Jump to content

PHP Script Help

jay@thesparrows.wanadoo.c
 Share

Recommended Posts

jay@thesparrows.wanadoo.c Newbie

jay@thesparrows.wanadoo.c

Posted
Posted

Hi there,

 

Firstly I would like to apologise to madtechie for not reading the rules, I am new to this and very prone to mistakes.

 

Please can someone help me.

 

I have created a site that has a contact form.  The purpose of the form is to send the information collected via email.  The email is sent with no problem at all.  The problem I have is that when the email is sent, rather than showing a confirmation page, it brings up the following error:

 

Warning: Cannot modify header information - headers already sent by (output started at \\NAS37ENT\domains\p\paintingsconservation.net\user\htdocs\emailus.php:1) in \\NAS37ENT\domains\p\paintingsconservation.net\user\htdocs\emailus.php on line 463

 

As a separate issue, there is the facility on the form to upload a file but unfortunately this doesn't happen.  If anyone has any ideas I'm all ears.

 

The code for the form is:

 

<?php

?>
<html>
<head>
<title>Email_Us</title>
<script language="JavaScript">
<!--
function FP_swapImg() {//v1.0
var doc=document,args=arguments,elm,n; doc.$imgSwaps=new Array(); for(n=2; n<args.length;
n+=2) { elm=FP_getObjectByID(args[n]); if(elm) { doc.$imgSwaps[doc.$imgSwaps.length]=elm;
elm.$src=elm.src; elm.src=args[n+1]; } }
}

function FP_preloadImgs() {//v1.0
var d=document,a=arguments; if(!d.FP_imgs) d.FP_imgs=new Array();
for(var i=0; i<a.length; i++) { d.FP_imgs[i]=new Image; d.FP_imgs[i].src=a[i]; }
}

function FP_getObjectByID(id,o) {//v1.0
var c,el,els,f,m,n; if(!o)o=document; if(o.getElementById) el=o.getElementById(id);
else if(o.layers) c=o.layers; else if(o.all) el=o.all[id]; if(el) return el;
if(o.id==id || o.name==id) return o; if(o.childNodes) c=o.childNodes; if(c)
for(n=0; n<c.length; n++) { el=FP_getObjectByID(id,c[n]); if(el) return el; }
f=o.forms; if(f) for(n=0; n<f.length; n++) { els=f[n].elements;
for(m=0; m<els.length; m++){ el=FP_getObjectByID(id,els[n]); if(el) return el; } }
return null;
}
// -->
</script>
</head>
<body background="images/background.jpg" onload="FP_preloadImgs(/*url*/'images/button57.jpg', /*url*/'images/button56.jpg')">
<form id="form" method="post" action="emailus.php">

<table border="0" width="100%">
<tr>
	<td align="left" valign="top">
	<font color="#CC9900" style="font-size: 20pt; font-weight: 700" face="Times New Roman">
	Email Us</font></td>
	<td>
	<p align="right">
	<a href="index.htm">
	<img border="0" id="img2" src="images/button55.jpg" height="33" width="85" alt="Home" fp-style="fp-btn: Soft Capsule 3; fp-font: Times New Roman; fp-font-size: 14; fp-proportional: 0; fp-orig: 0" fp-title="Home" onmouseover="FP_swapImg(1,0,/*id*/'img2',/*url*/'images/button56.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img2',/*url*/'images/button55.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img2',/*url*/'images/button57.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img2',/*url*/'images/button56.jpg')"></a></td>
</tr>
</table>
<table border="0" width="100%">
<tr>
	<td>Company Name</td>
	<td width="796">
<input type="text" name="Company" value="" size="46" style="background-color: #FFFF99"/></td>
</tr>
<tr>
	<td>Contact Name*</td>
	<td width="796"> 
<input type="text" name="Name" value="" size="46" style="background-color: #FFFF99"/></td>
</tr>
<tr>
	<td>Location  </td>
	<td width="796"> 
<input type="text" name="Location" value="" size="46" style="background-color: #FFFF99"/></td>
</tr>
<tr>
	<td>Telephone   </td>
	<td width="796"> 
<input type="number" name="Telephone" value="" size="46" style="background-color: #FFFF99"/></td>
</tr>
<tr>
	<td>Your Email*    </td>
	<td width="796"> 
<input type="text" name="Email" value="" size="46" style="background-color: #FFFF99" /></td>
</tr>
<tr>
	<td> </td>
	<td width="796"> </td>
</tr>
<tr>
	<td align="left" valign="top" rowspan="2">Enquiry Detail*</td>
	<td width="796">
	<textarea name="Comments" rows="8" cols="60" style="background-color: #FFFF99"></textarea></td>
</tr>
<tr>
	<td width="796">
	<br>
	Please feel free to supply a picture relating to your enquiry.  
	Click '<b>Browse</b>' to attach file.<br>

