User Tools

Site Tools


web_development:gnarly_mailman
Introduction

Here is my quick little PHP 5 mail processor.

The Code

PHP Source Code:

Hint: If you want to download the script, simply click on the title tab. 
gnarlymailman.php
<?php
/*
#################################################################
 
 The GNarly Mailman v0.1
 By Robbie Ferguson, www.Category5.tv
 
 Licensed in the same way as our show, Creative Commons Attribution.
 Use it, share it, mash it up, but always include the above attribution.
 
 Description: A PHP mail processor that takes care of all the gnarly stuff.
              1) it ensures the recipient email address (yours) is hidden from spammers
              2) it validates the fact that the GNarly Mailman code is being executed
                 from YOUR script (since you're specifying the recipient via the function
                 call and not by POST or GET)
              3) it ensures malicious users therefore cannot modify the recipient and
                 send spam through your server
              4) it strips away injection attempts and warns you when it suspects an email
                 may be a hack attempt
              5) it provides you a unique code which can be used to create a mail filter in
                 your email application to automatically remove any injection attempt emails
 
 Requirements: PHP 5+
   If you're not sure if you have PHP 5+, try running the code.  If it reports back
   any "invalid function" errors, you know you don't have a new enough versin of PHP.
 
   If that's the case, you can TRY adding this to your .htaccess file*:
 
  <FilesMatch "\.(inc|php|php3|php4|php5|php6|phtml|phps)$">
	AddHandler x-httpd-php4 .php4
	AddHandler x-httpd-php5 .inc .php .php3 .php5 .phtml
	</FilesMatch>
 
   * Could break other parts of your site if it relies on old code, but lets you
     rename old PHP 4 code as filename.php4 to still execute with PHP 4.
 
 Installation:
  Save the code to gnarlymailman.php and add the following to your PHP code:
  <?php
    // GNarly Mailman
    include('gnarlymailman.php');
    gnarlymailman('[email protected]');
  ?>
 
 
 Notes:
   I don't know why you'd want to, but if you'd like, you can set defaults ABOVE the include
   Eg. $comments = 'This is a default comment';
   Options are $name, $email, $phone and $comments
 
   I used a table to make the output LEAST likely to break someone's layout
   Eg., if I used div's I'd want to put a clear: both, which would break some floats
   Feel free to edit the output to your heart's desire, but if you break it...  :)
 
#################################################################
*/
 
function gnarlymailman($gnarlyaddress) {
	if(filter_var($gnarlyaddress, FILTER_VALIDATE_EMAIL)) {
	  if (isset($_POST['gnarlymailman'])) {
	    // generate strings from posted form
	    foreach ($_POST as $key => $value) {
	      if (strlen($value) > 0) {
		if ($key == 'email') {
		  if (!filter_var($value, FILTER_VALIDATE_EMAIL)) $invalid[$key] = '<font color="red">*</font>';
		}
		if ($value != strip_tags($value)) $hackattempt++;
		$$key = stripslashes(htmlentities(strip_tags($value)));
		$submitted = 1;
	      }
	      if (!isset($$key)) $invalid[$key] = '<font color="red">*</font>';
	    }
	  }
 
	  if ( !isset($invalid) and $submitted == 1 ) {
		// looks like everything's good, so let's send this bad boy out
 
		// message
		$message = '
		<html>
		<head>
		  <title>Email from ' . $name . '</title>
		</head>
		<body>
		  <p>';
		if ($hackattempt > 0) $message .= '<div style="background: #ffa4a4; border: solid 3px red; padding: 5px;"><b>Please Be Aware:</b> It seems this user was attempting to inject code into your site using your email form.  Therefore, this email may be a scam, spam or other such junk. If you get some of these and this proves to be true, feel free to setup a mail filter to delete these emails automatically.  Here is a specific search key you may use in order to block these malicious emails:  ' . md5('rudabega') . '</div><br /><br />';
		$message .= nl2br($comments) . '<br /><br />
		    ' . $name . '<br />' . PHP_EOL
		      . $email . '<br />' . PHP_EOL
		      . $phone . '
		  </p>
		</body>
		</html>
		';
 
		// To send HTML mail, the Content-type header must be set
		$headers  = 'MIME-Version: 1.0' . "\r\n";
		$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
 
		// Additional headers
		$headers .= 'From: ' . $name . ' <' . $email . '>' . "\r\n";
 
		// Mail it
		if (@mail($gnarlyaddress, 'Email from ' . $name . '.', $message, $headers)) {
		  $gnarlymailman = 'Your email has been sent, thank you.';
		} else {
		  $gnarlymailman = 'There was a problem sending your email.  Please <a href="#" onClick="history.go(-1)">go back</a> and make sure everything was filled in correctly.';
		}
	     } else {
		// output the form
		$gnarlymailman = '
		  <form method="post">
			<table border="0">
			  <tr><td>Name:</td><td><input type="text" name="name" value="' . $name .'">' . $invalid['name'] . '</td></tr>
			  <tr><td>Email:</td><td><input type="email" name="email" value="' . $email . '">' . $invalid['email'] . '</td></tr>
			  <tr><td>Phone:</td><td><input type="tel" name="phone" value="' . $phone . '">' . $invalid['phone'] . '</td></tr>
			  <tr><td valign="top">Message:</td><td valign="top"><textarea name="comments">' . $comments . '</textarea>' . $invalid['comments'] . '</td></tr>
			  <tr><td align="right" colspan="2"><input type="submit" name="gnarlymailman" value="Send" style="width: 75px;"></td></tr>
			</table>
		      </form>
		';
	     }
	echo $gnarlymailman;
	return true;
	}
	else { echo 'GNarly Mailman is misconfigured in your function call.<br /><br />Usage:  <pre>&lt;?php gnarlymailman(\'[email protected]\'); ?&gt;</pre>'; }
}
?>

Discussion

garbee, 2012/01/26 09:38, 2012/01/26 11:12

I changed the input type for phone to “tel” from “text” and for email to “email” from “text”. This allows for certain devices using software keyboards to show different (optimized) keyboards for faster input.

You could leave a comment if you were logged in.
web_development/gnarly_mailman.txt · Last modified: 2012/01/26 11:13 by garbee