Advanced Search

Return to Snippet

Revision: 46968
at May 28, 2011 02:51 by olemedia
Updated Code 
$mailFrom = "ValidMailbox@validdomain";
    $mailTo = "ValidToAddress";
    $mailSubject = "Useful Subject:  Here's my subject";
 
    $mailSignature = "\n\n-- \n";
    $mailSignature .= "Your friendly Neighborhood web application.\n";
    $mailSignature .= "For help and other information, see http://yourwebapp/help\n";

    $mailBody = "blahblahblah\n";
    $mailBody .= $mailSignature;
    $mailBody = wordwrap($mailBody, 70);

    $mailHeader  = "From: $mailFrom
";
    $mailHeader .= "Reply-To: $mailFrom
";
    $mailHeader .= "X-Mailer: ".MYSITE."
";    
    $mailHeader .= "X-Sender-IP: {$_SERVER['REMOTE_ADDR']}
";
    $mailHeader .= "Bcc: ".MONITORADDRESS."
";

    // Test with this additional headers:
    $mailHeader .= 'MIME-Version: 1.0' . "
"
    $mailHeader .= 'Content-Type: text/html; charset="iso-8859-1"'."
";
    $mailHeader .= "Content-Transfer-Encoding: 8bit\n";
	
    $mailParams = "-f$mailFrom";
    $mailResult = mail($mailTo,$mailSubject,$mailBody,$mailHeader,$mailParams);

//A Bonus Snippet

$mysite = whatsMySite();
define("MYSITE",$mysite);

function whatsMySite() {

    // protocol 
    if(isset($_SERVER['HTTPS']) and ("on" == $_SERVER['HTTPS'])) {
        $mysite = "https://";
    }
    else {
        $mysite = "http://";
    }
        
    // host            
    $mysite .= $_SERVER['HTTP_HOST'];
    
    // path
    $path = dirname($_SERVER['SCRIPT_NAME']);
    if("/" != $path) {
        $mysite .= $path;
    }
    
    return($mysite);
}

// Filter Methods
// Filter After Submit

// clean the data prior to actually processing it. A function like the one below can be use for this purpose.

// will replace the newlines and carriage returns
// Watch out for deprecated method preg_replace
function heal($str) {
	$injections = array('/(\n+)/i',
	'/(\r+)/i',
	'/(\t+)/i',
	'/(%0A+)/i',
	'/(%0D+)/i',
	'/(%08+)/i',
	'/(%09+)/i',
        '/(BCC:+)/i',
        '/(CC:+)/i',
        '/(TO:+)/i'
	);
	$str= preg_replace($injections,'',$str);
	return $str;
}

function safe( $name ) {
   return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
}

// Validation function which returns true if it finds newlines or carriage returns in the passed string
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}


Another method for filtering after the submit might look like the following. Be sure to change $_POST to $_GET if you are using that method.

foreach( $_POST as $value ){
  if( stripos($value,'Content-Type:') !== FALSE ){
    mail('[email protected]','Spammer Bot Attempt',$_SERVER['REMOTE_ADDR']);
     exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded");
  }
}

Revision: 46967
at May 28, 2011 02:36 by olemedia
Updated Code 
$mailFrom = "ValidMailbox@validdomain";
    $mailTo = "ValidToAddress";
    $mailSubject = "Useful Subject:  Here's my subject";
 
    $mailSignature = "\n\n-- \n";
    $mailSignature .= "Your friendly Neighborhood web application.\n";
    $mailSignature .= "For help and other information, see http://yourwebapp/help\n";

    $mailBody ="blahblahblah\n";
    $mailBody .= $mailSignature;

    $mailHeader  = "From: $mailFrom
";
    $mailHeader .= "Reply-To: $mailFrom
";
    $mailHeader .= "X-Mailer: ".MYSITE."
";    
    $mailHeader .= "X-Sender-IP: {$_SERVER['REMOTE_ADDR']}
";
    $mailHeader .= "Bcc: ".MONITORADDRESS."
";	
	
    $mailParams = "-f$mailFrom";
    $mailResult = mail($mailTo,$mailSubject,$mailBody,$mailHeader,$mailParams);

//A Bonus Snippet

$mysite = whatsMySite();
define("MYSITE",$mysite);

function whatsMySite() {

    // protocol 
    if(isset($_SERVER['HTTPS']) and ("on" == $_SERVER['HTTPS'])) {
        $mysite = "https://";
    }
    else {
        $mysite = "http://";
    }
        
    // host            
    $mysite .= $_SERVER['HTTP_HOST'];
    
    // path
    $path = dirname($_SERVER['SCRIPT_NAME']);
    if("/" != $path) {
        $mysite .= $path;
    }
    
    return($mysite);
}

// Filter Methods
// Filter After Submit

// clean the data prior to actually processing it. A function like the one below can be use for this purpose.

