Mail Funzioni
Linux users have an easy way to send attachments using the mutt program. See: http://www.shelldorado.com/articles/mailattachments.html
For example:
$cmd = "echo '$BODY_TEXT' | mutt -s '$SUBJECT' -a '$filename_1' -a '$filename_2' '$email'";
exec ($cmd);
(PHP 4, PHP 5)
mail — Invio mail
Descrizione
bool mail
( string $a
, string $oggetto
, string $messaggio
[, string $header_addizionali
[, string $parametri_addizionali
]] )
mail() invia automaticamente il messaggio specificato in messaggio al destinatario specificato in a . Destinatari multipli possono essere specificati mettendo una virgola tra ogni indirizzo in a . Email con allegati e tipi speciali di contenuto possono essere spedite usando questa funzione. Questo è possibile tramite la codifica MIME. Per maggiori informazioni, fare riferimento a » un articolo Zend o alle » Classi Mime del PEAR.
Le seguenti RFC possono essere di aiuto: » RFC 1896, » RFC 2045, » RFC 2046, » RFC 2047, » RFC 2048 e » RFC 2049.
mail() restituisce TRUE se la mail è stata accettata per la spedizione con successo, altrimenti restituisce FALSE.
Avviso
L'implementazione Windows della funzione mail() differisce sotto molti aspetti dall'implementazione Unix. Primo, non usa una un programma in locale per comporre i messaggi, ma opera soltanto direttamente sui socket, il che significa che deve essere presente in ascolto un MTA su un socket di rete (che può essere su localhost o su una macchina remota). Secondo, gli header custom quali From:, Cc:, Bcc: e Date: non vengono interpretati subito dal MTA, ma ne viene fatto prima il parsing da parte di PHP. PHP < 4.3 supportava solo gli header Cc: (ed era case-sensitive). PHP >= 4.3 supporta tutti gli header e non è più case-sensitive.
Example #1 Inviare mail.
<?php
mail("pippo@example.com", "Oggetto", "Linea 1\nLinea 2\nLinea 3");
?>
Se viene passata come parametro una quarta stringa, questa stringa viene inserita alla fine dell'intestazione (header). Ciò viene tipicamente usato per aggiungere intestazioni supplementari. Intestazioni multiple supplementari sono separate da un carattere di "a capo" (sia newline che carriage return).
Nota: È necessario usare \r\n per separare le intestazioni, alcuni mail transfer agent sotto Unix potrebbero funzionare anche solo con un singolo newline (\n).
Example #2 Invio di mail con intestazioni supplementari.
<?php
mail("nessuno@example.com", "oggetto", $messaggio,
"From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" .
"Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" .
"X-Mailer: PHP/" . phpversion());
?>
Con il parametro parametri_addizionali è possibile impostare un parametro addizionale a linea di comando per il programma configurato per inviare mail usando sendmail_path. Per esempio si può impostare il corretto valore per envelope sender di sendmail con l'opzione -f di sendmail. Potrebbe essere necessario aggiungere l'utente che ha in esecuzione il server web alla configurazione di sendmail per prevenire l'aggiunta dell'intestazione 'X-Warning' quando si imposta envelope sender in questo modo.
Example #3 Invio di mail con intestazioni supplementari e impostazione dei parametri addizionali a linea di comando.
<?php
mail("nessuno@example.com", "oggetto", $messaggio,
"From: webmaster@{$_SERVER['SERVER_NAME']}", "-fwebmaster@{$_SERVER['SERVER_NAME']}");
?>
Nota: Questo quinto parametro è stato aggiunto in PHP 4.0.5. A partire da PHP 4.2.3, questo parametro è disabilitato in modalità safe_mode, se si cerca di usarlo comunque, la funzione mail() darà un messaggio di errore e restituirà FALSE.
È possibile costruire messaggi complessi utilizzando la tecnica di concatenazione delle stringhe.
Example #4 Invio di mail complessa.
<?php
/* destinatari */
$destinatari = "Maria <maria@example.com>" . ", " ; // notare la virgola
$destinatari .= "Enrica <enrica@example.com>";
/* oggetto */
$oggetto = "Promemoria compleanni di Agosto";
/* messaggio */
$messaggio = '
<html>
<head>
<title>Promemoria compleanni di Agosto</title>
</head>
<body>
<p>Questi sono i compleanni di Agosto!</p>
<table>
<tr>
<th>Persona</th><th>Giorno</th><th>Mese</th><th>Anno</th>
</tr>
<tr>
<td>Walter</td><td>11</td><td>Agosto</td><td>1946</td>
</tr>
<tr>
<td>Sara</td><td>14</td><td>Agosto</td><td>1985</td>
</tr>
</table>
</body>
</html>
';
/* Per inviare email in formato HTML, si deve impostare l'intestazione Content-type. */
$intestazioni = "MIME-Version: 1.0\r\n";
$intestazioni .= "Content-type: text/html; charset=iso-8859-1\r\n";
/* intestazioni addizionali */
$intestazioni .= "To: Mary <mary@example.com>, Kelly <kelly@example.com>\r\n";
$intestazioni .= "From: Promemoria Compleanni <compleanni@example.com>\r\n";
$intestazioni .= "Cc: archiviocompleanni@example.com\r\n";
$intestazioni .= "Bcc: controllocompleanni@example.com\r\n";
/* ed infine l'invio */
mail($destinatari, $oggetto, $messaggio, $intestazioni);
?>
Nota: Assicurarsi di non avere nessun carattere di newline nei parametri a o oggetto , o la mail non verrà spedita correttamente.
Nota: Il parametro a non può essere un indirizzo nella forma "Qualcosa <qualcuno@example.com>". Il comando di mail non sarebbe in grado di effettuare correttamente il parsing mentre dialoga con il MTA (in particolare sotto Windows).
Vedere anche imap_mail().
add a note
User Contributed Notes
php at richardneill dot org
07-Jul-2009 04:29
07-Jul-2009 04:29
Anonymous
03-Jul-2009 04:22
03-Jul-2009 04:22
I was (finally) able to get multipart HTML mail working.
The 'boundary' must be defined with double quotes, not apostrophes.
$headers .= "Content-Type: multipart/alternative;boundary=\"$boundary\";\n\n";
d dot r at usask dot ca
05-Jun-2009 04:44
05-Jun-2009 04:44
The example indicates \r\n at the end of each line in the headers but this was causing me problems as emails showed some of the headers as part of the body. I simply used only \n as in some of the other examples and the problem went away.
marcel dot portela at gmail dot com
22-May-2009 05:32
22-May-2009 05:32
To define a mail priority you have to put this lines in the headers:
<?php
$headers = "MIME-Version: 1.0\n" ;
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"\n";
$headers .= "X-Priority: 1 (Higuest)\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "Importance: High\n";
$status = mail($to, $subject, $message,$headers);
?>
Here i've added many headers information including the Priority...
aldertb at XS4ALL dot nl
23-Mar-2009 09:30
23-Mar-2009 09:30
I experienced problems with removed euro signs and some other accented letters. The text came from a DB but contained the euro sign etcetera inside the mail function, just as when you would define it as a string. (Did die($newsletter['message']). It was lost in the mail I received though! When I defined the message as a string inside the sending function (overriding text from DB), including euro sign as a single character, I DID receive the email including euro sign!
This was experienced on 2 different email accounts. With one I received no text after the euro sign.