	<p>

	<input type="file" name="attachment" style="background-color: #FFFF99; width: 541px;" size="58" /></p>
	<p> </td>
</tr>
</table>
<p>   * = required fields                     <input type="submit" name="submit" value="Submit" style="background-color: #FFCC66" />                                      
<input type="reset" name="Clear Form" value="Reset" style="background-color: #FFCC66" />
<input type="hidden" name="config" value="0" />
</p>
</form>
<form id="form" method="post" action="emailus.php" enctype="multipart/form-data">


</html>

 

The code for the php is:

 

<?php
////////////////////////////////////////////////////////////////////////////
// dB Masters' PHP FormM@iler, Copyright (c) 2007 dB Masters Multimedia
// FormMailer comes with ABSOLUTELY NO WARRANTY
// Licensed under the AGPL
// See license.txt and readme.txt for details
////////////////////////////////////////////////////////////////////////////
// General Variables
$check_referrer="no";
$referring_domains="http://domain.com/,http://www.domain.com/,http://subdomain.domain.com/";

// options to use if hidden field "config" has a value of 0
// recipient info
$charset[0]="iso-8859-1";
$tomail[0]="enquiries@paintingsconservation.net";
$cc_tomail[0]="";
$bcc_tomail[0]="";
// Mail contents config
$subject[0]="Conservation Enquiry";
$reply_to_field[0]="Email";
$reply_to_name[0]="Name";
$required_fields[0]="Name,Comments";
$required_email_fields[0]="Email";
$attachment_fields[0]="attachment";
$return_ip[0]="yes";
$mail_intro[0]="The following person submitted an enquiry, the details are as follows:";
$mail_fields[0]="Company,Name,Location,Telephone,Email,Comments";
$mail_type[0]="text";
$mail_priority[0]="1";
$allow_html[0]="no";
// Send back to sender config
$send_copy[0]="no";
$send_copy_format[0]="vert_table";
$send_copy_fields[0]="Company,Name,Location,Telephone,Email,Comments";
$send_copy_attachment_fields[0]="";
$copy_subject[0]="Subject of Copy Email";
$copy_intro[0]="Thanks for your inquiry, the following message has been delivered.";
$copy_from[0]="noreply@yourdomain.com";
$copy_tomail_field[0]="Email";
// Result options
$header[0]="";
$footer[0]="";
$error_page[0]="";
$thanks_page[0]="";
// Default Error and Success Page Variables
$error_page_title[0]="Error - Missed Fields";
$error_page_text[0]="Please use your browser's back button to return to the form and complete the required fields.";
$thanks_page[0]="confirmation.htm";

// options to use if hidden field "config" has a value of 1
// recipient info
$charset[1]="";
$tomail[1]="";
$cc_tomail[1]="";
$bcc_tomail[1]="";
// Mail contents config
$subject[1]="";
$reply_to_field[1]="";
$reply_to_name[1]="";
$required_fields[1]="";
$required_email_fields[1]="";
$attachment_fields[1]="";
$return_ip[1]="";
$mail_intro[1]="";
$mail_fields[1]="";
$mail_type[1]="";
$mail_priority[1]="";
$allow_html[1]="";
// Send back to sender config
$send_copy[1]="";
$send_copy_format[1]="";
$send_copy_fields[1]="";
$send_copy_attachment_fields[1]="";
$copy_subject[1]="";
$copy_intro[1]="";
$copy_from[1]="";
$copy_tomail_field[1]="";
// Result options
$header[1]="";
$footer[1]="";
$error_page[1]="";
$thanks_page[1]="";
// Default Error and Success Page Variables
$error_page_title[1]="";
$error_page_text[1]="";
$thanks_page_title[1]="";
$thanks_page_text[1]="";

/////////////////////////////////////////////////////////////////////////
// Don't muck around past this line unless you know what you are doing //
/////////////////////////////////////////////////////////////////////////

ob_start();
$config=$_POST["config"];
$debug=0;
$reply_to_field=$reply_to_field[$config];
$copy_tomail_field=$copy_tomail_field[$config];

// fix for Windows email server security
ini_set("sendmail_from",$tomail[$config]);

