* @author Jim Jagielski (jimjag) * @author Andy Prevost (codeworxtech) * @copyright 2013 Marcus Bointon * @copyright 2004 - 2008 Andy Prevost * @copyright 2010 - 2012 Jim Jagielski * @license http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL) */ /** * PHPMailer RFC821 SMTP email transport class. * * Implements RFC 821 SMTP commands * and provides some utility methods for sending mail to an SMTP server. * * PHP Version 5.0.0 * * @category PHP * @package PHPMailer * @link https://github.com/PHPMailer/PHPMailer/blob/master/class.smtp.php * @author Chris Ryan * @author Marcus Bointon * @license http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL) */ class SMTP { /** * The PHPMailer SMTP Version number. */ const VERSION = '5.2.7'; /** * SMTP line break constant. */ const CRLF = "\r\n"; /** * The SMTP port to use if one is not specified. */ const DEFAULT_SMTP_PORT = 25; /** * The PHPMailer SMTP Version number. * @type string * @deprecated This should be a constant * @see SMTP::VERSION */ public $Version = '5.2.7'; /** * SMTP server port number. * @type int * @deprecated This is only ever ued as default value, so should be a constant * @see SMTP::DEFAULT_SMTP_PORT */ public $SMTP_PORT = 25; /** * SMTP reply line ending * @type string * @deprecated Use the class constant instead * @see SMTP::CRLF */ public $CRLF = "\r\n"; /** * Debug output level. * Options: 0 for no output, 1 for commands, 2 for data and commands * @type int */ public $do_debug = 0; /** * The function/method to use for debugging output. * Options: 'echo', 'html' or 'error_log' * @type string */ public $Debugoutput = 'echo'; /** * Whether to use VERP. * @type bool */ public $do_verp = false; /** * The SMTP timeout value for reads, in seconds. * @type int */ public $Timeout = 15; /** * The SMTP timelimit value for reads, in seconds. * @type int */ public $Timelimit = 30; /** * The socket for the server connection. * @type resource */ protected $smtp_conn; /** * Error message, if any, for the last call. * @type string */ protected $error = ''; /** * The reply the server sent to us for HELO. * @type string */ protected $helo_rply = ''; /** * The most recent reply received from the server. * @type string */ protected $last_reply = ''; /** * Constructor. * @access public */ public function __construct() { $this->smtp_conn = 0; $this->error = null; $this->helo_rply = null; $this->do_debug = 0; } /** * Output debugging info via a user-selected method. * @param string $str Debug string to output * @return void */ protected function edebug($str) { switch ($this->Debugoutput) { case 'error_log': //Don't output, just log error_log($str); break; case 'html': //Cleans up output a bit for a better looking, HTML-safe output echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . "
\n"; break; case 'echo': default: //Just echoes whatever was received echo $str; } } /** * Connect to an SMTP server. * @param string $host SMTP server IP or host name * @param int $port The port number to connect to * @param int $timeout How long to wait for the connection to open * @param array $options An array of options for stream_context_create() * @access public * @return bool */ public function connect($host, $port = null, $timeout = 30, $options = array()) { // Clear errors to avoid confusion $this->error = null; // Make sure we are __not__ connected if ($this->connected()) { // Already connected, generate error $this->error = array('error' => 'Already connected to a server'); return false; } if (empty($port)) { $port = self::DEFAULT_SMTP_PORT; } // Connect to the SMTP server $errno = 0; $errstr = ''; $socket_context = stream_context_create($options); //Suppress errors; connection failures are handled at a higher level $this->smtp_conn = @stream_socket_client( $host . ":" . $port, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, $socket_context ); // Verify we connected properly if (empty($this->smtp_conn)) { $this->error = array( 'error' => 'Failed to connect to server', 'errno' => $errno, 'errstr' => $errstr ); if ($this->do_debug >= 