But only when text came from mySQL DB from a longtext Latin1-field...
I installed the pear mail class and this solved the strange problem and could just send text from the DB...
andrei_a at btconnect dot com
18-Mar-2009 02:57
18-Mar-2009 02:57
On some shared hosts like 1and1.co.uk, when using mail() function with '-f' flag, email may be quietly 'dropped' and not sent at all without any error message returned if '-f' option is used without email address valid on this host.
For example, if used as '-ftest@test.com' the email will be dropped on 1and1 provider. But if you have a 'real' mailbox on the server, for example 'black-hole@mydomain.com', and you use '-fblack-hole@mydomain.com' then the email will be sent. At the same time envelope's 'Return-Path' will be set properly to 'black-hole@mydomain.com' instead of 'test@shared.host.name'.
alex_ramos at sourceforge dot net
27-Feb-2009 03:37
27-Feb-2009 03:37
Beware if you're trying to use "-f" or "-r" with the 5th parameter of the PHP mail() function, and you're relying on a plain vanilla install of sendmail on Linux, it won't work. You'll have to either change the sendmail config and add your script's userid to "trusted-users" (easier said than done... good luck with that!), or, remove sendmail and install postfix (much easier).
thelegs at gmail dot com
25-Feb-2009 03:06
25-Feb-2009 03:06
As some SMTP servers (for example Argosoft Mail Server for Windows) may lead into troubles when sending a mail to "Full Name <user@domain.tld>" instead of simply "user@domain.tld", the following may be a solution:
<?php
$Result = trim(preg_replace("/([\w\s]+)<([\S@._-]*)>/", " $2", $Input));
?>
I'm not a PCRE guru, but this seems to work pretty good with any number of e-mail addresses, even when the $Input contains "mixed" address definitions (ie. some with Full Name and some without).
Examples:
Input: "User 1 <user1@foo.tld>, User 2 <user2@foo.tld>, user3@foo.tld"
Result: "user1@foo.tld, user2@foo.tld, user3@foo.tld";
Input: "user1@foo.tld, user2@foo.tld"
Result: "user1@foo.tld, user2@foo.tld"
The use of trim is optional, just to keep a nice space after the comma separator. If you don't mind about showing nice recipient lists to the MTA, I think this would work as well:
<?php
$Result = preg_replace("/([\w\s]+)<([\S@._-]*)>/", "$2", $Input);
?>
Anyway I hope that someone could improve these expressions. :)
Erich at gasboysnospam dot net
19-Feb-2009 03:43
19-Feb-2009 03:43
if your mail is failing (returns false) be aware that many servers are configured to kill mail going out with a bcc or cc header.
The ideal workaround is to use the smtp functions which servers allow because of its better audit trail. Alternatively call the mail function several times.
I've just spent about four hours trying to work out what I was doing wrong!!
deepakkallungal at gmail dot com
23-Jan-2009 07:34
23-Jan-2009 07:34
For solving japanese subject in php mail.
we had a problem was when we give shift-jis encoded test for subject in mail, the mail received displayed as "BQ Tech\ Ý t H [" in subject where the content in the mail was showing correctly.
we solved it by using this code.
$subject =iconv( "Shift_JIS","EUC-JP", "BQ Tech申込みフォーム");
we can convert like this for japanese encoding not working correctly for japanese text.
orjtor
19-Jan-2009 08:17
19-Jan-2009 08:17
This is my solution of problems with Windows Mail on Vista. I got some of the headers in the mail body as plain text. When I removed '\r' and left just '\n' at the end of the two last lines of header it worked. This error didn't show up in my yahoo mail.
<?php
$body = "<html>\n";
$body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$body = $message;
$body .= "</body>\n";
$body .= "</html>\n";
$headers = "From: My site<noreply@my_site.com>\r\n";
$headers .= "Reply-To: info@my_site.com\r\n";
$headers .= "Return-Path: info@my_site.com\r\n";
$headers .= "X-Mailer: Drupal\n";
$headers .= 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
return mail($recipient, $subject, $message, $headers);
?>
tyagi dot akhil at gmail dot com
04-Jan-2009 02:29
04-Jan-2009 02:29
To send XML content in mail use this
Content-Type: text/xml
instead of Content-Type: text/html
Tim Johannessen
15-Dec-2008 02:59
15-Dec-2008 02:59
I tried the example provided by [hn at nesland dot net] but it didn't quite work, as the error:
Fatal error: Cannot redeclare mail()
was encountered.
Also, the runkit_function_rename() caused apache to exit with Segmentation fault (11)
This works like a charm:
<?PHP
@dl("runkit.so");
@runkit_function_copy("mail", "__org_mail");
@runkit_function_remove("mail");
@runkit_function_copy("__new_mail", "mail");
@runkit_function_remove("__new_mail");
function __new_mail($to, $subject, $message, $additional_headers = null, $additional_parameters = null) {
/* do your own mail function checks here */
return __org_mail($to, $subject, $message, $additional_headers, $additional_parameters);
}
?>
Atleast it worked for me, stripping newlines from $to, $subject, removing unwanted headers from $additional_headers and adding new headers to $additional_headers for debugging - this way I'll be able to track the origin of the mail using the headers.
You'll need enable_dl = On in your php.ini and also runkit.internal_override = "1"
I wanted to remove the execution of __org_mail(), so I tried to add this to disable_functions in php.ini but that didn't seem to work, so be aware that the original function can still be executed, and found by using get_defined_functions().
php at ontheroad dot net dot nz
04-Nov-2008 05:00
04-Nov-2008 05:00
Another possible cause for the "501 5.5.4 Invalid Address" type errors when sending mail from Windows is specifying BCC or CC parameters with no value.
molotster on google mail com
13-Oct-2008 08:03
13-Oct-2008 08:03
Note, that single line should not contain more than 78 character, but is not allowed to contain more than 998 characters.
The possible consequences are:
Over 78 - clients are allowed to display the message in a "harder to read" way.
Over 998 - clients and servers are allowed to drop the message or cause any buffer-limit error.
See:
http://www.faqs.org/rfcs/rfc2822 part 2.1.1.
