result a text field and textarea are displayed. These are for the subject and body of the email, respectively.

<?
if(isset($_GET['id']))
{
	$id=$_GET['id'];
	$query="SELECT * FROM `users` WHERE `emailKey` = '$id'";
	$result = mysql_query($query) or die(mysql_error());
	$num = mysql_fetch_array($result);
	if($num[0] !=0)
	{
?>
Send email to <b><? echo $num['Username']; ?></b><br>
Subject:<br><input type="text" maxlength=255 name="subject" size=50><br>Message:<br>
<textarea rows="20" cols="65" name="message"></textarea><br>
<input type="submit" value="Send Message" name="send">

</form>

<?
	}else
		echo "<font color=red>Invalid email ID.</font>";
}else
	echo "<font color=red>Email ID not set.</font>";
?>

IV. Email Script Now we have a page that displays form objects for a valid `id.` We are ready for a script to take the data from our form and send it to the associated email address. We could simply send the subject and message, but I think it is a good idea to add a custom header and footer to the message. It makes the anonymous email system look more official and allows you to add important information, like your website’s homepage and a link to the email page where the sent message can be replied to.

?
if(isset($_POST['send']))
{
	//find email address associated with the ID
	$query=mysql_query("SELECT `Email`,`Username` FROM `users` WHERE `emailKey` = '$id'");
	$result=mysql_fetch_assoc($query) or die(mysql_error());
	$email = $result['Email'];

	//find info associated with the sender of the message
	$userID = getID();
	$query2=mysql_query("SELECT `Username`,`emailKey` FROM `users` WHERE `userID` = '$userID'");
	$sender=mysql_fetch_assoc($query2) or die(mysql_error());

	//create message header & footer
	$header=$result['Username'] . ",<br>MyDomainName user <b>". $sender['Username'] . "</b> has sent you a message.<p>---Start of Message---<p>";
	$footer="<p>---End of Message---<p>Do NOT hit reply to respond to this message.  To respond, to " . $sender['Username'] . ", click the following link:<br><a href=\"http://www.mydomainname.com/email.php?id=". $sender['emailKey'] ."\">http://www.mydomainname.com/email.php?id=". $sender['emailKey'] ."</a><br>(If clicking the link doesn't work, copy it into your browser)<p>MyDomainName Main Page:<br><a href=\"http://www.mydomainname.com\">http://www.mydomainname.com</a>";
	$subject = $_POST['subject'];

	$message = $header . $body . $footer;
	if(mail($email,$subject,$message,"From:mail@mydomainname.com\nReply-to: mail@mydomainname.com\nContent-Type: text/html; charset=UTF-8\n"))
	{
		echo "<font color=\"#006600\">Email successfully sent!</font><p>";
		$sent=TRUE;
	}

}
?>

V. All put together We also want to make sure that only logged-in users can use the form. It would also be wise not to clear the form unless the email was sent. That way, if a user tries to send a message and it fails, they will not have to re-type it. A few lines of code will do the trick for both additions. Here is the final version of our anonymous email system:

<?
if(loggedIn())
{

$id=mysql_real_escape_string($_GET['id']);
?>
<form action="email.php?id=<? echo $id; ?>" method="POST">
<?
if(isset($_POST['send']))
{
	//find email address associated with the ID
	$query=mysql_query("SELECT `Email`,`Username` FROM `users` WHERE `emailKey` = '$id'");
	$result=mysql_fetch_assoc($query) or die(mysql_error());
	$email = $result['Email'];

	//find info associated with the sender of the message
	$userID = getID();
	$query2=mysql_query("SELECT `Username`,`emailKey` FROM `users` WHERE `userID` = '$userID'");
	$sender=mysql_fetch_assoc($query2) or die(mysql_error());

//create message header & footer
$header=$result['Username'] . ",<br>MyDomainName user <b>". $sender['Username'] . "</b> has sent you a message.<p>---Start of Message---<p>";
$footer="<p>---End of Message---<p>Do NOT hit reply to respond to this message.  To respond, to " . $sender['Username'] . ", click the following link:<br><a href=\"http://www.mydomainname.com/email.php?id=". $sender['emailKey'] ."\">http://www.mydomainname.com/email.php?id=". $sender['emailKey'] ."</a><br>(If clicking the link doesn't work, copy it into your browser)<p>MyDomainName Main Page:<br><a href=\"http://www.mydomainname.com\">http://www.mydomainname.com</a>";
$subject = $_POST['subject'];

//$body=preg_replace('/(\r?\n)+/','<br>',$_POST['message']);
$body=$_POST['message'];
$message = $header . $body . $footer;
if(mail($email,$subject,$message,"From:mail@mydomainname.com\nReply-to: mail@mydomainname.com\nContent-Type: text/html; charset=UTF-8\n"))
{
	echo "<font color=\"#006600\">Email successfully sent!</font><p>";
	$sent=TRUE;
}

}
?>

<?
if(isset($_GET['id']))
{
	$id=$_GET['id'];
	$query="SELECT * FROM `users` WHERE `emailKey` = '$id'";
	$result = mysql_query($query) or die(mysql_error());
	$num = mysql_fetch_array($result);
	if($num[0] !=0)
	{
?>
<?
if(!$sent)
{
	$subj_return=$subject;
	$body_return=$body;
}
?>
Send email to <b><? echo $num['Username']; ?></b><br>
Subject:<br><input type="text" maxlength=255 name="subject" size=50 value="<? echo $subj_return; ?>"><br>Message:<br>
<textarea rows="20" cols="65" name="message"><? echo $body_return; ?></textarea><br>
<input type="submit" value="Send Message" name="send">
</form>

<?
	}else
		echo "<font color=red>Invalid email ID.</font>";
}else
	echo "<font color=red>Email ID not set.</font>";
}else
	echo "<font color=red>Users must be logged in to send anonymous emails.</font>";
?>

Conclusion Now you are ready to let your users send each other messages without them worrying about the privacy of their email addresses!