Advanced Search

using the PHP mail function

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. $mailFrom = "ValidMailbox@validdomain";
  2.     $mailTo = "ValidToAddress";
  3.     $mailSubject = "Useful Subject:  Here's my subject";
  4.  
  5.     $mailSignature = "\n\n-- \n";
  6.     $mailSignature .= "Your friendly Neighborhood web application.\n";
  7.     $mailSignature .= "For help and other information, see http://yourwebapp/help\n";
  8.  
  9.     $mailBody = "blahblahblah\n";
  10.     $mailBody .= $mailSignature;
  11.     $mailBody = wordwrap($mailBody, 70);
  12.  
  13.     $mailHeader  = "From: $mailFrom
  14. ";
  15.     $mailHeader .= "Reply-To: $mailFrom
  16. ";
  17.     $mailHeader .= "X-Mailer: ".MYSITE."
  18. ";    
  19.     $mailHeader .= "X-Sender-IP: {$_SERVER['REMOTE_ADDR']}
  20. ";
  21.     $mailHeader .= "Bcc: ".MONITORADDRESS."
  22. ";
  23.  
  24.     // Test with this additional headers:
  25.     $mailHeader .= 'MIME-Version: 1.0' . "
  26. "
  27.     $mailHeader .= 'Content-Type: text/html; charset="iso-8859-1"'."
  28. ";
  29.     $mailHeader .= "Content-Transfer-Encoding: 8bit\n";
  30.  
  31.     $mailParams = "-f$mailFrom";
  32.     $mailResult = mail($mailTo,$mailSubject,$mailBody,$mailHeader,$mailParams);
  33.  
  34. //A Bonus Snippet
  35.  
  36. $mysite = whatsMySite();
  37. define("MYSITE",$mysite);
  38.  
  39. function whatsMySite() {
  40.  
  41.     // protocol 
  42.     if(isset($_SERVER['HTTPS']) and ("on" == $_SERVER['HTTPS'])) {
  43.         $mysite = "https://";
  44.     }
  45.     else {
  46.         $mysite = "http://";
  47.     }
  48.  
  49.     // host            
  50.     $mysite .= $_SERVER['HTTP_HOST'];
  51.  
  52.     // path
  53.     $path = dirname($_SERVER['SCRIPT_NAME']);
  54.     if("/" != $path) {
  55.         $mysite .= $path;
  56.     }
  57.  
  58.     return($mysite);
  59. }
  60.  
  61. // Filter Methods
  62. // Filter After Submit
  63.  
  64. // clean the data prior to actually processing it. A function like the one below can be use for this purpose.
  65.  
  66. // will replace the newlines and carriage returns
  67. // Watch out for deprecated method preg_replace
  68. function heal($str) {
  69. 	$injections = array('/(\n+)/i',
  70. 	'/(\r+)/i',
  71. 	'/(\t+)/i',
  72. 	'/(%0A+)/i',
  73. 	'/(%0D+)/i',
  74. 	'/(%08+)/i',
  75. 	'/(%09+)/i',
  76.         '/(BCC:+)/i',
  77.         '/(CC:+)/i',
  78.         '/(TO:+)/i'
  79. 	);
  80. 	$str= preg_replace($injections,'',$str);
  81. 	return $str;
  82. }
  83.  
  84. function safe( $name ) {
  85.    return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
  86. }
  87.  
  88. // Validation function which returns true if it finds newlines or carriage returns in the passed string
  89. function isInjected($str) {
  90. 	$injections = array('(\n+)',
  91. 	'(\r+)',
  92. 	'(\t+)',
  93. 	'(%0A+)',
  94. 	'(%0D+)',
  95. 	'(%08+)',
  96. 	'(%09+)'
  97. 	);
  98. 	$inject = join('|', $injections);
  99. 	$inject = "/$inject/i";
  100. 	if(preg_match($inject,$str)) {
  101. 		return true;
  102. 	}
  103. 	else {
  104. 		return false;
  105. 	}
  106. }
  107.  
  108.  
  109. Another method for filtering after the submit might look like the following. Be sure to change $_POST to $_GET if you are using that method.
  110.  
  111. foreach( $_POST as $value ){
  112.   if( stripos($value,'Content-Type:') !== FALSE ){
  113.     mail('[email protected]','Spammer Bot Attempt',$_SERVER['REMOTE_ADDR']);
  114.      exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded");
  115.   }
  116. }

URL: http://collaborate.extension.org/wiki/Best_Practices_Using_the_PHP_mail_Function

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.