A couple of my users contacted me to say that their host had disabled sendmail and required any scripts they use to now use SMTP to send emails. This resulted in me quickly reading all I could about SMTP and the result is this slightly rough script I am sharing. It’s pretty self explanatory. Put your SMTP server details in the $mailCfg array. Next simply call the smtpMail function which uses the same variables as the standard PHP mail() function but with two additional variables. The additional variables are the email address we are sending from and $mailCfg. I could of put $mailCfg as a global but this way you can include the script in a different script and store the required information where ever you want. The from address is important as most SMTP servers will reject the message if it’s not included.

Just remember the code is far from perfect and was created to do a simple job.

It also has one nice extra function you might find useful…

The directMail function will look up the recipients SMTP server and try to deliver the email directly to it thereby bypassing the need for you to have access to an SMTP server to send through. Just remember your host may frown upon the use of this function.

<?php
/*
 * SMTP Email Sending
 * By Stewart Souter
 * Date Created: Thurs, 11 August 2011 17:15:37 GMT
 * Last Updated: Fri, 19 August 2011 10:54:35 GMT
 * email: webmaster@carbonize.co.uk
 *
 * By using this script you are agreeing to leave this
 * comment and agreement in place and untouched. If you
 * use any part of this code you must make it clear where
 * it came from and give credit where it is due.
 */

$mailCfg['Server']    = '';    // Servername
$mailCfg['User']      = '';    // SMTP username if needed
$mailCfg['Pass']      = '';    // SMTP Password if needed
$mailCfg['Port']      = 25;    // SMTP server port. 25 is the usual and 465 if using SSL
$mailCfg['popServer'] = '';    // Name of the pop server. Leave empty if POP Auth not required
$mailCfg['popPort']   = 110;   // Port for the pop server. 110 is the usual and 995 if using SSL
$mailCfg['SSL']       = 0;     // Does your SMTP server need you to use SSL or TLS? 0 = no, 1 = SSL, 2 = TLS

// This function delivers the email directly to the recipients mail server so bypassing the need for your own
function directMail($mailTo, $mailSubject, $mailMsg, $mailHeaders = '', $mailFrom = '', $mailCfg)
{
  if(empty($mailFrom))
  {
    return false; // No from address == no sending
  }
  $mailParts = explode('@', $mailTo);  // Seperate the parts of the email address
  @getmxrr($mailParts[1], $mxHosts, $mxWeight); // Get the MX records for the emails domain
  for($i=0;$i<count($mxHosts);$i++) // Put the records and weights into an array
  {
      $mxServers[$mxHosts[$i]] = $mxWeight[$i];
  }
  asort($mxServers); // Sort the array so they are in weighted order
  foreach($mxServers as $key => $value)
  {
    $mailCfg['Server'] = $key; // Set the SMTP server to the current MX record
    if(smtpMail($mailTo, $mailSubject, $mailMsg, $mailHeaders, $mailFrom, $mailCfg)) // Send the email using the MX server
    {
      return true;  // The email was successfully sent
    }
  }
  return false;  // Houston we have a problem
}

// This function connects to the SMTP server and does the AUTH if needed. Can also do a POP login if server requires that.
function smtpMail($mailTo, $mailSubject, $mailMsg, $mailHeaders = '', $mailFrom = '', $mailCfg )
{
  if(empty($mailFrom))
  {
    return false; // No from address == no sending
  }
  $timeout = '30'; // How long to keep trying to connect
  $localhost = 'localhost'; // How to identify ourselves
  $logArray = array(); // For storing the replies

