forked from cloudControl/CloudMailInAddonUsage
-
Notifications
You must be signed in to change notification settings - Fork 2
/
incomingMail.php
121 lines (108 loc) · 3.3 KB
/
incomingMail.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
* the script reacts on a forwarded e-mail message from cloudmailin
*
* the e-mail data are stored in the requests post params
* the steps are:
* - verify the e-mail by the requests signature
* - store some e-mail data in the database
*/
require 'config.php';
require 'mailData.php';
// the content type to answer the cloudmailin request
header("Content-type: text/plain");
/**
* sets the http response code and response message
* @param string $msg
* @param int $code
*/
function myerror($msg, $code = 403) {
$httpError = array(
400 => "Bad Request",
403 => "Forbidden",
500 => "Internal Server Error"
);
header(sprintf("HTTP/1.0 %d %s", $code, $httpError[$code]));
echo($msg);
exit;
}
/**
* verify the e-mail by the requests signature
* @return boolean
*/
function verifySignature(){
$config = new ConfigReader();
$cloudmailinConfig = $config->getAddonConfig('CLOUDMAILIN');
$provided = $_POST['signature'];
$params = $_POST;
unset($params['signature']);
ksort($params);
$str = implode('', array_values($params));
$signature = md5($str . $cloudmailinConfig['CLOUDMAILIN_SECRET']);
return $provided == $signature;
}
/**
* build the mailData object
* feel free to validate the fields as you need
* in case of invalid data return null
* @return \MailData
*/
function buildMailData() {
if(!isset($_POST['from'])
|| !isset($_POST['to'])
|| !isset($_POST['plain'])
|| !isset($_POST['subject'])) {
return null;
}
$m = new MailData();
$m->from = $_POST['from'];
$m->to = $_POST['to'];
$m->subject = $_POST['subject'];
$m->plain = $_POST['plain'];
$m->html = $_POST['html'];
$m->x_remote_ip = $_POST['x_remote_ip'];
return $m;
}
/**
* store some e-mail data in the database
* @param MailData $mailData
* @return boolean
*/
function handleMail(MailData $mailData) {
$config = new ConfigReader();
$mysqlsConfig = $config->getAddonConfig('MYSQLS');
$dsn = sprintf('mysql:host=%s;dbname=%s', $mysqlsConfig['MYSQLS_HOSTNAME'], $mysqlsConfig['MYSQLS_DATABASE']);
$pdo = new PDO($dsn, $mysqlsConfig['MYSQLS_USERNAME'], $mysqlsConfig['MYSQLS_PASSWORD']);
if (!$pdo) {
return false;
}
$insert = <<<SQL
INSERT INTO `mail`
(`date`, `from`, `to`, `subject`, `plain`, `html`, `x_remote_ip`)
VALUES
(NOW(), :from, :to, :subject, :plain, :html, :x_remote_ip)
SQL;
$pdo->beginTransaction();
$insertStmt = $pdo->prepare($insert);
$insertStmt->bindValue(':from', $mailData->from, PDO::PARAM_STR);
$insertStmt->bindValue(':to', $mailData->to, PDO::PARAM_STR);
$insertStmt->bindValue(':subject', $mailData->subject, PDO::PARAM_STR);
$insertStmt->bindValue(':plain', $mailData->plain, PDO::PARAM_STR);
$insertStmt->bindValue(':html', $mailData->html, PDO::PARAM_STR);
$insertStmt->bindValue(':x_remote_ip', $mailData->x_remote_ip, PDO::PARAM_STR);
$result = $insertStmt->execute();
$insertStmt->closeCursor();
$pdo->commit();
return $result;
}
if (!verifySignature()) {
myerror('verification error', 403);
}
$mailData = buildMailData();
if(!$mailData) {
myerror('invalid or missing data', 400);
}
if(!handleMail($mailData)){
myerror('database error', 500);
}
header("HTTP/1.0 200 OK");