\"\" \"\"
\"\"
"; $post_header = "  

"; $pre_footer = "
  "; $post_footer = "

"; //################ End Layout/Web Site Variables ###################### //#####End added by Matthew Farnell // for ultimate security, use this instead of using the form //$recipient = ""; // youremail@domain.com // bcc emails (separate multiples with commas (,)) $bcc = ""; // banned emails, these will be email addresses of people // who are blocked from using the script (requested) $banlist = array(); // field / value seperator define("SEPARATOR", ($separator)?$separator:": "); // content newline define("NEWLINE", ($newline)?$newline:"\n"); // formmail version (for debugging mostly) define("VERSION", "5.0"); // our mighty error function.. //#####Modified by Matthew Farnell - May 29, 2004 function print_error($pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer,$reason,$type = 0) { global $pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer; build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet); // for missing required data if ($type == "missing") { if ($missing_field_redirect) { header("Location: $missing_field_redirect?error=$reason"); exit; } else { echo "$pre_header"; readfile("$header_file"); echo "$post_header"; ?> The form was not submitted for the following reasons:

Please use your browser's back button to return to the form and try again. The form was not submitted because of the following reasons:


\n"; echo "This form is powered by Jack's Formmail.php ".VERSION."\n\n"; echo "$pre_footer"; readfile("$footer_file"); echo "$post_footer"; exit; } //#####End modified by Matthew Farnell - May 29, 2004 // function to check the banlist // suggested by a whole lot of people.. Thanks function check_banlist($banlist, $email) { if (count($banlist)) { $allow = true; foreach($banlist as $banned) { $temp = explode("@", $banned); if ($temp[0] == "*") { $temp2 = explode("@", $email); if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1]))) $allow = false; } else { if (trim(strtolower($email)) == trim(strtolower($banned))) $allow = false; } } } if (!$allow) { //#####Modified by Matthew Farnell - May 29, 2004 print_error($pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer,"You are using from a banned email address."); //#####End modified by Matthew Farnell - May 29, 2004 } } // function to check the referer for security reasons. // contributed by some one who's name got lost.. Thanks // goes out to him any way. function check_referer($referers) { if (count($referers)) { $found = false; $temp = explode("/",getenv("HTTP_REFERER")); $referer = $temp[2]; if ($referer=="") {$referer = $_SERVER['HTTP_REFERER']; list($remove,$stuff)=split('//',$referer,2); list($home,$stuff)=split('/',$stuff,2); $referer = $home; } for ($x=0; $x < count($referers); $x++) { if (eregi ($referers[$x], $referer)) { $found = true; } } if ($referer =="") $found = false; if (!$found){ //#####Modified by Matthew Farnell - May 29, 2004 print_error($pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer,"You are coming from an unauthorized domain."); //#####End modified by Matthew Farnell - May 29, 2004 error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0); } return $found; } else { return true; // not a good idea, if empty, it will allow it. } } if ($referers && !$to && $HTTP_POST_VARS) check_referer($referers); if ($banlist) check_banlist($banlist, $email); // This function takes the sorts, excludes certain keys and // makes a pretty content string. function parse_form($array, $sort = "") { // build reserved keyword array $reserved_keys[] = "MAX_FILE_SIZE"; $reserved_keys[] = "required"; $reserved_keys[] = "redirect"; $reserved_keys[] = "require"; $reserved_keys[] = "path_to_file"; $reserved_keys[] = "recipient"; $reserved_keys[] = "subject"; $reserved_keys[] = "sort"; $reserved_keys[] = "style_sheet"; $reserved_keys[] = "bgcolor"; $reserved_keys[] = "text_color"; $reserved_keys[] = "link_color"; $reserved_keys[] = "vlink_color"; $reserved_keys[] = "alink_color"; $reserved_keys[] = "title"; $reserved_keys[] = "missing_fields_redirect"; $reserved_keys[] = "env_report"; $reserved_keys[] = "submit"; $reserved_keys[] = "recipient_name"; $reserved_keys[] = "name"; $reserved_keys[] = "email"; $reserved_keys[] = "message"; $reserved_keys[] = "referring_url"; if (count($array)) { if (is_array($sort)) { foreach ($sort as $field) { $reserved_violation = 0; for ($ri=0; $ri\n"; $headers .= "To: ".$recipient."\n"; $headers .= "Reply-To: ".$email."\n"; if ($bcc) $headers .= "Bcc: ".$bcc."\n"; $headers .= "X-Priority: 1\n"; $headers .= "X-Mailer: DT Formmail".VERSION."\n"; $headers .= "Content-Type: multipart/mixed;\n\tboundary=\"".$ob."\"\n"; $message = "This is a multi-part message in MIME format.\n"; $message .= "\n--".$ob."\n"; $message .= "Content-Type: multipart/alternative;\n\tboundary=\"".$ib."\"\n\n"; $message .= "\n--".$ib."\n"; $message .= "Content-Type: text/plain;\n\tcharset=\"iso-8859-1\"\n"; $message .= "Content-Transfer-Encoding: quoted-printable\n\n"; $message .= $msg."\n\n"; if ($content) $message .= $content."\n"; $message .= "This message was sent by ".$name." <".$email."> from <".$referring_url.">\n\n"; $message .= "\n--".$ib."--\n"; if ($attachment_name && !$attachment_sent) { $message .= "\n--".$ob."\n"; $message .= "Content-Type: $attachment_type;\n\tname=\"".$attachment_name."\"\n"; $message .= "Content-Transfer-Encoding: base64\n"; $message .= "Content-Disposition: attachment;\n\tfilename=\"".$attachment_name."\"\n\n"; $message .= $attachment_chunk; $message .= "\n\n"; $attachment_sent = 1; } $message .= "\n--".$ob."--\n"; mail($recipient, $subject, $message, $headers); } // take in the body building arguments and build the body tag for page display function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet) { if ($style_sheet) echo "\n"; if ($title) echo "$title\n"; if (!$bgcolor) $bgcolor = "#FFFFFF"; if (!$text_color) $text_color = "#000000"; if (!$link_color) $link_color = "#0000FF"; if (!$vlink_color) $vlink_color = "#FF0000"; if (!$alink_color) $alink_color = "#000088"; if ($background) $background = "background=\"$background\""; //echo "\n\n"; } // check for a recipient email address and check the validity of it // Thanks to Bradley miller (bradmiller@accesszone.com) for pointing // out the need for multiple recipient checking and providing the code. $recipient_in = split(',',$recipient); for ($i=0;$iI NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE"); //#####End modified by Matthew Farnell - May 29, 2004 } } // This is because I originally had it require but too many people // were used to Matt's Formmail.pl which used required instead. if ($required) $require = $required; // handle the required fields if ($require) { // seperate at the commas $require = ereg_replace( " +", "", $require); $required = split(",",$require); for ($i=0;$iemail address is invalid"); //#####End modified by Matthew Farnell - May 29, 2004 $EMAIL = $email; } // check zipcodes for validity if (($ZIP_CODE) || ($zip_code)) { $zip_code = trim($zip_code); if ($ZIP_CODE) $zip_code = trim($ZIP_CODE); if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code)))) //#####Modified by Matthew Farnell - May 29, 2004 print_error($pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer,"your zip/postal code is invalid"); //#####End modified by Matthew Farnell - May 29, 2004 } // check phone for validity if (($PHONE_NO) || ($phone_no)) { $phone_no = trim($phone_no); if ($PHONE_NO) $phone_no = trim($PHONE_NO); if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no)) //#####Modified by Matthew Farnell - May 29, 2004 print_error($pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer,"your phone number is invalid"); //#####End modified by Matthew Farnell - May 29, 2004 } // check phone for validity if (($FAX_NO) || ($fax_no)) { $fax_no = trim($fax_no); if ($FAX_NO) $fax_no = trim($FAX_NO); if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no)) //#####Modified by Matthew Farnell - May 29, 2004 print_error($pre_header,$header_file,$post_header,$pre_footer,$footer_file,$post_footer,"your fax number is invalid"); //#####End modified by Matthew Farnell - May 29, 2004 } // sort alphabetic or prepare an order if ($sort == "alphabetic") { uksort($HTTP_POST_VARS, "strnatcasecmp"); } elseif ((ereg('^order:.*,.*', $sort)) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) { $sort = $list; } // prepare the content $content = parse_form($HTTP_POST_VARS, $sort); //#####Added by Matthew Farnell - May 30, 2004 if ($to) { list ($recipient_realname, $user, $domain) = newnames($recipient_name); $rhostget=getenv("HTTP_REFERER"); echo "$pre_header"; readfile("$header_file"); echo "$post_header"; echo "

