We Keep Coding

PHP 7.0 STRPOS not functioning as expected

So, I was trying to use strpos to test if a string existed in a variable, but in all my attempts to make the if statement work, it was not succeeding, so I went about outputting the string and trying to find the point where strpos detected it, but it was not though it was clearly there! In this case I am searching an SMTP error output for the Gmail SMTP error code.I know how to fix the error, but I want my system to be able to parse smtp errors and report them to my users...
PHP Code:
$Request = RequestPasswordReset($_POST["email"]);
echo $Request;
echo "<br>Position of Error Code: " . strpos($Request, "gsmtp SMTP code: 550");
die();
if($Request === "SUCCESS") {
DisplayError("Password Reset Successful", "We have sent a email that contains a link to reset your password.", "/account/resetpassword.php");
} else if($Request === "USER_NOT_FOUND") {
DisplayError("Password Reset Request Failed", "The specified email is not tied to any accounts in our system.", "/account/resetpassword.php");
} else if(strpos($Request, "gsmtp SMTP code: 550") !== false) {
DisplayError("Password Reset Request Failed", "The mail was blocked by our relay due to IPs being not whitelisted.", "/account/resetpassword.php");
} else {
DisplayError("Password Reset Request Failed", "The request failed for an unknown reason.", "/account/resetpassword.php");
}
Text Output:
It does actually repeat itself, I echoed out the $Request twice and it did the following twice exactly
The following From address failed: XXXXXXX : MAIL FROM command failed,Invalid credentials for relay [XXXXXXX]. The IP address you've registered in your G Suite SMTP Relay service doesn't match domain of the account this email is being sent from. If you are trying to relay mail from a domain that isn't registered under your G Suite account or has empty envelope-from, you must configure your mail server either to use SMTP AUTH to identify the sending domain or to present one of your domain names in the HELO or EHLO command. For more information, please visit https://support.google.com/a/answer/6140680#invalidcred r126sm1314271qke.4 - gsmtp ,550,5.7.1SMTP server error: MAIL FROM command failed Detail: Invalid credentials for relay [XXXXXXX]. The IP address you've registered in your G Suite SMTP Relay service doesn't match domain of the account this email is being sent from. If you are trying to relay mail from a domain that isn't registered under your G Suite account or has empty envelope-from, you must configure your mail server either to use SMTP AUTH to identify the sending domain or to present one of your domain names in the HELO or EHLO command. For more information, please visit https://support.google.com/a/answer/6140680#invalidcred r126sm1314271qke.4 - gsmtp SMTP code: 550 Additional SMTP info: 5.7.1Position of Error Code:
(EDIT) Reset Password Request Function:
function RequestPasswordReset($Email) {
// Try to Get User
$User = GetUser_Email($Email);
// Does user exist?
if($User === "NOT_FOUND") {
return "USER_NOT_FOUND";
}
// Generate Link To Send with Email
$Link = GeneratePasswordResetLink();
$SendEmail = SendPasswordReset($User["Email"], $User["FirstName"] . $User["LastName"], $Link);
if($SendEmail !== "SUCCESS") {
return $SendEmail;
} else {
// WHAT IF MYSQL FAILS????? ~~~~~~~~~~~~~~~ NEED SOLOUTION
$PDO_Connection = CreateMySQLConnection();
$PDO_CMD = $PDO_Connection -> prepare("UPDATE accounts SET ResetPassword=? WHERE Email=?");
$PDO_CMD -> execute(array($Link, $User["Email"]));
return "SUCCESS";
}
}
(EDIT) Send Password Reset Function:
$User = GetUser_ResetID($resetID);
$mail = CreateSMTPConnection();
$mail->AddAddress($targetAddress, $targetName); // Add a recipient
$mail->IsHTML(true); // Set email format to HTML
$mail->Subject = 'LitenUp Password Reset';
$mail->Body = str_replace("https://mylitenup.net/account/resetpassword.php?ID=", ("https://mylitenup.net/account/resetpassword.php?ID=" . $resetID), file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/php/mailer/documents/resetpassword.html"));
$mail->AltBody = 'Reset Your Password: https://mylitenup.net/account/resetpassword.php?ID=' . $resetID;
$mail->XMailer = 'LitenUp Mailer';
$mail->XPriority = '1';
try{
$mail->send();
return "SUCCESS";
} catch (phpmailerException $e) {
return $e->errorMessage();
} catch (\Exception $e) {
return $e->getMessage();
}
(EDIT): I tried mb_strpos, but it is not working, so if that is what will work, why is it not working for me? I did mb_strpos($Request, "gsmtp SMTP code: 550");, but after execution it echos the request, but the Position of Error Code: line does not get echoed.
(Update 1): I really apologize for the delay, in a worst case I will extend this again with a bounty. However, you guys were right! When I first had the error, I outputted it and just copied the line "gsmtp SMTP code: 550", but after doing the tag there appears to be a new line of some sort. You can see in the that the line should be something more like "gsmtp" + + " SMTP code: 550", but I am not sure what the line break should be. I tried and \n.

