-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsendmail.php
94 lines (85 loc) · 2.77 KB
/
sendmail.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
/**
* PHP Email Handler
* PHP Version 5
* @package PHP Email Handler
* @link https://github.com/FunkyJamma/PHP-Email-Handler
* @author Angel Mendez <[email protected]>
* @copyright 2018 Angel Mendez
* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
This first bit sets the email address that you want the form to be submitted to and the email address it will be coming from.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "[email protected]"; /* Replace with receiving email */
$headers = 'From: [email protected]' . "\r\n" . /* Replace with sending email */
'Reply-To: [email protected]' . "\r\n" . /* Replace with reply email */
'X-Mailer: PHP/' . phpversion();
$subject = "Replace with subject"; /* Replace with subject */
/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$contact_page = "contact.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;
$name = $_REQUEST['name'] ;
$phone = $_REQUEST['phone'] ;
$msg =
"First Name: " . $name . "\r\n" .
"Email: " . $email . "\r\n" .
"Phone Number: " . $phone . "\r\n" .
"Message: " . $message ;
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email'])) {
header( "Location: $contact_page" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($name) || empty($email)) {
header( "Location: $error_page" );
}
/*
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email) || isInjected($name) || isInjected($phone) || isInjected($message) ) {
header( "Location: $error_page" );
}
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "$subject", $msg, $headers );
header( "Location: $thankyou_page" );
}
?>