PHP mail function !

[niroshana35]

Hello everyone ! can you please help me with the following PHP code :

PHP Code:

function send_mail ($email_id, $to, $from, $info)
  {
    global $settings;
    $q = '' . 'select * from hl_emails where id = \'' . $email_id . '\'';
    $sth = mysql_query ($q);
    $row = mysql_fetch_array ($sth);
    if (!$row)
    {
      return null;
    }

    $text = $row['text'];
    $subject = $row['subject'];
    reset ($info);
    foreach ($info as $k => $v)
    {
      if (is_array ($v))
      {
        continue;
      }

      $v = preg_replace ('' . '/(\\$)/', '\\\\$', $v);
      $text = preg_replace ('' . '/#' . $k . '#/', '' . $v, $text);
      $subject = preg_replace ('' . '/#' . $k . '#/', '' . $v, $subject);
    }

    $text = preg_replace ('/#site_name#/', $settings['site_name'], $text);
    $subject = preg_replace ('/#site_name#/', $settings['site_name'], $subject);
    $text = preg_replace ('/#site_url#/', $settings['site_url'], $text);
    $subject = preg_replace ('/#site_url#/', $settings['site_url'], $subject);
    mail ($to, $subject, $text, '' . 'From: ' . $from . ' Reply-To: ' . $from);
}


Above function used to sent out e-mails to registered members but it didn't work on the hosted server, when I contacted hosting company they said it requires SMTP authentication to sent out emails from the server.

Can someone please tell me how to add SMTP authentication to this code to work with the PHP mail function else can it be setup on a separate file.

[TheoGB]

Do you know if it's Apache or IIS that you're hosted on? They treat the mail function separately.

You maybe need to check your From mail is correctly formatted.

[niroshana35]

Quote:

Originally Posted by TheoGB

Do you know if it's Apache or IIS that you're hosted on? They treat the mail function separately.

You maybe need to check your From mail is correctly formatted.

Thanks for replying. Yes, it's Apache server.

[TheoGB]

Is the from mail definitely the same as your server? i.e. if you're running this code on http://example.com is the email name@example.com? I have a feeling anything else will fail as an anti-spam feature. I'm guessing wildly here, though!

[niroshana35]

Quote:

Originally Posted by TheoGB

Is the from mail definitely the same as your server? i.e. if you're running this code on http://example.com is the email name@example.com? I have a feeling anything else will fail as an anti-spam feature. I'm guessing wildly here, though!

Yes the server can send out emails with no problem. This is a simple SMTP script that can be found on internet :

PHP Code:

<?php
include ("Mail.php"); // This is server side mail.php file automatically will be called by server from PEAR PAckage


$from = "Testing123@gmail.com"; // this email id shall be anyone of ur domain itself as sender of email must have to have a email ac on ur domain name this is must in SMTP way
$to = "someone@gmail.com"; // this can be any email id to which u want to send email
$subject = "Test mail";
$body = "Hello! This is a testing email message.";
$host = "mail.domain.com"; // this will be ur smtp server like mail.domain.com
$username = "admin+domain.com"; // above message from must have to be same as here too.. mean sender of email shall have smtp ac on ur domain its must and u use the same email id its too must to be more better for mails
$password = "password"; // this is email id password becz it will use email id smtp online in php itself to generate email so here u need actual email id password.


$headers = array ('From' => $from,

'To' => $to,
'Subject' => $subject);

$smtp = Mail::factory('smtp',

array ('host' => $host,

'auth' => true,
'username' => $username,
'password' => $password));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {

echo("" . $mail->getMessage() . "");}

else {

echo("Message successfully sent!");
}

?>

Using this script emails can be sent out with no problem what I don't know here is how to combine this SMTP authentication script with the above function.

[bradgrafelman]

Quote:

Originally Posted by niroshana35

I don't know here is how to combine this SMTP authentication script with the above function.

What you posted isn't an "SMTP authentication script" - it's a PHP script that uses the PEAR::Mail package to send e-mails.

