PHP's mail() function is a very useful and powerful function, even to the point that it is very easy to exploit. A way hackers exploit this function is a method called email header injection. [...] I'm sure most of you can already tell that's not going to be pretty since we didn't check the user input and so forth. PHP provides us with functions such as filter_var which will validate user input and either return false if the validation fails or return the filtered data.

He includes an example of using this filtering methods to check the user input for malicious information - validating that the "to" address is a valid email (FILTER_VALIDATE_EMAIL) and a sanitize() method that removes things like newlines, carriage returns and a few other characters.

While setting some svn properties at work, we wondered about the correct MIME type for .php files.

He found several in the official IANA list including "text/php", "application/php" and "application/x-http-php" - all valid but none of them considered a standard. He talks about the ones supported by linux distributions (like Debian/Ubuntu) and some reasoning that might make "application/php" the best choice of the list. He points out some downsides to the choice, though, including the fact that something starting with "application/" should considered "machine readable" only despite PHP just being text.

Text messaging has become extremely widespread throughout the world - to the point where an increasing number of web applications have integrated SMS to notify users of events, sales or coupons directly through their mobile devices. In this tutorial, we will cover the fundamentals of sending text messages with PHP.

Their method "cheats" a little bit and uses an interface many of the cell phone providers offer to their subscribers - a link from an email address to SMS. Most providers have their domains you can send the email to and have it automatically forwarded to the user's cell as a text. Thankfully, this requires nothing more than the mail function to accomplish. They include the sample code and HTML+CSS to make a basic form as well as mention PHPMailer as a more powerful mailing alternative.

Some friends of mine publish a literary journal that accepts submissions via email. At their request I wrote a script to download messages from the journal's Gmail account and do some simple parsing tasks. Most of the submissions are made using an HTML form and a corresponding mailer script on their website, so I knew the precise format of the incoming messages (see Figure 1). What I didn't know was how to access Gmail in PHP.

He tried out the libgmailer script first, but ran into roadblocks until he realized he could use something PHP already had - the imap functions. With these he shows how to make a connection to the Gmail servers, get the listing of messages and pull out the body for the one you want to parse.

Previously it was a simple trek to a website to download a Windows build of sendmail.exe, but for some reason I cannot get access to it, so I have to go another route. Enter hMailServer, a free, full-featured SMTP/POP/IMAP server for Windows with a pretty, shiny GUI configuration interface. All I really want to do is setup SMTP for localhost only but one could easily use hMailServer as a production mail server.

He includes the details (along with some screenshots) to get the hMainServer software up and running. Thanks to the simple GUI the tool offers you can be up and working in a few clicks - oh, and a change to your php.ini file.

A couple of days back I created a Firefox toolbar for my blog as an experiment in learning XUL. Once installed on my blog I wanted Firefox to recognize it as an addon and install it rather than displaying a 'save/open' dialog.

Since his hosting provider (GoDaddy) didn't seem to work with adding it into an .htaccess file (an AddType for Apache), he had to force the download type with a few calls to header with the right content type, file size and file name to push it to the user.

In most hosting environments, the PHP mail() function is sufficient to send e-mail messages without problems. However, there are situations on which using the mail function is inconvenient and may prevent that your messages reach the destination. [...] Therefore, you may need to find an alternative way for sending your e-mail messages from PHP.

The package lets you define a username/password, server, whether to use a SSL connection or not, and if the connection needs to use the TLS protocol.

A lot of functionality is shared among applications - like sending emails or preventing spam. In the spirit of reusing the wheel instead of reinventing it, here are nine free web libraries that you can use in your next program which will dramatically increase your efficiency.

Here's their list:

• ReCAPTCHA
• Akismet
• Services_JSON
• Smarty
• pChart
• SimplePie
• XML-RPC PHP Library
• Amazon S3
• PHPMailer

Screenshots (and code examples) are provided for several of the items as well as links to their website and documentation pages.

I've finally got of my ass and committed my mail logging patch I've written almost 2 years ago. This functionality is predominantly aimed at shared hosters that often have a problem identifying people who abuse the mail() function to send an in-ordinate amount of spam or hacked scripts used for the some purpose. The logging functionality is disabled by default but can be enabled on a per-directory or globally via 2 INI settings.

A new directive in your php.ini file (mail.log) lets you specify where the mail log needs to go. You can also use the mail.add_x_header setting to add in a mail header with the name of the script that sent it (and the UID).

It will be included in PHP 5.3 but if you're running PHP 5.2 and want to get a jump on it, here's the patch.

ThemeForest has a nice feature; It allows the authors to upload zip files containing screenshots of their themes. A script then extracts these files and displays the images accordingly. Though I doubt that the developers used PHP to accomplish this task...that's what we're going to use!

They create a simple form with one field - a file input - and write some basic PHP around it. The script ensures that it was a zip file that was uploaded (based on the mime type) and passes it through a ZipArchive class to do the hard work. This class and the rest of the source can be downloaded from the site.