Bonjour,
Je suis ennuyé par un souci. Mon site utilise une fonction mail pour notifié les membres du postage d'un commentaire en galerie photo.
Or la fonction mail prend l'adresse ip par défaut du serveur malgré le fait que dans le header, l’expéditeur soit en dur.
La partie forum n'a pas le souci car les notifications sont sécurisée par SMTP.
Est il possible que je puisse sécuriser tout cela sans réinventer la roue?
la communauté d'entraide francophone dédiée au PHP
securisation envoi mail par fonction mail
Bonjour,
Par défaut la fonction mail() utilise le serveur SMTP du serveur sur lequel il se trouve ou qui est indiqué dans sa configuration.
Si tu veux utiliser un autre serveur SMTP (mais est-ce vraiment utile ?), je te recommande d'utiliser des librairies type PHPmailer qui vont te simplifier la vie
C'est à dire ?la fonction mail prend l'adresse ip par défaut du serveur malgré le fait que dans le header, l’expéditeur soit en dur.
Par défaut la fonction mail() utilise le serveur SMTP du serveur sur lequel il se trouve ou qui est indiqué dans sa configuration.
Si tu veux utiliser un autre serveur SMTP (mais est-ce vraiment utile ?), je te recommande d'utiliser des librairies type PHPmailer qui vont te simplifier la vie
Quand tout le reste a échoué, lisez le mode d'emploi...
Voila le code de ce que j'ai pour le moment:
<?php
header('Content-type: text/html; charset=UTF-8');
if($_GET['pic_id'] != '') {
$id = $_GET["pic_id"];
if ((!$id) || (!ereg("^[0-9]+$", $id))) exit("Pas de page a cette addresse");
$_GET['pic_id'] = htmlspecialchars($_GET['pic_id']);
}
//ini_set('display_errors', true);
//error_reporting(E_ALL);
// Include
/*define('IN_PHPBB', true);
$phpbb_root_path = '../forum/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
mysql_query("SET NAMES 'utf8'");
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_UPLOAD);
init_userprefs($userdata);
//
// End session management
//*/
include('../phpbb_session.php');
include '../includes/function.php';
// Gestion récuparation des infos user
$original_user_name = strtolower($userdata['username']);
$user_id = $userdata['user_id'];
$user_name = $original_user_name;
$user_name = removeSpecialChars($user_name);
if(isset($_POST['submit'])){
if($user_name == 'anonymous') {
$msgError = '<br /><span class="Style3" style="font-size:30px; font-weight:bold;">'.getWord('erreurenvoi').'</span><br />';
}else{
$sql = "SELECT user_id, user_name, pic_name FROM gallery WHERE id = '".$_POST['pic_id']."'";
$result_user_id = mysql_query($sql);
$ress_user_id = mysql_fetch_array($result_user_id);
$sql = 'INSERT INTO gallery_comment SET
pic_user_id = \''.$ress_user_id['user_id'].'\',
user_id = \''.$user_id.'\',
user_name = \''.$user_name.'\',
original_user_name = \''.addslashes($original_user_name).'\',
pic_id = \''.$_POST['pic_id'].'\',
comment = \''.addslashes($_POST['comment']).'\',
add_date = \''.date("YmdHis").'\'';
$result = mysql_query($sql) or die(mysql_error());
$sqlUser = "SELECT user_email,user_id,username,user_lang FROM pbb3_users WHERE user_id = '".$ress_user_id['user_id']."'";
$resultUser = mysql_query ($sqlUser);
$ressUser = mysql_fetch_array($resultUser);
if($ress_user_id['user_id'] != $user_id) {
/** CONFIGURATION envoi de l'emaim **/
$de_nom = "Polaroid Passion"; //Nom de l'envoyeur
$de_mail = "[email protected]"; //Email de l'envoyeur - MODIF DE LUCIUS DU 25-11-15
//$vers_nom = htmlentities($ressUser['username']); //Nom du receveur
$vers_mail = $ressUser['user_email']; //Email du receveur
if($ressUser['user_lang'] == 'english') {
$sujet = "You have a new comment"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Hi ".$ressUser['username'].",<br><br>";
$message .= "You just received a comment on one of your Polaroid, click the following link to see:<br><br>";
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://en.polaroid-passion.com">en.polaroid-passion.com</a></font>';
}else{
$sujet = "Vous avez un nouveau commentaire"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Bonjour ".$ressUser['username'].",<br><br>";
