WordPress/wp-includes/class-smtp.php

944 lines
28 KiB
PHP
Raw Normal View History

<?php
/**
* PHPMailer RFC821 SMTP email transport class.
* Version 5.2.7
* PHP version 5.0.0
* @category PHP
* @package PHPMailer
* @link https://github.com/PHPMailer/PHPMailer/
* @author Marcus Bointon (coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @copyright 2013 Marcus Bointon
* @copyright 2004 - 2008 Andy Prevost
* @copyright 2010 - 2012 Jim Jagielski
* @license http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL)
*/
/**
* PHPMailer RFC821 SMTP email transport class.
*
* Implements RFC 821 SMTP commands
* and provides some utility methods for sending mail to an SMTP server.
*
* PHP Version 5.0.0
*
* @category PHP
* @package PHPMailer
* @link https://github.com/PHPMailer/PHPMailer/blob/master/class.smtp.php
* @author Chris Ryan <unknown@example.com>
* @author Marcus Bointon <phpmailer@synchromedia.co.uk>
* @license http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL)
*/
class SMTP
{
/**
* The PHPMailer SMTP Version number.
*/
const VERSION = '5.2.7';
/**
* SMTP line break constant.
*/
const CRLF = "\r\n";
/**
* The SMTP port to use if one is not specified.
*/
const DEFAULT_SMTP_PORT = 25;
/**
* The PHPMailer SMTP Version number.
* @type string
* @deprecated This should be a constant
* @see SMTP::VERSION
*/
public $Version = '5.2.7';
/**
* SMTP server port number.
* @type int
* @deprecated This is only ever ued as default value, so should be a constant
* @see SMTP::DEFAULT_SMTP_PORT
*/
public $SMTP_PORT = 25;
/**
* SMTP reply line ending
* @type string
* @deprecated Use the class constant instead
* @see SMTP::CRLF
*/
public $CRLF = "\r\n";
/**
* Debug output level.
* Options: 0 for no output, 1 for commands, 2 for data and commands
* @type int
*/
public $do_debug = 0;
/**
* The function/method to use for debugging output.
* Options: 'echo', 'html' or 'error_log'
* @type string
*/
public $Debugoutput = 'echo';
/**
* Whether to use VERP.
* @type bool
*/
public $do_verp = false;
/**
* The SMTP timeout value for reads, in seconds.
* @type int
*/
public $Timeout = 15;
/**
* The SMTP timelimit value for reads, in seconds.
* @type int
*/
public $Timelimit = 30;
/**
* The socket for the server connection.
* @type resource
*/
protected $smtp_conn;
/**
* Error message, if any, for the last call.
* @type string
*/
protected $error = '';
/**
* The reply the server sent to us for HELO.
* @type string
*/
protected $helo_rply = '';
/**
* The most recent reply received from the server.
* @type string
*/
protected $last_reply = '';
/**
* Constructor.
* @access public
*/
public function __construct()
{
$this->smtp_conn = 0;
$this->error = null;
$this->helo_rply = null;
$this->do_debug = 0;
}
/**
* Output debugging info via a user-selected method.
* @param string $str Debug string to output
* @return void
*/
protected function edebug($str)
{
switch ($this->Debugoutput) {
case 'error_log':
//Don't output, just log
error_log($str);
break;
case 'html':
//Cleans up output a bit for a better looking, HTML-safe output
echo htmlentities(
preg_replace('/[\r\n]+/', '', $str),
ENT_QUOTES,
'UTF-8'
)
. "<br>\n";
break;
case 'echo':
default:
//Just echoes whatever was received
echo $str;
}
}
/**
* Connect to an SMTP server.
