[23] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * Email.inc.php |
---|
| 4 | * code by strangecode :: www.strangecode.com :: this document contains copyrighted information |
---|
| 5 | * |
---|
| 6 | * Easy email template usage. |
---|
| 7 | * |
---|
| 8 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
[292] | 9 | * @version 1.0 - backported to codebase v1.1dev |
---|
[136] | 10 | * |
---|
| 11 | |
---|
[23] | 12 | // Example. |
---|
| 13 | $email = new Email(array( |
---|
| 14 | 'to' => array($frm['email'], 'q@lovemachine.local'), |
---|
[292] | 15 | 'from' => sprintf('%s <%s>', $CFG->site_name, $CFG->site_email), |
---|
[24] | 16 | 'subject' => 'Your account has been activated', |
---|
[23] | 17 | )); |
---|
| 18 | $email->setTemplate('email_registration_confirm.ihtml'); |
---|
[41] | 19 | // $email->setString('Or you can pass your message body as a string, also with {VARIABLES}.'); |
---|
[23] | 20 | $email->replace(array( |
---|
[292] | 21 | 'SITE_NAME' => $CFG->site_name, |
---|
| 22 | 'SITE_URL' => $CFG->site_url, |
---|
| 23 | 'USERNAME' => $frm['username'], |
---|
| 24 | 'PASSWORD' => $frm['password1'], |
---|
[23] | 25 | )); |
---|
| 26 | if ($email->send()) { |
---|
[292] | 27 | raiseMsg(sprintf(_("A confirmation email has been sent to %s."), $frm['email']), MSG_SUCCESS, __FILE__, __LINE__); |
---|
[23] | 28 | } else { |
---|
[292] | 29 | logMsg(sprintf('Error sending confirmation email to address %s', $frm['email']), LOG_NOTICE, __FILE__, __LINE__); |
---|
[23] | 30 | } |
---|
[136] | 31 | |
---|
| 32 | * |
---|
[23] | 33 | */ |
---|
| 34 | class Email { |
---|
| 35 | |
---|
[24] | 36 | // Default parameters, to be overwritten by setParam() and read with getParam() |
---|
[23] | 37 | var $_params = array( |
---|
| 38 | 'to' => null, |
---|
| 39 | 'from' => null, |
---|
| 40 | 'subject' => null, |
---|
[38] | 41 | 'headers' => null, |
---|
[212] | 42 | 'regex' => null, |
---|
| 43 | |
---|
| 44 | // A single carriage return (\n) should terminate lines for locally injected mail. |
---|
| 45 | // A carriage return + line-feed (\r\n) should be used if sending mail directly with SMTP. |
---|
| 46 | 'crlf' => "\n", |
---|
| 47 | |
---|
| 48 | // RFC 2822 says line length MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF. |
---|
| 49 | // http://mailformat.dan.info/body/linelength.html |
---|
| 50 | 'wrap' => true, |
---|
| 51 | 'line_length' => 75, |
---|
[23] | 52 | ); |
---|
[42] | 53 | |
---|
[24] | 54 | // String that contains the email body. |
---|
[23] | 55 | var $_template; |
---|
[42] | 56 | |
---|
[24] | 57 | // String that contains the email body after replacements. |
---|
[23] | 58 | var $_template_replaced; |
---|
| 59 | |
---|
| 60 | /** |
---|
| 61 | * Constructor. |
---|
| 62 | * |
---|
| 63 | * @access public |
---|
| 64 | * @param array $params Array of object parameters. |
---|
| 65 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 66 | * @since 28 Nov 2005 12:59:41 |
---|
| 67 | */ |
---|
| 68 | function Email($params=null) |
---|
| 69 | { |
---|
[24] | 70 | // The regex used in validEmail(). Set here instead of in the default _params above so we can use the concatination . dot. |
---|
[42] | 71 | // This matches an email address as complex as: |
---|
[24] | 72 | // Bob Smith <bob&smith's/dep=sales!@smith-wick.ca.us> (Sales department) |