  /* * * * POP Login if required * * */ 

  if(!empty($mailCfg['popServer'])) // Can't really do POP Auth without a server
  {
    $ssl = ($mailCfg['SSL'] != 0) ? (($mailCfg['SSL'] == 1) ? 'ssl://' : 'tls://') : ''; // If SSL or TLS add it
    $popConnect = @fsockopen($ssl.$mailCfg['popServer'], $mailCfg['popPort'], $errno, $errstr, $timeout); // Connect
    if(!$popConnect) // If we fail to connect...
    {
      $logArray['POPconnect'] = $errstr . '(' . $errno . ')'; // Log the given reason...
      logMailError($logArray); // And output to the log file.
      return false;
    }
    else
    {
      $logArray['POPconnect'] = @fgets($popConnect, 515)); // POP servers only return single line replies. Or should.
      if(!mailPackets('AUTH LOGIN', $popConnect, 'SMTPauth')) //Request Auth Login
      {
        return false;
      }
      if(!mailPackets('USER ' . $smtpUser, $popConnect, 'POPuser')) // Send username. POP is plaintext
      {
        return false;
      }
      if(!mailPackets('PASS ' . $smtpPass, $popConnect, 'POPpass')) // Send password, again in plaintext
      {
        return false;
      }
      if(!mailPackets('QUIT', $popConnect, 'POPquit')) // Say bye to the server
      {
        return false;
      }
      fclose($popConnect); // Close connection
    }
  }

  /* * * * End of POP Login * * * * */

  /* * * * Start of SMTP stuff * * * */

  $ssl = ($mailCfg['SSL'] != 0) ? (($mailCfg['SSL'] == 1) ? 'ssl://' : 'tls://') : ''; // Set the encryption if needed
  $smtpConnect = @fsockopen($ssl.$mailCfg['Server'], $mailCfg['Port'], $errno, $errstr, $timeout); // Connect
  if(!$smtpConnect) // If we fail to connect...
  {
    $logArray['SMTPconnect'] = $errstr . '(' . $errno . ')'; // Add the reason to the log...
    logMailError($logArray); // Then output the log
    return false;
  }
  else
  {
    $cnectKey = 0; // A counter for when we receive multiple lines in reply
    do
    {
      $smtpResponse = @fgets($smtpConnect, 515); // Get the reply
      $cnectKey++; // Increment the counter
      $logArray['SMTPconnect' . $cnectKey] = $smtpResponse; // Log the response
      $responseCode = substr($smtpResponse, 0, 3); // Grab the response code from start of the response
      // If we get an error terminate the connection and log the results so far
      if($responseCode >= 400)
      {
        logMailError($logArray, $smtpConnect);
        return false;
      }
    }
    while((strlen($smtpResponse) > 3) && (strpos($smtpResponse, ' ') != 3)); // Loop until we get told it's the last line
      $ehlo = mailPackets('EHLO ' . $localhost, $smtpConnect, $logArray, 'SMTPehlo'); // Let's try using EHLO first
      if($ehlo != 250) // Server said it didn't like EHLO so drop back to HELO
      {
        if(!mailPackets('HELO ' . $localhost, $smtpConnect, $logArray, 'SMTPhelo')) // Send HELO. No EHLO means server doesn't support AUTH
        {
          return false;
        }
      }
      if(!empty($mailCfg['User']) && ($ehlo == 250)) // We have a username and server supports EHLO so send login credentials
      {
        if(!mailPackets('AUTH LOGIN', $smtpConnect, $logArray, 'SMTPauth')) // Request Auth Login
        {
          return false;
        }
        if(!mailPackets(base64_encode($mailCfg['User']), $smtpConnect, $logArray, 'SMTPuser')) // Send username
        {
          return false;
        }
        if(!mailPackets(base64_encode($mailCfg['Pass']), $smtpConnect, $logArray, 'SMTPpass')) // Send password
        {
          return false;
        }
      }
      if(!mailPackets('MAIL FROM:<' . $mailFrom . '>', $smtpConnect, $logArray, 'SMTPfrom')) // Email From
      {
        return false;
      }
      if(!mailPackets('RCPT TO:<' . $mailTo . '>', $smtpConnect, $logArray, 'SMTPrcpt')) // Email To
      {
        return false;
      }
      if(!mailPackets('DATA', $smtpConnect, $logArray, 'SMTPmsg')) // We are about to send the message
      {
        return false;
      }
      // First lets make sure both the message and additional headers do not contain anythign that might be seen as end of message marker
      $mailMsg = preg_replace(array("/(?<!\r)\n/", "/\r(?!\n)/", "/\r\n\./"), array("\r\n", "\r\n", "\r\n.."), $mailMsg);
      $mailHeaders = (!empty($mailHeaders)) ? "\r\n" . preg_replace(array("/(?<!\r)\n/", "/\r(?!\n)/", "/\r\n\./"), array("\r\n", "\r\n", "\r\n.."), $mailHeaders) : '';
      // Create the default headers, attach any additonal headers
      $mailHeaders = "To: <".$mailCfg['To'].">\r\nFrom: <".$mailCfg['From'].">\r\nSubject: ".$mailCfg['Subject']."\r\nDate: " . gmdate('D, d M Y H:i:s') . " -0000".$mailHeaders;
      if(!mailPackets($mailHeaders."\r\n\r\n".$mailMsg."\r\n.", $smtpConnect, $logArray, 'SMTPbody')) // The message
      {
        return false;
      }
      mailPackets('QUIT', $smtpConnect, $logArray, 'SMTPquit'); // Say Bye to SMTP server
      fclose($smtpConnect); // Be nice and close the connection
      return true; // Return the fact we sent the message
  }
}

