\n"; echo "This form is powered by Jack's Formmail.php ".VERSION."\n\n"; exit; } // function to check the banlist // suggested by a whole lot of people.. Thanks function check_banlist($banlist, $email) { if (count($banlist)) { $allow = true; foreach($banlist as $banned) { $temp = explode("@", $banned); if ($temp[0] == "*") { $temp2 = explode("@", $email); if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1]))) $allow = false; } else { if (trim(strtolower($email)) == trim(strtolower($banned))) $allow = false; } } } if (!$allow) { print_error("You are using from a banned email address."); } } // function to check the referer for security reasons. // contributed by some one who's name got lost.. Thanks // goes out to him any way. function check_referer($referers) { if (count($referers)) { $found = false; $temp = explode("/",getenv("HTTP_REFERER")); $referer = $temp[2]; if ($referer=="") {$referer = $_SERVER['HTTP_REFERER']; list($remove,$stuff)=split('//',$referer,2); list($home,$stuff)=split('/',$stuff,2); $referer = $home; } for ($x=0; $x < count($referers); $x++) { if (eregi ($referers[$x], $referer)) { $found = true; } } if ($referer =="") $found = false; if (!$found){ print_error("You are coming from an unauthorized domain."); error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0); } return $found; } else { return true; // not a good idea, if empty, it will allow it. } } if ($referers) check_referer($referers); if ($banlist) check_banlist($banlist, $email); // This function takes the sorts, excludes certain keys and // makes a pretty content string. function parse_form($array, $sort = "") { // build reserved keyword array $reserved_keys[] = "MAX_FILE_SIZE"; $reserved_keys[] = "required"; $reserved_keys[] = "redirect"; $reserved_keys[] = "require"; $reserved_keys[] = "path_to_file"; $reserved_keys[] = "recipient"; $reserved_keys[] = "subject"; $reserved_keys[] = "sort"; $reserved_keys[] = "style_sheet"; $reserved_keys[] = "bgcolor"; $reserved_keys[] = "text_color"; $reserved_keys[] = "link_color"; $reserved_keys[] = "vlink_color"; $reserved_keys[] = "alink_color"; $reserved_keys[] = "title"; $reserved_keys[] = "missing_fields_redirect"; $reserved_keys[] = "env_report"; $reserved_keys[] = "submit"; if (count($array)) { if (is_array($sort)) { foreach ($sort as $field) { $reserved_violation = 0; for ($ri=0; $ri\n"; if ($title) echo "\n"; if (!$bgcolor) $bgcolor = "#FFFFFF"; if (!$text_color) $text_color = "#000000"; if (!$link_color) $link_color = "#0000FF"; if (!$vlink_color) $vlink_color = "#FF0000"; if (!$alink_color) $alink_color = "#000088"; if ($background) $background = "background=\"$background\""; echo "\n\n"; } // check for a recipient email address and check the validity of it // Thanks to Bradley miller (bradmiller@accesszone.com) for pointing // out the need for multiple recipient checking and providing the code. $recipient_in = split(',',$recipient); for ($i=0;$iI NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE"); } } // This is because I originally had it require but too many people // were used to Matt's Formmail.pl which used required instead. if ($required) $require = $required; // handle the required fields if ($require) { // seperate at the commas $require = ereg_replace( " +", "", $require); $required = split(",",$require); for ($i=0;$iemail address is invalid"); $EMAIL = $email; } // check zipcodes for validity if (($ZIP_CODE) || ($zip_code)) { $zip_code = trim($zip_code); if ($ZIP_CODE) $zip_code = trim($ZIP_CODE); if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code)))) print_error("your zip/postal code is invalid"); } // check phone for validity if (($PHONE_NO) || ($phone_no)) { $phone_no = trim($phone_no); if ($PHONE_NO) $phone_no = trim($PHONE_NO); if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no)) print_error("your phone number is invalid"); } // check phone for validity if (($FAX_NO) || ($fax_no)) { $fax_no = trim($fax_no); if ($FAX_NO) $fax_no = trim($FAX_NO); if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no)) print_error("your fax number is invalid"); } // sort alphabetic or prepare an order if ($sort == "alphabetic") { uksort($HTTP_POST_VARS, "strnatcasecmp"); } elseif ((ereg('^order:.*,.*', $sort)) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) { $sort = $list; } // prepare the content $content = parse_form($HTTP_POST_VARS, $sort); // check for an attachment if there is a file upload it if ($attachment_name) { if ($attachment_size > 0) { if (!$attachment_type) $attachment_type = "application/unknown"; $content .= "Attached File: ".$attachment_name."\n"; $fp = fopen($attachment, "r"); $attachment_chunk = fread($fp, filesize($attachment)); $attachment_chunk = base64_encode($attachment_chunk); $attachment_chunk = chunk_split($attachment_chunk); } } // check for a file if there is a file upload it if ($file_name) { if ($file_size > 0) { if (!ereg("/$", $path_to_file)) $path_to_file = $path_to_file."/"; $location = $path_to_file.$file_name; if (file_exists($path_to_file.$file_name)) $location = $path_to_file.rand(1000,3000).".".$file_name; copy($file,$location); unlink($file); $content .= "Uploaded File: ".$location."\n"; } } // second file (see manual for instructions on how to add more.) if ($file2_name) { if ($file_size > 0) { if (!ereg("/$", $path_to_file)) $path_to_file = $path_to_file."/"; $location = $path_to_file.$file2_name; if (file_exists($path_to_file.$file2_name)) $location = $path_to_file.rand(1000,3000).".".$file2_name; copy($file2,$location); unlink($file2); $content .= "Uploaded File: ".$location."\n"; } } // if the env_report option is on: get eviromental variables /*if ($env_report) { $env_report = ereg_replace( " +", "", $env_report); $env_reports = split(",",$env_report); $content .= "\n------ eviromental variables ------\n"; for ($i=0;$i"; exit; // <---------- THE END ----------> //