$message .= "Vous venez de recevoir un commentaire sur l'un de vos Polaroid, cliquez sur le lien suivant pour le consulter :<br><br>";
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://www.polaroid-passion.com">www.polaroid-passion.com</a></font>';
}
/** Envoi du mail **/
$entete = "From: $de_nom <$de_mail>\r\n";
$entete .= "Reply-To: <$de_mail>"."\n";
$entete .= "Content-type:text/html; charset=utf-8\r\n";
$entete .= 'Content-Transfer-Encoding: 8bit';
mail($vers_mail, $sujet, $message, $entete);
}else{
$sql = "SELECT DISTINCT(user_id), user_name FROM gallery_comment WHERE pic_id = ".$_POST['pic_id']." AND user_id != ".$ress_user_id['user_id'];
$result_comm = mysql_query($sql);
while($ress = mysql_fetch_array($result_comm)) {
$sqlUser = "SELECT user_email,user_id,username,user_lang FROM pbb3_users WHERE user_id = '".$ress['user_id']."'";
$resultUser = mysql_query ($sqlUser);
$ressUser = mysql_fetch_array($resultUser);
/** CONFIGURATION envoi de l'emaim **/
$de_nom = "Polaroid Passion"; //Nom de l'envoyeur
$de_mail = "[email protected]"; //Email de l'envoyeur
//$vers_nom = htmlentities($ressUser['username']); //Nom du receveur
$vers_mail = $ressUser['user_email']; //Email du receveur
if($ressUser['user_lang'] == 'english') {
$sujet = "Feedback to your comment"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Hi ".$ressUser['username'].",<br><br>";
$message .= "You just received a response to your comment on this Polaroid, click the following link to see:<br><br>";
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://en.polaroid-passion.com">en.polaroid-passion.com</a></font>';
}else{
$sujet = "Reponse à votre commentaire"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Bonjour ".$ressUser['username'].",<br><br>";
$message .= "Vous venez de recevoir un réponse à votre commentaire sur ce Polaroid, cliquez sur le lien suivant pour le consulter :<br><br>";
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://www.polaroid-passion.com">www.polaroid-passion.com</a></font>';
}
/** Envoi du mail **/
$entete = "From: $de_nom <$de_mail>\r\n";
$entete .= "Reply-To: <$de_mail>"."\n";
$entete .= "Content-type:text/html; charset=utf-8\r\n";
$entete .= 'Content-Transfer-Encoding: 8bit';
mail($vers_mail, $sujet, $message, $entete);
}
}
$onload = 'onload="onloading()"';
}
}
Comment implémenter PHPmailer?
<?php
header('Content-type: text/html; charset=UTF-8');
if($_GET['pic_id'] != '') {
$id = $_GET["pic_id"];
if ((!$id) || (!ereg("^[0-9]+$", $id))) exit("Pas de page a cette addresse");
$_GET['pic_id'] = htmlspecialchars($_GET['pic_id']);
}
//ini_set('display_errors', true);
//error_reporting(E_ALL);
// Include
/*define('IN_PHPBB', true);
$phpbb_root_path = '../forum/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
mysql_query("SET NAMES 'utf8'");
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_UPLOAD);
init_userprefs($userdata);
//
// End session management
//*/
include('../phpbb_session.php');
include '../includes/function.php';
// Gestion récuparation des infos user
$original_user_name = strtolower($userdata['username']);
$user_id = $userdata['user_id'];
$user_name = $original_user_name;
$user_name = removeSpecialChars($user_name);
if(isset($_POST['submit'])){
if($user_name == 'anonymous') {
$msgError = '<br /><span class="Style3" style="font-size:30px; font-weight:bold;">'.getWord('erreurenvoi').'</span><br />';
}else{
$sql = "SELECT user_id, user_name, pic_name FROM gallery WHERE id = '".$_POST['pic_id']."'";
$result_user_id = mysql_query($sql);
$ress_user_id = mysql_fetch_array($result_user_id);
$sql = 'INSERT INTO gallery_comment SET
pic_user_id = \''.$ress_user_id['user_id'].'\',
user_id = \''.$user_id.'\',
user_name = \''.$user_name.'\',
original_user_name = \''.addslashes($original_user_name).'\',
pic_id = \''.$_POST['pic_id'].'\',
comment = \''.addslashes($_POST['comment']).'\',
add_date = \''.date("YmdHis").'\'';
$result = mysql_query($sql) or die(mysql_error());