The best solution would be to take the time to isolate exactly what character(s) is in that white-space.
Until you do that, you can just use regex to gloss over whatever is in there.
Change:
} else if(strpos($Request, "gsmtp SMTP code: 550") !== false) {
to:
} elseif(preg_match("/gsmtp\s+SMTP\s+code:\s+550/",$Request)) {

My best guess:
You're outputting to HTML, so it's possible that your CRLFs/LFs are rendering as spaces. I'd enclose your echo statements with <pre>...</pre> tags to see if it's the case. strpos would fail because you're searching for a space character where it's actually a CRLF/LF.

PHP - Verifying emails existance [duplicate]

I have a question, i have a php script to check if the email address exist.
But appear that yahoo, hotmail, aol and others providers are accepting any emails and not rejecting the invalid emails.
Only Gmail, and many domains like stackoverflow.com are rejecting the no vaild emails.
Check my script and let me know if i can do some to check the yahoo and others.
html post form
<html>
<body>
<form action="checkemail.php" method="POST">
<b>E-mail</b> <input type="text" name="email">
<input type="submit">
</form>
</body>
</html>
php
<?php
/* Validate an email address. */
function jValidateEmailUsingSMTP($sToEmail, $sFromDomain = "gmail.com", $sFromEmail = "email#gmail.com", $bIsDebug = false) {
$bIsValid = true; // assume the address is valid by default..
$aEmailParts = explode("#", $sToEmail); // extract the user/domain..
getmxrr($aEmailParts[1], $aMatches); // get the mx records..
if (sizeof($aMatches) == 0) {
return false; // no mx records..
}
foreach ($aMatches as $oValue) {
if ($bIsValid && !isset($sResponseCode)) {
// open the connection..
$oConnection = #fsockopen($oValue, 25, $errno, $errstr, 30);
$oResponse = #fgets($oConnection);
if (!$oConnection) {
$aConnectionLog['Connection'] = "ERROR";
$aConnectionLog['ConnectionResponse'] = $errstr;
$bIsValid = false; // unable to connect..
} else {
$aConnectionLog['Connection'] = "SUCCESS";
$aConnectionLog['ConnectionResponse'] = $errstr;
$bIsValid = true; // so far so good..
}
if (!$bIsValid) {
if ($bIsDebug) print_r($aConnectionLog);
return false;
}
// say hello to the server..
fputs($oConnection, "HELO $sFromDomain\r\n");
$oResponse = fgets($oConnection);
$aConnectionLog['HELO'] = $oResponse;
// send the email from..
fputs($oConnection, "MAIL FROM: <$sFromEmail>\r\n");
$oResponse = fgets($oConnection);
$aConnectionLog['MailFromResponse'] = $oResponse;
// send the email to..
fputs($oConnection, "RCPT TO: <$sToEmail>\r\n");
$oResponse = fgets($oConnection);
$aConnectionLog['MailToResponse'] = $oResponse;
// get the response code..
$sResponseCode = substr($aConnectionLog['MailToResponse'], 0, 3);
$sBaseResponseCode = substr($sResponseCode, 0, 1);
// say goodbye..
fputs($oConnection,"QUIT\r\n");
$oResponse = fgets($oConnection);
// get the quit code and response..
$aConnectionLog['QuitResponse'] = $oResponse;
$aConnectionLog['QuitCode'] = substr($oResponse, 0, 3);
if ($sBaseResponseCode == "5") {
$bIsValid = false; // the address is not valid..
}
// close the connection..
#fclose($oConnection);
}
}
if ($bIsDebug) {
print_r($aConnectionLog); // output debug info..
}
return $bIsValid;
}
$email = $_POST['email'];
$bIsEmailValid = jValidateEmailUsingSMTP("$email", "gmail.com", "email#gmail.com");
echo $bIsEmailValid ? "<b>Valid!</b>" : "Invalid! :(";
?>

