<?PHP
define('VERSION','Classic v1.07.2');
define('MANUAL','http://www.boaddrink.com/projects/phpformmail/readme.php');
define('CHECK_REFERER', true);
$referers = array('domain.de');
foreach($referers as $referer) {
if(substr($referer,0,4)!="www.")array_push($referers,"www.".$referer);
}
$recipient_array = array();
$valid_env = array('REMOTE_HOST', 'REMOTE_ADDR', 'REMOTE_USER', 'HTTP_USER_AGENT');
$errors = $fieldname_lookup = array();
$invis_array = array('recipient','subject','required','redirect',
'print_blank_fields','env_report','sort',
'missing_fields_redirect','title','bgcolor',
'text_color','link_color','alink_color',
'vlink_color','background','subject','title',
'link','css','return_link_title',
'return_link_url','recipient_cc','recipient_bcc',
'priority','redirect_values','hidden','alias',
'mail_newline', 'gmt_offset', 'alias_method',
'subject_prefix');
$form = decode_vars();
$form[recipient]="info@domain.de";
$logfilename="langergemeinerlogfilename-nurfüripsundfehler.html";
$logfile=$DOCUMENT_ROOT."/".$logfilename;
function fake_in_array($needle, $haystack)
{
$found = false;
while (list($key,$val) = each ($haystack)) {
if ($needle == $val)
$found = true;
}
return $found;
}
function check_referer($referers)
{
global $errors,$logfile;
if (count($referers)) {
if (getenv('HTTP_REFERER')) {
$temp = explode('/', getenv('HTTP_REFERER'));
$found = false;
while (list(,$stored_referer) = each($referers)) {
if (eregi('^' . $stored_referer . '$', $temp[2]))
$found = true;
}
if (!$found) {
$errors[] = '1|You are coming from an unauthorized domain. Please read the manual section titled "<a href="' . MANUAL . '#setting_up" target="_blank">Setting Up the PHPFormMail Script</a>".';
error_log('<br>['.date('d.m.y H:i:s').'] Illegal Referer. (' . getenv('HTTP_REFERER') . ')', 3, $logfile);
}
return $found;
} else {
$errors[] = '0|Sorry, but I cannot figure out who sent you here. Your browser is not sending an HTTP_REFERER. This could be caused by a firewall or browser that removes the HTTP_REFERER from each HTTP request you submit.';
error_log('<br>['.date('d.m.y H:i:s').'] HTTP_REFERER not defined. Browser: ' . getenv('HTTP_USER_AGENT') . '; Client IP: ' . getenv('REMOTE_ADDR') . '; Request Method: ' . getenv('REQUEST_METHOD') . ';', 3, $logfile);
return false;
}
} else {
$errors[] = '1|There are no referers defined. All submissions will be denied. Please read the manual section titled "<a href="' . MANUAL . '#setting_up" target="_blank">Setting Up the PHPFormMail Script</a>".';
error_log('<br>['.date('d.m.y H:i:s').'] You have no referers defined. All submissions will be denied.', 3, $logfile);
return false;
}
}
function check_recipients($recipient_list)
{
global $errors, $referers, $logfile;
$recipients_ok = true;
$recipient_list = explode(',', $recipient_list);
while (list(,$recipient) = each($recipient_list)) {
$recipient_domain = false;
$recipient = trim($recipient);
reset($referers);
while ((list(,$stored_domain) = each($referers)) && ($recipient_domain == false)) {
if (eregi('^[_\.a-z0-9-]*@' . $stored_domain . '$', $recipient))
$recipient_domain = true;
}
if ($recipient_domain == false) {
$recipients_ok = false;
error_log('<br>['.date('d.m.y H:i:s').'] Illegal Recipient: ' . $recipient . ' from ' . getenv('HTTP_REFERER'), 3, $logfile);
}
}
if (!$recipients_ok)
$errors[] = '1|You are trying to send mail to a domain that is not in the allowed recipients list. Please read the manual section titled "<a href="' . MANUAL . '#setting_up" target="_blank">Setting Up the PHPFormMail Script</a>".';
return join(',', $recipient_list);
}
function map_recipients($recipient_list)
{
global $errors, $recipient_array;
$recipients_ok = true;
$recipient_list = explode(',',$recipient_list);