$sqlUser = "SELECT user_email,user_id,username,user_lang FROM pbb3_users WHERE user_id = '".$ress_user_id['user_id']."'";
$resultUser = mysql_query ($sqlUser);
$ressUser = mysql_fetch_array($resultUser);
if($ress_user_id['user_id'] != $user_id) {
/** CONFIGURATION envoi de l'emaim **/
$de_nom = "Polaroid Passion"; //Nom de l'envoyeur
$de_mail = "[email protected]"; //Email de l'envoyeur - MODIF DE LUCIUS DU 25-11-15
//$vers_nom = htmlentities($ressUser['username']); //Nom du receveur
$vers_mail = $ressUser['user_email']; //Email du receveur
if($ressUser['user_lang'] == 'english') {
$sujet = "You have a new comment"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Hi ".$ressUser['username'].",<br><br>";
$message .= "You just received a comment on one of your Polaroid, click the following link to see:<br><br>";
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://en.polaroid-passion.com">en.polaroid-passion.com</a></font>';
}else{
$sujet = "Vous avez un nouveau commentaire"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Bonjour ".$ressUser['username'].",<br><br>";
$message .= "Vous venez de recevoir un commentaire sur l'un de vos Polaroid, cliquez sur le lien suivant pour le consulter :<br><br>";
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://www.polaroid-passion.com">www.polaroid-passion.com</a></font>';
}
/** Envoi du mail **/
$entete = "From: $de_nom <$de_mail>\r\n";
$entete .= "Reply-To: <$de_mail>"."\n";
$entete .= "Content-type:text/html; charset=utf-8\r\n";
$entete .= 'Content-Transfer-Encoding: 8bit';
mail($vers_mail, $sujet, $message, $entete);
}else{
$sql = "SELECT DISTINCT(user_id), user_name FROM gallery_comment WHERE pic_id = ".$_POST['pic_id']." AND user_id != ".$ress_user_id['user_id'];
$result_comm = mysql_query($sql);
while($ress = mysql_fetch_array($result_comm)) {
$sqlUser = "SELECT user_email,user_id,username,user_lang FROM pbb3_users WHERE user_id = '".$ress['user_id']."'";
$resultUser = mysql_query ($sqlUser);
$ressUser = mysql_fetch_array($resultUser);
/** CONFIGURATION envoi de l'emaim **/
$de_nom = "Polaroid Passion"; //Nom de l'envoyeur
$de_mail = "[email protected]"; //Email de l'envoyeur
//$vers_nom = htmlentities($ressUser['username']); //Nom du receveur
$vers_mail = $ressUser['user_email']; //Email du receveur
if($ressUser['user_lang'] == 'english') {
$sujet = "Feedback to your comment"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Hi ".$ressUser['username'].",<br><br>";
$message .= "You just received a response to your comment on this Polaroid, click the following link to see:<br><br>";
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://en.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://en.polaroid-passion.com">en.polaroid-passion.com</a></font>';
}else{
$sujet = "Reponse à votre commentaire"; //Sujet du mail
//Message :
$message = "<font face='arial' size='2'>Bonjour ".$ressUser['username'].",<br><br>";
$message .= "Vous venez de recevoir un réponse à votre commentaire sur ce Polaroid, cliquez sur le lien suivant pour le consulter :<br><br>";
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'">http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'</a><br><br>';
$message .= '<a href="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/index.php?id='.$_POST['pic_id'].'"><img src="http://www.polaroid-passion.com/galerie/'.$ress_user_id['user_name'].'/'.$ress_user_id['pic_name'].'_thumbnail.jpg" width="80" border="0" /></a><br><br>';
$message .= 'Polaroid Passion<br><a href="http://www.polaroid-passion.com">www.polaroid-passion.com</a></font>';
}
/** Envoi du mail **/
$entete = "From: $de_nom <$de_mail>\r\n";
$entete .= "Reply-To: <$de_mail>"."\n";
$entete .= "Content-type:text/html; charset=utf-8\r\n";
$entete .= 'Content-Transfer-Encoding: 8bit';
mail($vers_mail, $sujet, $message, $entete);
}
}
$onload = 'onload="onloading()"';
}
}
Comment implémenter PHPmailer?
En lisant sa doc, par exemple :
https://github.com/PHPMailer/PHPMailer
https://github.com/PHPMailer/PHPMailer
Quand tout le reste a échoué, lisez le mode d'emploi...