If you need to make super sure that an E-Mail address exists, send an E-Mail to it. It should contain a link with a random ID. Only when that link is clicked, and contains the correct random ID, the user's account is activated (or ad published, or order sent, or whatever it is that you are doing).
This is the only reliable way to verify the existence of an E-Mail address, and to make sure that the person filling in the form has access to it.

There is no 100% reliable way of checking the validity of an email address. There are a few things you can do to at least weed out obviously invalid addresses, though.
The problems that arise with email addresses is actually very similar to those of snail mail. All three points below can also be used for sending snail mail (just change the DNS record with a physical address).
1. Check that the address is formatted correctly
It is very difficult to check the format of email addresses, but PHP has a validation filter that attempts to do it. The filter does not handle "comments and folding whitespace", but I doubt anyone will notice.
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== FALSE) {
echo 'Valid email address formatting!';
}
2. Check that the DNS record exists for the domain name
If a DNS (Domain Name System) record exists then at least someone has set it up. It does not mean that there is an email server at the address, but if the address exists then it is more likely.
$domain = substr($email, strpos($email, '#') + 1);
if (checkdnsrr($domain) !== FALSE) {
echo 'Domain is valid!';
}
3. Send a verification email to the address
This is the most effective way of seeing if someone is at the other end of the email address. If a confirmation email is not responded to in an orderly fashion -- 3 hours for example -- then there is probably some problem with the address.

You can validate "used or real" emails with Telnet and MX records more info in here, for PHP exists a great library call php-smtp-email-validation that simplify the process.
You create a boolean function with the file example1.php and call it when you'll validate the email text. For Gmail, Hotmail, Outlook, live and MSM I don's have any problems but with Yahoo and Terra the library can't validate correctly emails

The problem is gmail uses port 25 for their smtp outgoing mails, the other providers use different ports for their connection. Your response seems okay for gmail.com.
When you connect to gmail smtp it gives you response 250 2.1.5 OK j5si2542844pbs.271 - gsmtp
But when you connect to any other smtp who does not use port 25 it gives you null response.