1) { $this->edebug( 'SMTP -> ERROR: ' . $this->error['error'] . ": $errstr ($errno)" ); } return false; } // SMTP server can take longer to respond, give longer timeout for first read // Windows does not have support for this timeout function if (substr(PHP_OS, 0, 3) != 'WIN') { $max = ini_get('max_execution_time'); if ($max != 0 && $timeout > $max) { // Don't bother if unlimited @set_time_limit($timeout); } stream_set_timeout($this->smtp_conn, $timeout, 0); } // Get any announcement $announce = $this->get_lines(); if ($this->do_debug >= 2) { $this->edebug('SMTP -> FROM SERVER:' . $announce); } return true; } /** * Initiate a TLS (encrypted) session. * @access public * @return bool */ public function startTLS() { if (!$this->sendCommand("STARTTLS", "STARTTLS", 220)) { return false; } // Begin encrypted connection if (!stream_socket_enable_crypto( $this->smtp_conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT ) ) { return false; } return true; } /** * Perform SMTP authentication. * Must be run after hello(). * @see hello() * @param string $username The user name * @param string $password The password * @param string $authtype The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5) * @param string $realm The auth realm for NTLM * @param string $workstation The auth workstation for NTLM * @access public * @return bool True if successfully authenticated. */ public function authenticate( $username, $password, $authtype = 'LOGIN', $realm = '', $workstation = '' ) { if (empty($authtype)) { $authtype = 'LOGIN'; } switch ($authtype) { case 'PLAIN': // Start authentication if (!$this->sendCommand('AUTH', 'AUTH PLAIN', 334)) { return false; } // Send encoded username and password if (!$this->sendCommand( 'User & Password', base64_encode("\0" . $username . "\0" . $password), 235 ) ) { return false; } break; case 'LOGIN': // Start authentication if (!$this->sendCommand('AUTH', 'AUTH LOGIN', 334)) { return false; } if (!$this->sendCommand("Username", base64_encode($username), 334)) { return false; } if (!$this->sendCommand("Password", base64_encode($password), 235)) { return false; } break; case 'NTLM': /* * ntlm_sasl_client.php * Bundled with Permission * * How to telnet in windows: * http://technet.microsoft.com/en-us/library/aa995718%28EXCHG.65%29.aspx * PROTOCOL Docs http://curl.haxx.se/rfc/ntlm.html#ntlmSmtpAuthentication */ require_once 'extras/ntlm_sasl_client.php'; $temp = new stdClass(); $ntlm_client = new ntlm_sasl_client_class; //Check that functions are available if (!$ntlm_client->Initialize($temp)) { $this->error = array('error' => $temp->error); if ($this->do_debug >= 1) { $this->edebug( 'You need to enable some modules in your php.ini file: ' . $this->error['error'] ); } return false; } //msg1 $msg1 = $ntlm_client->TypeMsg1($realm, $workstation); //msg1 if (!$this->sendCommand( 'AUTH NTLM', 'AUTH NTLM ' . base64_encode($msg1), 334 ) ) { return false; } //Though 0 based, there is a white space after the 3 digit number //msg2 $challenge = substr($this->last_reply, 3); $challenge = base64_decode($challenge); $ntlm_res = $ntlm_client->NTLMResponse( substr($challenge, 24, 8), $password ); //msg3 $msg3 = $ntlm_client->TypeMsg3( $ntlm_res, $username, $realm, $workstation ); // send encoded username return $this->sendCommand('Username', base64_encode($msg3), 235); break; case 'CRAM-MD5': // Start authentication if (!$this->sendCommand('AUTH CRAM-MD5', 'AUTH CRAM-MD5', 334)) { return false; } // Get the challenge $challenge = base64_decode(substr($this->last_reply, 4)); // Build the response $response = $username . ' ' . $this->hmac($challenge, $password); // send encoded credentials return $this->sendCommand('Username', base64_encode($response), 235); break; } return true; } /** * Calculate an MD5 HMAC hash. * Works like hash_hmac('md5', $data, $key) * in case that function is not available * @param string $data The data to hash * @param string $key The key to hash with * @access protected * @return string */ protected function hmac($data, $key) { if (function_exists('hash_hmac')) { return