// This function sends the actual packets then logs the reponses and parses the reponse code
function mailPackets($sendStr,$mailConnect,&$logArray,$logName = '')
{
  $newLine = "\r\n"; // LEAVE THIS ALONE
  $keyCount = 0;  // Just an incremental counter for when we get more than a single line response
  @fputs($mailConnect,$sendStr . $newLine); // Send the packet
  do // Start grabbing the responses until we either get a terminal error or told we are at the end
  {
    $mailResponse = @fgets($mailConnect, 515); // Receive the response
    $keyCount++; // Incrememnt the key count
    $logArray[$logName . $keyCount] = $mailResponse; // Put the response in to the log array
    $responseCode = substr($smtpResponse, 0, 3); // Grab the response code from start of the response
    // Check for error codes except on ehlo, auth, and user details as they are not always fatal
    if((($logName != 'SMTPauth') && ($logName != 'SMTPuser') && ($logName != 'SMTPehlo') && ($logName != 'SMTPpass')) && ($responseCode >= 400))
    {
       logMailError($logArray,$mailConnect);
       return false;
    }
    elseif((substr($responseCode, 0, 1) == 4) || ($responseCode >= 521) && ($logName != 'SMTPehlo'))
    {
       logMailError($logArray,$mailConnect);
       return false;
    }
  }
  while((strlen($mailResponse) > 3) && (strpos($mailResponse, ' ') != 3)); // Loop until we get the end response
  return $responseCode; // Return the response code
}

function logMailError(&$logArray, $mailServer = false)
{
  if($mailServer)
  {
    fclose($mailServer); // Be nice and close the connection
  }
  $fd = @fopen ('smtplog.txt', 'a'); // open the log file
  $mailResults = print_r($logArray, true); // Create a nice printable version of logArray
  @fwrite($fd,$mailResults); // Write the log
  @fclose ($fd); // Close the file
}

?>

Well Apple has gone and released the memory hog that is Safari 4. It does look good but given that it uses a ridiculous amount of memory I think I will pass. It has some nice features that only work on a mac. Go figure.

Also Mozilla has released a new version of Firefox 3.5. It is marked as beta 99 but is basically something between a beta and a release candidate. it has improvements to Tracemonkey, the engine used to clean up memory usage but not sure it works that good at removing things from memory it no longer requires.

Now Google Chrome has excellent memory handling it’s just a shame it’s options are sparse, it has no extension support (even IE supports extensions/plug ins) (apparently as of version 2 it does) and the rendering engine, WebKit, is far from perfect. Sites like Facebook can prove a nightmare at times when it’s divs disappear behind it’s ad bar.

I’ve personally decided to give Firefox a break and use Flock for a few weeks.

I’m writing this because blocking by domain on my hosts pretty much kills my web site and so I have had to learn to block ip addresses. Blocking single ip addresses is simple as you just need something like the following

order allow,deny
deny from 9.120.161.206
allow from all

And that will block the computer at ip address 9.120.161.206 from being able to access your site. But what if you want to block a whole range of ip addresses such as 9.120.161.0 to 9.120.161.255? Well then we just leave off the end number like this

order allow,deny
deny from 9.120.161.
allow from all

Ok so now we get to the clever and damn fiddly bit. As of Apache 1.3 we can use CIDR codes to specify ranges of ip addresses. So another way of writing the above code would be

order allow,deny
deny from 9.120.161.0/24
allow from all

and that would do exactly the same as 9.120.161. but we can do so much more. After the break (ie click the read more link) I will show a list of the CIDR codes and what they do.