---|
| 73 | // ...and something as simple as: |
---|
| 74 | // x@x.com |
---|
[23] | 75 | $this->setParam(array('regex' => '/^(?:[^,@]*\s+|[^,@]*(<)|)' // Display name |
---|
[42] | 76 | . '((?:[^.<>\s@\",\[\]]+[^<>\s@\",\[\]])*[^.<>\s@\",\[\]]+)' // Local-part |
---|
[23] | 77 | . '@' // @ |
---|
| 78 | . '((?:(\[)|[A-Z0-9]?)' // Domain, first char |
---|
| 79 | . '(?(4)' // Domain conditional for if first domain char is [ |
---|
| 80 | . '(?:[0-9]{1,3}\.){3}[0-9]{1,3}\]' // TRUE, matches IP address |
---|
| 81 | . '|' |
---|
| 82 | . '[.-]?(?:[A-Z0-9]+[-.])*(?:[A-Z0-9]+\.)+[A-Z]{2,6}))' // FALSE, matches domain name |
---|
| 83 | . '(?(1)' // Comment conditional for if initial < exists |
---|
| 84 | . '(?:>\s*|>\s+\([^,@]+\)\s*)' // TRUE, ensure ending > |
---|
| 85 | . '|' |
---|
| 86 | . '(?:|\s*|\s+\([^,@]+\)\s*))$/i')); // FALSE ensure there is no ending > |
---|
| 87 | |
---|
[25] | 88 | if (isset($params)) { |
---|
| 89 | $this->setParam($params); |
---|
| 90 | } |
---|
[23] | 91 | } |
---|
| 92 | |
---|
| 93 | /** |
---|
| 94 | * Set (or overwrite existing) parameters by passing an array of new parameters. |
---|
| 95 | * |
---|
| 96 | * @access public |
---|
| 97 | * @param array $params Array of parameters (key => val pairs). |
---|
| 98 | */ |
---|
| 99 | function setParam($params) |
---|
| 100 | { |
---|
| 101 | if (isset($params) && is_array($params)) { |
---|
| 102 | // Enforce valid email addresses. |
---|
| 103 | if (isset($params['to']) && !$this->validEmail($params['to'])) { |
---|
| 104 | $params['to'] = null; |
---|
| 105 | } |
---|
| 106 | if (isset($params['from']) && !$this->validEmail($params['from'])) { |
---|
| 107 | $params['from'] = null; |
---|
| 108 | } |
---|
| 109 | |
---|
| 110 | // Merge new parameters with old overriding only those passed. |
---|
| 111 | $this->_params = array_merge($this->_params, $params); |
---|
| 112 | } else { |
---|
[292] | 113 | logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); |
---|
[23] | 114 | } |
---|
| 115 | } |
---|
| 116 | |
---|
| 117 | /** |
---|
| 118 | * Return the value of a parameter, if it exists. |
---|
| 119 | * |
---|
| 120 | * @access public |
---|
| 121 | * @param string $param Which parameter to return. |
---|
| 122 | * @return mixed Configured parameter value. |
---|
| 123 | */ |
---|
| 124 | function getParam($param) |
---|
| 125 | { |
---|
| 126 | if (isset($this->_params[$param])) { |
---|
| 127 | return $this->_params[$param]; |
---|
| 128 | } else { |
---|
[292] | 129 | logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); |
---|
[23] | 130 | return null; |
---|
| 131 | } |
---|
| 132 | } |
---|
| 133 | |
---|
| 134 | /** |
---|
| 135 | * Loads template from file to generate email body. |
---|
| 136 | * |
---|
| 137 | * @access public |
---|
| 138 | * @param string $template Filename of email template. |
---|
| 139 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 140 | * @since 28 Nov 2005 12:56:23 |
---|
| 141 | */ |
---|
| 142 | function setTemplate($template) |
---|
| 143 | { |
---|
| 144 | // Load file, using include_path. |
---|
| 145 | if (!$this->_template = file_get_contents($template, true)) { |
---|
[292] | 146 | logMsg(sprintf('Email template file does not exist: %s', $template), LOG_ERR, __FILE__, __LINE__); |
---|
[23] | 147 | $this->_template = null; |
---|