The internal mail() function doesn't support SMTP authentication, so you'll have to switch to using PEAR::Mail (or another 3rd-party e-mail class) if this is a feature you require (which it sounds like you do).

[niroshana35]

Quote:

Originally Posted by bradgrafelman

What you posted isn't an "SMTP authentication script" - it's a PHP script that uses the PEAR::Mail package to send e-mails.

The internal mail() function doesn't support SMTP authentication, so you'll have to switch to using PEAR::Mail (or another 3rd-party e-mail class) if this is a feature you require (which it sounds like you do).

Hello thank you for reply. I'm a newbie to PHP and I need help from experts like you, after your explanation I understood that above code is related to "PEAR::Mail" what I try to do here is something like this :

PHP Code:

include ("Mail.php");
function send_mail ($email_id,$to, $from, $info)

  {
    global $settings;
    $q = '' . 'select * from hl_emails where id = \'' . $email_id . '\'';
    $sth = mysql_query ($q);
    $row = mysql_fetch_array ($sth);
    if (!$row)
    {
      return null;
    }

    $text = $row['text'];
    $subject = $row['subject'];
    reset ($info);
    foreach ($info as $k => $v)
    {
      if (is_array ($v))
      {
        continue;
      }

      $v = preg_replace ('' . '/(\\$)/', '\\\\$', $v);
      $text = preg_replace ('' . '/#' . $k . '#/', '' . $v, $text);
      $subject = preg_replace ('' . '/#' . $k . '#/', '' . $v, $subject);


    }

    $text = preg_replace ('/#site_name#/', $settings['site_name'], $text);
    $subject = preg_replace ('/#site_name#/', $settings['site_name'], $subject);
    $text = preg_replace ('/#site_url#/', $settings['site_url'], $text);
    $subject = preg_replace ('/#site_url#/', $settings['site_url'], $subject);

$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);

$host = "mail.domain.com"; // this will be ur smtp server like mail.domain.com
$username = "admin+domain.com"; // above message from must have to be same as here too.. mean sender of email shall have smtp ac on ur domain its must and u use the same email id its too must to be more better for mails
$password = "password"; // this is email id password becz it will use email id smtp online in php itself to generate email so here u need actual email id password.

$smtp = Mail::factory('smtp',
array ('host' => $host,
'auth' => true,
'username' => $username,
'password' => $password));

$mail = $smtp->send($to, $subject, $headers, $text, '' . 'From: ' . $from . ' Reply-To: ' . $from);
}


for $host = "mail.domain.com", $username = "admin+domain.com" ,$password = "password"; I used my server configuration, but this code didn't work. What I try to do here is combine both scripts under the "function send_mail" and sent out a email from the server. Can you please tell me what's wrong with the above code and how to make it work.

[bradgrafelman]

What does "didn't work" mean? What error messages did you receive?

[niroshana35]

Quote:

Originally Posted by bradgrafelman

What does "didn't work" mean? What error messages did you receive?

Actually there is no error massage just a blank page but it worked previously when they run as separate files.

[bradgrafelman]

Few things:

1. Why do you constantly prepend all of your strings with an empty string? E.g. why do you do this:
   
   PHP Code:

   $q = '' . 'select * from hl_emails where id = \'' . $email_id . '\'';

   instead of this:
   
   PHP Code:

   $q = 'select * from hl_emails where id = \'' . $email_id . '\'';

   ??
2. If $email_id is user-supplied data, you should be sanitizing it (e.g. with mysql_real_escape_string()) before placing it into a SQL query string. Otherwise, your code will be vulnerable to SQL injection attacks and/or just plain SQL errors.
3. There's no need to call reset() before a foreach loop.
4. What is the point of that foreach loop, by the way? You define three variables, but you're overwriting them on each iteration of the loop.
5. In this code:
   
   PHP Code:

       $text = preg_replace ('/#site_name#/', $settings['site_name'], $text);
    $subject = preg_replace ('/#site_name#/', $settings['site_name'], $subject);
    $text = preg_replace ('/#site_url#/', $settings['site_url'], $text);
    $subject = preg_replace ('/#site_url#/', $settings['site_url'], $subject);

   You aren't using regular expressions, so why use a preg_* function at all? Furthermore, you could reduce it down to two function calls since functions such as str_replace() can accept arrays as the first two parameters.
6. Your call to the Mail_smtp::send() method at the end has five parameters, though the documentation shows that it only expects three.
   