// email validation regular expression
$regex = "^[-a-z0-9!#$%&\'*+/=?^_`{|}~]+(\.[-a-z0-9!#$%&\'*+/=?^_`{|}~]+)*@(([a-z]([-a-z0-9]*[a-z0-9]+)?){1,63}\.)+([a-z]([-a-z0-9]*[a-z0-9]+)?){2,63}$";
$header_injection_regex = "(\r|\n)(to:|from:|cc:|bcc:)";

if($header[$config]!="")
include($header[$config]);

if($_POST["submit"] || $_POST["Submit"] || $_POST["submit_x"] || $_POST["Submit_x"])
{

////////////////////////////
// begin global functions //
////////////////////////////
// get visitor IP
function getIP()
{
	if(getenv(HTTP_X_FORWARDED_FOR))
		$user_ip=getenv("HTTP_X_FORWARDED_FOR");
	else
		$user_ip=getenv("REMOTE_ADDR");
	return $user_ip;
}
// get value of given key
function parseArray($key)
{
	$array_value=$_POST[$key];
	$count=1;
	extract($array_value);
	foreach($array_value as $part_value)
	{
		if($count > 1){$value.=", ";}
		$value.=$part_value;
		$count=$count+1;
	}
	return $value;
}
// stripslashes and autolink url's
function parseValue($value)
{
	$value=preg_replace("/(http:\/\/+.[^\s]+)/i",'<a href="\\1">\\1</a>', $value);
	return $value;
}
// html header if used
function htmlHeader()
{
	$htmlHeader="<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=".$charset[$config]."\"></head>\n<body>\n<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"600\">\n";
	return $htmlHeader;
}
// html footer if used
function htmlFooter()
{
	$htmlFooter="</table>\n</body>\n</html>\n";
	return $htmlFooter;
}
// build verticle table format
function buildVertTable($fields, $intro, $to, $send_ip)
{
	$message=htmlHeader();
	if($intro != "")
		$message.="<tr>\n<td align=\"left\" valign=\"top\" colspan=\"2\">".$intro."</td>\n</tr>\n";
	$fields_check=preg_split('/,/',$fields);
	$run=sizeof($fields_check);
	for($i=0;$i<$run;$i++)
	{
		$cur_key=$fields_check[$i];
		$cur_value=$_POST[$cur_key];
		if(is_array($cur_value))
		{
			$cur_value=parseArray($cur_key);
		}
		$cur_value=parseValue($cur_value);
		if($allow_html[$config]=="no")
			$cur_value=htmlspecialchars(nl2br($cur_value));
		else
			$cur_value=nl2br($cur_value);
		$message.="<tr>\n<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>".$cur_key."</b></td>\n<td align=\"left\" valign=\"top\" width=\"100%\">".$cur_value."</td>\n</tr>\n";
	}
	if($send_ip=="yes" && $to=="recipient")
	{
		$user_ip=getIP();
		$message.="<tr>\n<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>Sender IP</b></td>\n<td align=\"left\" valign=\"top\" width=\"100%\">".$user_ip."</td>\n</tr>\n";
	}
	$message.=htmlFooter();
	return $message;
}
// build horizontal table format
function buildHorzTable($fields, $intro, $to, $send_ip)
{
	$message=htmlHeader();
	$fields_check=preg_split('/,/',$fields);
	$run=sizeof($fields_check);
	if($intro != "")
		$message.="<tr>\n<td align=\"left\" valign=\"top\" colspan=\"".$run."\">".$intro."</td>\n</tr>\n";
	$message.="<tr>\n";
	for($i=0;$i<$run;$i++)
	{
		$cur_key=$fields_check[$i];
		$message.="<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>".$cur_key."</b></td>\n";
	}
	if($send_ip=="yes" && $to=="recipient")
		$message.="<td align=\"left\" valign=\"top\" style=\"white-space:nowrap;\"><b>Sender IP</b></td>\n";
	$message.="</tr>\n";
	$message.="<tr>\n";
	for($i=0;$i<$run;$i++)
	{
		$cur_key=$fields_check[$i];
		$cur_value=$_POST[$cur_key];
		if(is_array($cur_value))
		{
			$cur_value=parseArray($cur_key);
		}
		$cur_value=parseValue($cur_value);
		if($allow_html[$config]=="no")
			$cur_value=htmlspecialchars(nl2br($cur_value));
		else
			$cur_value=nl2br($cur_value);
		$message.="<td align=\"left\" valign=\"top\">".$cur_value."</td>\n";
	}
	$message.="</tr>\n";
	$message.="<tr>\n";
	if($send_ip=="yes" && $to=="recipient")
	{
		$user_ip=getIP();
		$message.="<td align=\"left\" valign=\"top\">".$user_ip."</td>\n";
	}
	$message.="</tr>\n";
	$message.=htmlFooter();
	return $message;
}
// build plain text format
function buildTextTable($fields, $intro, $to, $send_ip)
{
	$message="";
	if($intro != "")
		$message.=$intro."\n\n";
	$fields_check=preg_split('/,/',$fields);
	$run=sizeof($fields_check);
	for($i=0;$i<$run;$i++)
	{
		$cur_key=$fields_check[$i];
		$cur_value=$_POST[$cur_key];
		if(is_array($cur_value))
		{
			$cur_value=parseArray($cur_key);
		}
		$cur_value=parseValue($cur_value);
		if($allow_html[$config]=="no")
			$cur_value=htmlspecialchars($cur_value);
		else
			$cur_value=$cur_value;
		$message.="".$cur_key.": ".$cur_value."\n";
	}
	if($send_ip=="yes" && $to=="recipient")
	{
		$user_ip=getIP();
		$message.="Sender IP: ".$user_ip."\n";
	}
	return $message;
}
// get the proper build fonction
function buildTable($format, $fields, $intro, $to, $send_ip)
{
	if($format=="vert_table")
		$message=buildVertTable($fields, $intro, $to, $send_ip);
	else if($format=="horz_table")
		$message=buildHorzTable($fields, $intro, $to, $send_ip);
	else
		$message=buildTextTable($fields, $intro, $to, $send_ip);
	return $message;
}
// referrer checking security option
function checkReferer()
{
	if($check_referrer=="yes")
	{
		$ref_check=preg_split('/,/',$referring_domains);
		$ref_run=sizeof($ref_check);
		$referer=$_SERVER['HTTP_REFERER'];
		$domain_chk="no";
		for($i=0;$i<$ref_run;$i++)
		{
			$cur_domain=$ref_check[$i];
			if(stristr($referer,$cur_domain)){$domain_chk="yes";}
		}
	}
	else
	{
		$domain_chk="yes";
	}
	return $domain_chk;
}
// checking required fields and email fields
function checkFields($text_fields, $email_fields, $regex)
{
      	$error_message="";
	if($debug==1)
		$error_message.="<li>text_fields: ".$text_fields."<br />email_fields: ".$email_fields."<br />reply_to_field: ".$reply_to_field."<br />reply_to_name: ".reply_to_name."</li>";
	if($text_fields != "")
	{
		$req_check=preg_split('/,/',$text_fields);
		$req_run=sizeof($req_check);
		for($i=0;$i<$req_run;$i++)
		{
			$cur_field_name=$req_check[$i];
			$cur_field=$_POST[$cur_field_name];
			if($cur_field=="")
			{
				$error_message.="<li>You are missing the <b>".$req_check[$i]."</b> field</li>\n";
			}
		}
	}
	if($email_fields != "")
	{
		$email_check=preg_split('/,/',$email_fields);
		$email_run=sizeof($email_check);
		for($i=0;$i<$email_run;$i++)
		{
			$cur_email_name=$email_check[$i];
			$cur_email=$_POST[$cur_email_name];
			if($cur_email=="" || !eregi($regex, $cur_email))
			{
				$error_message.="<li>You are missing the <b>".$email_check[$i]."</b> field or it is not a valid email address.</li>\n";
			}
		}
	}
	return $error_message;
}
// attachment function
function getAttachments($attachment_fields, $message, $content_type, $border)
{
	$att_message="This is a multi-part message in MIME format.\r\n";
	$att_message.="--{$border}\r\n";
	$att_message.=$content_type."\r\n";
	$att_message.="Content-Transfer-Encoding: 7bit\r\n\r\n";
	$att_message.=$message."\r\n\r\n";