duminda
17-Sep-2008 08:44
17-Sep-2008 08:44
<?PHP
$title=$_POST['title'];
$name=$_POST['name'];
$email=$_POST['email'];
$telephone=$_POST['telephone'];
$fax=$_POST['fax'];
$address=$_POST['address'];
$country=$_POST['country'];
$comment=$_POST['comment'];
# -=-=-=- MIME BOUNDARY
$mime_boundary = "----MSA Shipping----".md5(time());
# -=-=-=- MAIL HEADERS
$to = "dlwijerathna@gmail.com";
//$to = "duminda@dumidesign.com";
//$to = "info@msashipping.com";
$subject = "Information Request from MSA Shipping - Contact Form";
$headers = "From: MSA SHIPPING <webmaster@msashipping.com>\n";
$headers .= "Reply-To: MSA Shipping <webmaster@msashipping.com>\n";
$headers .= "BCC: dumidesign@gmail.com";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\n";
$message .= "--$mime_boundary\n";
$message .= "Content-Type: text/html; charset=UTF-8\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= "<html>\n";
$message .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$message .= "<table width=\"800\" height=\"159\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" >";
$message .="<tr>";
$message .="<td height=\"66\" colspan=\"4\" bgcolor=\"#CCCCCC\"></td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td width=\"1%\"></td>";
$message .="<td colspan=\"3\"> </td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td width=\"100\"><b>Title</b></td>";
$message .="<td align=\"left\" >:</td>";
$message .="<td>$title</td>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Name</b></td>";
$message .="<td>:</td>";
$message .="<td>$name</td>";
$message .="</tr>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>E-mail</b></td>";
$message .="<td>:</td>";
$message .="<td>$email</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Telephone</b></td>";
$message .="<td>:</td>";
$message .="<td>$telephone</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Fax</b></td>";
$message .="<td>:</td>";
$message .="<td>$fax</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Country</b></td>";
$message .="<td>:</td>";
$message .="<td>$country</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Comments</b></td>";
$message .="<td>:</td>";
$message .="<td>$comment</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td height=\"21\" colspan=\"4\" bgcolor=\"#CCCCCC\"></td>";
$message .="</tr>";
$message .="</table>";
$message .= "</body>\n";
$message .= "</html>\n";
# -=-=-=- FINAL BOUNDARY
$message .= "--$mime_boundary--\n\n";
# -=-=-=- SEND MAIL
$mail_sent = @mail( $to, $subject, $message, $headers );
//echo $mail_sent ? "Mail sent" : "Mail failed";
if($mail_sent)
{
header('Location:contactus.php?msg=yes');
}
else
{
header('Location:contactus.php?msg=no');
}
?>
webmaster at plumage dot nl
01-Sep-2008 09:53
01-Sep-2008 09:53
The work-around for a large quantity of recipients is putting the adresses in the header-section as Bcc adresses.
In this way the mail()-function opens and closes the SMTP connection only once:
<?php
$count_recip= count($recip);//where $recip represents an array of mail-adresses, from MySql-query or otherwise
$count='0';
$headers.="Bcc: ";
while($count < $count_recip){
$headers.=$recip[$count].", ";
$count ++;
}
$headers.="admin@mailinglist.com\r\n";
?>
bob
15-Jul-2008 08:51
15-Jul-2008 08:51
If the Cc or Bcc lines appear in the message body, make sure you're separating header lines with a new line (\n) rather than a carriage return-new line (\r\n). That should come at the very end of the headers.
akam
28-May-2008 01:55
28-May-2008 01:55
There differenece in body, headers of email (with attachment, without attachment), see this complete example below:
work great for me (LINUX , WIN) and (Yahoo Mail, Hotmail, Gmail, ...)
<?php
$to = $_POST['to'];
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$comment = $_POST['message'];
$To = strip_tags($to);
$TextMessage =strip_tags(nl2br($comment),"<br>");
$HTMLMessage =nl2br($comment);
$FromName =strip_tags($name);
$FromEmail =strip_tags($email);
$Subject =strip_tags($subject);
$boundary1 =rand(0,9)."-"
.rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
$boundary2 =rand(0,9)."-".rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
for($i=0; $i < count($_FILES['youfile']['name']); $i++){
if(is_uploaded_file($_FILES['fileatt']['tmp_name'][$i]) &&
!empty($_FILES['fileatt']['size'][$i]) &&
!empty($_FILES['fileatt']['name'][$i])){
$attach ='yes';
$end ='';
$handle =fopen($_FILES['fileatt']['tmp_name'][$i], 'rb');
$f_contents =fread($handle, $_FILES['fileatt']['size'][$i]);
$attachment[]=chunk_split(base64_encode($f_contents));
fclose($handle);
$ftype[] =$_FILES['fileatt']['type'][$i];
$fname[] =$_FILES['fileatt']['name'][$i];
}
}
/***************************************************************
Creating Email: Headers, BODY
1- HTML Email WIthout Attachment!! <<-------- H T M L ---------
***************************************************************/
#---->Headers Part
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
AKAM;
#---->BODY Part
$Body =<<<AKAM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
This is a multi-part message in MIME format.
--$boundary1
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary1
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary1--
AKAM;
/***************************************************************
2- HTML Email WIth Multiple Attachment <<----- Attachment ------
***************************************************************/
if($attach=='yes') {
$attachments='';
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="$boundary1"
AKAM;
for($j=0;$j<count($ftype); $j++){
$attachments.=<<<ATTA
--$boundary1
Content-Type: $ftype[$j];
name="$fname[$i]"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="$fname[$j]"
$attachment[$j]
ATTA;
}
$Body =<<<AKAM
This is a multi-part message in MIME format.
--$boundary1
Content-Type: multipart/alternative;
boundary="$boundary2"
--$boundary2
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary2
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary2--
$attachments
--$boundary1--
AKAM;
}
/***************************************************************
Sending Email
***************************************************************/
$ok=mail($To, $Subject, $Body, $Headers);
echo $ok?"<h1> Mail Sent</h1>":"<h1> Mail not SEND</h1>";
?>
richard at richard-sumilang dot com
22-Mar-2008 08:12
22-Mar-2008 08:12
If you are using the sendmail app from an exim package or something you don't really need to change the normal parameters PHP gives it (-t -i) as other posts described.
I just added "-f myemail@foo.com" and it worked.
One thing that got me stuck for a few hours was trying to figure out why the return-path was set as the user (user running php) and not what I was setting it with the -f option then I later found at that in order to forcefully set the return-path the user account running the command must be in exim's trusted users configuration! It helps to add trusted_groups as well then everything works fine :)
- Richard Sumilang
jano ATSOMERANDOMTEXTjanogarcia es
28-Jan-2008 10:31
28-Jan-2008 10:31
This is a simple and quick (dirty?) fix for encoding long UTF-8 email subjects.
<?php
$subject= mb_encode_mimeheader($subject,"UTF-8", "B", "\n");
?>
Changing the $transfer_encoding parameter* from B (Base64) to Q (Quoted-Printable) seems to work too.
*See the mb_encode_mimeheader documentation here http://php.net/manual/en/function.mb-encode-mimeheader.php
This one is based on the previously posted solution by J.Halmu http://php.net/manual/en/function.mail.php#75886 , added the two last parameters to prevent long subjects from breaking the email. It worked flawlessly on a RHEL environmet. No further tests, sorry.
Tomix
17-Jan-2008 03:53
17-Jan-2008 03:53
send e-mail in utf-8
there is already a solution from omgs. but with a longer subject line there could be problem (splitting the subject line in a encoded character).
here my solution:
<?php
// hmm no better solution?
function imap8bit(&$item, $key) {
$item = imap_8bit($item);
}
function email($e_mail, $subject, $message, $headers)
{
// add headers for utf-8 message
$headers .= "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "Content-Transfer-Encoding: quoted-printable\r\n";
// encode subject
//=?UTF-8?Q?encoded_text?=
// work a round: for subject with wordwrap
// not fixed, no possibility to have one in a single char
$subject = wordwrap($subject, 25, "\n", FALSE);
$subject = explode("\n", $subject);
array_walk($subject, imap8bit);
$subject = implode("\r\n ", $subject);
$subject = "=?UTF-8?Q?".$subject."?=";
// encode e-mail message
$message = imap_8bit($message);
return(mail("$e_mail", "$subject", "$message", "$headers"));
}
?>
mortoray at ecircle-ag dot com
10-Jan-2008 03:35
10-Jan-2008 03:35
Apparently if using the mbstring library, and using overriden functions, the "mail" command appears to use "Content-Transfer-Encoding: BASE64" by default. Which if you combine it with PEAR Mail_Mime you'll get mails that, although they appear RFC compliant, not mailer can read correctly.
