-
-
Save anonymous/811c346223228f4e40b5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$notindomain_errorpage = "notindomain.html"; | |
$server_errorpage = "serverfailure.html"; | |
$invalidaddress_errorpage = "invalidemailaddr.html"; | |
$successpage = "Thanks.html"; | |
$recipient="mail@newmovement.org.uk"; | |
$subject="NMC mailing list"; | |
$blockedIPaddresses = array("192.168.0.1","192.168.0.2"); | |
// Set the server variables for older (PHP4,3 etc) systems | |
if (!isset($_SERVER)){ | |
$_POST = &$HTTP_POST_VARS; | |
$_SERVER = &$HTTP_SERVER_VARS; | |
} | |
$servername = $_SERVER['SERVER_NAME']; | |
//block IP addresses | |
$ip=@$REMOTE_ADDR; | |
if ($ip == ""){ | |
$ip=$_SERVER['REMOTE_ADDR']; | |
} | |
if (in_array($ip,$blockedIPaddresses)){ | |
header( "Location: ".$successpage."?" ); | |
exit; | |
} | |
if ($_SERVER['REQUEST_METHOD']=="POST") { | |
//8 should work for https as well as http | |
if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>8 || !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { | |
header( "Location: ".$notindomain_errorpage ); | |
exit; | |
} else { | |
$msg="The following information was submitted from a form on ".$servername.":\n\n"; | |
foreach($_POST as $key => $val) { | |
//filter out any form items called send or reset | |
//image based submit and reset buttons will be in the format | |
// send_x: 13 | |
// send_y: 10 | |
$myKeySlice = substr("$key",0,4); | |
if ($myKeySlice != "send" && $myKeySlice != "rese"){ | |
if ($key == "subject" || $key == "email" || $key == "name"){ | |
//Prevent injection attacks by stripping tags and newlines from the data | |
//Do this only on data that makes it into the e-mail header as newlines in a message body should still be valid | |
$key = strip_tags($key); | |
$val = strip_tags($val); | |
if (preg_match("/\r/",$key) || preg_match("/\n/",$key)){ | |
header( "Location: ".$notindomain_errorpage ); | |
exit; | |
} | |
if (preg_match("/\r/",$val) || preg_match("/\n/",$val)){ | |
header( "Location: ".$notindomain_errorpage ); | |
exit; | |
} | |
} | |
//if a list of recipients is set then set the recipient to one defined in the select list | |
if ($key == "phpfbf_recipID" && isset($phpfbf_recipients_array)){ | |
$arrayKey = (int)$val; | |
//is the id in the array of recipients? | |
if ($arrayKey < count($phpfbf_recipients_array)){ | |
$recipient=$phpfbf_recipients_array[$arrayKey]; | |
} | |
} | |
//if the form item is called "subject" then set this as the subject line of the mail | |
if ($key == "subject"){ | |
$subject=$val; | |
} else { | |
if ($key != "phpfbf_recipID"){ | |
//replace any underscores in the input names (PHP puts these in!) with spaces | |
$key = str_replace("_"," ",$key); | |
if (is_array($val)){ | |
$msg.="Item: $key\n"; | |
foreach($val as $v) | |
$msg.="$v\n"; | |
} else { | |
$msg.="$key: $val\n"; | |
} | |
} | |
} | |
} | |
} | |
//set up the default headers | |
$headers = ""; | |
//get the senders name (if specified) | |
if ($_POST["name"]) { | |
$name = $_POST["name"]; | |
} else { | |
$name = ""; | |
} | |
//get the senders email address (if specified) | |
if (isset($_POST["email"])) { | |
$email = $_POST["email"]; | |
if (!preg_match('/^[a-zA-Z0-9_\.-]+@[a-zA-Z0-9-\.]+\.[a-zA-Z]+(\.[a-zA-Z]+)?$/', $email)){ | |
header( "Location: ".$invalidaddress_errorpage ); | |
exit; | |
} | |
} else { | |
//the email is missing! | |
//strip the domain from the address | |
//www.domain.com -> domain.com | |
if (substr($servername,0,4) == "www."){ | |
$theaddress = substr($theaddress,4); | |
} | |
$email = "noreply@".$theaddress; | |
$msg.="\n\n------------------------------------------------------------------"; | |
$msg.="\nPLEASE NOTE: This is a message from the ".$servername." web site"; | |
$msg.="\nand has been sent from a machine and not a person."; | |
$msg.="\nPlease do not reply to this e-mail as it will bounce."; | |
$msg.="\n------------------------------------------------------------------"; | |
} | |
$headers .= "From: $name <$email>\r\n"; | |
//add the correct headers for plain text | |
/* | |
//see: http://www.webmasterworld.com/php/3949990.htm | |
$headers .= "MIME-Version: 1.0\n"; | |
$headers .= "Content-type: text/plain; charset=\"ISO-8859-1\"\n"; | |
$headers .= "Content-transfer-encoding: 7bit\n"; | |
*/ | |
//utf-8 headers | |
$headers .= "MIME-Version: 1.0\n"; | |
$headers .= "Content-Type: text/plain;charset=utf-8\n"; | |
$headers .= "Content-Transfer-Encoding: quoted-printable\n"; | |
$headers .= "Reply-To: $email\r\n"."Return-Path: $email"; | |
//strip any slashes from the message | |
$msg = stripcslashes($msg); | |
error_reporting(0); | |
if (mail($recipient, $subject, $msg, $headers)){// | |
header( "Location: ".$successpage ); | |
} else { | |
header( "Location: ".$server_errorpage ); | |
} | |
} | |
} else { | |
header( "Location: ".$server_errorpage ); | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment