Mail Functions
As mentioned earlier, for Windows users there is a fake sendmail option. A bit more detailed description how to do this is:
If you have a test server in use running Windows and some kind of WAMP combo (XXAMP, WAMP Server, etc) then you’ll notice that the PHP sendmail command (mail()) does not work. Windows simply does not provide the sendmail statement .
There is a simple trick to get this to work though;
1) Download (or use the attached file) sendmail.zip from http://glob.com.au/sendmail/
2) Unzip this in a folder on your c: drive (preferably use a simple path, for example c:\wamp\sendmail — long filenames could cause problems)
3) Edit your PHP.INI file (note: WAMP users should access their php.ini file from the WAMP menu). Go to the [mail function] section and modify it as such:
[mail function]; For Win32 only.;SMTP =
; For Win32 only.
;sendmail_from =
; For Unix only. You may supply arguments as well (default: «sendmail -t -i»).
sendmail_path = «C:\wamp\sendmail\sendmail.exe -t»
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_paramaters =
4) Open the sendmail.ini and modify the settings to:
; you must change mail.mydomain.com to your smtp server,
; or to IIS’s «pickup» directory. (generally C:\Inetpub\mailroot\Pickup)
; emails delivered via IIS’s pickup directory cause sendmail to
; run quicker, but you won’t get error messages back to the calling
; application.
; the default domain for this server will be read from the registry
; this will be appended to email addresses when one isn’t provided
; if you want to override the value in the registry, uncomment and modify
; log smtp errors to error.log (defaults to same directory as sendmail.exe)
; uncomment to enable logging
; error_logfile=sendmail_error.log
; create debug log as debug.log (defaults to same directory as sendmail.exe)
; uncomment to enable debugging
; debug_logfile=sendmail_debug.log
; if your smtp server requires authentication, modify the following two lines
; if your smtp server uses pop3 before smtp authentication, modify the
; following three lines
; to force the sender to always be the following email address, uncomment and
; populate with a valid email address. this will only affect the «MAIL FROM»
; command, it won’t modify the «From: » header of the message content
; sendmail will use your hostname and your default_domain in the ehlo/helo
; smtp greeting. you can manually set the ehlo/helo name if required
The optional error and debug logging is recommended when trying this the first time, so you have a clue what goes wrong in case it doesn’t work.
Force_sender is also optional, but recommended to avoid confusion on the server end.
Obviously mail.yourdomain.com, you@yourdomain.com, and mysecretpassword should be the relevant info for your SMTP server.
Now restart the WAMP services (mainly Apache so PHP re-reads it’s config).
Now you’re good to go and use the PHP mail() statement as if you’re a Unix user .
Corrupted Attachments .
I spent many hours with corrupted attachments (of all types of files) — The answer: a blank line is needed after $msg.=$file \r\n \r\n [incredible but true].
Heres some useful code for sending an attachment, and display html OR text depending on the users email-reader.
i work with many different systems, so.
if ( strtoupper ( substr ( PHP_OS , 0 , 3 )== ‘WIN’ )) <
$eol = «\r\n» ;
> elseif ( strtoupper ( substr ( PHP_OS , 0 , 3 )== ‘MAC’ )) <
$eol = «\r» ;
> else <
$eol = «\n» ;
> ?>
# File for Attachment
$f_name = «../../letters/» . $letter ; // use relative path OR ELSE big headaches. $letter is my file for attaching.
$handle = fopen ( $f_name , ‘rb’ );
$f_contents = fread ( $handle , filesize ( $f_name ));
$f_contents = chunk_split ( base64_encode ( $f_contents )); //Encode The Data For Transition using base64_encode();
$f_type = filetype ( $f_name );
fclose ( $handle );
# To Email Address
$emailaddress = «user@example.com» ;
# Message Subject
$emailsubject = «Heres An Email with a PDF» . date ( «Y/m/d H:i:s» );
# Message Body
ob_start ();
require( «emailbody.php» ); // i made a simple & pretty page for showing in the email
$body = ob_get_contents (); ob_end_clean ();
# Common Headers
$headers .= ‘From: Jonny ‘ . $eol ;
$headers .= ‘Reply-To: Jonny ‘ . $eol ;
$headers .= ‘Return-Path: Jonny ‘ . $eol ; // these two to set reply address
$headers .= «Message-ID:» . $eol ;
$headers .= «X-Mailer: PHP v» . phpversion (). $eol ; // These two to help avoid spam-filters
# Boundry for marking the split & Multitype Headers
$mime_boundary = md5 ( time ());
$headers .= ‘MIME-Version: 1.0’ . $eol ;
$headers .= «Content-Type: multipart/related; boundary=\»» . $mime_boundary . «\»» . $eol ;
$msg = «» ;
# Attachment
$msg .= «—» . $mime_boundary . $eol ;
$msg .= «Content-Type: application/pdf; name=\»» . $letter . «\»» . $eol ; // sometimes i have to send MS Word, use ‘msword’ instead of ‘pdf’
$msg .= «Content-Transfer-Encoding: base64» . $eol ;
$msg .= «Content-Disposition: attachment; filename=\»» . $letter . «\»» . $eol . $eol ; // !! This line needs TWO end of lines !! IMPORTANT !!
$msg .= $f_contents . $eol . $eol ;
# Setup for text OR html
$msg .= «Content-Type: multipart/alternative» . $eol ;
# Text Version
$msg .= «—» . $mime_boundary . $eol ;
$msg .= «Content-Type: text/plain; charset=iso-8859-1» . $eol ;
$msg .= «Content-Transfer-Encoding: 8bit» . $eol ;
$msg .= «This is a multi-part message in MIME format.» . $eol ;
$msg .= «If you are reading this, please update your email-reading-software.» . $eol ;
$msg .= «+ + Text Only Email from Genius Jon + +» . $eol . $eol ;
# HTML Version
$msg .= «—» . $mime_boundary . $eol ;
$msg .= «Content-Type: text/html; charset=iso-8859-1» . $eol ;
$msg .= «Content-Transfer-Encoding: 8bit» . $eol ;
$msg .= $body . $eol . $eol ;
# Finished
$msg .= «—» . $mime_boundary . «—» . $eol . $eol ; // finish with two eol’s for better security. see Injection.