phpMailer doesn't send emails to hotmail account

I'm using PHPMailer to send emails. I'm trying to send an email to an Hotmail account but if the recipient has the sender in contacts, it receives the email. If the recipient doesn't have the sender in contacts, it doesn't receive the email.
Why? What is the matter?
PHPMailer doesn't show any errors.
I have tried a lot of solutions proposed in the network without any result.
This is the code that I use:
public static function invia_email_bis($p_nome_mitt, $p_mitt, $p_dest, $p_ccn, $p_oggetto, $p_header, $p_mess) {
//Se siamo in sviluppo, le email non devono partire. L'ambiente lo rileviamo dal DB
$config =& JFactory::getConfig();
if ($config->getValue( 'config.db' ) == 'fantaonl_dev') {
return;
}
$email_par = email::get_parameter(costanti::actaccount);
//Creazione dell'oggetto PHPMAILER
$messaggio = new PHPmailer();
//Abilitiamo SMTP
$messaggio->IsSMTP();
//Abilitiamo l'autenticazione
$messaggio->SMTPAuth = true;
//Abilitiamo il protocollo SSL
if ( $email_par['PORTA'] == 587 ) {
$messaggio->SMTPSecure = "tls";
}
if ( $email_par['PORTA'] == 465 ) {
$messaggio->SMTPSecure = "ssl";
}
//Server SMTP
$messaggio->Host = $email_par['SMTP'];
$messaggio->Username = $email_par['USERNAME'];
$messaggio->Password = $email_par['PASSWORD'];
//Porta
$messaggio->Port = $email_par['PORTA'];
//Definiamo le intestazioni e il corpo del messaggio
$messaggio->FromName = $p_nome_mitt;
$messaggio->From = $p_mitt;
//$messaggio->SMTPDebug = 1;
//$messaggio->Debugoutput = 'html';
//DESTINATARIO
if ($p_ccn == false) {
for ($t = 0; $t < count($p_dest); $t++) {
if ($p_dest[$t]['EMAIL'] != '') { $messaggio->AddAddress($p_dest[$t]['EMAIL']); }
elseif ($p_dest[$t]['email'] != '') { $messaggio->AddAddress($p_dest[$t]['email']); }
}
}
else {
for ($t = 0; $t < count($p_dest); $t++) {
if ($p_dest[$t]['EMAIL'] != '') { $messaggio->AddBCC($p_dest[$t]['EMAIL']); }
elseif ($p_dest[$t]['email'] != '') { $messaggio->AddBCC($p_dest[$t]['email']); }
}
}
//DESTINATARIO IN CCN
//$mail->AddBCC($p_dest);
//MITTENTE
$messaggio->AddReplyTo($p_mitt, $p_nome_mitt);
//OGGETTO MESSAGGIO
$messaggio->Subject=$p_oggetto;
//Il Messaggio Ë in HTML
$messaggio->IsHTML(true);
$path_html = $_SERVER['DOCUMENT_ROOT'] . '/jumi_includes/class/template_email.html';
$message_body = file_get_contents($path_html);
$message_body = str_replace('%titolo%', $p_header, $message_body);
$message_body = str_replace('%messaggio%', $p_mess, $message_body);
$path_img = $_SERVER['DOCUMENT_ROOT'] . '/templates/sitodefinitivodue/images/header.jpg';
//Path immagine da caricare
$messaggio->AddEmbeddedImage($path_img, 'header', 'header.jpg', 'base64', 'image/jpeg');
//CORPO MESSAGGIO
$messaggio->MsgHTML($message_body);
$messaggio->AltBody = $p_mess;
//Definiamo i comportamenti in caso di invio corretto
//o di errore
if(!$messaggio->Send()){
$esito = 4;
//echo $messaggio->ErrorInfo;
}else{
$esito = 0;
}
//chiudiamo la connessione
$messaggio->SmtpClose();
unset($messaggio);
return $esito;
}

It's hotmails spamfilter who kicks in. Nowdays you can't just starting send e-mails and think it will get all the way.
To dodge hotmails/gmails spam filter you must:
Oblige to USA's CAN-SPAM Act of 2003 witch includes:
Never use deceptive headers, from-names, reply-tos, or subject lines.
You must always provide an unsubscribe link.
Remove recipients from your list within 10 business days.
The unsubscribe link must work for at least 30 days after sending.
You must include your physical mailing address. To learn more, go to ftc.gov.
Send from the correct server, if the SMTP-server you are using dosn't have anything with the domain name you are using it will be blocked. If you send a no-reply#test.com and don't use the correct smtp it will be blocked, and if you continue your smtp server can be blacklisted and if you use an ISP or any other server they will not be happy about it.
Not be "spam", spamfilter nowdays analyses the text and tries to figure out if your mail is spam. If you send alot of the same massage with just small text changes your mail will score higher. Like: Hello [Mike], look at our new products etc etc. Avoid using common spam words like e CLICK HERE! or FREE! BUY NOW! etc or bright colors, lots of exclamation, vad html etc.
There is no bulletproff way to avoid a spam filter, if it would your inbox would be filled with spam in no time.
Will Weatons rule apply here (as with SEO): Don't be a dick.