   Read the documentation to see how to use this method.
7. Note that the 'From' header should never be a user-supplied e-mail address and instead should always be a valid e-mail address on your domain. Doing otherwise will likely get you flagged as an open relay and blacklisted from many e-mail servers.

Finally, once you address the above issues, you might want to show us how you actually call/use this send_mail() function you've created. Also:

Quote:

Originally Posted by niroshana35

there is no error massage just a blank page

Did you ensure that display_errors is set to On and error_reporting is set to E_ALL ?

[niroshana35]

Quote:

Originally Posted by bradgrafelman

Few things:
[list=1][*]Why do you constantly prepend all of your strings with an empty string? E.g. why do you do this:

PHP Code:

$q = '' . 'select * from hl_emails where id = \'' . $email_id . '\'';


instead of this:

PHP Code:

$q = 'select * from hl_emails where id = \'' . $email_id . '\'';


??

Above code is a part of a file called config.inc.php it belongs to a script that send out emails to registered users (ones the user registered it stored his/her information on the mysql database, then later a site admin can check their status using the control panel and send them an approved email with their details.

Quote:

# If $email_id is user-supplied data, you should be sanitizing it (e.g. with mysql_real_escape_string()) before placing it into a SQL query string. Otherwise, your code will be vulnerable to SQL injection attacks and/or just plain SQL errors.
# There's no need to call reset() before a foreach loop.
# What is the point of that foreach loop, by the way? You define three variables, but you're overwriting them on each iteration of the loop.
# In this code:

$to, $from, $text, $subject all these details taken from the sql database.

Quote:

Your call to the Mail_smtp::send() method at the end has five parameters, though the documentation shows that it only expects three.

Both above codes worked separately so here I tried to add SMTP authentication and Pear support to the function and to replace this part of the code :

PHP Code:

mail ($to, $subject, $text, '' . 'From: ' . $from . ' Reply-To: ' . $from);


Quote:

Note that the 'From' header should never be a user-supplied e-mail address and instead should always be a valid e-mail address on your domain. Doing otherwise will likely get you flagged as an open relay and blacklisted from many e-mail servers.

This is only for testing purpose since the code is not working, when I need to send mails for the registered users I always use the default email address I have for the domain.

Quote:

Did you ensure that display_errors is set to On and error_reporting is set to E_ALL ?

Yes, error reporting is on and it displays an error every time when there is a mistake.

[bradgrafelman]

Quote:

Originally Posted by niroshana35

Above code is a part of a file called config.inc.php it belongs to a script that send out emails to registered users (ones the user registered it stored his/her information on the mysql database, then later a site admin can check their status using the control panel and send them an approved email with their details.

Okay, but none of that explains why you throw in pointless empty strings all over the place. You might as well write:

PHP Code:

$q = '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . 'select * from hl_emails where id = \'' . $email_id . '\'';


Quote:

Originally Posted by niroshana35

$to, $from, $text, $subject all these details taken from the sql database.

Then what's the point of the foreach() loop?

Quote:

Originally Posted by niroshana35

Both above codes worked separately so here I tried to add SMTP authentication and Pear support to the function

Er... you can't "add Pear support" to a function - that doesn't make any sense. PEAR is a repository of PHP classes you can install and use in your scripts.

The Mail_smtp::send() method has no relation to the internal mail() function. Again, read the documentation to see how that method is supposed to be called.