click here to try again."); define('STR_EMAIL_CONFIRM_ADDR', "Hello %NAME%,%END_LINE% Someone just signed up for %SITE_NAME% with this email address. If it was not you, please ignore the rest of this message.%END_LINE%%END_LINE% To verify that you control this email address and unlock the rest of the %SITE_NAME% features, please click the link below or paste it into your web-browser:%END_LINE% %LINK%%END_LINE%%END_LINE%\n Thank you,%END_LINE% - the %SITE_NAME% crew%END_LINE%%END_LINE% ---------------------%END_LINE%\n You only recieved this message because someone used this address to sign up for %SITE_NAME%%END_LINE% If it was not you, ignore this message, we apologize for the inconvenience.%END_LINE%"); define('STR_VERIFICATION', 'verification'); define('STR_ERR_CANT_SEND_CONFIRM', "There was an error sending the mail. Please click here to try again."); define('STR_ERR_USER_NOT_FOUND', "User not found"); define('STR_ERR_ALREADY_VERIFIED', " is already verified. Please login to continue."); //// // The generic mail sending function. // If verbose, will display success/error messgaes. //// function sendMail($message, $from="", $to, $subject=SITE_NAME,$verbose=false){ $retVal = false; if($from==""){ $from = "webmaster@".$_SERVER['SERVER_NAME']; } // This should work to make all emails safely line-broken, but I haven't had time to test it thoroughly yet. TODO: Test all cases for this (it's been in use for months so far and been fine, but still not formally tested). $message = str_replace("
\r\n", "\n", $message); // makes all breaks uniform first to prevent double-escaping $message = str_replace("
\n", "\n", $message); // makes all breaks uniform first to prevent double-escaping $message = str_replace("
", "\n", $message); // makes all breaks uniform first to prevent double-escaping $message = str_replace("\r\n", "\n", $message); $message = str_replace("\n", "
\r\n", $message); // the only line-break that seems to work well in all emails if(strpos($from, ">") === false){ $fromStr = "$from <$from>"; } else { $fromStr = $from; } $mailheaders = "From: $fromStr\r\n"; $mailheaders .= "MIME-Version: 1.0\r\n"; $mailheaders .= "Content-type: text/html; charset=iso-8859-1\r\n"; $NO_MAIL_FUNC = false; // If you use GoDaddy or another host which turns off the PHP mail() function, set this to true. if($NO_MAIL_FUNC === false){ if(@mail($to, $subject, $message, $mailheaders)){ $retVal = true; if($verbose){ dispMsg(STR_WIN_MAIL_SENT, 'success'); } } else if($verbose){ dispError(STR_ERR_MAIL); } } if(WHICH_SERVER == SERVER_DEV){ //print $message; // DEBUG ONLY! (breaks things) } if($NO_MAIL_FUNC || ($retVal===false)){ $path_to_sendmail = "/usr/sbin/sendmail"; $fp = popen("$path_to_sendmail -t", "w"); $num = fwrite($fp, "To: $to\n"); $num += fwrite($fp, "From: $from\n"); $num += fwrite($fp, "MIME-Version: 1.0\r\n"); $num += fwrite($fp, "Content-type: text/html; charset=iso-8859-1\r\n"); $num += fwrite($fp, "Subject: $subject\n\n"); $num += fwrite($fp, "$message"); $exitValue = pclose($fp); if(($num > 0) && ($exitValue==0)){ $retVal = true; if($verbose){ dispMsg(STR_WIN_MAIL_SENT, 'success'); } } else if($verbose){ dispError(STR_ERR_MAIL); } } return $retVal; } // end sendMail(...) //// // Sends the confirmation email to the email address corresponding to the supplied username. // An error string is returned, it will be empty if there are no errors. //// function sendConfirm($username){ $retVal = ""; $db = dil_connect(); $queryString = "SELECT * FROM users WHERE username='$username' AND isVerified=0"; if($result = mysql_query($queryString,$db)){ if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){ $user = mysql_result($result, 0, "username"); $hash = mysql_result($result,0,"emailHash"); $to = mysql_result($result,0,"emailAddr"); $name = mysql_result($result,0,"username"); if(strpos($username, "@")){ $name = substr($username, 0, strpos($username, "@")); $domain = substr($username, strpos($username, "@")+1); // Unspoken standard for gmail to use First.Last@gmail ... creep out those users by guessing their names. // If the email is something.something else, that's usually a name also. if($domain == "gmail.com"){ $name = ucwords(str_replace('.', ' ', $name)); } else if(strpos($name, '.')){ $name = substr($name, 0, strpos($name, '.')); } } if($hash == ""){ $hash = md5("OffhandWay - ".mt_rand()); // As long as the mt_rand is used, the rest is irrelevant (can be removed if desired). sendQuery("UPDATE users SET emailHash='$hash' WHERE username='$user'"); } $siteName = getSite(false); $dir = $_SERVER['PHP_SELF']; $dir = substr($dir, 0, strrpos($dir, "/")+1); // So it will work regardless of what folder the code is in. $link = "http://".$_SERVER['SERVER_NAME'].$dir."verify.php?u=$user&c=$hash"; $br = "
\r\n"; // the only line-break that seems to work well in all emails. $msg = STR_EMAIL_CONFIRM_ADDR; $msg = str_replace("%NAME%", $name, $msg); $msg = str_replace("%END_LINE%", $br, $msg); $msg = str_replace("%SITE_NAME%", $siteName, $msg); $msg = str_replace("%LINK%", $link, $msg); $msg .= "http://".$_SERVER['SERVER_NAME'].$br; // Send out confirmation email if(!@sendMail($msg, "welcome@".$_SERVER['SERVER_NAME'], $to, $siteName." ".STR_VERIFICATION)){ $link = "http://".$_SERVER['SERVER_NAME'].$dir."verify.php?sendConfirm=$username"; $retVal = str_replace("%LINK%", $link, STR_ERR_CANT_SEND_CONFIRM); } } else { $retVal = STR_ERR_USER_NOT_FOUND.": '$username'"; $alreadyVerified = (0 < simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username' AND isVerified=1")); if($alreadyVerified){ $retVal = "'$username'".STR_ERR_ALREADY_VERIFIED; } } } else { $retVal = mysql_error(); } return $retVal; } // end sendConfirm(...) ?>