Ok first thing we need to do is explain that CIDR goes from 0 to 32. 0 covers every possible ip address, all 4,294,967,296 of them so doesn’t really get used much. As CIDR is based on bits the number of ip addresses blocked doubles as we go down the list.

32 only block the single ip address so is a bit pointless
31 blocks 2 address so would block 127.0.0.1 and 127.0.0.2. Could just as easily be like 127.0.0.19/31 as you can start from any ip address
30 blocks 4 ip address so 127.0.0.1 to 127.0.0.4
29 blocks 8 ip address so 127.0.0.1/29 would block 127.0.0.1 to 127.0.0.8 (starting to see a pattern?)
28 down to 25 I’m sure you can figure out. It’s from 24 it gets interesting.
24 blocks a whole sub set of ip addresses (thats 256 addresses) so we can use 127.0.0.0/24 to block 127.0.0.0 to 127.0.0.255
23 blocks 512 address so that’s 2 entire subsets. 127.0.0.0/23 would block 127.0.0.0 to 127.0.1.255
22 is 1024 addresses or 4 sub sets
21 is 2048 or 8 sub sets
20 is 4096 address or 16 sub sets (like 127.0.0.0 to 127.0.15.255)
19 would be 8192 address so 32 sub sets. I used this one when blocking keyweb.de servers
18 is 16384 or 64 sub sets
17 equals 32768 addresses and I used it to block some layeredtech
16 is the lowest CIDR code I have used and that covers 65536 addresses or 256 sub sets. This is again used to block LayeredTech.

I’m pretty sure you can work the rest out for yourself from here on. I got my information from this Wikipedia entry. I will now post a couple I have used in my own htaccess and say why.

# These two are for layeredtech. Well known friend to spammers.
deny from 72.232.0.0/16
deny from 72.233.0.0/17
# Keyweb.de servers. Plenty of spam attempts from them
deny from 87.118.96.0/19
# Dragonara.net just started getting spam attempts from them
deny from 194.8.74.0/23

Whilst surfing the ether we call the internet I came across a list of top ten javascript functions by Dustin Diaz. As the saying goes it does exactly what it says on the tin. It is a collection of ten (and a bonus one) basic javascript functions that most Javascript writers will need/use quite a lot. Such functions as adding onload events to the window even if you’re not sure that it’s already been set by another script. getElementByClass which to me is something that should of been in Javascript from the start . If you write Javascript then you will find atleast one of the functions useful.

And I know it was written in 2005 but the functions are just as valid today.

I recently decided to try / review a new anti virus program I had heard about called Rising Antivirus. Now my first issue with this anti virus is the fact that the installer is over 60MB and the download was slow as hell. Took me around 30 minutes to download and I’m on a 20Mb connection. Once installed it takes over 200MB of hard drive space. First thing I did was run an update and it seemed to me that every component had an update and given I had only just downloaded the program this seems excessive. Next I ran a scan of the local drives. After twenty minutes I stopped it as it had only done about 5% and was saying it had over an hour left to go. Given this was my laptop with little on it this was far from acceptible.

Now we get to the main reason I swiftly uninstalled it. I downloaded the Eicar test file which is a standard file that all antivirus programs recognise as a test file so you can test if your antivirus is working or not. So I put the eicar.com file on my desktop and ran it. Rising Antivirus did absolutely nothing. I can accept it not detecting it during the download because my favourite free antivirus, AntiVir, only scans files when they are opened or read. To not detect the test file when run makes me wonder what else it doesn’t detect. I told it to scan the eicar.com file and it alerted me that it was a virus (well a test file which is what it should report it as) but not even a beep from Rising Antivirus when I run the file. In fact I had to turn Rising’s detection level up to high to get it to report it as a virus when I opened it. Even then I could see the command window in the background that eicar.com opens so I’m not even sure that if it had been a virus Rising Antivirus would of stopped it doing anything.

So my advice is avoid this anti virus like the plague. The best free anti virus, in my opinion, is AntiVir and the next best free one is Avast. I can no longer even recommend AVG as third place because all reports say as of version 8 AVG has become a resource hog that slows your computer down.