while (list(,$val) = each($recipient_list)){
$val = trim($val);
if(isset($recipient_array[$val]))
$output[] = $recipient_array[$val];
else
$recipients_ok = false;
}
if (!$recipients_ok)
$errors[] = '1|You are trying to send mail to an address that is not listed in the recipient array.';
if (isset($output))
return join(',', $output);
else
return null;
}
function decode_vars()
{
if (isset($_REQUEST))
$request = '_' . getenv('REQUEST_METHOD');
else
$request = 'HTTP_' . getenv('REQUEST_METHOD') . '_VARS';
global $$request;
if (count($$request) > 0) {
while (list($key, $val) = each($$request)) {
if (is_array($val))
$val = implode(', ',$val);
$output[$key] = stripslashes($val);
}
return $output;
} else
return array();
}
function error()
{
global $form, $natural_form, $errors;
if (isset($form['missing_fields_redirect'])) {
if (isset($form['redirect_values']))
header('Location: ' . $form['missing_fields_redirect'] . '?' . getenv('QUERY_STRING') . "\r\n");
else
header('Location: ' . $form['missing_fields_redirect'] . "\r\n");
} else {
if(!isset($form['title']))
$form['title'] = 'PHPFormMail - Error';
$output = "<h1>The following errors were found:</h1>\n<ul>\n";
$crit_error = 0;
while (list(,$val) = each ($errors)) {
list($crit,$message) = explode('|',$val);
$output .= ' <li>' . $message . "</li>\n";
if ($crit == 1)
$crit_error = 1;
}
$output .= "</ul>\n";
if ($crit_error == 1)
$output .= "<div class=\"crit\">PHPFormMail has experienced errors that must be fixed by the webmaster. Mail will NOT be sent until these issues are resolved. Once these issues are resolved, you will have to resubmit your form to PHPFormMail for the mail to be sent.</div><div class=\"returnlink\">Please use the <a href=\"javascript: history.back();\">back</a> button to return to the site.</div>\n";
else
$output .= "<div class=\"returnlink\">Please use the <a href=\"javascript: history.back();\">back</a> button to correct these errors.</div>\n";
output_html($output);
}
}
function check_required()
{
global $form, $errors, $invis_array, $fieldname_lookup;
$problem = true;
if ((!isset($form['recipient'])) && (!isset($form['recipient_bcc']))) {
$problem = false;
$errors[] = '1|There is no recipient to send this mail to. Please read the manual section titled "<a href="' . MANUAL . '#recipient" target="_blank">Form Configuration - Recipient</a>".';
error_log('<br>['.date('d.m.y H:i:s').'] There is no recipient defined from ' . getenv('HTTP_REFERER'), 3, $logfile);
}
if (isset($form['required'])) {
$required = split(',', $form['required']);
while (list(,$val) = each($required)) {
$val = trim($val);
$regex_field_name = $val . '_regex';
if ((!isset($form[$val])) || (isset($form[$val]) && (strlen($form[$val]) < 1))) {
$problem = false;
if (isset($fieldname_lookup[$val]))
$field = $fieldname_lookup[$val];
else
$field = $val;
$errors[] = '0|Required value (<b>' . $field . '</b>) is missing.';
} else if (isset($form[$regex_field_name])) {
if (!eregi($form[$regex_field_name],$form[$val])) {
$problem = false;
$errors[] = '0|Required value (<b>' . $fieldname_lookup[$val] . '</b>) has an invalid format.';
}
$invis_array[] = $regex_field_name;
}
}
}
return $problem;
}
function sort_fields()
{
global $form;
switch ($form['sort']) {
case 'alphabetic':
case 'alpha': ksort($form);
break;
case 'ralphabetic':
case 'ralpha': krsort($form);
break;
default: if ($col = strpos($form['sort'],':')) {
$form['sort'] = substr($form['sort'],($col + 1));
$temp_sort_arr = explode(',', $form['sort']);
for($x = 0; $x < count($temp_sort_arr); $x++) {
$out[$temp_sort_arr[$x]] = $form[$temp_sort_arr[$x]];
unset($form[$temp_sort_arr[$x]]);
}
$form = array_merge($out,$form);
}
}
return true;
}
function alias_fields()