To fix this it appears you should add a fixed header in the mail command (this one assumes the pear mime module is 7bit clean, perhaps 8bit would also be fine)
<?php $headers['Content-Transfer-Encoding'] = '7bit'; ?>
d
25-Dec-2007 09:39
25-Dec-2007 09:39
When sending html formatted mails to gmail accounts you might notice that the html is shown in plain text. This happens when you send from an unix system and gmail treats the "\r\n" line ends in a wrong way. Use "\n" instead at it will be fine.
Content-Type: text/html; charset=iso-8859-1\n
instead of
Content-Type: text/html; charset=iso-8859-1\r\n
hn at nesland dot net
03-Nov-2007 12:37
03-Nov-2007 12:37
Tired of idiots and imbeciles who creates unsecure php-code and lets spammers abuse mail()? Try this dirty trick:
With auto_prepend, prepend this file:
<?php
// You need to install pecl-module, runkit.
dl("runkit.so");
// We could rename the function, but that currently makes my apache segfault, but this works :-P
runkit_function_copy ( "mail","intmail" );
runkit_function_remove( "mail" );
function mail( $to, $subject, $message, $additional_headers = null, $additional_parameters = null ) {
$___domain = $_SERVER['SERVER_NAME'];
$fp = fopen("/tmp/my_super_mail_logg", "a");
fwrite( $fp, date("d.m.y H:i:s") . " " . $___domain . ": $to / $subject\n");
fclose( $fp );
return intmail( $to, $subject, $message, $additional_headers, $additional_parameters );
}
?>
You probably shouldn't log to /tmp, or any other place as the webserver-user, see syslog-functions ;)
And of course you can manipulate the different parameters, like adding custom headers to each email (For instance; "X-From-Web: {$_SERVER['SERVER_NAME']}")..
phpcoder at cyberpimp dot ig3 dot net
27-Sep-2007 03:51
27-Sep-2007 03:51
In addition to the $to parameter restrictions on Windows (ie. address can not be in "name <user@example.com>" format), the same restrictions apply to the parsed Cc and Bcc headers of the $additional_headers parameter.
However, you can include a To header in $additional_parameters which lists the addresses in any RFC-2822 format. (For display purposes only. You still need to list the bare addresses in the $to parameter.)
Gianluigi_Zanettini-MegaLab.it
10-Aug-2007 06:57
10-Aug-2007 06:57
Please note that using an address in this format "Zane, CEO - MegaLab.it" <myaddrr@mydomain> (" are needed due to comma) works as expected under *nix, but WON'T WORK under Windows.
This is an example
<?php
mail("\"Zane, CEO - MegaLab.it\" <myaddrr@mydomain>", "prova da test_zane", "dai funziona...");
?>
It works under *unix, but it doensn't under Win: different error are reported:
Warning: mail() [function.mail]: SMTP server response: 553 5.0.0 <"Zane>... Unbalanced '"'
Warning: mail() [function.mail]: SMTP server response: 501 5.5.4 Invalid Address
J.Halmu
20-Jun-2007 11:10
20-Jun-2007 11:10
I use text/plain charaset=iso-8859-1 and get bad headers complain from amavis. This helped me:
[code]
$subject = mb_encode_mimeheader('ääööö test test öäöäöä','UTF-8');
[/code]
php-version 5.2.2
Alex Jaspersen
31-May-2007 06:03
31-May-2007 06:03
For qmail users, I have written a function that talks directly to qmail-queue, rather than going through the sendmail wrapper used by mail(). Thus it allows more direct control over the message (for example, you can adapt the function to display "undisclosed recipients" in to the To: header). It also performs careful validation of the e-mail addresses passed to it, making it more difficult for spammers to exploit your scripts.
Please note that this function differs from the mail() function in that the from address must be passed as a _separate_ argument. It is automatically put into the message headers and _does not_ need to be included in $additional_headers.
$to can either be an array or a single address contained in a string.
$message should not contain any carriage return characters - only linefeeds.
No validation is performed on $additional_headers. This is mostly unnecessary because qmail will ignore any additional To: headers injected by a malicious user. However if you have some strange mail setup it might be a problem.
The function returns false if the message fails validation or is rejected by qmail-queue, and returns true on success.
<?php
function qmail_queue($to, $from, $subject, $message, $additional_headers = "")
{
// qmail-queue location and hostname used for Message-Id
$cmd = "/var/qmail/bin/qmail-queue";
$hostname = trim(file_get_contents("/var/qmail/control/me"));
// convert $to into an array
if(is_scalar($to))
$to = array($to);
// BEGIN VALIDATION
// e-mail address validation
$e = "/^[-+\\.0-9=a-z_]+@([-0-9a-z]+\\.)+([0-9a-z]){2,4}$/i";
// from address
if(!preg_match($e, $from)) return false;
// to address(es)
foreach($to as $rcpt)
{
if(!preg_match($e, $rcpt)) return false;
}
// subject validation (only printable 7-bit ascii characters allowed)
// needs to be adapted to allow for foreign languages with 8-bit characters
if(!preg_match("/^[\\040-\\176]+$/", $subject)) return false;
// END VALIDATION
// open qmail-queue process
$dspec = array
(
array("pipe", "r"), // message descriptor
array("pipe", "r") // envelope descriptor
);
$pipes = array();
$proc = proc_open($cmd, $dspec, $pipes);
if(!is_resource($proc)) return false;
// write additional headers
if(!empty($additional_headers))
{
fwrite($pipes[0], $additional_headers . "\n");
}
// write to/from/subject/date/message-ID headers
fwrite($pipes[0], "To: " . $to[0]); // first recipient
for($i = 1; $i < sizeof($to); $i++) // additional recipients
{
fwrite($pipes[0], ", " . $to[$i]);
}
fwrite($pipes[0], "\nSubject: " . $subject . "\n");
fwrite($pipes[0], "From: " . $from . "\n");
fwrite($pipes[0], "Message-Id: <" . md5(uniqid(microtime())) . "@" . $hostname . ">\n");
fwrite($pipes[0], "Date: " . date("r") . "\n\n");
fwrite($pipes[0], $message);
fwrite($pipes[0], "\n");
fclose($pipes[0]);
// write from address and recipients
fwrite($pipes[1], "F" . $from . "\0");
foreach($to as $rcpt)
{
fwrite($pipes[1], "T" . $rcpt . "\0");
}
fwrite($pipes[1], "\0");
fclose($pipes[1]);
// return true on success.
return proc_close($proc) == 0;
}
?>
Geoff in Montreal
01-May-2007 10:07
01-May-2007 10:07
Here is a PHP Mail Multipart/Alternative (Plain Text and HTML) code for *nix servers (Unix Like Servers)... if you are hosted on a windows server, simply replace all "\n" or "\n\n" in the below code to "\r\n" or "\r\n\r\n" respectively.
This code is for anyone who has already written an HTML page for their PHP mail... there are several PHP > HTML free translators on the internet. You may use one of them to translate your HTML code to PHP to insert into the following code. All there needs to change is to place a backslash before any quotations (EX: ... confirm that \"Our Company\" has ...), and to end each line with a newline character (EX: \n )...
This code method has been successfully tested with Apple Mail, Microsoft Outlook, G-Mail, and Yahoo Mail. I hope this helps out anyone that is writing a multipart/alternative PHP mailer script.