hash_hmac('md5', $data, $key); } // The following borrowed from // http://php.net/manual/en/function.mhash.php#27225 // RFC 2104 HMAC implementation for php. // Creates an md5 HMAC. // Eliminates the need to install mhash to compute a HMAC // Hacked by Lance Rushing $b = 64; // byte length for md5 if (strlen($key) > $b) { $key = pack('H*', md5($key)); } $key = str_pad($key, $b, chr(0x00)); $ipad = str_pad('', $b, chr(0x36)); $opad = str_pad('', $b, chr(0x5c)); $k_ipad = $key ^ $ipad; $k_opad = $key ^ $opad; return md5($k_opad . pack('H*', md5($k_ipad . $data))); } /** * Check connection state. * @access public * @return bool True if connected. */ public function connected() { if (!empty($this->smtp_conn)) { $sock_status = stream_get_meta_data($this->smtp_conn); if ($sock_status['eof']) { // the socket is valid but we are not connected if ($this->do_debug >= 1) { $this->edebug( 'SMTP -> NOTICE: EOF caught while checking if connected' ); } $this->close(); return false; } return true; // everything looks good } return false; } /** * Close the socket and clean up the state of the class. * Don't use this function without first trying to use QUIT. * @see quit() * @access public * @return void */ public function close() { $this->error = null; // so there is no confusion $this->helo_rply = null; if (!empty($this->smtp_conn)) { // close the connection and cleanup fclose($this->smtp_conn); $this->smtp_conn = 0; } } /** * Send an SMTP DATA command. * Issues a data command and sends the msg_data to the server, * finializing the mail transaction. $msg_data is the message * that is to be send with the headers. Each header needs to be * on a single line followed by a with the message headers * and the message body being separated by and additional . * Implements rfc 821: DATA * @param string $msg_data Message data to send * @access public * @return bool */ public function data($msg_data) { if (!$this->sendCommand('DATA', 'DATA', 354)) { return false; } /* The server is ready to accept data! * according to rfc821 we should not send more than 1000 * including the CRLF * characters on a single line so we will break the data up * into lines by \r and/or \n then if needed we will break * each of those into smaller lines to fit within the limit. * in addition we will be looking for lines that start with * a period '.' and append and additional period '.' to that * line. NOTE: this does not count towards limit. */ // Normalize the line breaks before exploding $msg_data = str_replace("\r\n", "\n", $msg_data); $msg_data = str_replace("\r", "\n", $msg_data); $lines = explode("\n", $msg_data); /* We need to find a good way to determine if headers are * in the msg_data or if it is a straight msg body * currently I am assuming rfc822 definitions of msg headers * and if the first field of the first line (':' separated) * does not contain a space then it _should_ be a header * and we can process all lines before a blank "" line as * headers. */ $field = substr($lines[0], 0, strpos($lines[0], ':')); $in_headers = false; if (!empty($field) && !strstr($field, ' ')) { $in_headers = true; } //RFC 2822 section 2.1.1 limit $max_line_length = 998; foreach ($lines as $line) { $lines_out = null; if ($line == '' && $in_headers) { $in_headers = false; } // ok we need to break this line up into several smaller lines while (strlen($line) > $max_line_length) { $pos = strrpos(substr($line, 0, $max_line_length), ' '); // Patch to fix DOS attack if (!$pos) { $pos = $max_line_length - 1; $lines_out[] = substr($line, 0, $pos); $line = substr($line, $pos); } else { $lines_out[] = substr($line, 0, $pos); $line = substr($line, $pos + 1); } /* If processing headers add a LWSP-char to the front of new line * rfc822 on long msg headers */ if ($in_headers) { $line = "\t" . $line; } } $lines_out[] = $line; // send the lines to the server while (list(, $line_out) = @each($lines_out)) { if (strlen($line_out) > 0) { if (substr($line_out, 0, 1) == '.') { $line_out = '.' . $line_out; } } $this->client_send($line_out . self::CRLF); } } // Message data has been sent, complete the command return $this->sendCommand('DATA END', '.', 250); } /** * Send an SMTP HELO or EHLO command. * Used to identify the sending server to the receiving server. * This makes sure that client and server are in a known state. * Implements from RFC 821: HELO * and RFC 2821 EHLO. * @param string $host The host name or IP to connect to * @access public * @return bool */ public function hello($host = '') { // Try extended hello first (RFC 2821) if (!