/** * aFormMail script - sending mail via form * * Author: Alex Scott * Email: alex@cgi-central.net * Web: http://www.cgi-central.net * Details: The installation file * FileName $RCSfile: aformmail.php,v $ * Release: 1.1 ($Revision: 1.6 $) * * Please direct bug reports,suggestions or feedback to the cgi-central forums. * http://www.cgi-central.net/forum/ * * aMember is free for both commercial and non-commercial use. * Re-distribution of this script without prior consent is strictly prohibited. * */ /***************************************************************************** * * * C O N F I G U R A T I O N * * * *****************************************************************************/ // email for send submitted forms ////////////////////////////////////////// // if empty, use value from form ('send_to' field) $send_to = "piotr@icenter.pl"; // set $send_cc address if you need copy of mail to other addresses // for example: $send_cc = array('friend1@ccc.cc', 'friend2@ccc.cc'); // $send_cc = array(); // Subject. if empty, use value from form ('subject' field) $subject = "Formularz ze strony sola.oswiecim.pl"; // Allowed Referres. Should be empty or list of domains $referrers = array(); // Attachments $attachment_enabled = 0; ////// Database - write CSV file with data of submitted forms ////////////// $database_enabled = 0; $database_file = 'email.csv'; // Fields to collect // $database_fields = '*' - mean all fields, as in form // $database_fields = array('from', 'subject') - only 'from', 'subject' fields $database_fields = '*'; ////// Redirect user after submitting form $redirect_url = 'http://www.sola.oswiecim.pl/thx.html'; ////// Auto-Responder ////// You can substitute any of form fields in response by using ////// %field_name% in response text. ////// $autoresponder_enabled = 1; $autoresponder_from = $send_to; $autoresponder_subject = "%subject% (autoresponder)"; $autoresponder_message = <<$v) { $vars[$k] = str_replace(array("|", "\r","\n"), array('_',' ',' '), $v); } if (is_array($database_fields)) { $vars_orig = $vars; $vars = array(); foreach ($database_fields as $k) $vars[$k] = $vars_orig[$k]; } $str = join('|', $vars); fwrite($f, $str."\n"); fclose($f); } function auto_respond($vars){ global $autoresponder_from, $autoresponder_message, $autoresponder_subject; /// replace all vars in message $msg = $autoresponder_message; preg_match_all('/%(.+?)%/', $msg, $out); $s_vars = $out[1]; //field list to substitute foreach ($s_vars as $k) $msg = str_replace("%$k%", $vars[$k], $msg); /// replace all vars in subject $subj = $autoresponder_subject; preg_match_all('/%(.+?)%/', $subj, $out); $s_vars = $out[1]; //field list to substitute foreach ($s_vars as $k) $subj = str_replace("%$k%", $vars[$k], $subj); // $_send_to = "$vars[name_from] <".$vars[email_from].">"; $_send_from = $autoresponder_from; mail($_send_to, $subj, $msg, "From: $_send_from"); } function _build_fields($vars){ $skip_fields = array( 'name_from', 'email_from', 'email_to', 'name_to', 'subject'); // order by numeric begin, if it exists $is_ordered = 0; foreach ($vars as $k=>$v) if (in_array($k, $skip_fields)) unset($vars[$k]); $new_vars = array(); foreach ($vars as $k=>$v){ // remove _num, _reqnum, _req from end of field names $k = preg_replace('/_(req|num|reqnum)$/', '', $k); // check if the fields is ordered if (preg_match('/^\d+[ \:_-]/', $k)) $is_ordered++; //remove number from begin of fields $k = preg_replace('/^\d+[ \:_-]/', '', $k); $new_vars[$k] = $v; } $vars = $new_vars; $max_length = 10; // max length of key field foreach ($vars as $k=>$v) { $klen = strlen($k); if (($klen > $max_length) && ($klen < 40)) $max_length = $klen; } if ($is_ordered) ksort($vars); // make output text $out = ""; foreach ($vars as $k=>$v){ $k = str_replace('_', ' ', $k); $k = ucfirst($k); $len_diff = $max_length - strlen($k); if ($len_diff > 0) $fill = str_repeat('.', $len_diff); else $fill = ''; $out .= $k."