I’m a hobbyist web developer and nothing annoys me more than web sites that have obviously paid for someone to build their sites but whoever has built it has done a half arsed job.

My main gripe at the moment is sites that require you to have cookies enabled but have terrible code in place for if you don’t.

A good example is Game who put you in to an infinite redirect loop if you have cookies disabled. In fact you have to enable cookies on their site to see the page that tells you that you needs cookies enabled to view the site

Another bad one I just found, and this one is really really bad, is download.com. You don’t need cookies to view the site but if you have them disabled and click through to view a programs page your browsers memory usage goes through the roof. I tested this in Firefox 3.1 b3, IE8 and Chrome. With all three browsers I had to use task manager to close them thanks to download.com’s sloppy web code.

So please, if you are going to write a site that requires that visitors accept cookies, make sure you have good code in place to handle people like me who have cookies disabled.

OK thanks to Google’s Chrome and Apple now making Safari a serious browser for Windows the browser war is getting ridiculous. They all seem obsessed with how fast their Javascript engines run with Google now saying the V8 engine in Chrome 2 is 25% faster than in Chrome 1. Who cares? The speed of the Javascript engines is now so fast few people if any would be able to notice a difference in everyday use. The only people who are are Geeks who think the extra milliseconds make all the difference.

I’m not interested in how fast their Javascript engines run I just want a browser that is configurable and doesn’t eat up resources. I’m sticking with Firefox at present as it lets me configure cookies exactly how I want and has some sweet extensions. I am impressed with the WebKit engine as used in Chrome and Safari. To me Opera fell to the wayside with version 7. So at some point I may switch from Firefox to Safari or Chrome but can’t see it anytime soon. Safari 4 beta looks good but is all eye candy and eats memory. Chrome is to basic with very limited options and no black/white list for cookies. Safari also has neither a whitelist nor blacklist.

Ok I’ve been playing with Javascript frameworks like Jquery and Prototype. Now by default Jquery is 54KB and Prototype is 130KB (at the time of writing this). As you can see these are not small files. Now this is where gzip comes in. An easy way to describe gzip is that your server zips up the file before sending it to the web browser and the web browser then unzips it. Anyway by gzipping these two files using some PHP I have got Jquery down to 19KB and prototype down to 30KB!!!!

So we have Jquery:
Original Size: 54 KB
Gzipped Size: 19 KB
Data Savings: 64.81%

and prototype:
Original Size: 131 KB
Gzipped Size: 30 KB
Data Savings: 77.1%

All testing done using mod_zip test.

Anyway on to the code.

Ok to send something gzipped we need to use PHP’s buffer and so one of the first things we need to do is turn it on.

<?php
ob_start('ob_gzhandler');
?>

We would then just put our Javascript (or normal HTML) after the ?>

The ob_gzhandler is a function in PHP that checks if a browser supports gzip compression or not and if it doesn’t then PHP will not gzip the buffer.

Finally we tell PHP that we are done with the buffer and we want it to flush the buffer. Flush just means it sends the contents of the buffer to the browser and then closes the buffering.

<?php
ob_end_flush();
?>

And that’s it. So in a nutshell.

<?php
 ob_start('ob_gzhandler');
?>

<!-- Your Javascript or HTML here (or even PHP code) -->

<?php
ob_end_flush();
?>

I recently decided to add the ability for guests to request a new captcha image (or refresh the captcha image) in my guestbook script for when it was to hard for visitors to read. As usual trying to find some instructions to do this proved useless so I had to figure it out myself. I thought I would explain how it’s done here for anyone else wanting to do this and believe me it’s very very simple.

Ok first thing we need to do is give a name to the image we are going to by replacing/changing so we add a name. For the guestbook script I added added name=”lazCaptcha” to the image tag.

eg:

<img src="http://domain.com/path/image.jpg" name="NAMEFORIMAGE" alt="" />

Next we need to create the link that the viewer clicks on to replace/change the image and for that I used this bit of code:

<a href="#" onclick="reloadImage('NAMEFORIMAGE'); return false;">request another image</a>

Notice how I put the name of the image into the Javascript? Thats so we can use this code multiple times on a single page.