// will replace the newlines and carriage returns
// Watch out for deprecated method preg_replace
function heal($str) {
	$injections = array('/(\n+)/i',
	'/(\r+)/i',
	'/(\t+)/i',
	'/(%0A+)/i',
	'/(%0D+)/i',
	'/(%08+)/i',
	'/(%09+)/i',
        '/(BCC:+)/i',
        '/(CC:+)/i',
        '/(TO:+)/i'
	);
	$str= preg_replace($injections,'',$str);
	return $str;
}

function safe( $name ) {
   return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
}

// Validation function which returns true if it finds newlines or carriage returns in the passed string
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}


Another method for filtering after the submit might look like the following. Be sure to change $_POST to $_GET if you are using that method.

foreach( $_POST as $value ){
  if( stripos($value,'Content-Type:') !== FALSE ){
    mail('[email protected]','Spammer Bot Attempt',$_SERVER['REMOTE_ADDR']);
     exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded");
  }
}

Revision: 46966
at May 28, 2011 02:24 by olemedia
Updated Code 
$mailFrom = "ValidMailbox@validdomain";
    $mailTo = "ValidToAddress";
    $mailSubject = "Useful Subject:  Here's my subject";
 
    $mailSignature = "\n\n-- \n";
    $mailSignature .= "Your friendly Neighborhood web application.\n";
    $mailSignature .= "For help and other information, see http://yourwebapp/help\n";

    $mailBody ="blahblahblah\n";
    $mailBody .= $mailSignature;

    $mailHeader  = "From: $mailFrom
";
    $mailHeader .= "Reply-To: $mailFrom
";
    $mailHeader .= "X-Mailer: ".MYSITE."
";    
    $mailHeader .= "X-Sender-IP: {$_SERVER['REMOTE_ADDR']}
";
    $mailHeader .= "Bcc: ".MONITORADDRESS."
";	
	
    $mailParams = "-f$mailFrom";
    $mailResult = mail($mailTo,$mailSubject,$mailBody,$mailHeader,$mailParams);

//A Bonus Snippet

$mysite = whatsMySite();
define("MYSITE",$mysite);

function whatsMySite() {

    // protocol 
    if(isset($_SERVER['HTTPS']) and ("on" == $_SERVER['HTTPS'])) {
        $mysite = "https://";
    }
    else {
        $mysite = "http://";
    }
        
    // host            
    $mysite .= $_SERVER['HTTP_HOST'];
    
    // path
    $path = dirname($_SERVER['SCRIPT_NAME']);
    if("/" != $path) {
        $mysite .= $path;
    }
    
    return($mysite);
}

// Filter Methods
Filter After Submit

clean the data prior to actually processing it. A function like the one below can be used for this purpose.

function safe( $name ) {
   return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
}

Another method for filtering after the submit might look like the following. Be sure to change $_POST to $_GET if you are using that method.

foreach( $_POST as $value ){
  if( stripos($value,'Content-Type:') !== FALSE ){
    mail('[email protected]','Spammer Bot Attempt',$_SERVER['REMOTE_ADDR']);
     exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded");
  }
}

Revision: 46965
at May 28, 2011 02:13 by olemedia
Initial Code 
$mailFrom = "ValidMailbox@validdomain";
    $mailTo = "ValidToAddress";
    $mailSubject = "Useful Subject:  Here's my subject";
 
    $mailSignature = "\n\n-- \n";
    $mailSignature .= "Your friendly Neighborhood web application.\n";
    $mailSignature .= "For help and other information, see http://yourwebapp/help\n";

    $mailBody ="blahblahblah\n";
    $mailBody .= $mailSignature;

    $mailHeader  = "From: $mailFrom
";
    $mailHeader .= "Reply-To: $mailFrom
";
    $mailHeader .= "X-Mailer: ".MYSITE."
";    
    $mailHeader .= "X-Sender-IP: {$_SERVER['REMOTE_ADDR']}
";
    $mailHeader .= "Bcc: ".MONITORADDRESS."
";	
	
    $mailParams = "-f$mailFrom";
    $mailResult = mail($mailTo,$mailSubject,$mailBody,$mailHeader,$mailParams);

//A Bonus Snippet

$mysite = whatsMySite();
define("MYSITE",$mysite);

function whatsMySite() {

    // protocol 
    if(isset($_SERVER['HTTPS']) and ("on" == $_SERVER['HTTPS'])) {
        $mysite = "https://";
    }
    else {
        $mysite = "http://";
    }
        
    // host            
    $mysite .= $_SERVER['HTTP_HOST'];
    
    // path
    $path = dirname($_SERVER['SCRIPT_NAME']);
    if("/" != $path) {
        $mysite .= $path;
    }
    
    return($mysite);
}
Initial URL 
http://collaborate.extension.org/wiki/Best_Practices_Using_the_PHP_mail_Function
Initial Description 

                                

                                                            

                                    

                                        

                                        Initial Title
                                        

                                    

                                    
using the PHP mail function

                                

                                                            

                                    

                                        

                                        Initial Tags
                                        

                                    

                                    
mail, function

                                

                                                            

                                    

                                        

                                        Initial Language
                                        

                                    

                                    
PHP