$fill...: $v\n"; } return $out; } function send_mail($vars){ global $send_to, $send_cc; global $subject; global $attachment_enabled; global $REMOTE_ADDR; global $HTTP_POST_FILES; $files = array(); //files (field names) to attach in mail if (count($HTTP_POST_FILES) && $attachment_enabled){ $files = array_keys($HTTP_POST_FILES); } // build mail $date_time = date('Y-m-d H:i:s'); $mime_delimiter = md5(time()); $fields = _build_fields($vars); $mail = <<"; $_send_from = "$vars[name_from] <".$vars[email_from].">"; $_subject = $subject ? $subject : $vars['subject']; mail($_send_to, $_subject, $mail, "Mime-Version: 1.0\r\nFrom: $_send_from\r\nContent-Type: multipart/mixed;\n boundary=\"$mime_delimiter\"\r\nContent-Disposition: inline"); foreach ($send_cc as $v){ mail($v, $_subject, $mail, "Mime-Version: 1.0\r\nFrom: $_send_from\r\nContent-Type: multipart/mixed;\n boundary=\"$mime_delimiter\"\r\nContent-Disposition: inline"); } } function get_form_data(){ global $REQUEST_METHOD; global $HTTP_POST_VARS; global $HTTP_GET_VARS; $vars = ($REQUEST_METHOD == 'GET') ? $HTTP_GET_VARS : $HTTP_POST_VARS; //strip spaces from all fields foreach ($vars as $k=>$v) $vars[$k] = trim($v); return $vars; } function check_form($vars){ global $referrers; global $send_to; global $subject; global $HTTP_REFERER; $errors = array(); // check from email set if (!strlen($vars['email_from'])){ $errors[] = "From Email address empty"; } else if (!check_email($vars['email_from'])){ $errors[] = "From Email address incorrect"; } if (!strlen($send_to) && !strlen($vars['email_to'])){ $errors[] = "To Email address empty (possible configuration error)"; } else if (!strlen($send_to) && !check_email($vars['email_to'])){ //if to email specified in form, check it and display error $errors[] = "To Email address incorrect"; } if (!strlen($vars['subject']) && !strlen($subject)){ $errors[] = "Subject empty (possible configuration error)"; } foreach ($vars as $k=>$v){ // check for required fields (end with _req) if (preg_match('/^(.+?)_req$/i', $k, $m) && !strlen($v)){ $field_name = ucfirst($m[1]); $errors[] = "Required field $field_name empty"; } // check for number fields (end with _num) if (preg_match('/^(.+?)_num$/i', $k, $m) && strlen($v) && !is_numeric($v)){ $field_name = ucfirst($m[1]); $errors[] = "Field $field_name must contain only digits or be empty"; } // check for number & required fields (end with _reqnum) if (preg_match('/^(.+?)_reqnum$/i', $k, $m) && !is_numeric($v)){ $field_name = ucfirst($m[1]); $errors[] = "Field $field_name must contain digits and only digits"; } } //check referrer if (is_array($referrers) && count($referrers)){ $ref = parse_url($HTTP_REFERER); $host = $ref['host']; $host_found = 0; foreach ($referrers as $r){ if (strstr($host, $r)) $host_found++; } if (!$host_found){ $errors[] = "Unknown Referrer: $host"; } } return $errors; } function display_errors($errors){ $errors = '
  • ' . join('
  • ', $errors); print << aFormMail error

    An Error Occured

    $errors

    Return and fix these errors

    aFormMail - © CGI Central, Inc., 2002
    EOF; } /** * Check email using regexes * @param string email * @return bool true if email valid, false if not */ function check_email($email) { #characters allowed on name: 0-9a-Z-._ on host: 0-9a-Z-. on between: @ if (!preg_match('/^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/', $email)) return false; #must start or end with alpha or num if ( preg_match('/^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/', $email)) return false; #name must end with alpha or num if (!preg_match('/([0-9a-zA-Z_]{1})\@./',$email) ) return false; #host must start with alpha or num if (!preg_match('/.\@([0-9a-zA-Z_]{1})/',$email) ) return false; #pair .- or -. or -- or .. not allowed if ( preg_match('/.\.\-.|.\-\..|.\.\..|.\-\-./',$email) ) return false; #pair ._ or -_ or _. or _- or __ not allowed if ( preg_match('/.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./',$email) ) return false; #host must end with '.' plus 2-5 alpha for TopLevelDomain if (!preg_match('/\.([a-zA-Z]{2,5})$/',$email) ) return false; return true; } do_formmail(); ?>