* @param string $host SMTP server IP or host name
* @param int $port The port number to connect to
* @param int $timeout How long to wait for the connection to open
* @param array $options An array of options for stream_context_create()
* @access public
* @return bool
*/
public function connect($host, $port = null, $timeout = 30, $options = array())
{
// Clear errors to avoid confusion
$this->error = null;
// Make sure we are __not__ connected
if ($this->connected()) {
// Already connected, generate error
$this->error = array('error' => 'Already connected to a server');
return false;
}
if (empty($port)) {
$port = self::DEFAULT_SMTP_PORT;
}
// Connect to the SMTP server
$errno = 0;
$errstr = '';
$socket_context = stream_context_create($options);
//Suppress errors; connection failures are handled at a higher level
$this->smtp_conn = @stream_socket_client(
$host . ":" . $port,
$errno,
$errstr,
$timeout,
STREAM_CLIENT_CONNECT,
$socket_context
);
// Verify we connected properly
if (empty($this->smtp_conn)) {
$this->error = array(
'error' => 'Failed to connect to server',
'errno' => $errno,
'errstr' => $errstr
);
if ($this->do_debug >= 1) {
$this->edebug(
'SMTP -> ERROR: ' . $this->error['error']
. ": $errstr ($errno)"
);
}
return false;
}
// SMTP server can take longer to respond, give longer timeout for first read
// Windows does not have support for this timeout function
if (substr(PHP_OS, 0, 3) != 'WIN') {
$max = ini_get('max_execution_time');
if ($max != 0 && $timeout > $max) { // Don't bother if unlimited
@set_time_limit($timeout);
}
stream_set_timeout($this->smtp_conn, $timeout, 0);
}
// Get any announcement
$announce = $this->get_lines();
if ($this->do_debug >= 2) {
$this->edebug('SMTP -> FROM SERVER:' . $announce);
}
return true;
}
/**
* Initiate a TLS (encrypted) session.
* @access public
* @return bool
*/
public function startTLS()
{
if (!$this->sendCommand("STARTTLS", "STARTTLS", 220)) {
return false;
}
// Begin encrypted connection
if (!stream_socket_enable_crypto(
$this->smtp_conn,
true,
STREAM_CRYPTO_METHOD_TLS_CLIENT
)
) {
return false;
}
return true;
}
/**
* Perform SMTP authentication.
* Must be run after hello().
* @see hello()
* @param string $username The user name
* @param string $password The password
* @param string $authtype The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5)
* @param string $realm The auth realm for NTLM
* @param string $workstation The auth workstation for NTLM
* @access public
* @return bool True if successfully authenticated.
*/
public function authenticate(
$username,
$password,
$authtype = 'LOGIN',
$realm = '',
$workstation = ''
) {
if (empty($authtype)) {
$authtype = 'LOGIN';
}
switch ($authtype) {
case 'PLAIN':
// Start authentication
if (!$this->sendCommand('AUTH', 'AUTH PLAIN', 334)) {
return false;
}
// Send encoded username and password
if (!$this->sendCommand(
'User & Password',
base64_encode("\0" . $username . "\0" . $password),
235
)
) {
return false;
}
break;
case 'LOGIN':
// Start authentication
if (!$this->sendCommand('AUTH', 'AUTH LOGIN', 334)) {
return false;
}
if (!$this->sendCommand("Username", base64_encode($username), 334)) {
return false;
}
if (!$this->sendCommand("Password", base64_encode($password), 235)) {
return false;
}
break;
case 'NTLM':
/*
* ntlm_sasl_client.php
* Bundled with Permission
*
* How to telnet in windows:
* http://technet.microsoft.com/en-us/library/aa995718%28EXCHG.65%29.aspx
* PROTOCOL Docs http://curl.haxx.se/rfc/ntlm.html#ntlmSmtpAuthentication
*/
require_once 'extras/ntlm_sasl_client.php';
$temp = new stdClass();
$ntlm_client = new ntlm_sasl_client_class;
//Check that functions are available
if (!$ntlm_client->Initialize($temp)) {
$this->error = array('error' => $temp->error);
if ($this->do_debug >= 1) {
$this->edebug(
'You need to enable some modules in your php.ini file: '
. $this->error['error']
);
}
return false;
}
//msg1
$msg1 = $ntlm_client->TypeMsg1($realm, $workstation); //msg1
if (!$this->sendCommand(
'AUTH NTLM',
'AUTH NTLM ' . base64_encode($msg1),
334
)
) {
return false;
}
//Though 0 based, there is a white space after the 3 digit number
//msg2
$challenge = substr($this->last_reply, 3);
$challenge = base64_decode($challenge);
$ntlm_res = $ntlm_client->NTLMResponse(
substr($challenge, 24, 8),
$password
);
//msg3
$msg3 = $ntlm_client->TypeMsg3(
$ntlm_res,
$username,
$realm,
$workstation
);
// send encoded username
return $this->sendCommand('Username', base64_encode($msg3), 235);
break;
case 'CRAM-MD5':
// Start authentication
if (!$this->sendCommand('AUTH CRAM-MD5', 'AUTH CRAM-MD5', 334)) {
return false;
}
// Get the challenge
$challenge = base64_decode(substr($this->last_reply, 4));
// Build the response
$response = $username . ' ' . $this->hmac($challenge, $password);
// send encoded credentials
return $this->sendCommand('Username', base64_encode($response), 235);
break;
}
return true;
}
/**
* Calculate an MD5 HMAC hash.
