Developer's Manual: Cookbook: E-mails

Table of Contents

Developer's Manual

Counters and statistics Index Check form data

E-mails

Version information: The functions send_mail and form_mail, and the class form_mailer were renamed to sendMail, formMail and formMailer in version 2.8 to comply with the naming convention of the framework. Since version 2.8 the function sendMail is a static function of class mailer. Since version 2.8 the function formMail is a static function of class mailer.

General introduction on sending mails

The framework offers the function Mailer::mail() to send mail. This function implements a series of security measures, for protection against various types of header-injection attacks.

The function "Mailer::mail" is a variant of the native PHP function "mail", that has been secured against misuse and "header-injection" attacks. Unlike "mail", all input data is checked and header information is checked and restricted.

It returns "true", when the mail was sent and "false" otherwise. However, the value "true" does not mean the mail successfully arrived at its destination. It just means that the input was syntactically correct.

The function adds to the header of the mail the additional entries "x-yana-php-header-protection" and "x-yana-php-spam-protection".

"x-yana-php-header-protection" has a value of 0 if the header data was inconspicuous, otherwise 1
"x-yana-php-spam-protection" has a value of 0 if the header did not include a bcc field, or 1 otherwise

If you receive an e-mail, which was sent through YANA, see the headers of the e-mail to check whether the framework discovered irregularities in the text of the message.

 bool Mailer::mail(string
$recipient, string $subject, string $text [, array $header ] ) 

For security reasons, the following restrictions apply.

Recipient: $recipient
The parameter must be a valid email address, as described with this regular expression (Perl syntax)
/^[äöüß\w\d-_\.]{1,}\@[äöüß\w\d-_\.]{2,}\.[\w\d-_\.]{2,}$/i
Subject: $subject
All special characters except "()äÄüÜöÖß[]", all tags and all line breaks are removed without notice. If the subject has more than 128 characters it is truncated.
Message text: ($text)
All '@'-symbols are replaced by "[at]". Text messages are wrapped at 70 characters. For HTML messages some potentially dangerous tags are removed (blacklist approach).
Header: $header
This parameter is an associative data field. It may contain any X-header entries, as well as some noncritical header information (whitelist approach).

The list of accepted parameters for $header:

Parameter	Type	Default	Description
from	mail	n/a	valid mail address
return-path	mail	n/a	valid mail address
cc	mixed	n/a	Either a valid mail address or a numeric data field with multiple valid mail addresses. A copy will be send to all these addresses. Unlike "bcc" the list of recipients is visible to all recipients.
content-type	string	text/plain; charset="8859-1"	Determines the MIME type of the message. Only MIME-type and charset are valid here. Other values are ignored.
mime-version	float	1.0	Must be in accordance with the following regular expression (in Perl syntax): /^\d\.\d$/
content-transfer-encoding	string	n/a	Must be in accordance with the following regular expression (in Perl syntax): /^\d{,2}bit$/i

Valid values for the parameter $header of the function Mailer::mail()

The use of "BCC" is not permitted for security reasons.

How do I send a text as mail?

<?php 
$recipient = "myMail@domain.tld";
$subject = "Notice";

$mailer = new Mailer("skins/mytheme/example.mail");
$mailer->subject = $subject;
$mailer->sender  = $ARGS["mail"];
$mailer->insert("NAME", $ARGS["name"]);
$mailer->insert("NACHRICHT", $ARGS["message"]);
$mailer->insert("IP", $_SERVER["REMOTE_ADDR"]);
$test = $mailer->send($recipient);

if ($test === true) {
    print "Success";
} else if ($test === false) {
    print "Error";
}
?>

How do I send an e-mail based on a template?

The template "example.mail" could be as follows:

Hello [%$NAME%]!

Someone has left you a message, it reads:

[%$MESSAGE%]

Sender's IP: [%$IP%]

This is the source code to send the mail:

<?php 
$recipient = "myMail@domain.tld";
$subject = "Notice";

$mailer = new Mailer("skins/mytheme/example.mail");
$mailer->subject = $subject;
$mailer->sender  = $ARGS["mail"];
$mailer->insert("NAME", $ARGS["name"]);
$mailer->insert("NACHRICHT", $ARGS["message"]);
$mailer->insert("IP", $_SERVER["REMOTE_ADDR"]);
$test = $mailer->send($recipient);

if ($test === true) {
    print "Success";
} else if ($test === false) {
    print "Error";
}
?>

A mail could be sent as follows:

Hello Thomas!

Someone has left you a message, it reads:

Hello World

Sender's IP: 127.0.0.1

Note: before sending the e-mail, the function $mailer->send() checks all input data automatically for attempts to inject header data and cleans all input where necessary. However, it does no harm to also check the input in your own script before calling the function.

How do I send form data as a mail?

This is the source code for sending the mail:

<?php 
$formMailer = new FormMailer();
// Subject
$formMailer->subject = "Notice";
// header and footer
$formMailer->headline = "Contents of contact form:\n\n"
$formMailer->footline = "\n\nYANA form mailer at ".$_SERVER['SERVER_NAME'];
// Form contents
$formMailer->content = $_POST;

$test = $formMailer->send("myMail@domain.tld");

if ($test === true) {
    print "Success";
} else if ($test === false) {
    print "Error";
}
?>

A mail could be sent as follows:

Contents of contact form:

==========================================
Notice
==========================================

    name:      Walter
    age:      35
    subject:   Registration
    urgent: [x]
    message: Please send password!

==========================================
Date: 11.08.2006 10:06:41
IP: 127.0.0.1

YANA form mailer at foo.server.tld

Counters and statistics Index Check form data

Author: Thomas Meyer, www.yanaframework.net