{
global $form, $fieldname_lookup;
while (list($key,) = each($form)) {
$fieldname_lookup[$key] = $key;
}
reset($form);
if (isset($form['alias'])) {
$aliases = explode(',', $form['alias']);
while (list(,$val) = each($aliases)) {
$temp = explode('=', $val);
$fieldname_lookup[trim($temp[0])] = trim($temp[1]);
}
}
return true;
}
function send_mail()
{
global $form, $invis_array, $valid_env, $fieldname_lookup, $errors, $logfile;
$email_replace_array = "\r|\n|to:|cc:|bcc:";
if (!isset($form['subject']))
$form['subject'] = 'WWW Form Submission';
if (isset($form['subject_prefix']))
$form['subject'] = $form['subject_prefix'] . $form['subject'];
if (!isset($form['email']))
$form['email'] = 'email@example.com';
switch ($form['mail_newline']) {
case 2: $mail_newline = "\r";
break;
case 3: $mail_newline = "\r\n";
break;
default: $mail_newline = "\n";
}
if (isset($form['gmt_offset']) && ereg('^(\\-|\\+)?([0-9]{1}|(1{1}[0-2]{1}))$', $form['gmt_offset'])) {
$mkseconds = mktime(gmdate('H') + $form['gmt_offset']);
$mail_date = gmdate('F jS, Y', $mkseconds) . ' at ' . gmdate('h:iA', $mkseconds) . ' (GMT ' . $form['gmt_offset'] . ').';
} else
$mail_date = date('F jS, Y') . ' at ' . date('h:iA (T).');
if (isset($form['realname']))
$realname = eregi_replace($email_replace_array,'',$form['realname']);
elseif (isset($form['firstname']) || isset($form['name']))
$realname = eregi_replace($email_replace_array,'',trim($form['firstname'] . ' ' . $form['name']));
$mailbody = 'Below is the result of your feedback form. It was submitted by' . $mail_newline;
if (isset($realname))
$mailbody.= $realname . ' (' . $form['email'] . ') on ' . $mail_date . $mail_newline . $mail_newline;
else
$mailbody.= $form['email'] . ' on ' . $mail_date . $mail_newline . $mail_newline;
reset($form);
while (list($key,$val) = each($form)) {
if ((!in_array($key,$invis_array)) && ((isset($form['print_blank_fields'])) || ($val))) {
if(($form['alias_method'] == 'email') || ($form['alias_method'] == 'both'))
$mailbody .= $fieldname_lookup[$key];
else
$mailbody .= $key;
$mailbody .= ': ' . $val . $mail_newline;
}
}
if (isset($form['env_report'])) {
$temp_env_report = explode(',', $form['env_report']);
$mailbody .= $mail_newline . $mail_newline . '-------- Env Report --------' . $mail_newline;
while (list(,$val) = each($temp_env_report)) {
if (in_array($val,$valid_env))
$mailbody .= eregi_replace($email_replace_array,'',$val) . ': ' . eregi_replace($email_replace_array,'',getenv($val)) . $mail_newline;
}
}
if (!isset($form['recipient']))
$form['recipient'] = '';
$mail_header = 'Return-Path: ' . eregi_replace($email_replace_array,'',$form[recipient]) . $mail_newline;
$mail_header .= 'From: ' . $realname ." <".$form[recipient].">" . $mail_newline;
$mail_header .= 'Reply-to: ';
if (isset($realname))
$mail_header .= $realname . ' <' . eregi_replace($email_replace_array,'',$form['email']) . '>' . $mail_newline;
else
$mail_header .= eregi_replace($email_replace_array,'',$form['email']) . $mail_newline;
if (isset($form['recipient_cc']))
$mail_header .= 'Cc: ' . eregi_replace($email_replace_array,'',$form['recipient_cc']) . $mail_newline;
if (isset($form['recipient_bcc']))
$mail_header .= 'Bcc: ' . eregi_replace($email_replace_array,'',$form['recipient_bcc']) . $mail_newline;
if (isset($form['priority']))
$mail_header .= 'X-Priority: ' . ereg_replace($email_replace_array,'',$form['priority']) . $mail_newline;
else
$mail_header .= 'X-Priority: 3' . $mail_newline;
$mail_header .= 'X-Mailer: PHPFormMail ' . VERSION . ' (http://www.boaddrink.com)' . $mail_newline;
$mail_header .= 'X-Sender-IP: ' . eregi_replace($email_replace_array,'',getenv('REMOTE_ADDR')) . $mail_newline;
