PageRenderTime 48ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/lib/pkp/classes/mail/SMTPMailer.inc.php

https://github.com/lib-uoguelph-ca/ocs
PHP | 381 lines | 227 code | 54 blank | 100 comment | 71 complexity | d53eecc56f8bf139621c353338579c38 MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file classes/mail/SMTPMailer.inc.php
    5. 

  5.  *
    6. 

  6.  * Copyright (c) 2000-2012 John Willinsky
    7. 

  7.  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
    8. 

  8.  *
    9. 

  9.  * @class SMTPMailer
    10. 

  10.  * @ingroup mail
    11. 

  11.  *
    12. 

  12.  * @brief Class defining a simple SMTP mail client (reference RFCs 821 and 2821).
    13. 

  13.  *
    14. 

  14.  * TODO: TLS support
    15. 

  15.  */
    16. 

  16. 

  17. // $Id$
    18. 

  18. 

  19. 

  20. import('mail.Mail');
    21. 

  21. 

  22. class SMTPMailer {
    23. 

  23. 

  24. 	/** @var $server string SMTP server hostname (default localhost) */
    25. 

  25. 	var $server;
    26. 

  26. 

  27. 	/** @var $port string SMTP server port (default 25) */
    28. 

  28. 	var $port;
    29. 

  29. 

  30. 	/** @var $auth string Authentication mechanism (optional) (PLAIN | LOGIN | CRAM-MD5 | DIGEST-MD5) */
    31. 

  31. 	var $auth;
    32. 

  32. 

  33. 	/** @var $username string Username for authentication (optional) */
    34. 

  34. 	var $username;
    35. 

  35. 

  36. 	/** @var $password string Password for authentication (optional) */
    37. 

  37. 	var $password;
    38. 

  38. 

  39. 	/** @var $socket int SMTP socket */
    40. 

  40. 	var $socket;
    41. 

  41. 

  42. 	/**
    43. 

  43. 	 * Constructor.
    44. 

  44. 	 */
    45. 

  45. 	function SMTPMailer() {
    46. 

  46. 		$this->server = Config::getVar('email', 'smtp_server');
    47. 

  47. 		$this->port = Config::getVar('email', 'smtp_port');
    48. 

  48. 		$this->auth = Config::getVar('email', 'smtp_auth');
    49. 

  49. 		$this->username = Config::getVar('email', 'smtp_username');
    50. 

  50. 		$this->password = Config::getVar('email', 'smtp_password');
    51. 

  51. 		if (!$this->server)
    52. 

  52. 			$this->server = 'localhost';
    53. 

  53. 		if (!$this->port)
    54. 

  54. 			$this->port = 25;
    55. 

  55. 	}
    56. 

  56. 

  57. 	/**
    58. 

  58. 	 * Send mail.
    59. 

  59. 	 * @param $mail Mailer
    60. 

  60. 	 * @param $recipients string
    61. 

  61. 	 * @param $subject string
    62. 

  62. 	 * @param $body string
    63. 

  63. 	 * @param $headers string
    64. 

  64. 	 */
    65. 

  65. 	function mail(&$mail, $recipients, $subject, $body, $headers = '') {
    66. 

  66. 		// Establish connection
    67. 

  67. 		if (!$this->connect())
    68. 

  68. 			return false;
    69. 

  69. 

  70. 		if (!$this->receive('220'))
    71. 

  71. 			return $this->disconnect('Did not receive expected 220');
    72. 

  72. 

  73. 		// Send HELO/EHLO command
    74. 

  74. 		$serverHost = preg_replace("/:\d*$/", '', Request::getServerHost());
    75. 

  75. 		if (!$this->send($this->auth ? 'EHLO' : 'HELO', $serverHost))
    76. 

  76. 			return $this->disconnect('Could not send HELO/HELO');
    77. 

  77. 

  78. 		if (!$this->receive('250'))
    79. 

  79. 			return $this->disconnect('Did not receive expected 250 (1)');
    80. 

  80. 

  81. 		if ($this->auth) {
    82. 

