I've been struggling with low level mail in PHP and I know I should be using a library for this, but that's not an option right now.
When doing mail in PHP, you can manually set additional headers, like From, Cc and Bcc, but you can also set Subject, To and a Body. When you call the function you pass the headers along to the mail() function, but that function also "asks for" a Subject, body and To.
My question then is: how does PHP handle the double intention in this? If you manually set the header to have Subject : foo, but then in the call to mail pass 'foo' along as the subject...?
I can't read C, so opening up PHP source probably won't help me here.
Thanks!
Well, no need to read C, just test it: it's a one liner :)
If you specify a subject in both places PHP does nothing special: you get an e-mail message with two subject headers. Which one gets displayed in your e-mail client is something I don't know; perhaps it's defined in e-mail protocols, perhaps it's a per-client choice.
About the "To" header, PHP sets one from the $to parameter when you don't specify a header manually; if you set one, your header prevails.
It's worth noting that the "From" and "To" headers have no effect in who sends and receives the message: they're purely informative. Mail server software requires senders and recipients to be specified implicitly; headers are not parsed for this purpose.
The question here seems to be if you specify a 'To' or a 'Subject' in the additional headers, what appears in the email produced.
If so, then the simple answer is to test it:
$add_to ='to: "added" <user#example.com>"; // substituting your email address
$param_to ='"param" <user#example.com>";
$add_subj ='subject: Subject in header';
$param_subj='Subject in param';
$add_hdr=$add_to . "\n" . $add_subj;
mail($param_to, $param_subj, "body - test", $add_hdr);
Then have a look at the message you get back.
C.
Right way - don't use Subject, To and a Body in headers. You can remove it from heders with regular expression, if you take headers as is. Other way - you can use PEAR library - http://pear.php.net/manual/en/package.mail.mail-mime.example.php
Related
I am sending an e-mail from my php code when certain events occur (i.e., someone posts a reply to a message on my message board). I used this simple code:
mail (me#aol.com, 'Someone Just Posted a Reply.', 'Check the message board, because someone just posted a reply.');
The code executes and I do receive an e-mail. The problem is that when I get the e-mail, the "from" line in the e-mail gives away my cpanel login for my GoDaddy hosting account. I cannot seem to find anything on GoDaddy's site that explains how to disguise this or change this to just reflect the name of my website rather than give away my login to all users every time I send a push notification.
You have to use the headers in the PHP's mail() function's additional_headers parameters to add more stuff, but this may possibly cause deliverability issues.
This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n). If outside data are used to compose this header, the data should be sanitized so that no unwanted headers could be injected.
With above being said, your updated code should look something like:
<?php
$headers = array(
'From' => 'webmaster#example.com', // Add your from address.
'Reply-To' => 'webmaster#example.com', // Add your reply to address.
'X-Mailer' => 'PHP/' . phpversion() // Optional stuff.
);
mail(
"me#aol.com",
"Someone Just Posted a Reply.",
"Check the message board, because someone just posted a reply.",
$headers // This way
);
Note: Make sure the above code is written in a single line. 😇
I am trying to migrate from PHP mail to SendGrid using swift mail. I am not able to understand -f email additional parameter.
mail($Email,$sub,$cont,$headers,'-f noreply#mydomain.com')
I am not sure what type of header is this. Should i send this as path_header?
I could not undersrtand the explanation of this here.
This is used to set the "envelope from" on your email; it's not actually a header. This post describes what that means.
When sending via SendGrid you won't need to specify this flag or explicitly set your "envelope from." Just set your from address and fromName and you'll be good to go.
I'm looking for a way to capture and manage email data using PHP. Basically, what I want to do is capture all the data in an email and then manipulate this data to my specification.
For example, say, I send an email containing a .zip file attachment to myemail#myproject.com, I want to be able to:
Get the attachment and place it in a specific folder on my site
Get the text content of the email
Get the subject of the email
Get the sender's info i.e. email address
Anyone know how I can get this done efficiently with PHP. I'm using LAMP by the way.
Thanks.
Start with PEAR Mail_mimeDecode. What you are looking to do is ambitious but can be done.
Basically what you will be doing is:
Instructing your MTA to deliver mail from an address to a pipe into your PHP script. Postfix and Sendmail can handle this with an alias like:
myemail: "|/path/to/your/parsingscript.php"
Parsing out the parts of the MIME email message
Locating and storing attachments after decoding them from base64 (or other encoding)
Parsing the headers.
Your PHP script will likely read the email message from STDIN and then pass the string to mimeDecode, which creates an object containing all the MIME parts.
Assuming your message was received into $str from STDIN, something like this gets you started:
$mime = Mail_mimeDecode::decode(array('include_bodies'=>TRUE, 'decode_headers'=>TRUE, 'decode_bodies'=>TRUE, 'input'=>$str));
// get the recipient To address:
$to = $mime->headers['to'];
My question is why people use headers with email sending in php. I know we can send some information to browser before it renders content. But when we show images on email body , I notice that it uses php headers. Can't we do it without headers? Because that is rendring html on a web browser.
You need to tell browser what type of content are we rendering .. e.g is it plain text , html page , pdf file etc ...
So when ever we want to have html in our email body we need to tell browser about it so that it can be properly handled
No. Sending an Email must contain a from header. It is well written in php.net
When sending mail, the mail must contain a From header. This can be set with the additional_headers parameter, or a default can be set in php.ini.
Failing to do this will result in an error message similar to Warning: mail(): "sendmail_from" not set in php.ini or custom "From:" header missing. The From header sets also Return-Path under Windows.
You can set it in php.ini if you dont want to use additional headers.
first of all this question is for personal knowledge, and not for any kind of attack :) hope you'll believe me and give me some hints.
I'm trying to reproduce an example of mail header injection I found (link-> http://www.phpsecure.info/v2/article/MailHeadersInject.en.php). Basically it uses a form to get 3 parameters (subject, message and sender mail), then these parameters are sent with POST method and used in the php mail() function to an admin's mail.
Everything works fine, each mail is sent without problem but when I try to inject some other parameters as Cc, Bcc etc the trick doesn't work: neither \r & \n nor %0A & %0D are interpreted as CL and RF. For example, if I put my#mail.com%0ACc:foo#bar.com in the "From" field, in "my#mail.com" inbox I'll find the mail, with the same "From" field as it was sent (my#mail.com%0ACc:foo#bar.com). Does php or does input tag encode (or unencode) properly the input? How can I make it work?
Hope you can understand my bad english, thanks in advance, best regards.
ps: the article I linked is dated 2005, recently I've found that a similar bug with http headers splitting using php function "header()" was fixed, so I thought that they fixed email headers injection problem too.. But I can't find anything on the web that confirms this.
______________________EDIT________________________________________
Example working, modifying header within php code:
$to = "admin#mail.com";
$sub = "this is the subject";
$msg = "this is the message";
$header = "From: foo#foo.com"."\r\n"."Cc: bar#bar.com";
$if(mail($to, $sub, $msg, $header."\n")){
echo "sent";
}else{
echo "error";
}
The email is correctly received both from foo#foo.com and bar#bar.com
Examples NOT working (this is the problem I'd like to solve with your help):
Once I send the mail with "send" button, only foo#foo.com will get the e-mail, and in the "from" detail (inside the mail) I'll find (1st case) foo#foo.comrnCc: bar#bar.com or (2nd case)foo#foo.com%0D%0ACc: bar#bar.com.
I always find i need to use both \r\n in order for the headers to be sent properly.