$mail_header .= 'X-Referer: ' . eregi_replace($email_replace_array,'',getenv('HTTP_REFERER')) . $mail_newline;
$form['subject'] = eregi_replace($email_replace_array,'',$form['subject']);
if (eregi("MIME-|Content-|boundary", $mail_header . $mailbody . $form['subject']) == 0) {
$mail_header .= 'Content-Type: text/plain; charset=iso8859-1' . $mail_newline;
$mail_status = mail(eregi_replace($email_replace_array,'',$form['recipient']), $form['subject'], $mailbody, $mail_header);
if (!$mail_status) {
$errors[] = '1|Message could not be sent due to an error while trying to send the mail.';
error_log('<br>['.date('d.m.y H:i:s').'] Mail could not be sent due to an error while trying to send the mail.', 3, $logfile);
} else {
error_log('<br>['.date('d.m.y H:i:s').'] Normal e-mail sent from IP ' . getenv('REMOTE_ADDR'), 3, $logfile);
}
} else {
$mail_status = true;
error_log('<br>['.date('d.m.y H:i:s').'] Injection characters found from IP ' . getenv('REMOTE_ADDR') . '. Silently dropped', 3, $logfile);
}
return $mail_status;
}
function output_html($body)
{
print $body;
}
if (count($form) > 0) {
if (phpversion() >= '4.0.0')
$in_array_func = 'in_array';
else
$in_array_func = 'fake_in_array';
if($use_field_alias = isset($form['alias']))
alias_fields();
if(CHECK_REFERER == true)
check_referer($referers);
else
error_log('<br>['.date('d.m.y H:i:s').'] HTTP_REFERER checking is turned off. Referer: ' . getenv('HTTP_REFERER') . '; Client IP: ' . getenv('REMOTE_ADDR') . ';', 3, $logfile);
// This is used for another variable function call
if ((count($recipient_array) > 0) == true)
$recipient_function = 'map_recipients';
else
$recipient_function = 'check_recipients';
if (isset($form['recipient']))
$form['recipient'] = $recipient_function($form['recipient']);
if (isset($form['recipient_cc']))
$form['recipient_cc'] = $recipient_function($form['recipient_cc']);
if (isset($form['recipient_bcc']))
$form['recipient_bcc'] = $recipient_function($form['recipient_bcc']);
check_required();
if (!$errors) {
if (isset($form['sort']))
sort_fields();
if (isset($form['hidden'])) {
// PFMA REMOVE 1
$form['hidden'] = str_replace(' ', '', $form['hidden']);
$form['hidden'] = explode(',', $form['hidden']);
// PFMA ADD $form['hidden'] = array_map('trim', $form['hidden']);
}
if (send_mail()) {
if (isset($form['redirect'])) {
if (isset($form['redirect_values']))
header('Location: ' . $form['redirect'] . '?' . getenv('QUERY_STRING') . "\r\n");
else
header('Location: ' . $form['redirect'] . "\r\n");
} else {
if (!isset($form['title']))
$form['title'] = 'PHPFormMail - Form Results';
$output = "<h1>The following information has been submitted:</h1>\n";
reset($form);
while (list($key,$val) = each($form)) {
if ((!$in_array_func($key,$invis_array)) && ((isset($form['print_blank_fields'])) || ($val))) {
$output .= '<div class="field"><b>';
if(($use_field_alias) && ($form['alias_method'] != 'email'))
$output .= htmlspecialchars($fieldname_lookup[$key]);
else
$output .= htmlspecialchars($key);
if ((isset($form['hidden'])) && ($in_array_func($key,$form['hidden'])))
$output .= ":</b> <i>(hidden)</i></div>\n";
else
$output .= ':</b> ' . nl2br(htmlspecialchars(stripslashes($val))) . "</div>\n";
}
}
if (isset($form['return_link_url']) && isset($form['return_link_title']))
$output .= '<div class="returnlink"><a href="' . $form["return_link_url"] . '">'. $form["return_link_title"] . "</a></div>\n";
echo "<h3>".$form[title]."</h3>";
output_html($output);
}
}
}
} else {
$errors[] = '0|Nothing was sent by a form. (No data was sent by POST or GET method.) There is nothing to process here.';
error_log('<br>['.date('d.m.y H:i:s').'] No data sent by POST or GET method. (' . getenv('HTTP_REFERER') . ')', 3, $logfile);
}
if (count($errors) > 0)
error();
?>