$this->sendHello('EHLO', $host)) { if (!$this->sendHello('HELO', $host)) { return false; } } return true; } /** * Send an SMTP HELO or EHLO command. * Low-level implementation used by hello() * @see hello() * @param string $hello The HELO string * @param string $host The hostname to say we are * @access protected * @return bool */ protected function sendHello($hello, $host) { $noerror = $this->sendCommand($hello, $hello . ' ' . $host, 250); $this->helo_rply = $this->last_reply; return $noerror; } /** * Send an SMTP MAIL command. * Starts a mail transaction from the email address specified in * $from. Returns true if successful or false otherwise. If True * the mail transaction is started and then one or more recipient * commands may be called followed by a data command. * Implements rfc 821: MAIL FROM: * @param string $from Source address of this message * @access public * @return bool */ public function mail($from) { $useVerp = ($this->do_verp ? ' XVERP' : ''); return $this->sendCommand( 'MAIL FROM', 'MAIL FROM:<' . $from . '>' . $useVerp, 250 ); } /** * Send an SMTP QUIT command. * Closes the socket if there is no error or the $close_on_error argument is true. * Implements from rfc 821: QUIT * @param bool $close_on_error Should the connection close if an error occurs? * @access public * @return bool */ public function quit($close_on_error = true) { $noerror = $this->sendCommand('QUIT', 'QUIT', 221); $e = $this->error; //Save any error if ($noerror or $close_on_error) { $this->close(); $this->error = $e; //Restore any error from the quit command } return $noerror; } /** * Send an SMTP RCPT command. * Sets the TO argument to $to. * Returns true if the recipient was accepted false if it was rejected. * Implements from rfc 821: RCPT TO: * @param string $to The address the message is being sent to * @access public * @return bool */ public function recipient($to) { return $this->sendCommand( 'RCPT TO ', 'RCPT TO:<' . $to . '>', array(250, 251) ); } /** * Send an SMTP RSET command. * Abort any transaction that is currently in progress. * Implements rfc 821: RSET * @access public * @return bool True on success. */ public function reset() { return $this->sendCommand('RSET', 'RSET', 250); } /** * Send a command to an SMTP server and check its return code. * @param string $command The command name - not sent to the server * @param string $commandstring The actual command to send * @param int|array $expect One or more expected integer success codes * @access protected * @return bool True on success. */ protected function sendCommand($command, $commandstring, $expect) { if (!$this->connected()) { $this->error = array( "error" => "Called $command without being connected" ); return false; } $this->client_send($commandstring . self::CRLF); $reply = $this->get_lines(); $code = substr($reply, 0, 3); if ($this->do_debug >= 2) { $this->edebug('SMTP -> FROM SERVER:' . $reply); } if (!in_array($code, (array)$expect)) { $this->last_reply = null; $this->error = array( "error" => "$command command failed", "smtp_code" => $code, "detail" => substr($reply, 4) ); if ($this->do_debug >= 1) { $this->edebug( 'SMTP -> ERROR: ' . $this->error['error'] . ': ' . $reply ); } return false; } $this->last_reply = $reply; $this->error = null; return true; } /** * Send an SMTP SAML command. * Starts a mail transaction from the email address specified in $from. * Returns true if successful or false otherwise. If True * the mail transaction is started and then one or more recipient * commands may be called followed by a data command. This command * will send the message to the users terminal