Is there a way in PHP to update an email id in a mail server if we have the access details of the mail server. The requirement is as follows.
I am developing a community website which need a provision to upload photos to their photo gallery by sending an email. We planned to create email id for each user so that they could send emails with photo attachments to that id. A cron job will search for emails inside those id's and if it finds a mail with attachment, uploads the file to the server and subject of the email will be considered as the photo caption.
But it has a security loophole such that anyone who knows the email id can send an email and add photo to others account. We are planning to have a security code in their id which can be modified by user if required.
eg. name.XXXX#domain.com where XXXX is a four digit secret code. THe user can change that code whenever required. i.e. the email id can be name.1234#domain.com or name.3452#domain.com according to the user's wish to maintain privacy. So is there a way to edit the email id using PHP functions.
Creating email accounts and/or aliases would certainly be possible with PHP, but it would depend so much on your server setup.
Another route to consider would be to not have any real email boxes, but to instead have all email delivered to a catch-all account and have your cron script search through that one mailbox and compare all recipient addresses against a database, then you don't have to worry about actually creating real email users on the server.
Additionally, in terms of improving security, you could have each user authenticate which sender email addresses are allowed to send emails with photo attachments. It's still not bullet-proof, because sender addresses can be spoofed, but it's an extra step in the right direction.
Related
I'm running a wiki based on mediawiki 1.21.11. Because I can't prevent users to change their e-mail address, I want to get informed (e.g. by mail) about this change.
My question: is there any possibility to send e. g. a copy of the notification mail or another notification including the old or new e-mail address to a specified recipient when users change their e-mail address?
You can prevent users from changing their email address with an auth plugin, although it seems like a horrible thing to do. You can use some hook to send you notifications - PrefsEmailAudit or UserSetEmail if you don't require confirmations, ConfirmEmailComplete if you do.
I saw in some advertising websites, that when you want to send an email to the ad owner, it does not show the real email, but rather the email address under that website's domain(which definitely looks like auto-generated, rather than chosen by the user), say smth like n8MngCo5cHg#example.com.
So, AFA I understand, when an email is being sent to that address, it is being redirected to the ad owner's real email. I am trying to to do the same thing by php.
QSN1 By php script, how to create that email address for the user, when he registers ?
QSN2 Is there a way (again by code) to set up a forwarder, so emails sent to n8MngCo5cHg#example.com automatically will be redirected to user's real email user_email#gmail.com, or I should fetch emails by IMAP from time to time and send to to the user ?
I am using apache2.x/Debian 7, if it matters.
These two questions I found, are for cpanel, but I am not using it or any other UI.
Create an email account with PhP - With some things I need to work around
Create emails accounts using PHP
Thanks
Here is one way that you can create an random 'alias' email address:
$aliasaddress=md5(uniqid(mt_rand(),1)) . "#example.com";
Then, as SyedQarib suggests, you would store the alias address and the actual address in a database, so that your program can get the actual address given an alias address.
Finally, you would need to setup your mail server with wildcarding such that it accepts messages to *#example.com, and forward each incoming message to your PHP script, so that for each incoming message to an alias address, your script would parse the incoming message, capture the alias address that it's addressed to, query the database to find the corresponding actual address, then forward the message to the actual address. For information on how to setup a mail server to forward incoming messages to a script, see http://harrybailey.com/2009/02/send-or-pipe-an-email-to-a-php-script/ or How to setup a mail server?
how do i validate Existing E-Mail Address.
in a Registration system, when a user enter a Email address it checks if the Email address is existing or not in Ymail/Gmail.
i already have a running domain(for Practice).
You have my regards.
Most registration systems validate an email address by sending an email to it with a uniquely encoded URL in it and requiring the user to go get that email and click on the link. When your server sees that the link has been clicked on the email address is know to be accessed by you.
Here's a basic flowchart for how it works:
User goes to your website
User commences registration and fills in their email address
Server checks to see if email address is in a legal and proper form and is not already registered
If the rest of the user's registration looks good and then email address looks legal, the server creates an account in your system and puts in the "unverified" state.
Then, a code is generated that corresponds to that specific user. That code is put onto an URL and that URL is put into an email which is sent to the email address the user entered.
The user receives the email with instructions to click on the enclosed link.
User retrieves email and clicks on the link.
Your server receives web request from that link. It parses out the code from the URL and checks to see if that code matches an account that is in the "unverified" state. If so, and the account has not expired from too much time elapsing since the email was sent, then the account is put into the "verified" state and is ready for use.
The basic idea of this system is that if you can retrieve an email sent to that email address then the email address must be a valid and working email address and you, the user, must be able to access that email address (it's not just some random email address you made up).
Back in the day, you could easily validate email addresses. Then the spammers came along. Now the only way you can confirm the existence of an email address is by trying to send something to it and checking for bounces. And even then, the lack of a bounce doesn't mean it exists - it could simply have been silently deleted, ignored, spam filtered into oblivion, etc...
Basically, what you want is not possible - any such system would simply help spammers hammer your box with more russian brides popping penis pills while wearing fake rolexes.
SMTP provides VRFY and EXPN verbs to check if an account or mailing list exists. However, most server admins disable these verbs from their mail configuration to prevent hackers from exploiting user lists. Gmail and Yahoo are said to have VRFY disabled.
Another option you can try for these servers is emailing the user with a link to confirm their email address. Granted, it is not as sexy as realtime email verification, but it is more secure for all parties.
It is practically not possible to validate email address with growing number of spams.
These days people send a mail to the email address entered by user to complete the registration or activate the account. You can probably do that and is a much safer way to do. You can find a number of resources online to implement this functionality.
I have a small web app to which users upload photos. I want to let them email in their photos (from their iPhones/Android phones) and a number associated with that photo. It'd be kind of like posterous but only allow emails with one photo and one number.
How could this be done?
I see two ways, but I'm not sure if I'm even close.
1) Have one email (like Posterous) that users send mail to, then send to it from the same email that their account is under.
2) Have a unique email for every user that they can email to. (But this has the problem that anyone could send emails to the unique email.)
To do either way, you'd need to have a filter on the mail server that takes incoming mail and fires off a script that inserts that information into the db, or does whatever else with it.
It's not too hard, but usually requires admin (or root) access to the machine, i.e., can't be done in a shared hosting environment.
Tumblr (the short form blogging platform) has a feature where you are given a unique email address (for example, f3sf16a#tumblr.com) that you can email text or images and it automatically formats it into a post for you (as long as the sending email address matches your account email address).
I'd let to set up something similar, but solely as a method to submit images. Ideally, when a user signs up to my site, I'd create a unique address for them and store it in my db (MySQL). If a user emails a photo to that address using the email address they signed up with, i'd route it to a PHP function that breaks it down and handles the upload of content to their account.
How would I go about setting something like this up? Would it be something at the DNS level, or Apache level? Would I need to create a "safe list" of all the "real" email accounts on my domain to pass it through first? Also, I'm using Google Apps for email on this domain, will I need to create some sort of filter on that end?
Any ideas/suggestions would be awesome!
There's another quick and dirty way to make this work...
Setup a "catch-all" address for your domain. In other words, setup your domain so that e-mail sent to any address at the domain automatically gets forward to one catch-all address (i.e. global#mydomain.com).
Then, on the PHP side... Setup a script that periodically checks the e-mail in the global#mydomain.com box. Be sure to check the "To:" field so that you can identify which specific user the message was intended for.
Hope this helps!
It would be at the MTA level. Most MTAs have a facility whereby an email can be piped to an external program; this program would then parse the email and store the image.