Email Subscription

[AceInfinity]

I've got my own custom script now, I was pointed to the right direction when I posted this on my site, you should be able to close this now, i've got my own regex addition to the script and i'm using includes for connecting to a mysql database between several php files now.

settings.inc.php

PHP Code:

<?
        $config['dbhost'] = "localhost";
        $config['dbuser'] = "username";
        $config['dbpass'] = "password";
        $config['dbname'] = "database";
?>

email_database.php

PHP Code:

<?
        include("settings.inc.php");
        $connection = mysql_connect($CONFIG['DBHOST'],
        $CONFIG['DBUSER'],
        $CONFIG['DBPASS']) or die("Could not establish a connection with mysql.");
        mysql_select_db($CONFIG['DBNAME']) or die("Unable to select database.");
?>

send.php

PHP Code:

<?php include("email_database.php");

if($password == md5($_POST['pass'])) {

    if(!isset($_POST['send'])) {
        die("Failed to submit your E-Mail!");
    }

    if(!$query = mysql_query("SELECT * FROM `mails`")) {
        die("Query failed!");
    }

    while($row = mysql_fetch_array($query)) {
        if(!mail($row['mail'], "Huatulco Newsletter", $_POST['mail'], "aceofspin@hotmail.com")) {
            die("Unable to send mail to ".$row['mail']);
        }
    }

    mysql_free_result($query);
    mysql_close($connect);

}

?>

subscribe.php

PHP Code:

<?php include("email_database.php");

/* Include regex if statement here for the rest of php script */

    if(!isset($_POST['subscribe']) || $_POST['email'] == "") {
        die("Failed to submit your E-Mail!");
    }

    $sql = 'INSERT INTO `mails` (`id` ,`mail`) VALUES (NULL , \''.$_POST['email'].'\');';

    if(!$query = mysql_query($sql)) {
        die("Could not save your E-Mail!");
    }

    mysql_close($connect);

?>

I decided I might mix up the md5 hash a bit with a key too:

PHP Code:

if($password == md5(SOME_KEY$_POST['pass'])) 


I also finally got the regex built in as an extra feature, and a security benefit for email validation on my subscribe.php:

PHP Code:

<?php include("email_database.php");
    
    if(!isset($_POST['subscribe']) || $_POST['email'] == "") {
        die("Failed to submit your E-Mail!");
    }
    
    if (!preg_match("/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}\b/i", $_POST['email'])) {
        //User has entered in an invalid email address
        die("You have entered an invalid email address. Please try again.");
    } else {
        //User has entered in a proper email address
        $sql = 'INSERT INTO `mails` (`id` ,`mail`) VALUES (NULL , \''.$_POST['email'].'\');';

        if(!$query = mysql_query($sql)) {
            die("Could not save your E-Mail!");
        }
    }
    
    mysql_close($connect);

?>