Mail Funzioni
The mail function doesn't work properly under Windows, in case you are going crazy and wondering what is happening.
http://bugs.php.net/bug.php?id=28038
This is not a bug report. Just letting people know that they are not crazy.
(PHP 4, PHP 5)
mail — Invio mail
Descrizione
bool mail
( string $a
, string $oggetto
, string $messaggio
[, string $header_addizionali
[, string $parametri_addizionali
]] )
mail() invia automaticamente il messaggio specificato in messaggio al destinatario specificato in a . Destinatari multipli possono essere specificati mettendo una virgola tra ogni indirizzo in a . Email con allegati e tipi speciali di contenuto possono essere spedite usando questa funzione. Questo è possibile tramite la codifica MIME. Per maggiori informazioni, fare riferimento a » un articolo Zend o alle » Classi Mime del PEAR.
Le seguenti RFC possono essere di aiuto: » RFC 1896, » RFC 2045, » RFC 2046, » RFC 2047, » RFC 2048 e » RFC 2049.
mail() restituisce TRUE se la mail è stata accettata per la spedizione con successo, altrimenti restituisce FALSE.
Avviso
L'implementazione Windows della funzione mail() differisce sotto molti aspetti dall'implementazione Unix. Primo, non usa una un programma in locale per comporre i messaggi, ma opera soltanto direttamente sui socket, il che significa che deve essere presente in ascolto un MTA su un socket di rete (che può essere su localhost o su una macchina remota). Secondo, gli header custom quali From:, Cc:, Bcc: e Date: non vengono interpretati subito dal MTA, ma ne viene fatto prima il parsing da parte di PHP. PHP < 4.3 supportava solo gli header Cc: (ed era case-sensitive). PHP >= 4.3 supporta tutti gli header e non è più case-sensitive.
Example #1 Inviare mail.
<?php
mail("pippo@example.com", "Oggetto", "Linea 1\nLinea 2\nLinea 3");
?>
Se viene passata come parametro una quarta stringa, questa stringa viene inserita alla fine dell'intestazione (header). Ciò viene tipicamente usato per aggiungere intestazioni supplementari. Intestazioni multiple supplementari sono separate da un carattere di "a capo" (sia newline che carriage return).
Nota: È necessario usare \r\n per separare le intestazioni, alcuni mail transfer agent sotto Unix potrebbero funzionare anche solo con un singolo newline (\n).
Example #2 Invio di mail con intestazioni supplementari.
<?php
mail("nessuno@example.com", "oggetto", $messaggio,
"From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" .
"Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" .
"X-Mailer: PHP/" . phpversion());
?>
Con il parametro parametri_addizionali è possibile impostare un parametro addizionale a linea di comando per il programma configurato per inviare mail usando sendmail_path. Per esempio si può impostare il corretto valore per envelope sender di sendmail con l'opzione -f di sendmail. Potrebbe essere necessario aggiungere l'utente che ha in esecuzione il server web alla configurazione di sendmail per prevenire l'aggiunta dell'intestazione 'X-Warning' quando si imposta envelope sender in questo modo.
Example #3 Invio di mail con intestazioni supplementari e impostazione dei parametri addizionali a linea di comando.
<?php
mail("nessuno@example.com", "oggetto", $messaggio,
"From: webmaster@{$_SERVER['SERVER_NAME']}", "-fwebmaster@{$_SERVER['SERVER_NAME']}");
?>
Nota: Questo quinto parametro è stato aggiunto in PHP 4.0.5. A partire da PHP 4.2.3, questo parametro è disabilitato in modalità safe_mode, se si cerca di usarlo comunque, la funzione mail() darà un messaggio di errore e restituirà FALSE.
È possibile costruire messaggi complessi utilizzando la tecnica di concatenazione delle stringhe.
Example #4 Invio di mail complessa.
<?php
/* destinatari */
$destinatari = "Maria <maria@example.com>" . ", " ; // notare la virgola
$destinatari .= "Enrica <enrica@example.com>";
/* oggetto */
$oggetto = "Promemoria compleanni di Agosto";
/* messaggio */
$messaggio = '
<html>
<head>
<title>Promemoria compleanni di Agosto</title>
</head>
<body>
<p>Questi sono i compleanni di Agosto!</p>
<table>
<tr>
<th>Persona</th><th>Giorno</th><th>Mese</th><th>Anno</th>
</tr>
<tr>
<td>Walter</td><td>11</td><td>Agosto</td><td>1946</td>
</tr>
<tr>
<td>Sara</td><td>14</td><td>Agosto</td><td>1985</td>
</tr>
</table>
</body>
</html>
';
/* Per inviare email in formato HTML, si deve impostare l'intestazione Content-type. */
$intestazioni = "MIME-Version: 1.0\r\n";
$intestazioni .= "Content-type: text/html; charset=iso-8859-1\r\n";
/* intestazioni addizionali */
$intestazioni .= "To: Mary <mary@example.com>, Kelly <kelly@example.com>\r\n";
$intestazioni .= "From: Promemoria Compleanni <compleanni@example.com>\r\n";
$intestazioni .= "Cc: archiviocompleanni@example.com\r\n";
$intestazioni .= "Bcc: controllocompleanni@example.com\r\n";
/* ed infine l'invio */
mail($destinatari, $oggetto, $messaggio, $intestazioni);
?>
Nota: Assicurarsi di non avere nessun carattere di newline nei parametri a o oggetto , o la mail non verrà spedita correttamente.
Nota: Il parametro a non può essere un indirizzo nella forma "Qualcosa <qualcuno@example.com>". Il comando di mail non sarebbe in grado di effettuare correttamente il parsing mentre dialoga con il MTA (in particolare sotto Windows).