* Works like hash_hmac('md5', $data, $key)
* in case that function is not available
* @param string $data The data to hash
* @param string $key The key to hash with
* @access protected
* @return string
*/
protected function hmac($data, $key)
{
if (function_exists('hash_hmac')) {
return hash_hmac('md5', $data, $key);
}
// The following borrowed from
// http://php.net/manual/en/function.mhash.php#27225
// RFC 2104 HMAC implementation for php.
// Creates an md5 HMAC.
// Eliminates the need to install mhash to compute a HMAC
// Hacked by Lance Rushing
$b = 64; // byte length for md5
if (strlen($key) > $b) {
$key = pack('H*', md5($key));
}
$key = str_pad($key, $b, chr(0x00));
$ipad = str_pad('', $b, chr(0x36));
$opad = str_pad('', $b, chr(0x5c));
$k_ipad = $key ^ $ipad;
$k_opad = $key ^ $opad;
return md5($k_opad . pack('H*', md5($k_ipad . $data)));
}
/**
* Check connection state.
* @access public
* @return bool True if connected.
*/
public function connected()
{
if (!empty($this->smtp_conn)) {
$sock_status = stream_get_meta_data($this->smtp_conn);
if ($sock_status['eof']) {
// the socket is valid but we are not connected
if ($this->do_debug >= 1) {
$this->edebug(
'SMTP -> NOTICE: EOF caught while checking if connected'
);
}
$this->close();
return false;
}
return true; // everything looks good
}
return false;
}
/**
* Close the socket and clean up the state of the class.
* Don't use this function without first trying to use QUIT.
* @see quit()
* @access public
* @return void
*/
public function close()
{
$this->error = null; // so there is no confusion
$this->helo_rply = null;
if (!empty($this->smtp_conn)) {
// close the connection and cleanup
fclose($this->smtp_conn);
$this->smtp_conn = 0;
}
}
/**
* Send an SMTP DATA command.
* Issues a data command and sends the msg_data to the server,
* finializing the mail transaction. $msg_data is the message
* that is to be send with the headers. Each header needs to be
* on a single line followed by a <CRLF> with the message headers
* and the message body being separated by and additional <CRLF>.
* Implements rfc 821: DATA <CRLF>
* @param string $msg_data Message data to send
* @access public
* @return bool
*/
public function data($msg_data)
{
if (!$this->sendCommand('DATA', 'DATA', 354)) {
return false;
}
/* The server is ready to accept data!
* according to rfc821 we should not send more than 1000
* including the CRLF
* characters on a single line so we will break the data up
* into lines by \r and/or \n then if needed we will break
* each of those into smaller lines to fit within the limit.
* in addition we will be looking for lines that start with
* a period '.' and append and additional period '.' to that
* line. NOTE: this does not count towards limit.
*/
// Normalize the line breaks before exploding
$msg_data = str_replace("\r\n", "\n", $msg_data);
$msg_data = str_replace("\r", "\n", $msg_data);
$lines = explode("\n", $msg_data);
/* We need to find a good way to determine if headers are
* in the msg_data or if it is a straight msg body
* currently I am assuming rfc822 definitions of msg headers
* and if the first field of the first line (':' separated)
* does not contain a space then it _should_ be a header
* and we can process all lines before a blank "" line as
* headers.
*/
$field = substr($lines[0], 0, strpos($lines[0], ':'));
$in_headers = false;
if (!empty($field) && !strstr($field, ' ')) {
$in_headers = true;
}
//RFC 2822 section 2.1.1 limit
$max_line_length = 998;
foreach ($lines as $line) {
$lines_out = null;
if ($line == '' && $in_headers) {
$in_headers = false;
}
// ok we need to break this line up into several smaller lines
while (strlen($line) > $max_line_length) {
$pos = strrpos(substr($line, 0, $max_line_length), ' ');
// Patch to fix DOS attack
if (!$pos) {
$pos = $max_line_length - 1;
$lines_out[] = substr($line, 0, $pos);
$line = substr($line, $pos);
} else {
$lines_out[] = substr($line, 0, $pos);
$line = substr($line, $pos + 1);
}
/* If processing headers add a LWSP-char to the front of new line
* rfc822 on long msg headers
*/
if ($in_headers) {
$line = "\t" . $line;
}
}
$lines_out[] = $line;
// send the lines to the server
while (list(, $line_out) = @each($lines_out)) {
if (strlen($line_out) > 0) {
if (substr($line_out, 0, 1) == '.') {
$line_out = '.' . $line_out;
}
}
$this->client_send($line_out . self::CRLF);
}
}
// Message data has been sent, complete the command
return $this->sendCommand('DATA END', '.', 250);
}
/**
* Send an SMTP HELO or EHLO command.