	$att_check=preg_split('/,/',$attachment_fields);
	$att_run=sizeof($att_check);
	for($i=0;$i<$att_run;$i++)
	{
		$fileatt=$_FILES[$att_check[$i]]['tmp_name'];
		$fileatt_name=$_FILES[$att_check[$i]]['name'];
		$fileatt_type=$_FILES[$att_check[$i]]['type'];
		if (is_uploaded_file($fileatt))
		{
			$file=fopen($fileatt,'rb');
			$data=fread($file,filesize($fileatt));
			fclose($file);
			$data=chunk_split(base64_encode($data));
			$att_message.="--{$border}\n";
			$att_message.="Content-Type: {$fileatt_type}; name=\"{$fileatt_name}\"\r\n";
			$att_message.="Content-Disposition: attachment; filename=\"{$fileatt_name}\"\r\n";
			$att_message.="Content-Transfer-Encoding: base64\r\n\r\n".$data."\r\n\r\n";
		}
	}
	$att_message.="--{$border}--\n";
	return $att_message;
}
// function to set content type
function contentType($charset, $format)
{
	if($format=="vert_table")
		$content_type="Content-type: text/html; charset=\"".$charset."\"\r\n";
	else if($format=="horz_table")
		$content_type="Content-type: text/html; charset=\"".$charset."\"\r\n";
	else
		$content_type="Content-type: text/plain; charset=\"".$charset."\"\r\n";
	return $content_type;
}
// header injection filter
function headerInjectionFilter($reply_to_field, $reply_to_name, $header_injection_regex)
{
      	$security_filter="";
	if(strlen($reply_to_field) > 0)
	{
		if(eregi($header_injection_regex,$reply_to_field))
			$security_filter.="<li>Header injection attempt detected in 'email' data, mail aborted.</li>\n";
		if(eregi($header_injection_regex,$reply_to_name))
			$security_filter.="<li>Header injection attempt detected in 'name' data, mail aborted.</li>\n";
	}
	return $security_filter;
}
//////////////////////////
// end global functions //
//////////////////////////