Vedere anche imap_mail().
add a note
User Contributed Notes
Abner Diaz
26-Aug-2008 12:55
26-Aug-2008 12:55
goblitas at khipu dot net
07-Aug-2008 11:14
07-Aug-2008 11:14
I have a problem with mail() function on IIS 6, WINDOWS 2003, and PHP, my code work on a linux server, but don't work on my WINDOWS SERVER, mi php.ini is configured with SMTP:mail.khipu.net and from:webmaster@khipu.net, some body know how to solve this problem or maybe is a problem of some rule in my ISA SERVER.
thank you for your comments
bob
15-Jul-2008 04:51
15-Jul-2008 04:51
If the Cc or Bcc lines appear in the message body, make sure you're separating header lines with a new line (\n) rather than a carriage return-new line (\r\n). That should come at the very end of the headers.
akam
28-May-2008 09:55
28-May-2008 09:55
There differenece in body, headers of email (with attachment, without attachment), see this complete example below:
work great for me (LINUX , WIN) and (Yahoo Mail, Hotmail, Gmail, ...)
<?php
$to = $_POST['to'];
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$comment = $_POST['message'];
$To = strip_tags($to);
$TextMessage =strip_tags(nl2br($comment),"<br>");
$HTMLMessage =nl2br($comment);
$FromName =strip_tags($name);
$FromEmail =strip_tags($email);
$Subject =strip_tags($subject);
$boundary1 =rand(0,9)."-"
.rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
$boundary2 =rand(0,9)."-".rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
for($i=0; $i < count($_FILES['youfile']['name']); $i++){
if(is_uploaded_file($_FILES['fileatt']['tmp_name'][$i]) &&
!empty($_FILES['fileatt']['size'][$i]) &&
!empty($_FILES['fileatt']['name'][$i])){
$attach ='yes';
$end ='';
$handle =fopen($_FILES['fileatt']['tmp_name'][$i], 'rb');
$f_contents =fread($handle, $_FILES['fileatt']['size'][$i]);
$attachment[]=chunk_split(base64_encode($f_contents));
fclose($handle);
$ftype[] =$_FILES['fileatt']['type'][$i];
$fname[] =$_FILES['fileatt']['name'][$i];
}
}
/***************************************************************
Creating Email: Headers, BODY
1- HTML Email WIthout Attachment!! <<-------- H T M L ---------
***************************************************************/
#---->Headers Part
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
AKAM;
#---->BODY Part
$Body =<<<AKAM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
This is a multi-part message in MIME format.
--$boundary1
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary1
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary1--
AKAM;
/***************************************************************
2- HTML Email WIth Multiple Attachment <<----- Attachment ------
***************************************************************/
if($attach=='yes') {
$attachments='';
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="$boundary1"
AKAM;
for($j=0;$j<count($ftype); $j++){
$attachments.=<<<ATTA
--$boundary1
Content-Type: $ftype[$j];
name="$fname[$i]"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="$fname[$j]"
$attachment[$j]
ATTA;
}
$Body =<<<AKAM
This is a multi-part message in MIME format.
--$boundary1
Content-Type: multipart/alternative;
boundary="$boundary2"
--$boundary2
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary2
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary2--
$attachments
--$boundary1--
AKAM;
}
/***************************************************************
Sending Email
***************************************************************/
$ok=mail($To, $Subject, $Body, $Headers);
echo $ok?"<h1> Mail Sent</h1>":"<h1> Mail not SEND</h1>";
?>
fogidas at yahoo dot com
14-May-2008 07:18
14-May-2008 07:18
I think gmail works fine without adding '\n\n' , what doesn't seem to work is the Reply To header. Has anyone paid attention if you try to reply the mail it takes "From " email and not Reply to.
jyotsnachannagiri at gmail dot com
06-May-2008 04:09
06-May-2008 04:09
If you are sending an email to Gmail account you need to add two "\n\n" at the end of headers (Don't use single "\n"). If you use single "\n" all the headers will be displayed in the message when received person is viewing the message.
Example:
$headers = "MIME-Version: 1.0 "."\n";
$headers .= "Content-type: text/html; charset=iso-8859-1 "."\n";
..........
.......
$headers .= "......"."\n\n";
ben at ben-griffiths dot com
27-Mar-2008 05:45
27-Mar-2008 05:45
As [apdhanushka at yahoo dot com] stated, you could use PHPMailer to get around being placed in the Spam folder, however I would also reccomend Swiftmailer:
http://www.swiftmailer.org/
apdhanushka at yahoo dot com
30-Jan-2008 07:21
30-Jan-2008 07:21
Are you getting spammed while sendig emails using php mail() function to yahoo or hotmail?
It is a common problem for all using php mail function. To solve this there
are so many answers I have seen in the internet and they do not hit problem
correctly.
Actually the problem here is if we send mails using php mail function we do
not have a signature and other mailing systems thinks that we are spamers.
So the solution is using a free remote smtp host like gmail to send our mails.
It is not hard because we have a free php smtp project called PHPMailer. You
can download it from http://sourceforge.net/project/showfiles.php?group_id=26031.
You do not need to install it on your server and you can upload it to the server with your code.
It is very easy to understand how it is used to send mails using examples
zipped with PHPMailer. The following code is to send emails using gmail and
to do that you have to have a gmail mail account. Which can easily be created
by visiting http://gmail.com. Your mails will
send using that mail account and they will never become spams...
You can follow the following link to get the code to send emails using gmail's free smtp service.
http://bestdeveloper.blogspot.com/
apdhanushka at yahoo dot com
30-Jan-2008 03:05
30-Jan-2008 03:05
It is a common problem for all using php mail function. To solve this there
are so many answers I have seen in the internet and they do not hit problem
correctly.
Actually the problem here is if we send mails using php mail function we do
not have a signature and other mailing systems thinks that we are spamers.
So the solution is using a free remote smtp host like gmail to send our mails.
It is not hard because we have a free php smtp project called PHPMailer. You can download it from http://sourceforge.net/project/showfiles.php?group_id=26031 .
You do not need to install it on your server.
It is very easy to understand how it is used to send mails using examples
zipped with PHPMailer. The following code is to send emails using gmail and
to do that you have to have a gmail mail account. Which can easily be created
by visiting http://gmail.com. Your mails will
send using that mail account and they will never become spams...