  82. 			// Perform authentication
    83. 

  83. 			if (!$this->authenticate())
    84. 

  84. 				return $this->disconnect('Could not authenticate');
    85. 

  85. 		}
    86. 

  86. 

  87. 		// Send MAIL command
    88. 

  88. 		$sender = $mail->getEnvelopeSender();
    89. 

  89. 		if (!isset($sender) || empty($sender)) {
    90. 

  90. 			$from = $mail->getFrom();
    91. 

  91. 			if (isset($from['email']) && !empty($from['email']))
    92. 

  92. 				$sender = $from['email'];
    93. 

  93. 			else
    94. 

  94. 				$sender = get_current_user() . '@' . $serverHost;
    95. 

  95. 		}
    96. 

  96. 

  97. 		if (!$this->send('MAIL', 'FROM:<' . $sender . '>'))
    98. 

  98. 			return $this->disconnect('Could not send sender');
    99. 

  99. 

  100. 		if (!$this->receive('250'))
    101. 

  101. 			return $this->disconnect('Did not receive expected 250 (2)');
    102. 

  102. 

  103. 		// Send RCPT command(s)
    104. 

  104. 		$rcpt = array();
    105. 

  105. 		if (($addrs = $mail->getRecipients()) !== null)
    106. 

  106. 			$rcpt = array_merge($rcpt, $addrs);
    107. 

  107. 		if (($addrs = $mail->getCcs()) !== null)
    108. 

  108. 			$rcpt = array_merge($rcpt, $addrs);
    109. 

  109. 		if (($addrs = $mail->getBccs()) !== null)
    110. 

  110. 			$rcpt = array_merge($rcpt, $addrs);
    111. 

  111. 		foreach ($rcpt as $addr) {
    112. 

  112. 			if (!$this->send('RCPT', 'TO:<' . $addr['email'] .'>'))
    113. 

  113. 				return $this->disconnect('Could not send recipients');
    114. 

  114. 			if (!$this->receive(array('250', '251')))
    115. 

  115. 				return $this->disconnect('Did not receive expected 250 or 251');
    116. 

  116. 		}
    117. 

  117. 

  118. 		// Send headers and body
    119. 

  119. 		if (!$this->send('DATA'))
    120. 

  120. 			return $this->disconnect('Could not send DATA');
    121. 

  121. 

  122. 		if (!$this->receive('354'))
    123. 

  123. 			return $this->disconnect('Did not receive expected 354');
    124. 

  124. 

  125. 		if (!$this->send('To:', empty($recipients) ? 'undisclosed-recipients:;' : $recipients))
    126. 

  126. 			return $this->disconnect('Could not send recipients (2)');
    127. 

  127. 

  128. 		if (!$this->send('Subject:', $subject))
    129. 

  129. 			return $this->disconnect('Could not send subject');
    130. 

  130. 

  131. 		$lines = explode(MAIL_EOL, $headers);
    132. 

  132. 		for ($i = 0, $num = count($lines); $i < $num; $i++) {
    133. 

  133. 			if (preg_match('/^bcc:/i', $lines[$i]))
    134. 

  134. 				continue;
    135. 

  135. 			if (!$this->send($lines[$i]))
    136. 

  136. 				return $this->disconnect('Could not send headers');
    137. 

  137. 		}
    138. 

  138. 

  139. 		if (!$this->send(''))
    140. 

  140. 			return $this->disconnect('Could not send CR');
    141. 

  141. 

  142. 		$lines = explode(MAIL_EOL, $body);
    143. 

  143. 		for ($i = 0, $num = count($lines); $i < $num; $i++) {
    144. 

  144. 			if (substr($lines[$i], 0, 1) == '.')
    145. 

  145. 				$lines[$i] = '.' . $lines[$i];
    146. 

  146. 			if (!$this->send($lines[$i]))
    147. 

  147. 				return $this->disconnect('Could not send body');
    148. 

  148. 		}
    149. 

  149. 

  150. 		// Mark end of data
    151. 

