Subversion Repositories php_guestbook

<?php

/*

 * Secure Mailer PHP Class

 * Copyright 2009-2013 Daniel Marschall, ViaThinkSoft

 * QB_SECURE_MAIL_PARAM (C) Erich Kachel

 * Version 2013-04-14

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

// TODO: getHeaders() als single string , attachments , remove headers etc, headers als array in/out, Braucht man auch ein addRawHeader()?

class SecureMailer {

        private $headers = '';

        // TODO: sollte eher private sein, geht aber net

        const endl = "\n"; // GMX will kein CRLF! wtf?! (Unter Postfix in Linux)

        private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) {

                // Verhindert Mail-Header-Injections

                // Quelle: http://www.erich-kachel.de/?p=26

                /* replace until done */

                while (!isset($filtered) || ($param_ != $filtered)) {

                        if (isset($filtered)) {

                        $param_ = $filtered;

                }

                        $filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_);

                }

                unset($filtered);

                if ($level_ >= 2) {

                        /* replace until done */

                        while (!isset($filtered) || ($param_ != $filtered)) {

                                if (isset($filtered)) {

                                        $param_ = $filtered;

                                }

                                $filtered = preg_replace("/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_);

                        }

                }

                return $param_;

        }

        private function getHeaders() {

                return $this->headers;

        }

        private static function mail_base64_encode($text) {

                // Why 72? Seen here: http://linux.dsplabs.com.au/munpack-mime-base64-multi-part-attachment-php-perl-decode-email-pdf-p82/

                return wordwrap(base64_encode($text), 72, self::endl, true);

        }

        private function headerLine($name, $value) {

                // Change 2011-02-09

                // LF is OK! CRLF does lead to CR+CRLF on some systems!

                // http://bugs.php.net/bug.php?id=15841

                // The mail() function is not talking to an SMTP server, so RFC2822 does not apply here. mail() is talking to a command line program on the local system, and it is reasonable to expect that program to require system-native line breaks.

                return $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."\n";

        }

        public function addHeader($name, $value) {

                $this->headers .= $this->headerLine($name, $value);

        }

        public static function utf8Subject($subject) {

                return '=?UTF-8?B?'.base64_encode(utf8_encode($subject)).'?=';

        }

        private function _sendMail($recipient, $subject, $message, $add_headers='') {

                return @mail(

                        $this->QB_SECURE_MAIL_PARAM($recipient),

                        $this->QB_SECURE_MAIL_PARAM($subject),

                        $this->QB_SECURE_MAIL_PARAM($message, 1),

                        $this->getHeaders().$add_headers

                );

        }

        public function sendMail($recipient, $subject, $message) {

                return $this->_sendMail($recipient, $subject, $message, '');

        }

        // TODO: plain aus html berechnen als optional?

        public function sendMailHTMLandPlainMultipart($to, $subject, $msg_html, $msg_plain) {

                $boundary = uniqid('np');

                $msg_html  = $this->QB_SECURE_MAIL_PARAM($msg_html,  1);

                $msg_plain = $this->QB_SECURE_MAIL_PARAM($msg_plain, 1);

                $add_headers  = $this->headerLine('MIME-Version', '1.0');

                $add_headers .= $this->headerLine('Content-Type', 'multipart/alternative; boundary="'.$boundary.'"');

                $message  = "This is a MIME encoded message.";

                $message .= self::endl;

                $message .= self::endl;

                $message .= "--" . $boundary . self::endl;

                $message .= "Content-type: text/plain; charset=utf-8".self::endl;

                $message .= "Content-Transfer-Encoding: base64".self::endl;

                $message .= self::endl;

                $message .= $this->mail_base64_encode($msg_plain); // better than wordwrap&quoted-printable because of long lines (e.g. links)

                $message .= self::endl;

                $message .= self::endl;

                $message .= "--" . $boundary . self::endl;

                $message .= "Content-type: text/html; charset=utf-8".self::endl;

                $message .= "Content-Transfer-Encoding: base64".self::endl;

                $message .= self::endl;

                $message .= $this->mail_base64_encode($msg_html);

                $message .= self::endl;

                $message .= self::endl."--" . $boundary . "--";

                return @mail(

                        $this->QB_SECURE_MAIL_PARAM($to),

                        $this->QB_SECURE_MAIL_PARAM($subject),

                        $message,

                        $this->getHeaders().$add_headers

                );

        }

}