diff --git a/mail/MailService.php b/mail/MailService.php
index 570132d..7183f75 100644
--- a/mail/MailService.php
+++ b/mail/MailService.php
@@ -13,94 +13,18 @@ class MailService
public static function sendMail($to, string $subject, string $htmlBody, ?string $textBody = null, array $opts = [])
{
$cfg = self::loadConfig();
+ $transport = strtolower((string)($cfg['transport'] ?? 'smtp'));
- $autoload = __DIR__ . '/../vendor/autoload.php';
- if (file_exists($autoload)) {
- require_once $autoload;
- }
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'libphp-phpmailer/autoload.php';
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'libphp-phpmailer/src/Exception.php';
- @require_once 'libphp-phpmailer/src/SMTP.php';
- @require_once 'libphp-phpmailer/src/PHPMailer.php';
- }
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'PHPMailer/src/Exception.php';
- @require_once 'PHPMailer/src/SMTP.php';
- @require_once 'PHPMailer/src/PHPMailer.php';
- }
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'PHPMailer/Exception.php';
- @require_once 'PHPMailer/SMTP.php';
- @require_once 'PHPMailer/PHPMailer.php';
+ if ($transport === 'smtp') {
+ if (!self::ensurePHPMailerLoaded()) {
+ return [ 'success' => false, 'error' => 'PHPMailer not available for SMTP transport' ];
}
+ return self::sendSmtpMail($cfg, $to, $subject, $htmlBody, $textBody, $opts);
}
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- return [ 'success' => false, 'error' => 'PHPMailer not available' ];
- }
-
- $mail = new PHPMailer\PHPMailer\PHPMailer(true);
- try {
- $mail->CharSet = 'UTF-8';
- $mail->Encoding = PHPMailer\PHPMailer\PHPMailer::ENCODING_BASE64;
- $mail->isSMTP();
- $mail->Host = $cfg['smtp_host'] ?? '';
- $mail->Port = (int)($cfg['smtp_port'] ?? 587);
- $secure = $cfg['smtp_secure'] ?? 'tls';
- if ($secure === 'ssl') $mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_SMTPS;
- elseif ($secure === 'tls') $mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_STARTTLS;
- else $mail->SMTPSecure = false;
- $mail->SMTPAuth = true;
- $mail->Username = $cfg['smtp_user'] ?? '';
- $mail->Password = $cfg['smtp_pass'] ?? '';
-
- $fromEmail = $opts['from_email'] ?? ($cfg['from_email'] ?? 'no-reply@localhost');
- $fromName = $opts['from_name'] ?? ($cfg['from_name'] ?? 'App');
- $mail->setFrom($fromEmail, $fromName);
- if (!empty($opts['reply_to']) && filter_var($opts['reply_to'], FILTER_VALIDATE_EMAIL)) {
- $mail->addReplyTo($opts['reply_to']);
- } elseif (!empty($cfg['reply_to'])) {
- $mail->addReplyTo($cfg['reply_to']);
- }
-
- // Recipients
- $toList = [];
- if ($to) {
- if (is_string($to)) $toList = array_map('trim', explode(',', $to));
- elseif (is_array($to)) $toList = $to;
- } elseif (!empty(getenv('MAIL_TO'))) {
- $toList = array_map('trim', explode(',', getenv('MAIL_TO')));
- }
- $added = 0;
- foreach ($toList as $addr) {
- if (filter_var($addr, FILTER_VALIDATE_EMAIL)) { $mail->addAddress($addr); $added++; }
- }
- if ($added === 0) {
- return [ 'success' => false, 'error' => 'No recipients defined (set MAIL_TO or pass $to)' ];
- }
-
- foreach ((array)($opts['cc'] ?? []) as $cc) { if (filter_var($cc, FILTER_VALIDATE_EMAIL)) $mail->addCC($cc); }
- foreach ((array)($opts['bcc'] ?? []) as $bcc){ if (filter_var($bcc, FILTER_VALIDATE_EMAIL)) $mail->addBCC($bcc); }
-
- // Optional DKIM
- if (!empty($cfg['dkim_domain']) && !empty($cfg['dkim_selector']) && !empty($cfg['dkim_private_key_path'])) {
- $mail->DKIM_domain = $cfg['dkim_domain'];
- $mail->DKIM_selector = $cfg['dkim_selector'];
- $mail->DKIM_private = $cfg['dkim_private_key_path'];
- }
-
- $mail->isHTML(true);
- $mail->Subject = $subject;
- $mail->Body = $htmlBody;
- $mail->AltBody = $textBody ?? strip_tags($htmlBody);
- $ok = $mail->send();