  151. 		if (!$this->send('.'))
    152. 

  152. 			return $this->disconnect('Could not send EOT');
    153. 

  153. 

  154. 		if (!$this->receive('250'))
    155. 

  155. 			return $this->disconnect('Did not receive expected 250 (3)');
    156. 

  156. 

  157. 		// Tear down connection
    158. 

  158. 		return $this->disconnect();
    159. 

  159. 	}
    160. 

  160. 

  161. 	/**
    162. 

  162. 	 * Connect to the SMTP server.
    163. 

  163. 	 * @return boolean
    164. 

  164. 	 */
    165. 

  165. 	function connect() {
    166. 

  166. 		$this->socket = fsockopen($this->server, $this->port, $errno, $errstr, 30);
    167. 

  167. 		if (!$this->socket)
    168. 

  168. 			return false;
    169. 

  169. 		return true;
    170. 

  170. 	}
    171. 

  171. 

  172. 	/**
    173. 

  173. 	 * Disconnect from the SMTP server, sending a QUIT first.
    174. 

  174. 	 * @param $success boolean
    175. 

  175. 	 * @return boolean
    176. 

  176. 	 */
    177. 

  177. 	function disconnect($error = '') {
    178. 

  178. 		if (!$this->send('QUIT') || !$this->receive('221') && empty($error)) {
    179. 

  179. 			$error = 'Unable to disconnect from mail server';
    180. 

  180. 		}
    181. 

  181. 		fclose($this->socket);
    182. 

  182. 

  183. 		if (!empty($error)) {
    184. 

  184. 			error_log('OJS SMTPMailer: ' . $error);
    185. 

  185. 			return false;
    186. 

  186. 		}
    187. 

  187. 		return true;
    188. 

  188. 	}
    189. 

  189. 

  190. 	/**
    191. 

  191. 	 * Send a command/data.
    192. 

  192. 	 * @param $command string
    193. 

  193. 	 * @param $data string
    194. 

  194. 	 * @return boolean
    195. 

  195. 	 */
    196. 

  196. 	function send($command, $data = '') {
    197. 

  197. 		$ret = @fwrite($this->socket, $command . (empty($data) ? '' : ' ' . $data) . "\r\n");
    198. 

  198. 		if ($ret !== false)
    199. 

  199. 			return true;
    200. 

  200. 		return false;
    201. 

  201. 	}
    202. 

  202. 

  203. 	/**
    204. 

  204. 	 * Receive a response.
    205. 

  205. 	 * @param $expected string/array expected response code(s)
    206. 

  206. 	 * @return boolean
    207. 

  207. 	 */
    208. 

  208. 	function receive($expected) {
    209. 

  209. 		return $this->receiveData($expected, $data);
    210. 

  210. 	}
    211. 

  211. 

  212. 	/**
    213. 

  213. 	 * Receive a response and return the data payload.
    214. 

  214. 	 * @param $expected string/array expected response code
    215. 

  215. 	 * @param $data string buffer
    216. 

  216. 	 * @return boolean
    217. 

  217. 	 */
    218. 

  218. 	function receiveData($expected, &$data) {
    219. 

  219. 		do {
    220. 

  220. 			$line = @fgets($this->socket);
    221. 

  221. 		} while($line !== false && substr($line, 3, 1) != ' ');
    222. 

  222. 

  223. 		if ($line !== false) {
    224. 

  224. 			$response = substr($line, 0, 3);
    225. 

  225. 			$data = substr($line, 4);
    226. 

  226. 			if ((is_array($expected) && in_array($response, $expected)) || ($response === $expected))
    227. 

  227. 				return true;
    228. 

  228. 		}
    229. 

  229. 		return false;
    230. 

  230. 	}
    231. 

  231. 

  232. 	/**
    233. 

  233. 	 * Authenticate using the specified mechanism.
    234. 

  234. 	 * @return boolean
    235. 

  235. 	 */
    236. 

  236. 	function authenticate() {
    237. 

  237. 		switch (strtoupper($this->auth)) {
    238. 