////////////////////////////////
// begin procedural scripting //
////////////////////////////////
$domain_chk=checkReferer();
if($domain_chk=="yes")
{
	$security_filter=headerInjectionFilter($_POST[$reply_to_field[$config]], $_POST[$reply_to_name[$config]], $header_injection_regex);
	$error_message=checkFields($required_fields[$config], $required_email_fields[$config], $regex);
	if(strlen($error_message) < 1 && strlen($security_filter) < 1)
	{
// build appropriate message format for recipient
		$content_type=contentType($charset[$config], $mail_type[$config]);
		$message=buildTable($mail_type[$config], $mail_fields[$config], $mail_intro[$config], "recipient", $return_ip[$config]);
// build header data for recipient message
		$extra="From: ".$_POST[$reply_to_name[$config]]."<".$_POST[$reply_to_field[$config]].">\r\n";
		if($cc_tomail[$config]!="")
			$extra.="Cc: ".$cc_tomail[$config]."\r\n";
		if($bcc_tomail[$config]!="")
			$extra.="Bcc: ".$bcc_tomail[$config]."\r\n";
		$extra.="X-Priority: ".$mail_priority[$config]."\r\n";
// get attachments if necessary
		if($attachment_fields[$config]!="")
		{
			$semi_rand=md5(time());
			$border="==Multipart_Boundary_x{$semi_rand}x";
			$extra.="MIME-Version: 1.0\r\n";
			$extra.="Content-Type: multipart/mixed; boundary=\"{$border}\"";
			$message=getAttachments($attachment_fields[$config], $message, $content_type, $border);
		}
		else
		{
			$extra.="MIME-Version: 1.0\r\n".$content_type;
		}
// send recipient email
		if($debug==1)
			echo "<p>Mail would have sent if not in debug mode.</p>";
		else if($debug==0)
			mail("".$tomail[$config]."", "".stripslashes($subject[$config])."", "".stripslashes($message)."", "$extra");
// autoresponse email if necessary
		if($send_copy[$config]=="yes")
		{
// build appropriate message format for autoresponse
			$content_type=contentType($charset[$config], $send_copy_format[$config]);
			$message=buildTable($send_copy_format[$config], $send_copy_fields[$config], $copy_intro[$config], "autoresponder", $return_ip[$config]);
// build header data for autoresponse
			$copy_tomail=$_POST[$copy_tomail_field];
			$copy_extra="From: ".$copy_from[$config]."\r\n";
// get autoresponse  attachments if necessary
			if($send_copy_attachment_fields[$config]!="")
			{
				$semi_rand=md5(time());
				$border="==Multipart_Boundary_x{$semi_rand}x";
				$copy_extra.="MIME-Version: 1.0\r\n";
				$copy_extra.="Content-Type: multipart/mixed; boundary=\"{$border}\"";
				$message=getAttachments($send_copy_attachment_fields[$config], $message, $content_type, $border);
			}
			else
			{
				$copy_extra.="MIME-Version: 1.0\r\n".$content_type;
			}
// send autoresponse email
			$send_copy = 1;
			if($copy_tomail=="" || !eregi($email_regex,$copy_tomail))
				$send_copy = 0;
			if($send_copy == 1)
				mail("$copy_tomail", "".$copy_subject[$config]."", "$message", "$copy_extra");
		}
// showing thanks pages from a successful submission
		if($thanks_page[$config]=="")
		{
			echo "<p>".$thanks_page_title[$config]."</p>\n";
			echo "<p>".$thanks_page_text[$config]."</p>\n";
		}
		else
		{
			header("Location: ".$thanks_page[$config]);
		}
	}
	else
	{
// entering error page options from missing required fields
		if($error_page[$config]=="")
		{
			echo "<p>".$error_page_title[$config]."</p>\n";
			echo "<ul>\n";
			echo $security_filter;
			echo $error_message;
			echo "</ul>\n";
			echo "<p>".$error_page_text[$config]."</p>\n";
		}
		else
		{
			header("Location: ".$error_page[$config]);
		}
	}
}
else
{
// message if unauthorized domain trigger from referer checking option
	echo "<p>Sorry, mailing request came from an unauthorized domain.</p>\n";
}
//////////////////////////////
// end procedural scripting //
//////////////////////////////