if they are logged * in and send them an email. * Implements rfc 821: SAML FROM: * @param string $from The address the message is from * @access public * @return bool */ public function sendAndMail($from) { return $this->sendCommand("SAML", "SAML FROM:$from", 250); } /** * Send an SMTP VRFY command. * @param string $name The name to verify * @access public * @return bool */ public function verify($name) { return $this->sendCommand("VRFY", "VRFY $name", array(250, 251)); } /** * Send an SMTP NOOP command. * Used to keep keep-alives alive, doesn't actually do anything * @access public * @return bool */ public function noop() { return $this->sendCommand("NOOP", "NOOP", 250); } /** * Send an SMTP TURN command. * This is an optional command for SMTP that this class does not support. * This method is here to make the RFC821 Definition * complete for this class and __may__ be implemented in future * Implements from rfc 821: TURN * @access public * @return bool */ public function turn() { $this->error = array( 'error' => 'The SMTP TURN command is not implemented' ); if ($this->do_debug >= 1) { $this->edebug('SMTP -> NOTICE: ' . $this->error['error']); } return false; } /** * Send raw data to the server. * @param string $data The data to send * @access public * @return int|bool The number of bytes sent to the server or FALSE on error */ public function client_send($data) { if ($this->do_debug >= 1) { $this->edebug("CLIENT -> SMTP: $data"); } return fwrite($this->smtp_conn, $data); } /** * Get the latest error. * @access public * @return array */ public function getError() { return $this->error; } /** * Get the last reply from the server. * @access public * @return string */ public function getLastReply() { return $this->last_reply; } /** * Read the SMTP server's response. * Either before eof or socket timeout occurs on the operation. * With SMTP we can tell if we have more lines to read if the * 4th character is '-' symbol. If it is a space then we don't * need to read anything else. * @access protected * @return string */ protected function get_lines() { $data = ''; $endtime = 0; // If the connection is bad, give up now if (!is_resource($this->smtp_conn)) { return $data; } stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn, 515); if ($this->do_debug >= 4) { $this->edebug("SMTP -> get_lines(): \$data was \"$data\""); $this->edebug("SMTP -> get_lines(): \$str is \"$str\""); } $data .= $str; if ($this->do_debug >= 4) { $this->edebug("SMTP -> get_lines(): \$data is \"$data\""); } // if 4th character is a space, we are done reading, break the loop if (substr($str, 3, 1) == ' ') { break; } // Timed-out? Log and break $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { if ($this->do_debug >= 4) { $this->edebug( 'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)' ); } break; } // Now check if reads took too long if ($endtime) { if (time() > $endtime) { if ($this->do_debug >= 4) { $this->edebug( 'SMTP -> get_lines(): timelimit reached (' . $this->Timelimit . ' sec)' ); } break; } } } return $data; } /** * Enable or disable VERP address generation. * @param bool $enabled */ public function setVerp($enabled = false) { $this->do_verp = $enabled; } /** * Get VERP address generation mode. * @return bool */ public function getVerp() { return $this->do_verp; } /** * Set debug output method. * @param string $method The function/method to use for debugging output. */ public function setDebugOutput($method = 'echo') { $this->Debugoutput = $method; } /** * Get debug output method. * @return string */ public function getDebugOutput() { return $this->Debugoutput; } /** * Set debug output level. * @param int $level */ public function setDebugLevel($level = 0) { $this->do_debug = $level; } /** * Get debug output level. * @return int */ public function getDebugLevel() { return $this->do_debug; } /** * Set SMTP timeout. * @param int $timeout */ public function setTimeout($timeout = 0) { $this->Timeout = $timeout; } /** * Get SMTP timeout. * @return int */ public function getTimeout() { return $this->Timeout; } }