| 148 | $this->_template_replaced = null; |
---|
| 149 | return false; |
---|
| 150 | } |
---|
[24] | 151 | // This could be a new template, so reset the _template_replaced. |
---|
[23] | 152 | $this->_template_replaced = null; |
---|
| 153 | return true; |
---|
| 154 | } |
---|
| 155 | |
---|
| 156 | /** |
---|
| 157 | * Loads template from string to generate email body. |
---|
| 158 | * |
---|
| 159 | * @access public |
---|
| 160 | * @param string $template Filename of email template. |
---|
| 161 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 162 | * @since 28 Nov 2005 12:56:23 |
---|
| 163 | */ |
---|
| 164 | function setString($string) |
---|
| 165 | { |
---|
| 166 | // Load file, using include_path. |
---|
[41] | 167 | if ('' == trim($string)) { |
---|
[292] | 168 | logMsg(sprintf('Empty string provided.', null), LOG_ERR, __FILE__, __LINE__); |
---|
[23] | 169 | $this->_template_replaced = null; |
---|
| 170 | return false; |
---|
| 171 | } else { |
---|
[41] | 172 | $this->_template = $string; |
---|
[24] | 173 | // This could be a new template, so reset the _template_replaced. |
---|
[23] | 174 | $this->_template_replaced = null; |
---|
| 175 | return true; |
---|
| 176 | } |
---|
| 177 | } |
---|
[42] | 178 | |
---|
[23] | 179 | /** |
---|
| 180 | * Replace variables in template with argument data. |
---|
| 181 | * |
---|
| 182 | * @access public |
---|
| 183 | * @param array $replacements Array keys are the values to search for, array vales are the replacement values. |
---|
| 184 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 185 | * @since 28 Nov 2005 13:08:51 |
---|
| 186 | */ |
---|
| 187 | function replace($replacements) |
---|
| 188 | { |
---|
[136] | 189 | |
---|
[24] | 190 | // Ensure template exists. |
---|
[23] | 191 | if (!isset($this->_template)) { |
---|
[292] | 192 | logMsg(sprintf('Cannot replace variables, no template defined.', null), LOG_ERR, __FILE__, __LINE__); |
---|
[42] | 193 | return false; |
---|
[23] | 194 | } |
---|
[42] | 195 | |
---|
[24] | 196 | // Ensure replacements argument is an array. |
---|
[23] | 197 | if (!is_array($replacements)) { |
---|
[292] | 198 | logMsg(sprintf('Cannot replace variables, invalid replacements.', null), LOG_ERR, __FILE__, __LINE__); |
---|
[42] | 199 | return false; |
---|
[23] | 200 | } |
---|
[42] | 201 | |
---|
[23] | 202 | // Apply regex pattern to search elements. |
---|
| 203 | $search = array_keys($replacements); |
---|
[247] | 204 | array_walk($search, create_function('&$v', '$v = "{" . mb_strtoupper($v) . "}";')); |
---|
[23] | 205 | |
---|
[35] | 206 | // Replacement values. |
---|
[23] | 207 | $replace = array_values($replacements); |
---|
[42] | 208 | |
---|
[24] | 209 | // Search and replace all values at once. |
---|
[216] | 210 | $this->_template_replaced = str_replace($search, $replace, $this->_template); |
---|
[23] | 211 | } |
---|
| 212 | |
---|
| 213 | /** |
---|
| 214 | * Send email using PHP's mail() function. |
---|
| 215 | * |
---|
| 216 | * @access public |
---|
| 217 | * @param string $to |
---|
| 218 | * @param string $from |
---|
| 219 | * @param string $subject |
---|
| 220 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 221 | * @since 28 Nov 2005 12:56:09 |
---|
| 222 | */ |
---|
[38] | 223 | function send($to=null, $from=null, $subject=null, $headers=null) |