- return [ 'success' => $ok ];
- } catch (\Throwable $e) {
- return [ 'success' => false, 'error' => 'PHPMailer error: ' . $e->getMessage() ];
- }
+ return self::sendNativeMail($cfg, $to, $subject, $htmlBody, $textBody, $opts);
}
+
private static function loadConfig(): array
{
$configPath = __DIR__ . '/config.php';
@@ -114,89 +38,136 @@ class MailService
return $cfg;
}
- // Send a contact message
- // $to can be: a single email string, a comma-separated list, an array of emails, or null (fallback to MAIL_TO/MAIL_FROM)
- public static function sendContactMessage(string $name, string $email, string $message, $to = null, string $subject = 'New contact form')
+ private static function ensurePHPMailerLoaded(): bool
{
- $cfg = self::loadConfig();
-
- // Try Composer autoload if available (for PHPMailer)
- $autoload = __DIR__ . '/../vendor/autoload.php';
- if (file_exists($autoload)) {
- require_once $autoload;
+ if (class_exists('PHPMailer\PHPMailer\PHPMailer', false)) {
+ return true;
}
- // Fallback to system-wide PHPMailer (installed via apt: libphp-phpmailer)
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- // Debian/Ubuntu package layout (libphp-phpmailer)
- @require_once 'libphp-phpmailer/autoload.php';
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'libphp-phpmailer/src/Exception.php';
- @require_once 'libphp-phpmailer/src/SMTP.php';
- @require_once 'libphp-phpmailer/src/PHPMailer.php';
- }
- // Alternative layout (older PHPMailer package names)
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'PHPMailer/src/Exception.php';
- @require_once 'PHPMailer/src/SMTP.php';
- @require_once 'PHPMailer/src/PHPMailer.php';
- }
- if (!class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- @require_once 'PHPMailer/Exception.php';
- @require_once 'PHPMailer/SMTP.php';
- @require_once 'PHPMailer/PHPMailer.php';
+
+ $autoloadCandidates = [
+ __DIR__ . '/../vendor/autoload.php',
+ 'libphp-phpmailer/autoload.php',
+ 'PHPMailer/PHPMailerAutoload.php',
+ ];
+
+ foreach ($autoloadCandidates as $candidate) {
+ $resolved = self::resolveIncludePath($candidate);
+ if ($resolved) {
+ require_once $resolved;
+ if (class_exists('PHPMailer\PHPMailer\PHPMailer', false)) {
+ return true;
+ }
}
}
- $transport = $cfg['transport'] ?? 'smtp';
- if ($transport === 'smtp' && class_exists('PHPMailer\\PHPMailer\\PHPMailer')) {
- return self::sendViaPHPMailer($cfg, $name, $email, $message, $to, $subject);
+ $classFileSets = [
+ [
+ 'libphp-phpmailer/src/Exception.php',
+ 'libphp-phpmailer/src/SMTP.php',
+ 'libphp-phpmailer/src/PHPMailer.php',
+ ],
+ [
+ 'PHPMailer/src/Exception.php',
+ 'PHPMailer/src/SMTP.php',
+ 'PHPMailer/src/PHPMailer.php',
+ ],
+ [
+ 'PHPMailer/Exception.php',
+ 'PHPMailer/SMTP.php',
+ 'PHPMailer/PHPMailer.php',
+ ],
+ ];
+
+ foreach ($classFileSets as $files) {
+ $resolvedFiles = [];
+ foreach ($files as $file) {
+ $resolved = self::resolveIncludePath($file);
+ if (!$resolved) {
+ $resolvedFiles = [];
+ break;
+ }
+ $resolvedFiles[] = $resolved;
+ }
+ if (!$resolvedFiles) {
+ continue;
+ }
+ foreach ($resolvedFiles as $resolvedFile) {
+ require_once $resolvedFile;
+ }
+ if (class_exists('PHPMailer\PHPMailer\PHPMailer', false)) {
+ return true;
+ }
}
- // Fallback: attempt native mail() — works only if MTA is configured on the VM
- return self::sendViaNativeMail($cfg, $name, $email, $message, $to, $subject);
+ return class_exists('PHPMailer\PHPMailer\PHPMailer', false);
}
- private static function sendViaPHPMailer(array $cfg, string $name, string $email, string $body, $to, string $subject)
+ private static function resolveIncludePath(string $path): ?string
+ {
+ if (is_file($path)) {
+ return $path;
+ }
+
+ $resolved = stream_resolve_include_path($path);