  238. 			case 'PLAIN':
    239. 

  239. 				return $this->authenticate_plain();
    240. 

  240. 			case 'LOGIN':
    241. 

  241. 				return $this->authenticate_login();
    242. 

  242. 			case 'CRAM-MD5':
    243. 

  243. 				return $this->authenticate_cram_md5();
    244. 

  244. 			case 'DIGEST-MD5':
    245. 

  245. 				return $this->authenticate_digest_md5();
    246. 

  246. 			default:
    247. 

  247. 				return true;
    248. 

  248. 		}
    249. 

  249. 	}
    250. 

  250. 

  251. 	/**
    252. 

  252. 	 * Authenticate using PLAIN.
    253. 

  253. 	 * @return boolean
    254. 

  254. 	 */
    255. 

  255. 	function authenticate_plain() {
    256. 

  256. 		$authString = $this->username . chr(0x00) . $this->username . chr(0x00) . $this->password;
    257. 

  257. 		if (!$this->send('AUTH', 'PLAIN ' . base64_encode($authString)))
    258. 

  258. 			return false;
    259. 

  259. 		return $this->receive('235');
    260. 

  260. 	}
    261. 

  261. 

  262. 	/**
    263. 

  263. 	 * Authenticate using LOGIN.
    264. 

  264. 	 * @return boolean
    265. 

  265. 	 */
    266. 

  266. 	function authenticate_login() {
    267. 

  267. 		if (!$this->send('AUTH', 'LOGIN'))
    268. 

  268. 			return false;
    269. 

  269. 		if (!$this->receive('334'))
    270. 

  270. 			return false;
    271. 

  271. 		if (!$this->send(base64_encode($this->username)))
    272. 

  272. 			return false;
    273. 

  273. 		if (!$this->receive('334'))
    274. 

  274. 			return false;
    275. 

  275. 		if (!$this->send(base64_encode($this->password)))
    276. 

  276. 			return false;
    277. 

  277. 		return $this->receive('235');
    278. 

  278. 	}
    279. 

  279. 

  280. 	/**
    281. 

  281. 	 * Authenticate using CRAM-MD5 (see RFC 2195).
    282. 

  282. 	 * @return boolean
    283. 

  283. 	 */
    284. 

  284. 	function authenticate_cram_md5() {
    285. 

  285. 		if (!$this->send('AUTH', 'CRAM-MD5'))
    286. 

  286. 			return false;
    287. 

  287. 		if (!$this->receiveData('334', $digest))
    288. 

  288. 			return false;
    289. 

  289. 		$authString = $this->username . ' ' . $this->hmac_md5(base64_decode($digest), $this->password);
    290. 

  290. 		if (!$this->send(base64_encode($authString)))
    291. 

  291. 			return false;
    292. 

  292. 		return $this->receive('235');
    293. 

  293. 	}
    294. 

  294. 

  295. 	/**
    296. 

  296. 	 * Authenticate using DIGEST-MD5 (see RFC 2831).
    297. 

  297. 	 * @return boolean
    298. 

  298. 	 */
    299. 

  299. 	function authenticate_digest_md5() {
    300. 

  300. 		if (!$this->send('AUTH', 'DIGEST-MD5'))
    301. 

  301. 			return false;
    302. 

  302. 		if (!$this->receiveData('334', $data))
    303. 

  303. 			return false;
    304. 

  304. 

  305. 		// FIXME Make parser smarter to handle "unusual" and error cases
    306. 

  306. 		$challenge = array();
    307. 

  307. 		$data = base64_decode($data);
    308. 

  308. 		while(!empty($data)) {
    309. 

  309. 			@list($key, $rest) = explode('=', $data, 2);
    310. 

  310. 			if ($rest[0] != '"') {
    311. 

  311. 				@list($value, $data) = explode(',', $rest, 2);
    312. 

  312. 			} else {
    313. 

  313. 				@list($value, $data) = explode('"', substr($rest, 1), 2);
    314. 

  314. 				$data = substr($data, 1);
    315. 

