<?php
$message = "";
$message .= "Location of Aerial: " . htmlspecialchars($_POST['locationofaerial'], ENT_QUOTES) . "<br>\n";
$message .= "Phone: " . htmlspecialchars($_POST['phone'], ENT_QUOTES) . "<br>\n";
$message .= "Email: " . htmlspecialchars($_POST['email'], ENT_QUOTES) . "<br>\n";
$message .= "Name: " . htmlspecialchars($_POST['name'], ENT_QUOTES) . "<br>\n";
$lowmsg = strtolower($message);
$injection_strings = array ( "content-type:","charset=","mime-version:","multipart/mixed","bcc:","cc:");
foreach($injection_strings as $suspect)
{
if((eregi($suspect, $lowmsg)) || (eregi($suspect, strtolower($_POST['name']))) || (eregi($suspect, strtolower($_POST['email']))))
{
die ( 'Illegal Input. Go back and try again. Your message has not been sent.' );
}
}
$headers = "MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: \"" . $_POST['name'] . "\" <" . $_POST['email'] . ">\r\n";
$headers .= "Reply-To: " . $_POST['email'] . "\r\n\r\n";
mail("karlfoto@comcast.net", "Aero-Foto web email", $message, $headers);
header("Location: index.html");
?>