Next we need the Javascript and it is very simple. We just create a random number to add to the image url to prevent it showing the cached image and then tell the browser to change the image. I’ll show two examples. The first is just when we want to display a random image and the second is how I display a new captcha image with the same code.

Random Image:

function reloadImage(imageName)
{
var myImages=new Array();
myImages[0]="sun.jpg";
myImages[1]="moon.jpg";
myImages[2]="stars.jpg";
// Create a random number between 1 and one greater than the number of items in the array
var randomImage = Math.floor(Math.random() * (myImages.length + 1));
randomImage--;
// Change the image
document.images[imageName].src = 'http://yoursite.com/path/to/' + myImages[randomImage];
}

Captcha Image:

function reloadImage(imageName)
{
// Create a random number between 1 and 1000
var randomnumber=Math.floor(Math.random()*1001);
// Change the image
document.images[imageName].src = 'http://yoursite.com/path/image.php?hash=OURHASH&rand=' + randomnumber;
}

OURHASH? What’s that? Well if you are planning to refresh a captcha image then I’m guessing you have generated the form the image is displayed in and so you can just use the variable you used for the hash in the image tag to put the hash in the javascript image tag. Or you could just change that line to

document.images[imageName].src = document.images[imageName].src + '&rand=' + randomnumber; // Change the image

And thats it. See how simple it is to do?

Ok been a while since I posted anything so thought I would post my tutorial on using the PHP mail() function. I have basically copied my tutorial word for word from the Lazarus forum.

This is a brief (or not) tutorial on using the PHP mail() function to send emails from your scripts.

bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )

Let’s break that down. The bool means that the PHP mail function returns either true or false depending on if it was successful or not. The rest is pretty self explanatory. string $to is where we put the email address we want to send to. string $subject is where we put the emails subject and string $message is where we put our message. The string part just means that this variable will be treated as a string when used. We will cover $additional_headers a bit later and won’t even touch on $additional_parameters.

Ok so we want to send an email to Bill Gates with the subject Windows Linux and our message is When is it coming out?. The function we would use looks like this

This would suit our needs but there are some things you need to know. Firstly this email will be sent as plain text so any HTML tags in the message would be displayed in the message. Second this email would have our servers address as the from address. Before I continue I would like to just briefly touch on the point that you can send to multiple address by putting them in the to section separated by a comma like ‘bill.gates@microsoft.com,some@address.com’. So now let us make it appear to come from our email address email@address.com.

As you can see we added a header to our email. The header is From and says what address the email was sent from. We could also use the format From: "Our Name" <email@address.com> so that it also has our name. This is fine and would suit most of your email sending needs but what if you want to send HTML? Then we need some more headers. They are MIME-Version and Content-type. So now our function looks like:

You will see I switched from using single quotes to double for the headers. This is because we need to separate the different headers with a new line marker (\n) and this does not work when using single quotes. I won’t say a lot about what the MIME type means. You can read up on that HERE. The Content-type says that the email is sent as text but is to be treated as HTML. Part of the Content-type is charset. This tells the email reader what character set to use when displaying the email. You will only have to change this if you are sending your email in a language other than English. Now when our recipient reads the email the word When will be bold.

You can also use the headers section to send carbon copies and blind carbon copies of the email to people by using CC: emailaddress and BCC: emailaddress respectively. You still need a main email address to send to though for these to work.

Now some might argue that you should use \r\n for separating the headers but in my experience just \n on it’s own is fine and will be understood by all email clients where as \r\n may cause problems.

Just a few notes.

If you are ending an email in a language other than English you may need to set the character set even for plain text. This is done the same as above but just replace the text/html with text/plain.

You can use variables for the relevant parts of the email. For example.

As I also said earlier the mail function returns TRUE or FALSE depending on if it is successful in sending or not. So we can add some error checking like

You may wonder what the @ is for in front of the mail. The @ before a function tells PHP not to display any error messages that may result from running that function. It just keeps things tidy as we are error checking anyway.

And that’s about it for the basic usage of the PHP mail() function. Next time I will explain how to send emails that are both HTML and plain text so that our recipient can read it regardless of their email reader. I will also explain about adding attachments to your emails and displaying attached images inside the body of the email.