---|
[23] | 224 | { |
---|
[24] | 225 | // Use arguments if provided. |
---|
[23] | 226 | if (isset($to)) { |
---|
[42] | 227 | $this->setParam(array('to' => $to)); |
---|
[23] | 228 | } |
---|
| 229 | if (isset($from)) { |
---|
[42] | 230 | $this->setParam(array('from' => $from)); |
---|
[23] | 231 | } |
---|
| 232 | if (isset($subject)) { |
---|
[42] | 233 | $this->setParam(array('subject' => $subject)); |
---|
[23] | 234 | } |
---|
[38] | 235 | if (isset($headers)) { |
---|
[42] | 236 | $this->setParam(array('headers' => $headers)); |
---|
[38] | 237 | } |
---|
[36] | 238 | |
---|
[24] | 239 | // Ensure required values exist. |
---|
[43] | 240 | if (!isset($this->_params['subject'])) { |
---|
[292] | 241 | logMsg(sprintf('Cannot send email to %s. SUBJECT not defined.', $this->_params['to']), LOG_ERR, __FILE__, __LINE__); |
---|
[23] | 242 | return false; |
---|
[43] | 243 | } else if (!isset($this->_template)) { |
---|
[292] | 244 | logMsg(sprintf('Cannot send email: "%s". Template not set.', $this->_params['subject']), LOG_ERR, __FILE__, __LINE__); |
---|
[43] | 245 | return false; |
---|
[23] | 246 | } else if (!isset($this->_params['to'])) { |
---|
[292] | 247 | logMsg(sprintf('Cannot send email: "%s". TO not defined.', $this->_params['subject']), LOG_NOTICE, __FILE__, __LINE__); |
---|
[23] | 248 | return false; |
---|
| 249 | } else if (!isset($this->_params['from'])) { |
---|
[292] | 250 | logMsg(sprintf('Cannot send email: "%s". FROM not defined.', $this->_params['subject']), LOG_ERR, __FILE__, __LINE__); |
---|
[23] | 251 | return false; |
---|
| 252 | } |
---|
| 253 | |
---|
[24] | 254 | // Wrap email text body, using _template_replaced if replacements have been used, or just a fresh _template if not. |
---|
[212] | 255 | $final_body = isset($this->_template_replaced) ? $this->_template_replaced : $this->_template; |
---|
| 256 | if (false !== $this->getParam('wrap')) { |
---|
| 257 | $final_body = wordwrap($final_body, $this->getParam('line_length'), $this->getParam('crlf')); |
---|
| 258 | } |
---|
[24] | 259 | |
---|
| 260 | // Ensure all placeholders have been replaced. Find anything with {...} characters. |
---|
[23] | 261 | if (preg_match('/({[^}]+})/', $final_body, $unreplaced_match)) { |
---|
[310] | 262 | logMsg(sprintf('Cannot send email. At least one variable left unreplaced in template: %s', (isset($unreplaced_match[1]) ? $unreplaced_match[1] : '')), LOG_ERR, __FILE__, __LINE__); |
---|
[23] | 263 | return false; |
---|
| 264 | } |
---|
[42] | 265 | |
---|
[24] | 266 | // Final "to" header can have multiple addresses if in an array. |
---|
[23] | 267 | $final_to = is_array($this->_params['to']) ? join(', ', $this->_params['to']) : $this->_params['to']; |
---|
[42] | 268 | |
---|
[24] | 269 | // From headers are custom headers. |
---|
[38] | 270 | $headers = array('From' => $this->_params['from']); |
---|
| 271 | |
---|
| 272 | // Additional headers. |
---|
| 273 | if (isset($this->_params['headers']) && is_array($this->_params['headers'])) { |
---|
| 274 | $headers = array_merge($this->_params['headers'], $headers); |
---|
| 275 | } |
---|
[42] | 276 | |
---|
[38] | 277 | // Process headers. |
---|
| 278 | $final_headers = array(); |
---|
| 279 | foreach ($headers as $key => $val) { |
---|
| 280 | $final_headers[] = sprintf('%s: %s', $key, $val); |
---|