* Used to identify the sending server to the receiving server.
* This makes sure that client and server are in a known state.
* Implements from RFC 821: HELO <SP> <domain> <CRLF>
* and RFC 2821 EHLO.
* @param string $host The host name or IP to connect to
* @access public
* @return bool
*/
public function hello($host = '')
{
// Try extended hello first (RFC 2821)
if (!$this->sendHello('EHLO', $host)) {
if (!$this->sendHello('HELO', $host)) {
return false;
}
}
return true;
}
/**
* Send an SMTP HELO or EHLO command.
* Low-level implementation used by hello()
* @see hello()
* @param string $hello The HELO string
* @param string $host The hostname to say we are
* @access protected
* @return bool
*/
protected function sendHello($hello, $host)
{
$noerror = $this->sendCommand($hello, $hello . ' ' . $host, 250);
$this->helo_rply = $this->last_reply;
return $noerror;
}
/**
* Send an SMTP MAIL command.
* Starts a mail transaction from the email address specified in
* $from. Returns true if successful or false otherwise. If True
* the mail transaction is started and then one or more recipient
* commands may be called followed by a data command.
* Implements rfc 821: MAIL <SP> FROM:<reverse-path> <CRLF>
* @param string $from Source address of this message
* @access public
* @return bool
*/
public function mail($from)
{
$useVerp = ($this->do_verp ? ' XVERP' : '');
return $this->sendCommand(
'MAIL FROM',
'MAIL FROM:<' . $from . '>' . $useVerp,
250
);
}
/**
* Send an SMTP QUIT command.
* Closes the socket if there is no error or the $close_on_error argument is true.
* Implements from rfc 821: QUIT <CRLF>
* @param bool $close_on_error Should the connection close if an error occurs?
* @access public
* @return bool
*/
public function quit($close_on_error = true)
{
$noerror = $this->sendCommand('QUIT', 'QUIT', 221);
$e = $this->error; //Save any error
if ($noerror or $close_on_error) {
$this->close();
$this->error = $e; //Restore any error from the quit command
}
return $noerror;
}
/**
* Send an SMTP RCPT command.
* Sets the TO argument to $to.
* Returns true if the recipient was accepted false if it was rejected.
* Implements from rfc 821: RCPT <SP> TO:<forward-path> <CRLF>
* @param string $to The address the message is being sent to
* @access public
* @return bool
*/
public function recipient($to)
{
return $this->sendCommand(
'RCPT TO ',
'RCPT TO:<' . $to . '>',
array(250, 251)
);
}
/**
* Send an SMTP RSET command.
* Abort any transaction that is currently in progress.
* Implements rfc 821: RSET <CRLF>
* @access public
* @return bool True on success.
*/
public function reset()
{
return $this->sendCommand('RSET', 'RSET', 250);
}
/**
* Send a command to an SMTP server and check its return code.
* @param string $command The command name - not sent to the server
* @param string $commandstring The actual command to send
* @param int|array $expect One or more expected integer success codes
* @access protected
* @return bool True on success.
*/
protected function sendCommand($command, $commandstring, $expect)
{
if (!$this->connected()) {
$this->error = array(
"error" => "Called $command without being connected"
);
return false;
}
$this->client_send($commandstring . self::CRLF);
$reply = $this->get_lines();
$code = substr($reply, 0, 3);
if ($this->do_debug >= 2) {
$this->edebug('SMTP -> FROM SERVER:' . $reply);
}
if (!in_array($code, (array)$expect)) {
$this->last_reply = null;
$this->error = array(
"error" => "$command command failed",
"smtp_code" => $code,
"detail" => substr($reply, 4)
);
if ($this->do_debug >= 1) {
$this->edebug(
'SMTP -> ERROR: ' . $this->error['error'] . ': ' . $reply
);
}
return false;
}
$this->last_reply = $reply;
$this->error = null;
return true;
}
/**
* Send an SMTP SAML command.
* Starts a mail transaction from the email address specified in $from.
* Returns true if successful or false otherwise. If True
* the mail transaction is started and then one or more recipient
* commands may be called followed by a data command. This command
* will send the message to the users terminal if they are logged
* in and send them an email.
