Sends MIME emails from your site. Allows for Raw text and HTML versions of same message and attachment at the same time. Performs simple validation on email addresses as well as ensuring HTML does not contain any "nasties". Listing includes simple HTML interface to drive code. Tested on Unix/ PHP4 only.

By : mgscox

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<?php

function multitypemail($message,$ishtml,$subject,$toname,$toemail,$fromname,$fromemail,$attachmentloc,$attfilename,$cc,$ccname,$bcc,$bccname) {
//$message - text or html message to be sent
//$ishtml - flag set to true if $message is HTML, otherwise set to false
//$subject - subject line of email
//$toname - name of person receiving email (use only if sending to a single person)
//$toemail - email address of recipient (separate multiple addresses by a comma, use ! as first character to send to each receipient separately
//$fromname - name of person sending email
//$fromemail - email address of sender
//$attachmentloc - path and filename of attachment (on the server), or empty string for no attachment
//$attfilename - filename and extension only
//$cc - email address of person to courtesy copy (or empty string)
//$cc - name of person to courtesy copy (or empty string)
//$bcc - email address of person to blind courtesy copy (or empty string)
//$bcc - address of person to blind courtesy copy (or empty string)
$returnval=0; // returns integer, zero for success (okay, its a bit naff but at least it says something!)

global $HTTP_HOST; // name of host used for a base-reference, e.g. www.myhost.com

/* ************************** */
/* Begin local procedures */
/* ************************** */
//strip out all non-safe HTML directives and any PHP & ASP directives
function safeHTML($str)
{
$approvedtags = array(
"p"=>2, // 2 means accept all qualifiers: <foo bar>
"b"=>1, // 1 means accept the tag only: <foo>
"i"=>1, // note, recommend not allowing <img> as these can be used to call cgi-perl routines
"a"=>2,
"em"=>1,
"br"=>1,
"strong"=>1,
"blockquote"=>1,
"tt"=>1,
"hr"=>1,
"li"=>1,
"ol"=>1,
"ul"=>1
);

$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>","<\\1>",$str);
$str = eregi_replace("<a([^>]*)href=\"?([^\"]*)\"?([^>]*)>",
"<a href=\"\\2\">", $str);
$tmp = "";
while (eregi("<([^> ]*)([^>]*)>",$str,$reg))
{
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/")
$tag = strtolower(substr($reg[1],1));
else
$tag = strtolower($reg[1]);
if ($a = $approvedtags[$tag])
if ($reg[1][0] == "/")
$tag = "</$tag>";
elseif ($a == 1)
$tag = "<$tag>";
else
$tag = "<$tag " . $reg[2] . ">";
else
$tag = "";
$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}
$str = $tmp . $str;

// Squash PHP tags unconditionally
$str = ereg_replace("<\?php","",$str);
$str = ereg_replace("<\?","",$str);

// Squash ASP tags unconditionally
$str = ereg_replace("<%","",$str);

return $str;
} // end safeHTML

// check if email address is valid
function validate_email($val)
{
if($val != "") {
$pattern = "/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/";
if(preg_match($pattern, $val))
return true;
else
return false;
}
else
return false;
}


/* ************************** */
/* End local procedures */
/* ************************** */


if ($ishtml) {
$txtmessage="This is a multi-part HTML-based message. Please use an HTML compliant email client.";
$message=safeHTML($message);
}
else {
// if its raw text, create a simple HTML version of it for HTML compatible email clients
$txtmessage=$message; // save rawtext version
//next line translates text into HTML using the PHP built-in function 'htmlentities'
$message="<HTML><HEAD><TITLE>MultiMail Message</TITLE></HEAD><BODY>".htmlentities($message,ENT_QUOTES)."</BODY></HTML>";
$message=nl2br($message); //turn all hard coded newlines into HTML breaks
}

// If "to" list is prefixed with a pling then each recipient will be email'd separately so they cannot see other addresses
if ($to[0]=="!") {
$sendsep=1;
$to=substr($to,1); }

// build message headers
// note use of \r\n (not just \n) in headers as this will work on all emailers
$headers .= "From: $fromname <"."$fromemail".">\r\n";

if(!$sendsep && $cc) { $headers .= "Cc: $ccname <$cc>\r\n"; }
if(!$sendsep && $bcc) { $headers .= "Bcc: $bccname <$bcc>\r\n"; }