To see the complete code for sending emails use following link
http://bestdeveloper.blogspot.com
jano ATSOMERANDOMTEXTjanogarcia es
28-Jan-2008 05:31
28-Jan-2008 05:31
This is a simple and quick (dirty?) fix for encoding long UTF-8 email subjects.
<?php
$subject= mb_encode_mimeheader($subject,"UTF-8", "B", "\n");
?>
Changing the $transfer_encoding parameter* from B (Base64) to Q (Quoted-Printable) seems to work too.
*See the mb_encode_mimeheader documentation here http://php.net/manual/en/function.mb-encode-mimeheader.php
This one is based on the previously posted solution by J.Halmu http://php.net/manual/en/function.mail.php#75886 , added the two last parameters to prevent long subjects from breaking the email. It worked flawlessly on a RHEL environmet. No further tests, sorry.
Tomix
17-Jan-2008 10:53
17-Jan-2008 10:53
send e-mail in utf-8
there is already a solution from omgs. but with a longer subject line there could be problem (splitting the subject line in a encoded character).
here my solution:
----
// hmm no better solution?
function imap8bit(&$item, $key) {
$item = imap_8bit($item);
}
function email($e_mail, $subject, $message, $headers)
{
// add headers for utf-8 message
$headers .= "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "Content-Transfer-Encoding: quoted-printable\r\n";
// encode subject
//=?UTF-8?Q?encoded_text?=
// work a round: for subject with wordwrap
// not fixed, no possibility to have one in a single char
$subject = wordwrap($subject, 25, "\n", FALSE);
$subject = explode("\n", $subject);
array_walk($subject, imap8bit);
$subject = implode("\r\n ", $subject);
$subject = "=?UTF-8?Q?".$subject."?=";
// encode e-mail message
$message = imap_8bit($message);
return(mail("$e_mail", "$subject", "$message", "$headers"));
}
I.Ruau
02-Dec-2007 09:23
02-Dec-2007 09:23
I recently searched for a decent regex to *correctly* validate e-mail addresses according to RFC-2822.
Most regexes I found on the web (including in the comments here) are way too strict.
Then I stumbled upon this compliant parser:
http://code.iamcal.com/php/rfc822/?C=D;O=A
FWIW here is the complete, unrolled regex... which is quite edifying! ;-)
http://code.iamcal.com/php/rfc822/full_regexp.txt
Hope this helps.
hn at nesland dot net
02-Nov-2007 08:37
02-Nov-2007 08:37
Tired of idiots and imbeciles who creates unsecure php-code and lets spammers abuse mail()? Try this dirty trick:
With auto_prepend, prepend this file:
<?php
// You need to install pecl-module, runkit.
dl("runkit.so");
// We could rename the function, but that currently makes my apache segfault, but this works :-P
runkit_function_copy ( "mail","intmail" );
runkit_function_remove( "mail" );
function mail( $to, $subject, $message, $additional_headers = null, $additional_parameters = null ) {
$___domain = $_SERVER['SERVER_NAME'];
$fp = fopen("/tmp/my_super_mail_logg", "a");
fwrite( $fp, date("d.m.y H:i:s") . " " . $___domain . ": $to / $subject\n");
fclose( $fp );
return intmail( $to, $subject, $message, $additional_headers, $additional_parameters );
}
?>
You probably shouldn't log to /tmp, or any other place as the webserver-user, see syslog-functions ;)
And of course you can manipulate the different parameters, like adding custom headers to each email (For instance; "X-From-Web: {$_SERVER['SERVER_NAME']}")..
Ben
04-Oct-2007 02:14
04-Oct-2007 02:14
There was a comment that
mail("User Name <username@email.com>","Subject Here",$msg,"From: us@mysite.com");
does not work. I've always used that and never had any issues - from Linux servers. I don't see how this could be different in IE vs Firefox; I've always gotten the same result in both. Just tried it on a Windows server and got this as a bounce back:
<User Name <username@email.com>:
x.x.x.x does not like recipient.
Remote host said: 550 Requested action not taken: 550 No such recipient
Giving up on x.x.x.x.
(Details changed to protect the innocent/guilty (for using a Windows server))
Took me a while to find the bounce until I used ini_set('sendmail_from', 'my@account');
So it is probably trying to deliver to "User Name <username" instead of simply "username".
largo at email dot pcleak dot com
03-Oct-2007 05:01
03-Oct-2007 05:01
hello ok i have this email form right and it is
<?php
if (isset($_REQUEST['email']))
//if "email" is filled out, send email
{
//send email
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail( "someone@example.com", "Subject: $subject",
$message, "From: $email" );
echo "Thank you for using our mail form";
}
else
//if "email" is not filled out, display the form
{
echo "<form method='post' action='mailform.php'>
Email: <input name='email' type='text' /><br />
Subject: <input name='subject' type='text' /><br />
Message:<br />
<textarea name='message' rows='15' cols='40'>
</textarea><br />
<input type='submit' />
</form>";
}
?>
i like it but i want to change like but i want it to ask for sending it "TOO" and it automatically post the sender
phpcoder at cyberpimp dot ig3 dot net
27-Sep-2007 11:51
27-Sep-2007 11:51
In addition to the $to parameter restrictions on Windows (ie. address can not be in "name <user@example.com>" format), the same restrictions apply to the parsed Cc and Bcc headers of the $additional_headers parameter.
However, you can include a To header in $additional_parameters which lists the addresses in any RFC-2822 format. (For display purposes only. You still need to list the bare addresses in the $to parameter.)
omgs
30-Aug-2007 04:57
30-Aug-2007 04:57
I haven't seen in this page a reference about how to properly handle subject encoding when using non-ascii characters. I've found that info at http://www.johanvanmol.org/content/view/34/37/1/3/, which I paste:
"According to RFC 2822, mail header fields, including the subject, MUST be composed of printable US-ASCII characters (i.e., characters that have values between 33 and 126, inclusive). So if you want a subject with accents, you must encode it from your original character set to a US-ASCII character set. There are 2 of ways to do this: quoted-printable or base64.