}
else
{
echo "<p>Error</p>";
echo "<p>No form data has been sent to the script</p>\n";
}
if($footer[$config]!="")
include($footer[$config]);
ob_end_flush();
?>

 

Thanks in anticipation.

 

Jason

 

 

Link to comment
https://forums.phpfreaks.com/topic/48263-php-script-help/
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

OK the error line is

header("Location: ".$thanks_page[$config]);

 

there is a post pinned about this subject headers

 

basically nothing must be printed to the screen, now if this script is being called from another file then that file must also not print to the screen, if this script is being called alone then as you have used ob_start(); at the top you could try

 

 

<?php
ob_end_clean();
header("Location: ".$thanks_page[$config]);
?>

 

 

 

PS

No worries about last post, it was just very long and i started to worm my way though it and the italics made it very hard

Link to comment
https://forums.phpfreaks.com/topic/48263-php-script-help/#findComment-235919
Share on other sites
jay@thesparrows.wanadoo.c Newbie

jay@thesparrows.wanadoo.c

Posted
  • Author
Posted

I just ran it again and it went through to the PHP page.

 

It was just code which is as follows:

 

1){$value.=", ";} $value.=$part_value; $count=$count+1; } return $value; } // stripslashes and autolink url's function parseValue($value) { $value=preg_replace("/(http:\/\/+.[^\s]+)/i",'\\1', $value); return $value; } // html header if used function htmlHeader() { $htmlHeader="\n\n\n\n\n"; return $htmlHeader; } // html footer if used function htmlFooter() { $htmlFooter=" \n\n\n"; return $htmlFooter; } // build verticle table format function buildVertTable($fields, $intro, $to, $send_ip) { $message=htmlHeader(); if($intro != "") $message.="\n".$intro."\n\n"; $fields_check=preg_split('/,/',$fields); $run=sizeof($fields_check); for($i=0;$i<$run;$i++) { $cur_key=$fields_check[$i]; $cur_value=$_POST[$cur_key]; if(is_array($cur_value)) { $cur_value=parseArray($cur_key); } $cur_value=parseValue($cur_value); if($allow_html[$config]=="no") $cur_value=htmlspecialchars(nl2br($cur_value)); else $cur_value=nl2br($cur_value); $message.="\n".$cur_key."\n".$cur_value."\n\n"; } if($send_ip=="yes" && $to=="recipient") { $user_ip=getIP(); $message.="\nSender IP\n".$user_ip."\n\n"; } $message.=htmlFooter(); return $message; } // build horizontal table format function buildHorzTable($fields, $intro, $to, $send_ip) { $message=htmlHeader(); $fields_check=preg_split('/,/',$fields); $run=sizeof($fields_check); if($intro != "") $message.="\n".$intro."\n\n"; $message.="\n"; for($i=0;$i<$run;$i++) { $cur_key=$fields_check[$i]; $message.="".$cur_key."\n"; } if($send_ip=="yes" && $to=="recipient") $message.="Sender IP\n"; $message.="\n"; $message.="\n"; for($i=0;$i<$run;$i++) { $cur_key=$fields_check[$i]; $cur_value=$_POST[$cur_key]; if(is_array($cur_value)) { $cur_value=parseArray($cur_key); } $cur_value=parseValue($cur_value); if($allow_html[$config]=="no") $cur_value=htmlspecialchars(nl2br($cur_value)); else $cur_value=nl2br($cur_value); $message.="".$cur_value."\n"; } $message.="\n"; $message.="\n"; if($send_ip=="yes" && $to=="recipient") { $user_ip=getIP(); $message.="".$user_ip."\n"; } $message.="\n"; $message.=htmlFooter(); return $message; } // build plain text format function buildTextTable($fields, $intro, $to, $send_ip) { $message=""; if($intro != "") $message.=$intro."\n\n"; $fields_check=preg_split('/,/',$fields); $run=sizeof($fields_check); for($i=0;$i<$run;$i++) { $cur_key=$fields_check[$i]; $cur_value=$_POST[$cur_key]; if(is_array($cur_value)) { $cur_value=parseArray($cur_key); } $cur_value=parseValue($cur_value); if($allow_html[$config]=="no") $cur_value=htmlspecialchars($cur_value); else $cur_value=$cur_value; $message.="".$cur_key.": ".$cur_value."\n"; } if($send_ip=="yes" && $to=="recipient") { $user_ip=getIP(); $message.="Sender IP: ".$user_ip."\n"; } return $message; } // get the proper build fonction function buildTable($format, $fields, $intro, $to, $send_ip) { if($format=="vert_table") $message=buildVertTable($fields, $intro, $to, $send_ip); else if($format=="horz_table") $message=buildHorzTable($fields, $intro, $to, $send_ip); else $message=buildTextTable($fields, $intro, $to, $send_ip); return $message; } // referrer checking security option function checkReferer() { if($check_referrer=="yes") { $ref_check=preg_split('/,/',$referring_domains); $ref_run=sizeof($ref_check); $referer=$_SERVER['HTTP_REFERER']; $domain_chk="no"; for($i=0;$i<$ref_run;$i++) { $cur_domain=$ref_check[$i]; if(stristr($referer,$cur_domain)){$domain_chk="yes";} } } else { $domain_chk="yes"; } return $domain_chk; } // checking required fields and email fields function checkFields($text_fields, $email_fields, $regex) { $error_message=""; if($debug==1) $error_message.="