// create a MIME boundary strings
$mime_boundary = "=====MULTIMAIL." . md5(uniqid(time())) . "=====";
$related_boundary = "=====MULTIMAIL." . md5(uniqid(time())) . "=====";
$alternative_boundary = "=====MULTIMAIL." . md5(uniqid(time())) . "=====";

// add MIME data to the message headers
$headers .= "MIME-Version:1.0\r\n";
$headers .= "Content-Type: multipart/mixed; \r\n\tboundary=\"$mime_boundary\";\r\n\r\n".
"Content-Transfer-Encoding: 7bit\r\n".
"This is a MIME-standard E-mail. If you are reading this, consider upgrading your e-mail client to a MIME-compatible client.";

// start building a MIME message
// first part is always the message body
// encode an alternative section for raw text & HTML
$email_message = "--" . $mime_boundary . "\r\n".
"Content-Type: multipart/related;\r\n\tboundary=\"$related_boundary\"\r\n\r\n".
"--".$related_boundary."\r\n".
"Content-Type: multipart/alternative;\r\n\tboundary=\"$alternative_boundary\"\r\n\r\n".

// add raw text alternative as 7-bit text
$email_message .= "--" . $alternative_boundary . "\r\n".
"Content-Type: text/plain;\r\n\tcharset=\"us-ascii\"\r\n".
"Content-Transfer-Encoding: 7bit\r\n\r\n".
"$txtmessage\r\n\r\n";

// add HTML alternative part of message
$email_message .= "--" . $alternative_boundary . "\r\n".
"Content-Type:text/html;\r\n\tcharset=\"iso-8859-1\"\r\n" .
"Content-Base: $HTTP_HOST\r\n" .
"Content-Transfer-Encoding: 7bit\r\n\r\n" .
$message . "\n\n";
$email_message .= "--" . $alternative_boundary . "--\r\n";

if ($attachmentloc!='' && filesize("$attachmentloc")>0) {
$file = fopen("$attachmentloc",'rb');
$data = fread($file,filesize("$attachmentloc"));
fclose($file);
$data = chunk_split(base64_encode($data)); // note same as transfer coding in line below

// add the MIME data
$email_message .= "--" . $related_boundary . "\r\n".
"Content-Type: application/octet-stream;\r\n\tname=\"$attfilename\"\r\n".
"Content-Transfer-Encoding: base64\r\n".
"Content-Disposition: attachment; \r\n\tfilename=\"$attfilename\"\r\n\r\n".
$data . "\r\n".
"\r\n--$related_boundary--\r\n";
}
$email_message .= "--" . $mime_boundary . "--\r\n";

if (!validate_email($from_email)) $returnval=1;
$formattedto = "$toname <".$toemail.">";

// send out the message
if ($sendsep) {
$allto = split(",", $to);
for($x=0; $x<sizeof($allto); $x++) {
if($allto[$x] == "") continue;
if (!validate_email($allto[$x])) $returnval=2;
$ok = mail($allto[$x], $subject, $email_message, $headers);
}
}
else {
if (!validate_email($toemail)) $returnval=2;
$ok = mail($formattedto, $subject, $email_message, $headers);
}

if(!$ok)
$returnval=3;

return $returnval;
}
// end function multitypemail
?>

<!-- Here is some very simple HTML just to drive the interface to the multi-mailer -->
<head>
<title>Multi-emailer</title>
</head>
<body>
<?php
if (!$sent) // note, assumes PHP setup so that all form variables passed as global variables (normal setup)
print "<h1>Please enter the following info</h1><div class='font-family:verdana' align=center>".
"<form method=post name=mailform action=$PHP_SELF ENCTYPE='multipart/form-data'>". // note ENCTYPE - without this browser won't upload file to server just pass its name
"<table cellpadding=0 cellspacing=0 border=0><tbody>".
"<tr><td>To addr</td><td><input name=to_addr></td></tr>".
"<tr><td>To name</td><td><input name=to_name></td></tr>".
"<tr><td>From addr</td><td><input name=from_addr></td></tr>".
"<tr><td>From name</td><td><input name=from_name></td></tr>".
"<tr><td>Subject</td><td><input name=subject></td></tr>".
"<tr><td>Message is in HTML? (select for yes)</td><td><input type=checkbox name=htmlformat></td></tr>".
"<tr><td>Message</td><td><textarea name=msg></textarea></td></tr>".
"<tr><td>Attach file</td><td><input type=file name=attach></td></tr>".
"<tr><td>Send you a courtesy copy?</td><td><input type=checkbox name=cc_me></td></tr>".
"<tr><td>Send you a blind courtesy copy?</td><td><input type=checkbox name=bcc_me></td></tr>".
"</tbody></table>".
"<input type=hidden name=sent value=1>".
"<input type=hidden name=localfilename>".
"<input type=button value='Send email' onclick='document.mailform.localfilename.value=document.mailform.attach.value;document.mailform.submit();return true'>".
"</form></div>";
else {
if ($cc_me=='on') {$cc=$from_addr; $cc_name=$from_name;}
elseif ($bcc_me=='on') {$bcc=$from_addr; $bcc_name=$from_name;}
if ($htmlformat=='on') $htmlon=1;
else $htmlon=0;
$i=strrpos($localfilename,"\\");
if (!$i) $i=strrpos($localfilename,"/");
$attfilename=substr($localfilename,($i+1));