[...]
Now we have an encoded subject, but our mail reader won't know that. So we need to tell it by formatting our subject as follows: "=?" charset "?" encoding "?" encoded-text "?=" , where charset is the original character set and encoding is either "Q" for Quoted-Printable or "B" for Base64.
E.g The subject containing the Quoted-Printable ISO-8859-1 string "Voilà une message", is written as:
Subject: =?ISO-8859-1?Q?Voil=E0_une_message?=
The Base64 version of the ISO-8859-1 string is:
Subject: =?ISO-8859-1?B?Vm9pbOAgdW5lIG1lc3NhZ2U=?=
The Quoted-Printable version of the UTF-8 string is:
Subject: =?UTF-8?Q?Voil=C3=A0_une_message?=
The Base64 version of the UTF-8 string is:
Subject: =?UTF-8?B?Vm9pbMOgIHVuZSBtZXNzYWdl?=
"
"Raw" non-encoded subjects can work and modern mail clients handle it properly, but I found that at least using utf-8 as encoding, the spam analizers complain stating "BAD HEADER Non-encoded 8-bit data". To prevent this, and taking the info above, I decided to use base64, which at least seems to have specific functions (and because it works, of course). So, one could use the following code:
<?php
...
$charset='UTF-8';
$subject='Subject with extra chars: áéíóú';
$encoded_subject="=?$charset?B?".base64_encode($subject)."?=\n";
$to=mail@foo.com;
$body='This is the body';
$headers="From: ".$from."\n"
. "Content-Type: text/plain; charset=$charset; format=flowed\n"
. "MIME-Version: 1.0\n"
. "Content-Transfer-Encoding: 8bit\n"
. "X-Mailer: PHP\n";
mail($to,$encoded_subject, $body,$headers);
?>
Of course, this can be "enhanced" by encoding only if there are non-ASCII characters, but I don't think I need it. Maybe the CPU work, used time and results don't deserve it.
Gianluigi_Zanettini-MegaLab.it
10-Aug-2007 02:57
10-Aug-2007 02:57
Please note that using an address in this format "Zane, CEO - MegaLab.it" <myaddrr@mydomain> (" are needed due to comma) works as expected under *nix, but WON'T WORK under Windows.
This is an example
<?php
mail("\"Zane, CEO - MegaLab.it\" <myaddrr@mydomain>", "prova da test_zane", "dai funziona...");
?>
It works under *unix, but it doensn't under Win: different error are reported:
Warning: mail() [function.mail]: SMTP server response: 553 5.0.0 <"Zane>... Unbalanced '"'
Warning: mail() [function.mail]: SMTP server response: 501 5.5.4 Invalid Address
pavolzetor at gmail dot com
01-Aug-2007 11:47
01-Aug-2007 11:47
if you send mail to gmail.com you don't use "\r\n" and you use only "\n" in headers
bsaul at inwind dot it
23-Jun-2007 05:19
23-Jun-2007 05:19
First excuse me for bad english. I'm working on a function that send html or text or both, e-mail message. I try all the example but no one working on my system (windows XP with PostCast SMTP server). Finally i try this and work. I hope your find useful:
function mailTo ($from, $to, $oggetto, $contenuto, $type = "both", $reply = true) {
// If $contenuto == file reading
$messaggio = @file_get_contents( $content, 1);
if ($messaggio) { $contenuto = $messaggio; }
$messaggio = '';
// Standar Header
$crlf = chr(10) . chr(13);
$intestazione = "To: {$to}" . $crlf;
$intestazione .= "From: {$from}" . $crlf;
$intestazione .= "Return-Path: " . (($reply)? $from : substr_replace($from, "noreply", 0, strpos($from, '@'))) . $crlf;
$intestazione .= 'Reply-To: ' .(($reply)? $from : substr_replace($from, "noreply", 0, strpos($from, '@'))) . $crlf;
$intestazione .= 'X-Mailer: PHP/' . phpversion() . $crlf;
// MIME boundary
$separatore = 'PHP' . md5(uniqid(time()));
// MIME Header
$intestazione .= 'MIME-Version: 1.0' . $crlf;
switch ($type){
case 'html' :
// Header for client non MIME compatible
$intestazione .= 'Content-Type: text/html; charset=ISO-8859-15' . $crlf;
$intestazione .= 'Content-Transfer-Encoding: 7bit' . $crlf;
$messaggio .= "\n{$contenuto}\n";
break;
case 'both' :
$intestazione .= "Content-Type: multipart/alternative;\n\tboundary=\"" . $separatore . '"' . $crlf;
// Create message for no mime client
$messaggio .= "For English People: This is a multi-part message in MIME format.\nIf you are reading this, consider upgrading your e-mail client to a MIME-compatible client.\n";
$messaggio .= "For Italian People: Questo è un messaggio MIME.\nSe si stà leggendo questa nota, consigliamo l\'aggiornamento del programma di posta elettronica con uno compatibile MIME";
$messaggio .= "\n--{$separatore}\n";
$messaggio .= "Content-Type: text/plain; charset=ISO-8859-15\n";
$messaggio .= "Content-Transfer-Encoding: 7bit\n\n";
case 'text' :
$messaggio .= strip_tags($contenuto);
if ($type == 'both') {
$messaggio .= "\n--{$separatore}\n";;
$messaggio .= "Content-Type: text/html; charset=ISO-8859-15\n";
$messaggio .= "Content-Transfer-Encoding: 7bit\n";
$messaggio .= "\n{$contenuto}";
$messaggio .= "\n--{$separatore}\n";
}
}
// Send MAIL
return mail($to, $oggetto, $messaggio, $intestazione);
}
J.Halmu
20-Jun-2007 07:10
20-Jun-2007 07:10
I use text/plain charaset=iso-8859-1 and get bad headers complain from amavis. This helped me:
[code]
$subject = mb_encode_mimeheader('ääööö test test öäöäöä','UTF-8');
[/code]
php-version 5.2.2
Alex Jaspersen
31-May-2007 02:03
31-May-2007 02:03
For qmail users, I have written a function that talks directly to qmail-queue, rather than going through the sendmail wrapper used by mail(). Thus it allows more direct control over the message (for example, you can adapt the function to display "undisclosed recipients" in to the To: header). It also performs careful validation of the e-mail addresses passed to it, making it more difficult for spammers to exploit your scripts.