<?php
# -=-=-=- PHP FORM VARIABLES (add as many as you would like)
$name = $_POST["name"];
$email = $_POST["email"];
$invoicetotal = $_POST["invoicetotal"];
# -=-=-=- MIME BOUNDARY
$mime_boundary = "----Your_Company_Name----".md5(time());
# -=-=-=- MAIL HEADERS
$to = "$email";
$subject = "This text will display in the email's Subject Field";
$headers = "From: Our Company <company@ourcompany.com>\n";
$headers .= "Reply-To: Our Company <company@ourcompany.com>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\n";
# -=-=-=- TEXT EMAIL PART
$message = "--$mime_boundary\n";
$message .= "Content-Type: text/plain; charset=UTF-8\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= "$name:\n\n";
$message .= "This email is to confirm that \"Our Company\" has received your order.\n";
$message .= "Please send payment of $invoicetotal to our company address.\n\n";
$message .= "Thank You.\n\n";
# -=-=-=- HTML EMAIL PART
$message .= "--$mime_boundary\n";
$message .= "Content-Type: text/html; charset=UTF-8\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= "<html>\n";
$message .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:14px; color:#666666;\">\n";
$message .= "$name:<br>\n";
$message .= "<br>\n";
$message .= "This email is to confirm that \"Our Company\" has received your order.<br>\n";
$message .= "Please send payment of $invoicetotal to our company address.<br>\n\n";
$message .= "<br>\n";
$message .= "Thank You.<br>\n\n";
$message .= "</body>\n";
$message .= "</html>\n";
# -=-=-=- FINAL BOUNDARY
$message .= "--$mime_boundary--\n\n";
# -=-=-=- SEND MAIL
$mail_sent = @mail( $to, $subject, $message, $headers );
echo $mail_sent ? "Mail sent" : "Mail failed";
?>
Josh
09-Mar-2007 06:05
09-Mar-2007 06:05
While trying to send attachments I ran into the problem of having the beginning part of my encoded data being cut off.
A fact that I didn't see mentioned anywhere explicitly (except maybe in the RFC, which admittedly I didn't read fully) was that two newlines are required before you start the encoded data:
Content-Transfer-Encoding: base64\n
Content-Type: application/zip; name="test_file.zip"\n
\n //<--- if this newline isn't here your data will get cut off
DATA GOES HERE
hans111 at yahoo dot com
01-Mar-2007 04:54
01-Mar-2007 04:54
I had a lot of trouble trying to send multipart messages to gmail accounts until I discovered gmail does not like carriage returns, even under unix I have to use only new lines (\n) and forget about the (\r) . Other email clients such as eudora, outlook, hotmail or yahoo seem not to have issues about the "missing" \r . Hope it helps.
bigtree at dontspam dot 29a dot nl
28-Feb-2007 12:46
28-Feb-2007 12:46
Since lines in $additional_headers must be separated by \n on Unix and \r\n on Windows, it might be useful to use the PHP_EOL constant which contains the correct value on either platform.
Note that this variable was introduced in PHP 5.0.2 so to write portable code that also works in PHP versions before that, use the following code to make sure it exists:
<?php
if (!defined('PHP_EOL')) define ('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");
?>
admin at chatfamy dot com
30-Jan-2007 08:37
30-Jan-2007 08:37
One thing it can be difficult to control with this function is the envelope "from" address. The envelope "from" address is distinct from the address that appears in the "From:" header of the email. It is what sendmail uses in its "MAIL FROM/RCPT TO" exchange with the receiving mail server. It also typically shows up in the "Return-Path:" header, but this need not be the case. The whole reason it is called an "envelope" address is that appears _outside_ of the message header and body, in the raw SMTP exchange between mail servers.
The default envelope "from" address on unix depends on what sendmail implementation you are using. But typically it will be set to the username of the running process followed by "@" and the hostname of the machine. In a typical configuration this will look something like apache@box17.isp.net.
If your emails are being rejected by receiving mail servers, or if you need to change what address bounce emails are sent to, you can change the envelope "from" address to solve your problems.
To change the envelope "from" address on unix, you specify an "-r" option to your sendmail binary. You can do this globally in php.ini by adding the "-r" option to the "sendmail_path" command line. You can also do it programmatically from within PHP by passing "-r address@domain.com" as the "additional_parameters" argument to the mail() function (the 5th argument). If you specify an address both places, the sendmail binary will be called with two "-r" options, which may have undefined behavior depending on your sendmail implementation. With the Postfix MTA, later "-r" options silently override earlier options, making it possible to set a global default and still get sensible behavior when you try to override it locally.
On Windows, the the situation is a lot simpler. The envelope "from" address there is just the value of "sendmail_from" in the php.ini file. You can override it locally with ini_set().
tdaniel at univ dot haifa dot ac dot il
26-Oct-2006 11:17
26-Oct-2006 11:17
I had trouble getting multiple emails sent for Outlook accounts (a single PHP page performed 2 mail() calls).
The PHP mail() function works correctly, but the same mails that were recieved on a private POP3 server were randomly missing by our intranet Outlook exchange server.
If you have the same problem, try to verify that the "Message-ID: " is unique at the $headers string. i.e.
<?php
$headers = [...] .
"Message-ID: <". time() .rand(1,1000). "@".$_SERVER['SERVER_NAME'].">". "\r\n" [...];
?>
(rand() is used only for demonstration purposes. a better way is to use an index variable that increments (i++) after each mail)
I noticed that when multiple messeges were sent simultaneously, the message-id was the same (probably there was no miliseconds differential). My guess is that Outlook is collating messages with the same message-ID; a thing that causes only one email to pass to the Outlook inbox instead of a few.
i5513
27-Sep-2006 08:30
27-Sep-2006 08:30
[EDITOR's NOTE: Following based off of a note originally by marcelo dot maraboli at usm dot cl which has been removed.]
I had a trouble with marcelo' function, I had to add "$val == 63" condition into "if" sentence for '?' character
<?php
# From marcelo post:
function encode_iso88591($string)
{
$text = '=?iso-8859-1?q?';
for( $i = 0 ; $i < strlen($string) ; $i++ )
{
$val = ord($string[$i]);
if($val > 127 or $val == 63)
{
$val = dechex($val);
$text .= '='.$val;
}
else
{
$text .= $string[$i];
}
}
$text .= '?=';
return $text;
}
and later use:
// create email
$msg = wordwrap($msg, 70);
$to = "destination@company.com";
$subject = encode_iso88591("hoydía caminé !!");
$headers = "MIME-Versin: 1.0\r\n" .
"Content-type: text/plain; charset=ISO-8859-1; format=flowed\r\n" .
"Content-Transfer-Encoding: 8bit\r\n" .
"From: $from\r\n" .
"X-Mailer: PHP" . phpversion();
mail($to, $subject, $msg, $headers);
?>
johniskew2
19-Sep-2006 04:28
19-Sep-2006 04:28
An important rule of thumb, because it seems few really follow it and it can alleviate so many headaches: When filtering your email headers for injection characters use a regular expression to judge whether the user's input is valid. For example to see if the user entered a valid e-mail address use something like [a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}. Dont try to filter out bad characters (like searching for LF or CR), because you will ALWAYS miss something. You can be sure your application is more secure going this route....provided the regular expression is valid! This same point goes for any sort of form input not just for sending out emails.
thomas at p-devion dot de
24-Aug-2006 05:46
24-Aug-2006 05:46
Change the function addattachment for multipartmail to auto detect the mime_content_type ...