I think your email has been sent to hotmail user.
To send correctly to hotmail, be sure to be correct with DKIM.
I doubt it would be DKIM issue.
In Hotmail's Safe Sender will auto ignore the email if the sender domain not in the safe list.
Try to check:-
Inbox > Options > Safe and blocked senders > Safe senders

Email confirmation link specific to Email provider

I'm making a new site, and already have email confirmation code in place. But is there a way of making a "go to your inbox" link that is specific to the users' email provider? For example:
Go to live.com if it's a #live.com email
Go to yahoo.com if it's a #yahoo.com email
Some sort of if statement I'm guessing? Just some ideas would be good!

$email = $_POST['email'];
$ext = array('live.com','yahoo.com');
$domain = explode('#', $email);
if ( $domain[1] == $ext[0])
{
// Go to Live.com
}
if( $domain[1] == $ext[1])
{
//Go to Yahoo.com
}
with email is field name in registration form /subscribe form

Is this a safe PHP mail function?

I've finally got this PHP email script working (didn't work on localhost…), but my concern is that it's not safe.
So - is this safe for spamming and any other security pitfalls I'm not aware of?
<?php
$email = 'notification#domain.com';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!preg_match("/\w+([-+.]\w+)*#\w+([-.]\w+)*\.\w+([-.]\w+)*/", $notify)) {
echo "<h4>Your email address doesn't validate, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
Unrelated: is there a PHP function I can use instead of javascript:history.back(1) ?
Edit: the script using filter instead of RegEx
<?php
$email = 'notification#domain.com';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!filter_var($notify, FILTER_VALIDATE_EMAIL)) {
echo "<h4>This email address ($notify) is not considered valid, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>

I don't know if id use $_SERVER['HTTP_REFERER'] to go back. I feel like that could leave you open to attack since it's set via the request. The way to do it would be to use sessions on the previous page. This way you're not dumping untrustworthy data onto your site.
I dont see any security risks, but id like to suggest the use of filter when checking the validity of emails. its much easier than messing with REs.

You can't just regexp match an email address against a short regexp pattern if you want to accept all validly formed email addresses and reject all non-valid one. Use a parser (1, 2) that actually implement against the relevant RFCs to check for validity.
Other things you can do is checking HTTP_REFERER to make sure the request came from within your domain as Chacha102 already mentioned. Just note that not all agent send HTTP_REFERER, and that it can be optionally turned off or faked by users.
If you want to go the extra mile to make sure they are giving you a valid email address, you can check for existing DNS record for mail servers at the domain specified (A, MX, or AAAA). And on top of that, you can do callback verification. That's where you connect to the mail server, tell it you want to send to this email address and see if they say OK.
For callback verification, you should note greylisting servers say OK to everything so even that is not a guarantee. Here's some code I used when I needed such a script. It's a patch onto the parser from (1).
#
# Email callback verification
# Based on http://uk2.php.net/manual/en/function.getmxrr.php
#
if (strlen($bits['domain-literal'])){
$records = array($bits['domain-literal']);
}elseif (!getmxrr($bits['domain'], $mx_records, $mx_weight)){
$records = array($bits['domain']);
}else{
$mxs = array();
for ($i = 0; $i < count($mx_records); $i++){
$mxs[$mx_records[$i]] = $mx_weight[$i];
}
asort($mxs);
$records = array_keys($mxs);
}
$user_okay = false;
for ($j = 0; $j < count($records) && !$user_okay; $j++){
$fp = #fsockopen($records[$j], 25, $errno, $errstr, 2);
if($fp){
$ms_resp = "";
$ms_resp .= send_command($fp, "HELO ******.com");
$ms_resp .= send_command($fp, "MAIL FROM:<>");
$rcpt_text = send_command($fp, "RCPT TO:<" . $email . ">");
$ms_resp .= $rcpt_text;
$ms_code = intval(substr($rcpt_text, 0, 3));
if ($ms_code == 250 || $ms_code == 451){ // Accept all user account on greylisting server
$user_okay = true;
}
$ms_resp .= send_command($fp, "QUIT");
fclose($fp);
}
}
return $user_okay ? 1 : 0;