Please note that this function differs from the mail() function in that the from address must be passed as a _separate_ argument. It is automatically put into the message headers and _does not_ need to be included in $additional_headers.
$to can either be an array or a single address contained in a string.
$message should not contain any carriage return characters - only linefeeds.
No validation is performed on $additional_headers. This is mostly unnecessary because qmail will ignore any additional To: headers injected by a malicious user. However if you have some strange mail setup it might be a problem.
The function returns false if the message fails validation or is rejected by qmail-queue, and returns true on success.
<?php
function qmail_queue($to, $from, $subject, $message, $additional_headers = "")
{
// qmail-queue location and hostname used for Message-Id
$cmd = "/var/qmail/bin/qmail-queue";
$hostname = trim(file_get_contents("/var/qmail/control/me"));
// convert $to into an array
if(is_scalar($to))
$to = array($to);
// BEGIN VALIDATION
// e-mail address validation
$e = "/^[-+\\.0-9=a-z_]+@([-0-9a-z]+\\.)+([0-9a-z]){2,4}$/i";
// from address
if(!preg_match($e, $from)) return false;
// to address(es)
foreach($to as $rcpt)
{
if(!preg_match($e, $rcpt)) return false;
}
// subject validation (only printable 7-bit ascii characters allowed)
// needs to be adapted to allow for foreign languages with 8-bit characters
if(!preg_match("/^[\\040-\\176]+$/", $subject)) return false;
// END VALIDATION
// open qmail-queue process
$dspec = array
(
array("pipe", "r"), // message descriptor
array("pipe", "r") // envelope descriptor
);
$pipes = array();
$proc = proc_open($cmd, $dspec, $pipes);
if(!is_resource($proc)) return false;
// write additional headers
if(!empty($additional_headers))
{
fwrite($pipes[0], $additional_headers . "\n");
}
// write to/from/subject/date/message-ID headers
fwrite($pipes[0], "To: " . $to[0]); // first recipient
for($i = 1; $i < sizeof($to); $i++) // additional recipients
{
fwrite($pipes[0], ", " . $to[$i]);
}
fwrite($pipes[0], "\nSubject: " . $subject . "\n");
fwrite($pipes[0], "From: " . $from . "\n");
fwrite($pipes[0], "Message-Id: <" . md5(uniqid(microtime())) . "@" . $hostname . ">\n");
fwrite($pipes[0], "Date: " . date("r") . "\n\n");
fwrite($pipes[0], $message);
fwrite($pipes[0], "\n");
fclose($pipes[0]);
// write from address and recipients
fwrite($pipes[1], "F" . $from . "\0");
foreach($to as $rcpt)
{
fwrite($pipes[1], "T" . $rcpt . "\0");
}
fwrite($pipes[1], "\0");
fclose($pipes[1]);
// return true on success.
return proc_close($proc) == 0;
}
?>
James Butler
24-May-2007 03:15
24-May-2007 03:15
Re: "Second, the custom headers like From:, Cc:, Bcc: and Date: are not interpreted by the MTA in the first place, but are parsed by PHP.
As such, the to parameter should not be an address in the form of "Something <someone@example.com>". The mail command may not parse this properly while talking with the MTA."
SERVER:
PHP 5.0.4
Fedora Core 4
Apache 2.0
Sendmail 8.13.7
SMTP: localhost
CLIENT:
Windows 98SE
Mozilla Firefox 2.0.0.3
Microsoft Internet Explorer 6.0.2800.1106
COMMAND:
mail("User Name <username@email.com>","Subject Here",$msg,"From: us@mysite.com");
Using Firefox, no problems with the above command.
Using MSIE, won't send mail "to" address formatted as above.
COMMAND 2:
mail("username@email.com","Subject Here",$msg,"From: us@mysite.com");
Works fine from both clients.
I mention this because it appears there is some interaction between the client and MTA that is unaccounted for in the above quote from this doc page.
junk at hostelz dot com
21-Mar-2007 04:56
21-Mar-2007 04:56
Unless I'm confused, I suspect that in the code from "rsjaffe at gmail dot com" above, "\\r" and "\\n" should actually be "\r" and "\n".
Josh
09-Mar-2007 01:05
09-Mar-2007 01:05
While trying to send attachments I ran into the problem of having the beginning part of my encoded data being cut off.
A fact that I didn't see mentioned anywhere explicitly (except maybe in the RFC, which admittedly I didn't read fully) was that two newlines are required before you start the encoded data:
Content-Transfer-Encoding: base64\n
Content-Type: application/zip; name="test_file.zip"\n
\n //<--- if this newline isn't here your data will get cut off
DATA GOES HERE
hans111 at yahoo dot com
01-Mar-2007 11:54
01-Mar-2007 11:54
I had a lot of trouble trying to send multipart messages to gmail accounts until I discovered gmail does not like carriage returns, even under unix I have to use only new lines (\n) and forget about the (\r) . Other email clients such as eudora, outlook, hotmail or yahoo seem not to have issues about the "missing" \r . Hope it helps.
bigtree at dontspam dot 29a dot nl
28-Feb-2007 07:46
28-Feb-2007 07:46
Since lines in $additional_headers must be separated by \n on Unix and \r\n on Windows, it might be useful to use the PHP_EOL constant which contains the correct value on either platform.
Note that this variable was introduced in PHP 5.0.2 so to write portable code that also works in PHP versions before that, use the following code to make sure it exists:
<?php
if (!defined('PHP_EOL')) define ('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");
?>
andy at andybev dot com
19-Feb-2007 07:56
19-Feb-2007 07:56
I'm copying Ben Cooke's note from the main mail page into here because I didn't find it initially. The issue described below caused me a lot of problems because of Postfix converting a single \r\n into double new lines, resulting in corrupted mail.