+ if ($resolved && is_file($resolved)) {
+ return $resolved;
+ }
+
+ return null;
+ }
+
+ private static function buildRecipientList($to): array
+ {
+ if ($to) {
+ if (is_string($to)) {
+ return array_map('trim', explode(',', $to));
+ }
+ if (is_array($to)) {
+ return $to;
+ }
+ }
+
+ $defaultTo = getenv('MAIL_TO');
+ if (!empty($defaultTo)) {
+ return array_map('trim', explode(',', $defaultTo));
+ }
+
+ return [];
+ }
+
+ private static function sendSmtpMail(array $cfg, $to, string $subject, string $htmlBody, ?string $textBody, array $opts): array
{
$mail = new PHPMailer\PHPMailer\PHPMailer(true);
+
try {
$mail->CharSet = 'UTF-8';
$mail->Encoding = PHPMailer\PHPMailer\PHPMailer::ENCODING_BASE64;
$mail->isSMTP();
$mail->Host = $cfg['smtp_host'] ?? '';
$mail->Port = (int)($cfg['smtp_port'] ?? 587);
- $secure = $cfg['smtp_secure'] ?? 'tls';
- if ($secure === 'ssl') $mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_SMTPS;
- elseif ($secure === 'tls') $mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_STARTTLS;
- else $mail->SMTPSecure = false;
+ $secure = strtolower((string)($cfg['smtp_secure'] ?? 'tls'));
+ if ($secure === 'ssl') {
+ $mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_SMTPS;
+ } elseif ($secure === 'tls') {
+ $mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_STARTTLS;
+ } else {
+ $mail->SMTPSecure = false;
+ }
$mail->SMTPAuth = true;
$mail->Username = $cfg['smtp_user'] ?? '';
$mail->Password = $cfg['smtp_pass'] ?? '';
- $fromEmail = $cfg['from_email'] ?? 'no-reply@localhost';
- $fromName = $cfg['from_name'] ?? 'App';
+ $fromEmail = $opts['from_email'] ?? ($cfg['from_email'] ?? 'no-reply@localhost');
+ $fromName = $opts['from_name'] ?? ($cfg['from_name'] ?? 'App');
$mail->setFrom($fromEmail, $fromName);
- // Use Reply-To for the user's email to avoid spoofing From
- if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $mail->addReplyTo($email, $name ?: $email);
- }
- if (!empty($cfg['reply_to'])) {
+ if (!empty($opts['reply_to']) && filter_var($opts['reply_to'], FILTER_VALIDATE_EMAIL)) {
+ $mail->addReplyTo($opts['reply_to']);
+ } elseif (!empty($cfg['reply_to']) && filter_var($cfg['reply_to'], FILTER_VALIDATE_EMAIL)) {
$mail->addReplyTo($cfg['reply_to']);
}
- // Destination: prefer dynamic recipients ($to), fallback to MAIL_TO; no silent FROM fallback
- $toList = [];
- if ($to) {
- if (is_string($to)) {
- // allow comma-separated list
- $toList = array_map('trim', explode(',', $to));
- } elseif (is_array($to)) {
- $toList = $to;
- }
- } elseif (!empty(getenv('MAIL_TO'))) {
- $toList = array_map('trim', explode(',', getenv('MAIL_TO')));
- }
+ $toList = self::buildRecipientList($to);
$added = 0;
foreach ($toList as $addr) {
if (filter_var($addr, FILTER_VALIDATE_EMAIL)) {
@@ -208,7 +179,17 @@ class MailService
return [ 'success' => false, 'error' => 'No recipients defined (set MAIL_TO or pass $to)' ];
}
- // DKIM (optional)
+ foreach ((array)($opts['cc'] ?? []) as $cc) {
+ if (filter_var($cc, FILTER_VALIDATE_EMAIL)) {
+ $mail->addCC($cc);
+ }
+ }
+ foreach ((array)($opts['bcc'] ?? []) as $bcc) {
+ if (filter_var($bcc, FILTER_VALIDATE_EMAIL)) {
+ $mail->addBCC($bcc);
+ }
+ }
+
if (!empty($cfg['dkim_domain']) && !empty($cfg['dkim_selector']) && !empty($cfg['dkim_private_key_path'])) {
$mail->DKIM_domain = $cfg['dkim_domain'];
$mail->DKIM_selector = $cfg['dkim_selector'];
@@ -217,23 +198,117 @@ class MailService
$mail->isHTML(true);
$mail->Subject = $subject;
- $safeName = htmlspecialchars($name, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
- $safeEmail = htmlspecialchars($email, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
- $safeBody = nl2br(htmlspecialchars($body, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));