<?php
function addattachment($file){
$fname = substr(strrchr($file, "/"), 1);
$data = file_get_contents($file);
$i = count($this->parts);
$content_id = "part$i." . sprintf("%09d", crc32($fname)) . strrchr($this->to_address, "@");
$this->parts[$i] = "Content-Type: ".mime_content_type($file)."; name=\"$fname\"\r\n" .
"Content-Transfer-Encoding: base64\r\n" .
"Content-ID: <$content_id>\r\n" .
"Content-Disposition: inline;\n" .
" filename=\"$fname\"\r\n" .
"\n" .
chunk_split( base64_encode($data), 68, "\n");
return $content_id;
}
?>
panoramical at gmail dot com
27-Jul-2006 11:19
27-Jul-2006 11:19
Searched for ages on the internet trying to find something that parses EML files and then sends them...for all of you who want to send an EML files you first have to upload it, read it, then delete it. Here's my function...it's specialised for a single form where the user uploads the EML file.
<?php
if(isset($_POST['submit']))
{
// Reads in a file (eml) a user has inputted
function eml_read_in()
{
$file_ext = stristr($_FILES['upload']['name'], '.');
// If it is an eml file
if($file_ext == '.eml')
{
// Define vars
$dir = 'eml/';
$file = $dir.basename($_FILES['upload']['name']);
$carry = 'yes';
// Try and upload the file
if(move_uploaded_file($_FILES['upload']['tmp_name'], $file))
{
// Now attempt to read the file
if($eml_file = file($file))
{
// Create the array to store preliminary headers
$headers = array();
$body = '';
$ii = -1;
// For every line, carry out this loop
foreach($eml_file as $key => $value)
{
$pattern = '^<html>';
if(((eregi($pattern, $value)))||($carry == 'no'))
{
// Stop putting data into the $headers array
$carry = 'no';
$i++;
$body .= $value;
}
else
{
// Separate each one with a colon
if(($eml_file_expl = explode(':', $value))&&($carry == 'yes'))
{
// The row has been split in half at least...
if(isset($eml_file_expl[1]))
{
// Put it into the preliminary headers
$headers[$eml_file_expl[0]] = $eml_file_expl[1];
// There might be more semicolons in it...
for($i=2;$i<=$count;$i++)
{
// Add the other values to the header
$headers[$eml_file_expl[0]] .= ':'.$eml_file_expl[$i];
}
}
}
}
}
// Clear up the headers array
$eml_values = array();
$eml_values[to] = $headers[To];
$eml_values[from] = $headers[From];
$eml_values[subject] = $headers[Subject];
$eml_values['reply-to'] = $headers['Reply-To'];
$eml_values['content-type'] = $headers['Content-Type'];
$eml_values[body] = $body;
unlink($file);
return $eml_values;
}
}
else
{
return '<p>File not uploaded - there was an error</p>';
}
}
}
// Takes information automatically from the $_FILES array...
$eml_pattern = eml_read_in()
// Headers definable...through eml_read_in() again, but I'm guessing they'll be the same for each doc...
if(mail($eml_pattern[to], $eml_pattern[subject], $eml_pattern[content], $headers)) echo 'Mail Sent';
?>
24-Jul-2006 03:55
correction for class multipartmail
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[0] ....
?>
if you are adding attachment first and then addmessage you can easy overwrite added attachment - better use
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[count($this->parts)] ....
?>
sander at cartel dot nl
20-Jul-2006 10:26
20-Jul-2006 10:26
I found out that a ms server (ESMTP MAIL Service, Version: 5.0.2195.6713) also had the problem using CRLF in the headers:
If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with RFC 2822.
The suggested fix works.
Sander
rsjaffe at gmail dot com
21-May-2006 09:10
21-May-2006 09:10
Here's my way of detecting an attempt to hijack my mail form.
<?php #requires PHP 5 or greater
$request = array_map('trim',($_SERVER['REQUEST_METHOD'] == "POST") ? $_POST : $_GET) ;
//check for spam injection
$allfields = implode('',$request) ;
$nontext = $request ;
unset($nontext['message'] );
$nontextfields = implode ('',$nontext) ;
if ((strpos ($nontextfields,"\\r")!==false) ||
(strpos ($nontextfields,"\\n")!==false) ||
(stripos ($allfields,"Content-Transfer-Encoding")!==false) ||
(stripos ($allfields,"MIME-Version")!==false) ||
(stripos ($allfields,"Content-Type")!==false) ||
($request['checkfield']!=$check) ||
(empty($_SERVER['HTTP_USER_AGENT']))) die('Incorrect request') ; //stop spammers ?>
First, I put the data into an array $request, then set up two strings: $allfields, which is just all fields concatenated, then $nontext, which excludes those fields in which \r\n is allowed (e.g., the message body). Any form field in which \r\n is allowed should be unset in the $nontext array before the second implode function (my message field is called 'message', so I unset that). I also include a hidden field in the form with a preset value ('checkfield', $check), so I can see if something is trying to alter all fields.
This is a combination of a lot of things mentioned in the messages below...
steve at stevewinnington dot co dot uk
13-Mar-2006 04:24
13-Mar-2006 04:24
To all you guys out there having problems with mail scripts throwing back this (and you know your scripts are right!!)...
Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in:
I had started seeing this after moving some scripts from 4.3 servers to 5.
a dirty get around is using
ini_set ("sendmail_from","a.body@acompany.com");
to force the From header.
Not ideal but it works.
;)
Nimlhug
11-Mar-2006 06:41
11-Mar-2006 06:41
As noted in other, well, notes; the "additional headers" parameter can be easily exploited, when doing things like:
<?php
mail( $_POST['to'], $_POST['subject'], $_POST['message'], 'Reply-to: '.$_POST['from']."\r\n" );
?>
An easy way of fixing this, is removing CRLFs from the header-strings, like so:
<?php
$_POST['from'] = str_replace( "\r\n", '', $_POST['from'] );
?>
This way, the extra data will be part of the previous header.
junaid at techni-serve dot com
07-Mar-2006 05:49
07-Mar-2006 05:49
Note: on class "multipartmail". Modify the function buildmessage with the following and it will work great.
function buildmessage(){
$this->message = "This is a multipart message in mime format.\n";
$cnt = count($this->parts);
for($i=0; $i<$cnt; $i++){
$this->message .= "--" . $this->boundary . "\n" .$this->parts[$i];
}
$this->message .= "--" . $this->boundary . "-- \n";
}
Thank for all the help.
Ben Cooke
15-Dec-2005 01:34
15-Dec-2005 01:34
Note that there is a big difference between the behavior of this function on Windows systems vs. UNIX systems. On Windows it delivers directly to an SMTP server, while on a UNIX system it uses a local command to hand off to the system's own MTA.
The upshot of all this is that on a Windows system your message and headers must use the standard line endings \r\n as prescribed by the email specs. On a UNIX system the MTA's "sendmail" interface assumes that recieved data will use UNIX line endings and will turn any \n to \r\n, so you must supply only \n to mail() on a UNIX system to avoid the MTA hypercorrecting to \r\r\n.