=====================================================
Note that there is a big difference between the behavior of this function on Windows systems vs. UNIX systems. On Windows it delivers directly to an SMTP server, while on a UNIX system it uses a local command to hand off to the system's own MTA.
The upshot of all this is that on a Windows system your message and headers must use the standard line endings \r\n as prescribed by the email specs. On a UNIX system the MTA's "sendmail" interface assumes that recieved data will use UNIX line endings and will turn any \n to \r\n, so you must supply only \n to mail() on a UNIX system to avoid the MTA hypercorrecting to \r\r\n.
If you use plain old \n on a Windows system, some MTAs will get a little upset. qmail in particular will refuse outright to accept any message that has a lonely \n without an accompanying \r.
admin at chatfamy dot com
30-Jan-2007 03:37
30-Jan-2007 03:37
One thing it can be difficult to control with this function is the envelope "from" address. The envelope "from" address is distinct from the address that appears in the "From:" header of the email. It is what sendmail uses in its "MAIL FROM/RCPT TO" exchange with the receiving mail server. It also typically shows up in the "Return-Path:" header, but this need not be the case. The whole reason it is called an "envelope" address is that appears _outside_ of the message header and body, in the raw SMTP exchange between mail servers.
The default envelope "from" address on unix depends on what sendmail implementation you are using. But typically it will be set to the username of the running process followed by "@" and the hostname of the machine. In a typical configuration this will look something like apache@box17.isp.net.
If your emails are being rejected by receiving mail servers, or if you need to change what address bounce emails are sent to, you can change the envelope "from" address to solve your problems.
To change the envelope "from" address on unix, you specify an "-r" option to your sendmail binary. You can do this globally in php.ini by adding the "-r" option to the "sendmail_path" command line. You can also do it programmatically from within PHP by passing "-r address@domain.com" as the "additional_parameters" argument to the mail() function (the 5th argument). If you specify an address both places, the sendmail binary will be called with two "-r" options, which may have undefined behavior depending on your sendmail implementation. With the Postfix MTA, later "-r" options silently override earlier options, making it possible to set a global default and still get sensible behavior when you try to override it locally.
On Windows, the the situation is a lot simpler. The envelope "from" address there is just the value of "sendmail_from" in the php.ini file. You can override it locally with ini_set().
tdaniel at univ dot haifa dot ac dot il
26-Oct-2006 07:17
26-Oct-2006 07:17
I had trouble getting multiple emails sent for Outlook accounts (a single PHP page performed 2 mail() calls).
The PHP mail() function works correctly, but the same mails that were recieved on a private POP3 server were randomly missing by our intranet Outlook exchange server.
If you have the same problem, try to verify that the "Message-ID: " is unique at the $headers string. i.e.
<?php
$headers = [...] .
"Message-ID: <". time() .rand(1,1000). "@".$_SERVER['SERVER_NAME'].">". "\r\n" [...];
?>
(rand() is used only for demonstration purposes. a better way is to use an index variable that increments (i++) after each mail)
I noticed that when multiple messeges were sent simultaneously, the message-id was the same (probably there was no miliseconds differential). My guess is that Outlook is collating messages with the same message-ID; a thing that causes only one email to pass to the Outlook inbox instead of a few.
i5513
27-Sep-2006 04:30
27-Sep-2006 04:30
[EDITOR's NOTE: Following based off of a note originally by marcelo dot maraboli at usm dot cl which has been removed.]
I had a trouble with marcelo' function, I had to add "$val == 63" condition into "if" sentence for '?' character
# From marcelo post:
function encode_iso88591($string)
{
$text = '=?iso-8859-1?q?';
for( $i = 0 ; $i < strlen($string) ; $i++ )
{
$val = ord($string[$i]);
if($val > 127 or $val == 63)
{
$val = dechex($val);
$text .= '='.$val;
}
else
{
$text .= $string[$i];
}
}
$text .= '?=';
return $text;
}
and later use:
// create email
$msg = wordwrap($msg, 70);
$to = "destination@company.com";
$subject = encode_iso88591("hoydía caminé !!");
$headers = "MIME-Versin: 1.0\r\n" .
"Content-type: text/plain; charset=ISO-8859-1; format=flowed\r\n" .
"Content-Transfer-Encoding: 8bit\r\n" .
"From: $from\r\n" .
"X-Mailer: PHP" . phpversion();
mail($to, $subject, $msg, $headers);
johniskew2
19-Sep-2006 12:28
19-Sep-2006 12:28
An important rule of thumb, because it seems few really follow it and it can alleviate so many headaches: When filtering your email headers for injection characters use a regular expression to judge whether the user's input is valid. For example to see if the user entered a valid e-mail address use something like [a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}. Dont try to filter out bad characters (like searching for LF or CR), because you will ALWAYS miss something. You can be sure your application is more secure going this route....provided the regular expression is valid! This same point goes for any sort of form input not just for sending out emails.
thomas at p-devion dot de
24-Aug-2006 01:46
24-Aug-2006 01:46
Change the function addattachment for multipartmail to auto detect the mime_content_type ...
function addattachment($file){
$fname = substr(strrchr($file, "/"), 1);
$data = file_get_contents($file);
$i = count($this->parts);
$content_id = "part$i." . sprintf("%09d", crc32($fname)) . strrchr($this->to_address, "@");
$this->parts[$i] = "Content-Type: ".mime_content_type($file)."; name=\"$fname\"\r\n" .
"Content-Transfer-Encoding: base64\r\n" .
"Content-ID: <$content_id>\r\n" .
"Content-Disposition: inline;\n" .
" filename=\"$fname\"\r\n" .