| 281 | } |
---|
[212] | 282 | $final_headers = join($this->getParam('crlf'), $final_headers); |
---|
[42] | 283 | |
---|
[24] | 284 | // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. |
---|
[212] | 285 | $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']); |
---|
| 286 | if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) { |
---|
| 287 | $envelope_sender_header = sprintf('-f %s', $envelope_sender_address); |
---|
| 288 | } else { |
---|
| 289 | $envelope_sender_header = ''; |
---|
| 290 | } |
---|
[42] | 291 | |
---|
[36] | 292 | // Check for mail header injection attacks. |
---|
[212] | 293 | $full_mail_content = join($this->getParam('crlf'), array($final_to, $this->_params['subject'], $final_body)); |
---|
| 294 | if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc):/i", $full_mail_content)) { |
---|
[292] | 295 | logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); |
---|
[42] | 296 | sleep(3); |
---|
[36] | 297 | return false; |
---|
| 298 | } |
---|
[24] | 299 | |
---|
| 300 | // Ensure message was successfully accepted for delivery. |
---|
[247] | 301 | if (mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header)) { |
---|
[292] | 302 | logMsg(sprintf('Email successfully sent to %s', $final_to), LOG_INFO, __FILE__, __LINE__); |
---|
[119] | 303 | return true; |
---|
[114] | 304 | } else { |
---|
[292] | 305 | logMsg(sprintf('Email failure with parameters: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $envelope_sender_header), LOG_NOTICE, __FILE__, __LINE__); |
---|
[23] | 306 | return false; |
---|
| 307 | } |
---|
| 308 | } |
---|
[42] | 309 | |
---|
[23] | 310 | /** |
---|
| 311 | * Validates an email address based on the recommendations in RFC 3696. |
---|
[42] | 312 | * Is more loose than restrictive, to allow the many valid variants of |
---|
[23] | 313 | * email addresses while catching the most common mistakes. Checks an array too. |
---|
| 314 | * http://www.faqs.org/rfcs/rfc822.html |
---|
| 315 | * http://www.faqs.org/rfcs/rfc2822.html |
---|
| 316 | * http://www.faqs.org/rfcs/rfc3696.html |
---|
| 317 | * http://www.faqs.org/rfcs/rfc1035.html |
---|
| 318 | * |
---|
| 319 | * @access public |
---|
| 320 | * @param mixed $email Address to check, string or array. |
---|
| 321 | * @return bool Validity of address. |
---|
| 322 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 323 | * @since 30 Nov 2005 22:00:50 |
---|
| 324 | */ |
---|
| 325 | function validEmail($email) |
---|
| 326 | { |
---|
[24] | 327 | // If an array, check values recursively. |
---|
[23] | 328 | if (is_array($email)) { |
---|
| 329 | foreach ($email as $e) { |
---|
| 330 | if (!$this->validEmail($e)) { |
---|
| 331 | return false; |
---|
| 332 | } |
---|
| 333 | } |
---|
| 334 | return true; |
---|
| 335 | } else { |
---|
[24] | 336 | // To be valid email address must match regex and fit within the lenth constraints. |
---|
[247] | 337 | if (preg_match($this->getParam('regex'), $email, $e_parts) && mb_strlen($e_parts[2]) < 64 && mb_strlen($e_parts[3]) < 255) { |
---|
[24] | 338 | return true; |
---|
| 339 | } else { |
---|
[292] | 340 | logMsg(sprintf('Invalid email: %s', $email), LOG_INFO, __FILE__, __LINE__); |
---|
[23] | 341 | return false; |
---|
| 342 | } |
---|
| 343 | } |
---|
| 344 | } |
---|
| 345 | } |
---|
| 346 | |
---|
| 347 | ?> |
---|