If you use plain old \n on a Windows system, some MTAs will get a little upset. qmail in particular will refuse outright to accept any message that has a lonely \n without an accompanying \r.
fnjordy at gmail dot com
05-Oct-2005 09:54
05-Oct-2005 09:54
Another example of sending a utf-8 HTML mail:
<?php
$to = 'bob@example.com';
$subject = 'Wakeup bob!';
$message = '<b>yo</b>, whassup?';
$headers = "From: server@example.com\r\n" .
'X-Mailer: PHP/' . phpversion() . "\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: text/html; charset=utf-8\r\n" .
"Content-Transfer-Encoding: 8bit\r\n\r\n";
// Send
mail($to, $subject, $message, $headers);
?>
fontajos at phpeppershop dot com
21-Sep-2005 03:24
21-Sep-2005 03:24
Problems with Microsoft Exchange and PHP as ISAPI-module
We found out, that if you want to send multipart mime emails using the PHP mail-function on a Windows box using a Microsoft Exchange server, you have to use separate containers for the mail body and the mail header.
In many examples like in http://www.zend.com/zend/trick/html-email.php or in the book PHP developers cookbook you find html multipart/alternative mailing solutions that build the mime header and the mail body into one PHP variable and send this as fourth argument (header) to the PHP mail-function. This works fine on most systems but not on the above mentioned combination.
We found a rather trivial solution: Simply split the mime mail header and the mail body into two separate variables and give them separately to the PHP mail function, example:
<?php
//add From: header
$headers = "From: webserver@localhost\r\n";
//specify MIME version 1.0
$headers .= "MIME-Version: 1.0\r\n";
//unique boundary
$boundary = uniqid("HTMLDEMO");
//tell e-mail client this e-mail contains//alternate versions
$headers .= "Content-Type: multipart/mixed; boundary = $boundary\r\n\r\n";
//plain text version of message
$body = "--$boundary\r\n" .
"Content-Type: text/plain; charset=ISO-8859-1\r\n" .
"Content-Transfer-Encoding: base64\r\n\r\n";
$body .= chunk_split(base64_encode("This is the plain text version!"));
//HTML version of message
$body .= "--$boundary\r\n" .
"Content-Type: text/html; charset=ISO-8859-1\r\n" .
"Content-Transfer-Encoding: base64\r\n\r\n";
$body .= chunk_split(base64_encode("This the <b>HTML</b> version!"));
//send message
mail("root@localhost", "An HTML Message", $body, $headers);
?>
GwarDrazul
15-Sep-2005 11:01
15-Sep-2005 11:01
The article mentioned below is quite good to understand the problem of header injection. However, it suggests the following as a solution: look for "\n" and "\r" inside your user input fields (especially in those used for the $header param) and, if found reject the mail.
Allthough this will probably work I still believe it is better to have a "white list" of allowed characters instead of a "black list" with forbidden characters.
Example:
If you want a user to enter his name, then allow characters only!
If you want a user to enter his email adress, then check if the entry is a valid email adress.
Doing so might automatically solve problems which you didn't think of when you created the "black list". For SMTP headers colons are needed. If you check for a valid email adress the hacker won't be able to enter colons inside that form field.
I suggest using regular expressions for those checks.
For more information about regular expressions see:
http://www.regular-expressions.info/
javier at zincro dot com
31-May-2005 04:48
31-May-2005 04:48
This might be something obvious, but it gave me a lot of headache to find out:
If you use an ascii char#0 in the "string mensaje" parameter, it will truncate the message till that point, (this happened to me sending a message read from a file)
For example:
<?php
$hs_email="blabla@blabla.com";
$hs_asunto="a message for you";
$hs_contenido="beginofcontent_";
$hs_contenido.=chr(0);
$hs_contenido.="_endofcontent";
mail($hs_email,$hs_asunto,$hs_contenido);
?>
Will result in an email that only contains the string:
beginofcontent_
Anyway, just in case it can save someone some time...
msheldon at desertraven dot com
15-May-2005 07:09
15-May-2005 07:09
Just a comment on some of the examples, and as a note for those who may be unaware. The SMTP RFC 822 is VERY explicit in stating that \r\n is the ONLY acceptable line break format in the headers, though is a little vague about the message body. While many MTAs will deal with just \n, I've run accross plenty of them that will exhibit "interesting" behaviours when this happens. Those MTAs that are strict in compliance will definitely break when header lines are terminated with only \n. They will also most likely break if the body of the message contains more than 1000 consecutive characters without a \r\n.*
Note that RFC 821 is a little more clear in defining:
"line
A a sequence of ASCII characters ending with a <CRLF>."
RFC 821 makes no distinction between header lines and message body lines, since both are actually transmitted during the DATA phase.
Bottom line, best practice is to be sure to convert any bare \n characters in the message to \r\n.
* "The maximum total length of a text line including the <CRLF> is 1000 characters" (RFC 821)
jonte at macnytt dot com
24-Apr-2005 11:16
24-Apr-2005 11:16
Users of Mac OS X Server need to activate SMTP part of the Mailserver before this is working.
Also note that if the ISP has blocked port 25 outgoing, you run into problems. You can find more info about this in the SMTP server log in Server Admin application if you run OSX Server.
18-Apr-2005 07:20
A co-worker of mine had a problem where she needed to have a backslash in the header. Basically, the name of the company has a couple of backslashes in it. However, when the recipient was receiving the email, the "From:" part had the backslashes removed. We got it to work but placing three backslashes whenever we wanted one to show up. I'd assume that the mail server was modifying the headers and this is not really an issue with php. Anyway, thought this might help someone.
benles at bldigital dot com
21-Mar-2005 05:47
21-Mar-2005 05:47
I get a 550 error when using mail() with this To format:
User <user@example.com>
When it's changed to just the bare email, it works fine. Just FYI that some mail servers may behave this way.
php dot net at schrecktech dot com
03-Mar-2005 12:07
03-Mar-2005 12:07
When sending MIME email make sure you follow the documentation with the "70" characters per line...you may end up with missing characters...and that is really hard to track down...
jdephix at hotmail dot com
02-Mar-2005 08:25
02-Mar-2005 08:25
How to add multiple attachment to an email:
An email can be split into many parts separated by a boundary followed by a Content-Type and a Content-Disposition.
The boundary is initialized as follows:
<?php
$boundary = '-----=' . md5( uniqid ( rand() ) );
?>
You can attach a Word document if you specify:
<?php
$message .= "Content-Type: application/msword; name=\"my attachment\"\n";
$message .= "Content-Transfer-Encoding: base64\n";
$message .= "Content-Disposition: attachment; filename=\"$theFile\"\n\n";
?>
When adding a file you must open it and read it with fopen and add the content to the message:
<?php
$path = "whatever the path to the file is";
$fp = fopen($path, 'r');
do //we loop until there is no data left
{
$data = fread($fp, 8192);
if (strlen($data) == 0) break;
$content .= $data;
} while (true);
$content_encode = chunk_split(base64_encode($content));
$message .= $content_encode . "\n";
$message .= "--" . $boundary . "\n";
?>
Add the needed headers and send!
<?php
$headers = "From: \"Me\"<me@example.com>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/mixed; boundary=\"$boundary\"";
mail('myAddress@example.com', 'Email with attachment from PHP', $message, $headers);
?>
Finally, if you add an image and want it displayed in your email, change the Content-Type from attachment to inline:
<?php
$message .= "Content-Disposition: inline; filename=\"$theFile\"\n\n";
?>
Enjoy!
grey at greywyvern dot moc
18-Feb-2005 08:47
18-Feb-2005 08:47
When including your own custom headers try not to include a trailing \r\n at the end of the last header. Leaving the \r\n causes an extra line-feed at the beginning of the message body, so your message will start on the second line.