  315. 			}
    316. 

  316. 			if (!empty($value))
    317. 

  317. 				$challenge[$key] = $value;
    318. 

  318. 		}
    319. 

  319. 

  320. 		$realms = explode(',', $challenge['realm']);
    321. 

  321. 		if (empty($realms))
    322. 

  322. 			$realm = $this->server;
    323. 

  323. 		else
    324. 

  324. 			$realm = $realms[0]; // FIXME Multiple realms
    325. 

  325. 		$qop = 'auth';
    326. 

  326. 		$nc = '00000001';
    327. 

  327. 		$uri = 'smtp/' . $this->server;
    328. 

  328. 		$cnonce = md5(uniqid(mt_rand(), true));
    329. 

  329. 

  330. 		$a1 = pack('H*', md5($this->username . ':' . $realm . ':' . $this->password)) . ':' . $challenge['nonce'] . ':' . $cnonce;
    331. 

  331. 

  332. 		// FIXME authorization ID not supported
    333. 

  333. 		if (isset($authzid))
    334. 

  334. 			$a1 .= ':' . $authzid;
    335. 

  335. 

  336. 		$a2 = 'AUTHENTICATE:' . $uri;
    337. 

  337. 

  338. 		// FIXME 'auth-int' and 'auth-conf' not supported
    339. 

  339. 		if ($qop == 'auth-int' || $qop == 'auth-int')
    340. 

  340. 			$a2 .= ':00000000000000000000000000000000';
    341. 

  341. 

  342. 		$response = md5(md5($a1) . ':' . ($challenge['nonce'] . ':' . $nc . ':' . $cnonce. ':' . $qop . ':' . md5($a2)));
    343. 

  343. 

  344. 		$authString = sprintf('charset=utf-8,username="%s",realm="%s",nonce="%s",nc=%s,cnonce="%s",digest-uri="%s",response=%s,qop=%s', $this->username, $realm, $challenge['nonce'], $nc, $cnonce, $uri, $response, $qop);
    345. 

  345. 		if (!$this->send(base64_encode($authString)))
    346. 

  346. 			return false;
    347. 

  347. 		if (!$this->receive('334'))
    348. 

  348. 			return false;
    349. 

  349. 		if (!$this->send(''))
    350. 

  350. 			return false;
    351. 

  351. 		return $this->receive('235');
    352. 

  352. 	}
    353. 

  353. 

  354. 	/**
    355. 

  355. 	 * Generic HMAC digest computation (see RFC 2104).
    356. 

  356. 	 * @param $hashfn string e.g., 'md5' or 'sha1'
    357. 

  357. 	 * @param $blocksize int
    358. 

  358. 	 * @param $data string
    359. 

  359. 	 * @param $key string
    360. 

  360. 	 * @return string (as hex)
    361. 

  361. 	 */
    362. 

  362. 	function hmac($hashfn, $blocksize, $data, $key) {
    363. 

  363. 		if (strlen($key) > $blocksize)
    364. 

  364. 			$key = pack('H*', $hashfn($key));
    365. 

  365. 		$key = str_pad($key, $blocksize, chr(0x00));
    366. 

  366. 		$ipad = str_repeat(chr(0x36), $blocksize);
    367. 

  367. 		$opad = str_repeat(chr(0x5C), $blocksize);
    368. 

  368. 		$hmac = pack('H*', $hashfn(($key ^ $opad) . pack('H*', $hashfn(($key ^ $ipad) . $data))));
    369. 

  369. 		return bin2hex($hmac);
    370. 

  370. 	}
    371. 

  371. 

  372. 	/**
    373. 

  373. 	 * Compute HMAC-MD5 digest.
    374. 

  374. 	 * @return string (as hex)
    375. 

  375. 	 */
    376. 

  376. 	function hmac_md5($data, $key = '') {
    377. 

  377. 		return $this->hmac('md5', 64, $data, $key);
    378. 

  378. 	}
    379. 

  379. }
    380. 

  380. 

  381. ?>
    382. 

  382.