"\n" .
chunk_split( base64_encode($data), 68, "\n");
return $content_id;
}
panoramical at gmail dot com
27-Jul-2006 07:19
27-Jul-2006 07:19
Searched for ages on the internet trying to find something that parses EML files and then sends them...for all of you who want to send an EML files you first have to upload it, read it, then delete it. Here's my function...it's specialised for a single form where the user uploads the EML file.
<?php
if(isset($_POST['submit']))
{
// Reads in a file (eml) a user has inputted
function eml_read_in()
{
$file_ext = stristr($_FILES['upload']['name'], '.');
// If it is an eml file
if($file_ext == '.eml')
{
// Define vars
$dir = 'eml/';
$file = $dir.basename($_FILES['upload']['name']);
$carry = 'yes';
// Try and upload the file
if(move_uploaded_file($_FILES['upload']['tmp_name'], $file))
{
// Now attempt to read the file
if($eml_file = file($file))
{
// Create the array to store preliminary headers
$headers = array();
$body = '';
$ii = -1;
// For every line, carry out this loop
foreach($eml_file as $key => $value)
{
$pattern = '^<html>';
if(((eregi($pattern, $value)))||($carry == 'no'))
{
// Stop putting data into the $headers array
$carry = 'no';
$i++;
$body .= $value;
}
else
{
// Separate each one with a colon
if(($eml_file_expl = explode(':', $value))&&($carry == 'yes'))
{
// The row has been split in half at least...
if(isset($eml_file_expl[1]))
{
// Put it into the preliminary headers
$headers[$eml_file_expl[0]] = $eml_file_expl[1];
// There might be more semicolons in it...
for($i=2;$i<=$count;$i++)
{
// Add the other values to the header
$headers[$eml_file_expl[0]] .= ':'.$eml_file_expl[$i];
}
}
}
}
}
// Clear up the headers array
$eml_values = array();
$eml_values[to] = $headers[To];
$eml_values[from] = $headers[From];
$eml_values[subject] = $headers[Subject];
$eml_values['reply-to'] = $headers['Reply-To'];
$eml_values['content-type'] = $headers['Content-Type'];
$eml_values[body] = $body;
unlink($file);
return $eml_values;
}
}
else
{
return '<p>File not uploaded - there was an error</p>';
}
}
}
// Takes information automatically from the $_FILES array...
$eml_pattern = eml_read_in()
// Headers definable...through eml_read_in() again, but I'm guessing they'll be the same for each doc...
if(mail($eml_pattern[to], $eml_pattern[subject], $eml_pattern[content], $headers)) echo 'Mail Sent';
?>
24-Jul-2006 11:55
correction for class multipartmail
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[0] ....
?>
if you are adding attachment first and then addmessage you can easy overwrite added attachment - better use
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[count($this->parts)] ....
?>
sander at cartel dot nl
20-Jul-2006 06:26
20-Jul-2006 06:26
I found out that a ms server (ESMTP MAIL Service, Version: 5.0.2195.6713) also had the problem using CRLF in the headers:
If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with RFC 2822.
The suggested fix works.
Sander
rsjaffe at gmail dot com
21-May-2006 05:10
21-May-2006 05:10
Here's my way of detecting an attempt to hijack my mail form.
<?php #requires PHP 5 or greater
$request = array_map('trim',($_SERVER['REQUEST_METHOD'] == "POST") ? $_POST : $_GET) ;
//check for spam injection
$allfields = implode('',$request) ;
$nontext = $request ;
unset($nontext['message'] );
$nontextfields = implode ('',$nontext) ;
if ((strpos ($nontextfields,"\\r")!==false) ||
(strpos ($nontextfields,"\\n")!==false) ||
(stripos ($allfields,"Content-Transfer-Encoding")!==false) ||
(stripos ($allfields,"MIME-Version")!==false) ||
(stripos ($allfields,"Content-Type")!==false) ||
($request['checkfield']!=$check) ||
(empty($_SERVER['HTTP_USER_AGENT']))) die('Incorrect request') ; //stop spammers ?>
First, I put the data into an array $request, then set up two strings: $allfields, which is just all fields concatenated, then $nontext, which excludes those fields in which \r\n is allowed (e.g., the message body). Any form field in which \r\n is allowed should be unset in the $nontext array before the second implode function (my message field is called 'message', so I unset that). I also include a hidden field in the form with a preset value ('checkfield', $check), so I can see if something is trying to alter all fields.
This is a combination of a lot of things mentioned in the messages below...
steve at stevewinnington dot co dot uk
13-Mar-2006 11:24
13-Mar-2006 11:24
To all you guys out there having problems with mail scripts throwing back this (and you know your scripts are right!!)...
Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in:
I had started seeing this after moving some scripts from 4.3 servers to 5.
a dirty get around is using
ini_set ("sendmail_from","a.body@acompany.com");
to force the From header.
Not ideal but it works.
;)
Nimlhug
11-Mar-2006 01:41
11-Mar-2006 01:41
As noted in other, well, notes; the "additional headers" parameter can be easily exploited, when doing things like:
<?php
mail( $_POST['to'], $_POST['subject'], $_POST['message'], 'Reply-to: '.$_POST['from']."\r\n" );
?>
An easy way of fixing this, is removing CRLFs from the header-strings, like so:
<?php
$_POST['from'] = str_replace( "\r\n", '', $_POST['from'] );
?>
This way, the extra data will be part of the previous header.
junaid at techni-serve dot com
07-Mar-2006 12:49
07-Mar-2006 12:49
Note: on class "multipartmail". Modify the function buildmessage with the following and it will work great.
function buildmessage(){
$this->message = "This is a multipart message in mime format.\n";
$cnt = count($this->parts);
for($i=0; $i<$cnt; $i++){
$this->message .= "--" . $this->boundary . "\n" .$this->parts[$i];
}
$this->message .= "--" . $this->boundary . "-- \n";
}
Thank for all the help.
Mailer
05-Mar-2006 08:13
05-Mar-2006 08:13
if you don't have access to the mail function or got a own smtp server you can use this class to send mails.
https://sourceforge.net/projects/p3mailer/
leonard_orb at future-data dot de
14-Feb-2006 04:51
14-Feb-2006 04:51
Warning: It should be stated clearly that "additional_headers" (the 4th parameter)
will not only allow you to add customized mail headers.