E-Mail message to "; echo $recipient_realname."

\n"; echo "
\n"; echo ""; ?>
Your Name:
Your E-Mail:
Subject:
Message:

Please double check your e-mail address before sending the message.
If there's an error in your e-mail address, you
may not receive a response. Thanks!


0) { if (!$attachment_type) $attachment_type = "application/unknown"; $content .= "Attached File: ".$attachment_name."\n"; $fp = fopen($attachment, "r"); $attachment_chunk = fread($fp, filesize($attachment)); $attachment_chunk = base64_encode($attachment_chunk); $attachment_chunk = chunk_split($attachment_chunk); } } // check for a file if there is a file upload it if ($file_name) { if ($file_size > 0) { if (!ereg("/$", $path_to_file)) $path_to_file = $path_to_file."/"; $location = $path_to_file.$file_name; if (file_exists($path_to_file.$file_name)) $location = $path_to_file.rand(1000,3000).".".$file_name; copy($file,$location); unlink($file); $content .= "Uploaded File: ".$location."\n"; } } // second file (see manual for instructions on how to add more.) if ($file2_name) { if ($file_size > 0) { if (!ereg("/$", $path_to_file)) $path_to_file = $path_to_file."/"; $location = $path_to_file.$file2_name; if (file_exists($path_to_file.$file2_name)) $location = $path_to_file.rand(1000,3000).".".$file2_name; copy($file2,$location); unlink($file2); $content .= "Uploaded File: ".$location."\n"; } } // if the env_report option is on: get eviromental variables if ($env_report) { $env_report = ereg_replace( " +", "", $env_report); $env_reports = split(",",$env_report); $content .= "\n------ eviromental variables ------\n"; for ($i=0;$i"; echo "Message Sent

"; echo "Your message was successfully sent to"; echo " $recipient_realname. Thank you!

\n\n"; if ($referring_url == "(none)") { echo "".$website."
\n\n"; } else { echo "Please click here to return to the "; echo "referring page.\n\n"; } echo ""; echo "$pre_footer"; readfile("$footer_file"); echo "$post_footer"; //#####End edited by Matthew Farnell exit; } // <---------- THE END ----------> //