text_fields: ".$text_fields."
email_fields: ".$email_fields."
reply_to_field: ".$reply_to_field."
reply_to_name: ".reply_to_name.""; if($text_fields != "") { $req_check=preg_split('/,/',$text_fields); $req_run=sizeof($req_check); for($i=0;$i<$req_run;$i++) { $cur_field_name=$req_check[$i]; $cur_field=$_POST[$cur_field_name]; if($cur_field=="") { $error_message.="
You are missing the ".$req_check[$i]." field\n"; } } } if($email_fields != "") { $email_check=preg_split('/,/',$email_fields); $email_run=sizeof($email_check); for($i=0;$i<$email_run;$i++) { $cur_email_name=$email_check[$i]; $cur_email=$_POST[$cur_email_name]; if($cur_email=="" || !eregi($regex, $cur_email)) { $error_message.="
You are missing the ".$email_check[$i]." field or it is not a valid email address.\n"; } } } return $error_message; } // attachment function function getAttachments($attachment_fields, $message, $content_type, $border) { $att_message="This is a multi-part message in MIME format.\r\n"; $att_message.="--{$border}\r\n"; $att_message.=$content_type."\r\n"; $att_message.="Content-Transfer-Encoding: 7bit\r\n\r\n"; $att_message.=$message."\r\n\r\n"; $att_check=preg_split('/,/',$attachment_fields); $att_run=sizeof($att_check); for($i=0;$i<$att_run;$i++) { $fileatt=$_FILES[$att_check[$i]]['tmp_name']; $fileatt_name=$_FILES[$att_check[$i]]['name']; $fileatt_type=$_FILES[$att_check[$i]]['type']; if (is_uploaded_file($fileatt)) { $file=fopen($fileatt,'rb'); $data=fread($file,filesize($fileatt)); fclose($file); $data=chunk_split(base64_encode($data)); $att_message.="--{$border}\n"; $att_message.="Content-Type: {$fileatt_type}; name=\"{$fileatt_name}\"\r\n"; $att_message.="Content-Disposition: attachment; filename=\"{$fileatt_name}\"\r\n"; $att_message.="Content-Transfer-Encoding: base64\r\n\r\n".$data."\r\n\r\n"; } } $att_message.="--{$border}--\n"; return $att_message; } // function to set content type function contentType($charset, $format) { if($format=="vert_table") $content_type="Content-type: text/html; charset=\"".$charset."\"\r\n"; else if($format=="horz_table") $content_type="Content-type: text/html; charset=\"".$charset."\"\r\n"; else $content_type="Content-type: text/plain; charset=\"".$charset."\"\r\n"; return $content_type; } // header injection filter function headerInjectionFilter($reply_to_field, $reply_to_name, $header_injection_regex) { $security_filter=""; if(strlen($reply_to_field) > 0) { if(eregi($header_injection_regex,$reply_to_field)) $security_filter.="
Header injection attempt detected in 'email' data, mail aborted.\n"; if(eregi($header_injection_regex,$reply_to_name)) $security_filter.="
Header injection attempt detected in 'name' data, mail aborted.\n"; } return $security_filter; } ////////////////////////// // end global functions // ////////////////////////// //////////////////////////////// // begin procedural scripting // //////////////////////////////// $domain_chk=checkReferer(); if($domain_chk=="yes") { $security_filter=headerInjectionFilter($_POST[$reply_to_field[$config]], $_POST[$reply_to_name[$config]], $header_injection_regex); $error_message=checkFields($required_fields[$config], $required_email_fields[$config], $regex); if(strlen($error_message) < 1 && strlen($security_filter) < 1) { // build appropriate message format for recipient $content_type=contentType($charset[$config], $mail_type[$config]); $message=buildTable($mail_type[$config], $mail_fields[$config], $mail_intro[$config], "recipient", $return_ip[$config]); // build header data for recipient message $extra="From: ".$_POST[$reply_to_name[$config]]."<".$_POST[$reply_to_field[$config]].">\r\n"; if($cc_tomail[$config]!="") $extra.="Cc: ".$cc_tomail[$config]."\r\n"; if($bcc_tomail[$config]!="") $extra.="Bcc: ".$bcc_tomail[$config]."\r\n"; $extra.="X-Priority: ".$mail_priority[$config]."\r\n"; // get attachments if necessary if($attachment_fields[$config]!="") { $semi_rand=md5(time()); $border="==Multipart_Boundary_x{$semi_rand}x"; $extra.="MIME-Version: 1.0\r\n"; $extra.="Content-Type: multipart/mixed; boundary=\"{$border}\""; $message=getAttachments($attachment_fields[$config], $message, $content_type, $border); } else { $extra.="MIME-Version: 1.0\r\n".$content_type; } // send recipient email if($debug==1) echo "
Mail would have sent if not in debug mode.