if (strrpos($attach,"\\\\")||strrpos($attach,"\/\/"))$attach=stripslashes($attach); // stip out extra slashes if web client added them
$result=multitypemail($msg,$htmlon,$subject,$to_name,$to_addr,$from_name,$from_addr,$attach,$attfilename,$cc,$cc_name,$bcc,$bcc_name);

if ($result==1) print "I'm sorry, but the address '$to_addr' is not valid.";
elseif ($result==2) print "I'm sorry, but the address '$from_addr' is not valid.";
elseif ($result==3) print "I'm sorry, but the email was not sent.";
else print "Email sent successfully.<br>";
print "<br><br>Please click <a href=$PHP_SELF?sent=0>here</a> to send another message.";
}
?>
</body>
</html>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Email Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

Build Forge Express demo: Enabling software delivery excellence for small and midsized businesses This demonstration gives you an overview of IBM® Rational® Build Forge Express Edition, a global offering that provides a framework to automate and execute software processes. Rational Build Forge provides a software assembly line that can support all of your tools, technologies, and platforms so you can achieve a repeatable, reliable, and traceable build and release process. FREE! Go There Now!

NEW! Accelerating Software Innovation on i on Power Systems Attend this launch webcast with Scott Hebner, Vice President of IBM Rational Marketing and Strategy, for an overview of Rational’s new software offerings and resources to help modernize and accelerate software innovation on i on Power Systems – while ensuring past application investments are protected and continue to grow. Learn how these solutions are helping customers extend their core i5/OS solutions toward modern architectures such as SOA and web technologies to deliver business improvements that stand the test of time. FREE! Go There Now!

NEW! Addressing software-as-a-service challenges using Tivoli security and WebSphere solutions Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base. FREE! Go There Now!

NEW! Download IBM WebSphere Portal V6.1 beta code Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!

NEW! IBM Rational ClearCase Innovator's Series Learn from the best! Find out how developers use Rational ClearCase to be more flexible, innovative and deliver higher quality code in the Rational ClearCase Power Users eKit. This complimentary eKit provides a collection of materials, like articles, whitepapers, and demos that can help you become a power user of Rational ClearCase. FREE! Go There Now!

NEW! Innovate don't duplicate! Asset reuse strategies for success Asset Reuse is a key strategy for companies looking to create innovative solutions to solve complex software development problems. Searching for, identifying, updating, using and deploying software assets can be a difficult challenge. Listen to this webcast, to learn about strategies and tools that you can leverage for a successful project, including Rational Asset Manager, Rational Software Architect and WebSphere Service Registry and Repository. FREE! Go There Now!

NEW! Rational Talks to You: Grady Booch on Architecture Join this Rational Talks to You teleconference on November 29 at 1:00 pm ET to participate in an interactive discusssion with Grady Booch around architecture and reuse. Get your questions answered! FREE! Go There Now!

NEW! Webcast: Application security testing and Web compliance Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development. FREE! Go There Now!

NEW! Webcast: Introducing the new Information Server and Solutions community: LeverageInformation User communities play an important role in communication and collaboration around products, solutions and other areas of special interest to members. Successful communities are able to provide the right mix of content and services to deliver a value proposition that resonates with each audience. Join Tom Inman, VP of Marketing for Information and Platform Solutions as he introduces the new LeverageINFORMATION community. During this webcast, learn about the value provided by the community and how customers and partners derive value from the community in addressing their own technical and business challenges. FREE! Go There Now!

NEW! Webcast: What is new in Viper 2 for developers? Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications. FREE! Go There Now!

All FREE IBM® developerWorks Tools!