* Implements rfc 821: SAML <SP> FROM:<reverse-path> <CRLF>
* @param string $from The address the message is from
* @access public
* @return bool
*/
public function sendAndMail($from)
{
return $this->sendCommand("SAML", "SAML FROM:$from", 250);
}
/**
* Send an SMTP VRFY command.
* @param string $name The name to verify
* @access public
* @return bool
*/
public function verify($name)
{
return $this->sendCommand("VRFY", "VRFY $name", array(250, 251));
}
/**
* Send an SMTP NOOP command.
* Used to keep keep-alives alive, doesn't actually do anything
* @access public
* @return bool
*/
public function noop()
{
return $this->sendCommand("NOOP", "NOOP", 250);
}
/**
* Send an SMTP TURN command.
* This is an optional command for SMTP that this class does not support.
* This method is here to make the RFC821 Definition
* complete for this class and __may__ be implemented in future
* Implements from rfc 821: TURN <CRLF>
* @access public
* @return bool
*/
public function turn()
{
$this->error = array(
'error' => 'The SMTP TURN command is not implemented'
);
if ($this->do_debug >= 1) {
$this->edebug('SMTP -> NOTICE: ' . $this->error['error']);
}
return false;
}
/**
* Send raw data to the server.
* @param string $data The data to send
* @access public
* @return int|bool The number of bytes sent to the server or FALSE on error
*/
public function client_send($data)
{
if ($this->do_debug >= 1) {
$this->edebug("CLIENT -> SMTP: $data");
}
return fwrite($this->smtp_conn, $data);
}
/**
* Get the latest error.
* @access public
* @return array
*/
public function getError()
{
return $this->error;
}
/**
* Get the last reply from the server.
* @access public
* @return string
*/
public function getLastReply()
{
return $this->last_reply;
}
/**
* Read the SMTP server's response.
* Either before eof or socket timeout occurs on the operation.
* With SMTP we can tell if we have more lines to read if the
* 4th character is '-' symbol. If it is a space then we don't
* need to read anything else.
* @access protected
* @return string
*/
protected function get_lines()
{
$data = '';
$endtime = 0;
// If the connection is bad, give up now
if (!is_resource($this->smtp_conn)) {
return $data;
}
stream_set_timeout($this->smtp_conn, $this->Timeout);
if ($this->Timelimit > 0) {
$endtime = time() + $this->Timelimit;
}
while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) {
$str = @fgets($this->smtp_conn, 515);
if ($this->do_debug >= 4) {
$this->edebug("SMTP -> get_lines(): \$data was \"$data\"");
$this->edebug("SMTP -> get_lines(): \$str is \"$str\"");
}
$data .= $str;
if ($this->do_debug >= 4) {
$this->edebug("SMTP -> get_lines(): \$data is \"$data\"");
}
// if 4th character is a space, we are done reading, break the loop
if (substr($str, 3, 1) == ' ') {
break;
}
// Timed-out? Log and break
$info = stream_get_meta_data($this->smtp_conn);
if ($info['timed_out']) {
if ($this->do_debug >= 4) {
$this->edebug(
'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)'
);
}
break;
}
// Now check if reads took too long
if ($endtime) {
if (time() > $endtime) {
if ($this->do_debug >= 4) {
$this->edebug(
'SMTP -> get_lines(): timelimit reached ('
. $this->Timelimit . ' sec)'
);
}
break;
}
}
}
return $data;
}
/**
* Enable or disable VERP address generation.
* @param bool $enabled
*/
public function setVerp($enabled = false)
{
$this->do_verp = $enabled;
}
/**
* Get VERP address generation mode.
* @return bool
*/
public function getVerp()
{
return $this->do_verp;
}
/**
* Set debug output method.
* @param string $method The function/method to use for debugging output.
*/
public function setDebugOutput($method = 'echo')
{
$this->Debugoutput = $method;
}
/**
* Get debug output method.
* @return string
*/
public function getDebugOutput()
{
return $this->Debugoutput;
}
/**
* Set debug output level.
* @param int $level
*/
public function setDebugLevel($level = 0)
{
$this->do_debug = $level;
}
/**
* Get debug output level.
* @return int
*/
public function getDebugLevel()
{
return $this->do_debug;
}
/**
* Set SMTP timeout.
* @param int $timeout
*/
public function setTimeout($timeout = 0)
{
$this->Timeout = $timeout;
}
/**
* Get SMTP timeout.
* @return int
*/
public function getTimeout()
{
return $this->Timeout;
}
}