"; else if($debug==0) mail("".$tomail[$config]."", "".stripslashes($subject[$config])."", "".stripslashes($message)."", "$extra"); // autoresponse email if necessary if($send_copy[$config]=="yes") { // build appropriate message format for autoresponse $content_type=contentType($charset[$config], $send_copy_format[$config]); $message=buildTable($send_copy_format[$config], $send_copy_fields[$config], $copy_intro[$config], "autoresponder", $return_ip[$config]); // build header data for autoresponse $copy_tomail=$_POST[$copy_tomail_field]; $copy_extra="From: ".$copy_from[$config]."\r\n"; // get autoresponse attachments if necessary if($send_copy_attachment_fields[$config]!="") { $semi_rand=md5(time()); $border="==Multipart_Boundary_x{$semi_rand}x"; $copy_extra.="MIME-Version: 1.0\r\n"; $copy_extra.="Content-Type: multipart/mixed; boundary=\"{$border}\""; $message=getAttachments($send_copy_attachment_fields[$config], $message, $content_type, $border); } else { $copy_extra.="MIME-Version: 1.0\r\n".$content_type; } // send autoresponse email $send_copy = 1; if($copy_tomail=="" || !eregi($email_regex,$copy_tomail)) $send_copy = 0; if($send_copy == 1) mail("$copy_tomail", "".$copy_subject[$config]."", "$message", "$copy_extra"); } // showing thanks pages from a successful submission if($thanks_page[$config]=="") { echo "
".$thanks_page_title[$config]."

\n"; echo "
".$thanks_page_text[$config]."

\n"; } else { ob_end_clean(); header("Location: ".$thanks_page[$config]); } } else { // entering error page options from missing required fields if($error_page[$config]=="") { echo "
".$error_page_title[$config]."

\n"; echo "
\n"; echo $security_filter; echo $error_message; echo "
\n"; echo "
".$error_page_text[$config]."

\n"; } else { ob_end_clean(); header("Location: ".$error_page[$config]); } } } else { // message if unauthorized domain trigger from referer checking option echo "
Sorry, mailing request came from an unauthorized domain.

\n"; } ////////////////////////////// // end procedural scripting // ////////////////////////////// } else { echo "
Error

"; echo "
No form data has been sent to the script

\n"; } if($footer[$config]!="") include($footer[$config]); ob_end_flush(); ?>

 

Jason

Link to comment
https://forums.phpfreaks.com/topic/48263-php-script-help/#findComment-235964
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.