- $mail->Body = "Name: {$safeName}
Email: {$safeEmail}
{$safeBody}";
- $mail->AltBody = "Name: {$name}\nEmail: {$email}\n\n{$body}";
+ $mail->Body = $htmlBody;
+ $mail->AltBody = $textBody ?? trim(strip_tags($htmlBody));
- $ok = $mail->send();
- return [ 'success' => $ok ];
+ return [ 'success' => $mail->send() ];
} catch (\Throwable $e) {
return [ 'success' => false, 'error' => 'PHPMailer error: ' . $e->getMessage() ];
}
}
- private static function sendViaNativeMail(array $cfg, string $name, string $email, string $body, $to, string $subject)
+ private static function sendNativeMail(array $cfg, $to, string $subject, string $htmlBody, ?string $textBody, array $opts): array
{
- $opts = ['reply_to' => $email];
- $html = nl2br(htmlspecialchars($body, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));
- return self::sendMail($to, $subject, $html, $body, $opts);
+ $toList = self::buildRecipientList($to);
+ $validTo = [];
+ foreach ($toList as $addr) {
+ if (filter_var($addr, FILTER_VALIDATE_EMAIL)) {
+ $validTo[] = $addr;
+ }
+ }
+ if (empty($validTo)) {
+ return [ 'success' => false, 'error' => 'No recipients defined (set MAIL_TO or pass $to)' ];
+ }
+
+ $fromEmail = $opts['from_email'] ?? ($cfg['from_email'] ?? 'no-reply@localhost');
+ $fromName = $opts['from_name'] ?? ($cfg['from_name'] ?? 'App');
+ $replyTo = $opts['reply_to'] ?? ($cfg['reply_to'] ?? null);
+ $textBody = $textBody ?? trim(strip_tags($htmlBody));
+
+ $boundary = 'flmail_' . md5((string)microtime(true) . $subject);
+ $encodedSubject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
+ $safeFromName = mb_encode_mimeheader($fromName, 'UTF-8');
+
+ $headers = [
+ 'MIME-Version: 1.0',
+ 'From: ' . $safeFromName . ' <' . $fromEmail . '>',
+ 'Content-Type: multipart/alternative; boundary="' . $boundary . '"',
+ ];
+
+ if ($replyTo && filter_var($replyTo, FILTER_VALIDATE_EMAIL)) {
+ $headers[] = 'Reply-To: ' . $replyTo;
+ }
+
+ $ccList = [];
+ foreach ((array)($opts['cc'] ?? []) as $cc) {
+ if (filter_var($cc, FILTER_VALIDATE_EMAIL)) {
+ $ccList[] = $cc;
+ }
+ }
+ if ($ccList) {
+ $headers[] = 'Cc: ' . implode(', ', $ccList);
+ }
+
+ $bccList = [];
+ foreach ((array)($opts['bcc'] ?? []) as $bcc) {
+ if (filter_var($bcc, FILTER_VALIDATE_EMAIL)) {
+ $bccList[] = $bcc;
+ }
+ }
+ if ($bccList) {
+ $headers[] = 'Bcc: ' . implode(', ', $bccList);
+ }
+
+ $message = "--{$boundary}
+"
+ . "Content-Type: text/plain; charset=UTF-8
+"
+ . "Content-Transfer-Encoding: 8bit
+
+"
+ . $textBody . "
+
+"
+ . "--{$boundary}
+"
+ . "Content-Type: text/html; charset=UTF-8
+"
+ . "Content-Transfer-Encoding: 8bit
+
+"
+ . $htmlBody . "
+
+"
+ . "--{$boundary}--
+";
+
+ $ok = @mail(implode(', ', $validTo), $encodedSubject, $message, implode("
+", $headers));
+ if (!$ok) {
+ return [ 'success' => false, 'error' => 'Native mail() failed' ];
+ }
+
+ return [ 'success' => true ];
+ }
+
+ // Send a contact message
+ // $to can be: a single email string, a comma-separated list, an array of emails, or null (fallback to MAIL_TO/MAIL_FROM)
+ public static function sendContactMessage(string $name, string $email, string $message, $to = null, string $subject = 'New contact form')
+ {
+ $safeName = htmlspecialchars($name, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+ $safeEmail = htmlspecialchars($email, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+ $safeBody = nl2br(htmlspecialchars($message, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));
+
+ $html = "Name: {$safeName}
Email: {$safeEmail}
{$safeBody}";
+ $text = "Name: {$name}
+Email: {$email}
+
+{$message}";
+ $opts = [];
+ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
+ $opts['reply_to'] = $email;
+ }
+
+ return self::sendMail($to, $subject, $html, $text, $opts);
}
}