If there is an empty line in it the mail headers will be terminated and
the mail body will start exactly at this point.
mail ("foo@bar.example", "Test", "Hi dude",
"Bcc: someone_else@bar.example\r\n\r\nBuy V1a*ra now\r\n");
will send a mail to <foo@bar.example> and <someone_else@bar.example>
and advertise pills.
It will give spammers the chance to abuse your webserver as a spam server if you e.g.
happen not to check the values your form receives from the client and paste it
directly into "additional_headers".
linas.galvanauskas {eta} ntt . lt
13-Feb-2006 04:27
13-Feb-2006 04:27
Hi,
I'm using phpmailer from http://phpmailer.sourceforge.net/
and I have no problems.
Good luck
Hossein
25-Jan-2006 12:46
25-Jan-2006 12:46
Hello firends,
Good article about email:
http://www.sitepoint.com/article/advanced-email-php
With regards,Hossein
php at nioubi dot com
15-Nov-2005 06:43
15-Nov-2005 06:43
For me, WinXP, EasyPHP 1.8.0.1, sending a mail with the headers lines separated by : \r\n
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
When I put the script online, and call it in order to send mail,
the html is displayed in the mail client (tested Outlook Express and Thunderbird) when you want to read the message sent by php. Some of the headers are considered like text (but it works when sent from local).
Solution : not use \r\n but only \n.
doom_blaster at hotmail dot com
12-Oct-2005 09:47
12-Oct-2005 09:47
OK you gave good exemples but none look good with Lotus Notes 6.X. I found some exelent code compatible with Notes and others, the detailed solution is here :http://archivist.incutio.com/viewlist/css-discuss/37970
I have cleaned Rowan's text, this is my working code :
$boundary = md5(uniqid(time()));
$headers = 'From: ' . $from . "\n";
$headers .= 'To: ' . $to . "\n";
$headers .= 'Return-Path: ' . $from . "\n";
$headers .= 'MIME-Version: 1.0' ."\n";
$headers .= 'Content-Type: multipart/alternative; boundary="' . $boundary . '"' . "\n\n";
$headers .= $body_simple . "\n";
$headers .= '--' . $boundary . "\n";
$headers .= 'Content-Type: text/plain; charset=ISO-8859-1' ."\n";
$headers .= 'Content-Transfer-Encoding: 8bit'. "\n\n";
$headers .= $body_plain . "\n";
$headers .= '--' . $boundary . "\n";
$headers .= 'Content-Type: text/HTML; charset=ISO-8859-1' ."\n";
$headers .= 'Content-Transfer-Encoding: 8bit'. "\n\n";
$headers .= $body_html . "\n";
$headers .= '--' . $boundary . "--\n";
$mailOk=mail('', $subject,'', $headers);
(Tested from Linux PHP4 to STMP Lotus Notes and Notes Client 6.5.1 & 5.? , it works with hotmail too, I didn't test other client)
by DitLePorc
GwarDrazul
15-Sep-2005 07:01
15-Sep-2005 07:01
The article mentioned below is quite good to understand the problem of header injection. However, it suggests the following as a solution: look for "\n" and "\r" inside your user input fields (especially in those used for the $header param) and, if found reject the mail.
Allthough this will probably work I still believe it is better to have a "white list" of allowed characters instead of a "black list" with forbidden characters.
Example:
If you want a user to enter his name, then allow characters only!
If you want a user to enter his email adress, then check if the entry is a valid email adress.
Doing so might automatically solve problems which you didn't think of when you created the "black list". For SMTP headers colons are needed. If you check for a valid email adress the hacker won't be able to enter colons inside that form field.
I suggest using regular expressions for those checks.
For more information about regular expressions see:
http://www.regular-expressions.info/
Alan Hogan +PHP at pixels and pages ,com
03-Sep-2005 01:46
03-Sep-2005 01:46
Header injection is a very real, common threat in which an attacker uses your mail form to send mail to whomever he chooses! I've been hit, myself, and on a website with relatively little traffic! Read more about it here:
http://securephp.damonkohler.com/index.php/Email_Injection
jfonseca at matarese dot com
25-Jul-2005 08:33
25-Jul-2005 08:33
This is NOT PHP-specific but worth mentioning on the mail() page.
Watch out for sendmail command injection on your pages which call the mail() function.
How it works: the attacker will inject SMTP into your form unless you make it real clear where the header ends. Most people simply don't add a header or a \r\n\r\n sequence to their mail header forms.
Example : a new BCC: field can be injected so that your form can be used to deliver mail to any valid address the attacker chooses.
Since the httpd server host is a trusted host your MX will probably relay without asking any questions.
Be careful with any function that accepts user input.
Hope this helps.
a dot hari at softprosys dot com
25-Jul-2005 01:47
25-Jul-2005 01:47
Guido, the same you can do like this.
while ($emailadresses = mysql_fetch_array($query, MYSQL_ASSOC)) {
foreach ($emailadresses as $oneMailadres) {
$recepientsArr[] = "$oneMailadres"; //build up the recepients array
}
}
/* THIS IS NOT REQUIRED
// this is the tricky part: mail() will not sent to all the emailadresses, if you let your string end with ', ', so I used substr() to remove the last two characters from the string (comma and space).
$recepients = substr($recepients, 0, -2);
*/
//Instead...do this.
$recepients = implode(",", $recepientsArr[]);
//actual sending
mail($recepients, $subject, $mailbody, "From: $senderAddress");
gregBOGUS at BOGUSlorriman dot com
21-Jun-2005 06:02
21-Jun-2005 06:02
In the posting "gregBOGUS at BOGUSlorriman dot com 6th april 2005" I claimed that redirecting an email, via the mail() function, to a different email address was as simple as copying over the unmodified headers of the originally recieved email (which would, of course, include the original "To:" field).<