# SEND THE EMAIL
ini_set ( sendmail_from , ‘from@example.com’ ); // the INI lines are to force the From Address to be used !
mail ( $emailaddress , $emailsubject , $msg , $headers );
ini_restore ( sendmail_from );
?>
I hope this helps.
Jon Webb [Madrid&London] [EDITOR thiago NOTE: Code has a fix from o.straesser AT gmx DOT de]
I spent hours searching the web trying to figure out why I was getting a «WARNING: mail(): SMTP server response: 501 5.5.4 Invalid Address » every time I was using the mail() function on my server (Win2K3,IIS 6.0,PHP4.4.1). I knew everything was setup properly for SMTP based on other non IIS 6.0 configurations.
Turns out that the IIS 6.0 SMTP service does not like formatting of the «From» field in mail headers. For instance:
//This line DOES NOT send mail message correctly
$headers .= «From: \»» . $fromname . «\» \n» ;
?>
However this works:
//This line sends mail message correctly
$headers .= «From: \»» . $fromaddress . «\»\n» ;
?>
The fix is in Microsoft Article ID 291828 ( http://support.microsoft.com/?id=291828 ). Even though the «bug» workaround is for IIS 6.0 on Exchange 2003 communicating with a UNIX server, THIS SOLVES THE PROBLEM. Just skip down to the last section for Exchange 2003 and follow the instructions to modify the IIS 6 MetaBase with the MetaBase Explorer found in the IIS 6 Resource Kit.
In case you don’t want to, or can’t, configure sendmail for your server, a good alternative is esmtp — it’s an smtp mailer with minimum configuration that can be used as a sendmail drop-in : http://esmtp.sourceforge.net/
For those of you with the exim, if its not sending mail with the -i option and you cant easily change this, you might want to check out the imap_mail() function which works almost exactly the same and doesnt use exim, most web hosts provide this. If you using your own server then php needs to be compiled with imap libraries etc.
For anyone having problems with attached files coming through garbled, make sure you have magic_quotes_runtime set to Off in your php.ini — it adds funky escape chars to your attached data and garbles the attachment.
This was giving me all kinds of grief.
If using a chroot environment and you don’t want to have a full mailer in it, mini-sendmail (can be found at http://www.acme.com/software/mini_sendmail/) is very useful. It is just a small binary that sends mails over your local mta over port 25.
Suggestion for methods checking form inputs for e-mail injection attempts.
Any inputs expected from single-line text fields can just be refused if they contain a newline character. The second function tries to minimize matches on non-evil inputs by matching suspect strings only if preceded by a newline character. (Anyway, if this is considered to be safe, it will of course do it for single-line inputs, too.)
/**
* Check single-line inputs:
* Returns false if text contains newline character
*/
function has_no_newlines ( $text )
<
return preg_match ( «/(%0A|%0D|\\n+|\\r+)/i» , $text ) == 0 ;
>
/**
* Check multi-line inputs:
* Returns false if text contains newline followed by
* email-header specific string
*/
function has_no_emailheaders ( $text )
<
return preg_match ( «/(%0A|%0D|\\n+|\\r+)(content-type:|to:|cc:|bcc:)/i» , $text ) == 0 ;
>
The formatting of this string must comply with » RFC 2822. Some examples are:
Subject of the email to be sent.
Each line should be separated with a CRLF (\r\n). Lines should not be larger than 70 characters.
(Windows only) When PHP is talking to a SMTP server directly, if a full stop is found on the start of a line, it is removed. To counter-act this, replace these occurrences with a double dot.
$text = str_replace("\n.", "\n..", $text); ?> String or array to be inserted at the end of the email header.
This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n). If outside data are used to compose this header, the data should be sanitized so that no unwanted headers could be injected.
If an array is passed, its keys are the header names and its values are the respective header values.
Note:
Before PHP 5.4.42 and 5.5.27, repectively, additional_headers did not have mail header injection protection. Therefore, users must make sure specified headers are safe and contains headers only. i.e. Never start mail body by putting multiple newlines.
Note:
When sending mail, the mail must contain a From header. This can be set with the additional_headers parameter, or a default can be set in php.ini .
Failing to do this will result in an error message similar to Warning: mail(): «sendmail_from» not set in php.ini or custom «From:» header missing . The From header sets also Return-Path when sending directly via SMTP (Windows only).
Note:
If messages are not received, try using a LF (\n) only. Some Unix mail transfer agents (most notably » qmail) replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with » RFC 2822.
The additional_params parameter can be used to pass additional flags as command line options to the program configured to be used when sending mail, as defined by the sendmail_path configuration setting. For example, this can be used to set the envelope sender address when using sendmail with the -f sendmail option.
This parameter is escaped by escapeshellcmd() internally to prevent command execution. escapeshellcmd() prevents command execution, but allows to add additional parameters. For security reasons, it is recommended for the user to sanitize this parameter to avoid adding unwanted parameters to the shell command.
Since escapeshellcmd() is applied automatically, some characters that are allowed as email addresses by internet RFCs cannot be used. mail() can not allow such characters, so in programs where the use of such characters is required, alternative means of sending emails (such as using a framework or a library) is recommended.
The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a ‘X-Warning’ header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users .
Return Values
Returns true if the mail was successfully accepted for delivery, false otherwise.
It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.