Sven Riedel
10-Jul-2004 01:22
10-Jul-2004 01:22
mail() requires /bin/sh to exist in Unix environments, next to a mail delivery program. This is very relevant when setting up apache in a chroot environment. Unfortunately this isn't anywhere in the documentation and took me several months to figure out.
nospam at mingo dot ath dot cx
09-May-2004 01:55
09-May-2004 01:55
If you're using a linux server using Postfix, and your server hasn't the host name set to a valid name (because it's behind a firewall in an intranet), it's possible that when sending mails using the mail function, some mail servers reject them. This is because they can't check the return path header. If you want to change the Return-Path used by sendmail init the php.ini and edit the sendmail_path variable to this:
sendmail_path = "sendmail -t -i -F webmaster@yoursite.com -f webmaster@yoursite.com"
Paul
25-Feb-2004 10:51
25-Feb-2004 10:51
My mime multipart/alternative messages were going ok, until I switched to qmail with php .. after years of painfull searching, I came across this on the Life With Qmail 'Gotchas' section:
G.11. Carriage Return/Linefeed (CRLF) line breaks don't work
qmail-inject and other local injection mechanisms like sendmail don't work right when messages are injected with DOS-style carriage return/linefeed (CRLF) line breaks. Unlike Sendmail, qmail requires locally-injected messages to use Unix newlines (LF only). This is a common problem with PHP scripts.
So now, I can go back to sending emails with text AND html components :)
roberto dot silva at mexicoshipping dot net
24-Jan-2004 12:16
24-Jan-2004 12:16
If you can't use or don't understand how to use the sendmail program from linux, you can use a PEAR object to send mail.
<?php
include("Mail.php");
$recipients = "mailto@example.com";
$headers["From"] = "mailfrom@example.com";
$headers["To"] = "mailto@example.com";
$headers["Subject"] = "Test message";
$body = "TEST MESSAGE!!!";
$params["host"] = "example.com";
$params["port"] = "25";
$params["auth"] = true;
$params["username"] = "user";
$params["password"] = "password";
// Create the mail object using the Mail::factory method
$mail_object =& Mail::factory("smtp", $params);
$mail_object->send($recipients, $headers, $body);
?>
In my case, i use a smtp server that require authentication, and sendmail configuration is almost cryptic to me.
PEAR is already installed in PHP 4.0.3 , if not, you must go to http://pear.php.net/ and install it, in my case, I needed to add the Socket.php to the PEAR library.
f dot touchard at laposte dot net
31-Jan-2003 03:46
31-Jan-2003 03:46
***Encoding plain text as quoted-printable in MIME email***
If you don't want to install IMAP and use imap_8bit() to encode plain text or html message as quoted-printable
(friendly french special characters encoding :-) in MIME email, try this function.
I haven't fully tested it ( like with microtime with long mails). I send html message as 7-bit, so I didn't try yet with html.
If you have good html practise, you don't really need to encode html as quote-printable as it only uses 7-bit chars.
F.Touchard
<?php
function qp_encoding($Message) {
/* Build (most polpular) Extended ASCII Char/Hex MAP (characters >127 & <255) */
for ($i=0; $i<127; $i++) {
$CharList[$i] = "/".chr($i+128)."/";
$HexList[$i] = "=".strtoupper(bin2hex(chr($i+128)));
}
/* Encode equal sign & 8-bit characters as equal signs followed by their hexadecimal values */
$Message = str_replace("=", "=3D", $Message);
$Message = preg_replace($CharList, $HexList, $Message);
/* Lines longer than 76 characters (size limit for quoted-printable Content-Transfer-Encoding)
will be cut after character 75 and an equals sign is appended to these lines. */
$MessageLines = split("\n", $Message);
$Message_qp = "";
while(list(, $Line) = each($MessageLines)) {
if (strlen($Line) > 75) {
$Pointer = 0;
while ($Pointer <= strlen($Line)) {
$Offset = 0;
if (preg_match("/^=(3D|([8-9A-F]{1}[0-9A-F]{1}))$/", substr($Line, ($Pointer+73), 3))) $Offset=-2;
if (preg_match("/^=(3D|([8-9A-F]{1}[0-9A-F]{1}))$/", substr($Line, ($Pointer+74), 3))) $Offset=-1;
$Message_qp.= substr($Line, $Pointer, (75+$Offset))."=\n";
if ((strlen($Line) - ($Pointer+75)) <= 75) {
$Message_qp.= substr($Line, ($Pointer+75+$Offset))."\n";
break 1;
}
$Pointer+= 75+$Offset;
}
} else {
$Message_qp.= $Line."\n";
}
}
return $Message_qp;
}
?>
gordon at kanazawa-gu dot ac dot jp
29-Dec-2002 02:04
29-Dec-2002 02:04
If your server doesn't have mb_send_mail() enabled but you want to use non-ascii (multi-byte) chars in an email's subject or name headers, you can use something like the following:
<?php
$charset = "iso-2202-jp"; // japanese
$to = encode("japanese name 01", $charset) . " <to@email.com>";
$from = encode("japanese name 02", $charset) . " <from@email.com>";
$subject = encode("japanese text");
$message = "does not need to be encoded";
mail($to, $subject, $message, $from);
function encode($in_str, $charset) {
$out_str = $in_str;
if ($out_str && $charset) {
// define start delimimter, end delimiter and spacer
$end = "?=";
$start = "=?" . $charset . "?B?";
$spacer = $end . "\r\n " . $start;
// determine length of encoded text within chunks
// and ensure length is even
$length = 75 - strlen($start) - strlen($end);
/*
[EDIT BY danbrown AT php DOT net: The following
is a bugfix provided by (gardan AT gmx DOT de)
on 31-MAR-2005 with the following note:
"This means: $length should not be even,
but divisible by 4. The reason is that in
base64-encoding 3 8-bit-chars are represented
by 4 6-bit-chars. These 4 chars must not be
split between two encoded words, according
to RFC-2047.
*/
$length = $length - ($length % 4);
// encode the string and split it into chunks
// with spacers after each chunk
$out_str = base64_encode($out_str);
$out_str = chunk_split($out_str, $length, $spacer);
// remove trailing spacer and
// add start and end delimiters
$spacer = preg_quote($spacer);
$out_str = preg_replace("/" . $spacer . "$/", "", $out_str);
$out_str = $start . $out_str . $end;
}
return $out_str;
}
// for details on Message Header Extensions
// for Non-ASCII Text see ...
// http://www.faqs.org/rfcs/rfc2047.html
?>
stevenlim at Edinburgh-Consulting dot com
06-Sep-2002 07:53
06-Sep-2002 07:53
How to detect a bounce email
1. make sure the email you send out have the header
"Return-Path: detect-bounce@example.com\r\n",
&
"Return-Receipt-To: bounce@example.com\r\n"
2. setup this detect-bounce mail account at your mail server
3. redirect the incoming mail from this email account to your php script (check your mail server doc on how do this)
4. your php script will then be able to process the incoming email in whatever way you like, including to detect bounce mail message (use regexp search).
Note that the mail will be not be store after the mail server has redirect to your script. If you want to store it, you need additional code in your script
Hope the above help
Steven Lim
IT Consultant (www.Edinburgh-Consulting.com)