Posted By

olemedia on 05/28/11


Tagged

mail function


Versions (?)

using the PHP mail function


 / Published in: PHP
 

URL: http://collaborate.extension.org/wiki/Best_Practices_Using_the_PHP_mail_Function

  1. $mailFrom = "ValidMailbox@validdomain";
  2. $mailTo = "ValidToAddress";
  3. $mailSubject = "Useful Subject: Here's my subject";
  4.  
  5. $mailSignature = "\n\n-- \n";
  6. $mailSignature .= "Your friendly Neighborhood web application.\n";
  7. $mailSignature .= "For help and other information, see http://yourwebapp/help\n";
  8.  
  9. $mailBody = "blahblahblah\n";
  10. $mailBody .= $mailSignature;
  11. $mailBody = wordwrap($mailBody, 70);
  12.  
  13. $mailHeader = "From: $mailFrom
  14. ";
  15. $mailHeader .= "Reply-To: $mailFrom
  16. ";
  17. $mailHeader .= "X-Mailer: ".MYSITE."
  18. ";
  19. $mailHeader .= "X-Sender-IP: {$_SERVER['REMOTE_ADDR']}
  20. ";
  21. $mailHeader .= "Bcc: ".MONITORADDRESS."
  22. ";
  23.  
  24. // Test with this additional headers:
  25. $mailHeader .= 'MIME-Version: 1.0' . "
  26. "
  27. $mailHeader .= 'Content-Type: text/html; charset="iso-8859-1"'."
  28. ";
  29. $mailHeader .= "Content-Transfer-Encoding: 8bit\n";
  30.  
  31. $mailParams = "-f$mailFrom";
  32. $mailResult = mail($mailTo,$mailSubject,$mailBody,$mailHeader,$mailParams);
  33.  
  34. //A Bonus Snippet
  35.  
  36. $mysite = whatsMySite();
  37. define("MYSITE",$mysite);
  38.  
  39. function whatsMySite() {
  40.  
  41. // protocol
  42. if(isset($_SERVER['HTTPS']) and ("on" == $_SERVER['HTTPS'])) {
  43. $mysite = "https://";
  44. }
  45. else {
  46. $mysite = "http://";
  47. }
  48.  
  49. // host
  50. $mysite .= $_SERVER['HTTP_HOST'];
  51.  
  52. // path
  53. $path = dirname($_SERVER['SCRIPT_NAME']);
  54. if("/" != $path) {
  55. $mysite .= $path;
  56. }
  57.  
  58. return($mysite);
  59. }
  60.  
  61. // Filter Methods
  62. // Filter After Submit
  63.  
  64. // clean the data prior to actually processing it. A function like the one below can be use for this purpose.
  65.  
  66. // will replace the newlines and carriage returns
  67. // Watch out for deprecated method preg_replace
  68. function heal($str) {
  69. $injections = array('/(\n+)/i',
  70. '/(\r+)/i',
  71. '/(\t+)/i',
  72. '/(%0A+)/i',
  73. '/(%0D+)/i',
  74. '/(%08+)/i',
  75. '/(%09+)/i',
  76. '/(BCC:+)/i',
  77. '/(CC:+)/i',
  78. '/(TO:+)/i'
  79. );
  80. $str= preg_replace($injections,'',$str);
  81. return $str;
  82. }
  83.  
  84. function safe( $name ) {
  85. return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
  86. }
  87.  
  88. // Validation function which returns true if it finds newlines or carriage returns in the passed string
  89. function isInjected($str) {
  90. $injections = array('(\n+)',
  91. '(\r+)',
  92. '(\t+)',
  93. '(%0A+)',
  94. '(%0D+)',
  95. '(%08+)',
  96. '(%09+)'
  97. );
  98. $inject = join('|', $injections);
  99. $inject = "/$inject/i";
  100. if(preg_match($inject,$str)) {
  101. return true;
  102. }
  103. else {
  104. return false;
  105. }
  106. }
  107.  
  108.  
  109. Another method for filtering after the submit might look like the following. Be sure to change $_POST to $_GET if you are using that method.
  110.  
  111. foreach( $_POST as $value ){
  112. if( stripos($value,'Content-Type:') !== FALSE ){
  113. mail('[email protected]','Spammer Bot Attempt',$_SERVER['REMOTE_ADDR']);
  114. exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded");
  115. }
  116. }

Report this snippet  

You need to login to post a comment.