<%@ Language = vbscript%> <%option explicit %> <%server.scripttimeout = 600 %> <% 'GL-FormMail Varient E-Mail .asp Script for Use on M$ web servers '---------------------------------------------------------------------------------------------------- 'declare variables '---------------------------------------------------------------------------------------------------- Dim strFrom, strTo, strSubject, strBody, strABody, keyl, keyfrom Dim objMessage, objConfig, strServer, intPort Dim recipient, redirect, subject, realname, email, required, strEmail1, strEmail2 Dim referer, url, url_verified, icounter, query, iloop, query2, query3, i, agree, validation, error0, error0ok '############################## CONFIGURATION VARIABLES #################################### 'These may be the only lines you will need to change '---------------------------------------------------------------------------------------------------- strServer = "127.0.0.1" 'set which smtp server will be used to send the email. enter ip address or domain name. eg: "xxx.xxx.xxx.xxx" or "smtp.your-domain.com" intPort = 25 'set the smtp port to be used when sending mail (by default port 25 is used) 'Referrer's Array is defined here. Enter the valid domains which may use this script. url = Array("www.yourwebsite.com","yourwebsite.com","www.anotherofyourwebsites.com") ' Set which servers that will be accepted for sending/posting to this form '---------------------------------------------------------------------------------------------------- 'information type and CDOSYS constants '---------------------------------------------------------------------------------------------------- %> <% '---------------------------------------------------------------------------------------------------- 'retrieved default fields '---------------------------------------------------------------------------------------------------- ' You will want to change these to whatever fieldnames you are using for these functions. 'request("recipient") = request("To") 'request("redirect") = request("ReturnPage") 'request("subject") = request("Subject") 'request("email") = request("From") recipient = request("To") redirect = request("ReturnPage") subject = request("Subject") email = request("email") if email = "" then email = request("From") end if required = request("required") ' You can 'require' fields if required = "" then 'required = "recipient,subject,email,redirect" else required = "recipient,subject,email,redirect," & required end if '---------------------------------------------------------------------------------------------------- 'verify the referer '---------------------------------------------------------------------------------------------------- referer = request.ServerVariables("HTTP_REFERER") referer = split(referer,"/") url_verified = "no" for icounter = Lbound(url) to Ubound(url) ' if referer(2) = url(icounter) then url_verified = "yes" end if next if not url_verified = "yes" then response.write("You are not authorized to use this .asp function, or this code is not yet configured properly") response.End end if '---------------------------------------------------------------------------------------------------- 'retrieve form contents and create email fields '---------------------------------------------------------------------------------------------------- query = Request.ServerVariables("QUERY_STRING") query = split(query,"&") query3 = split(required,",") strBody = strBody & vbnewline & "" & vbnewline strABody = strABody & vbnewline & vbnewline For iLoop = Lbound(query) to UBound(query) query2 = split(query(iloop),"=") '---------------------------------------------------------------------------------------------------- 'form validation, checks required fields are not null '---------------------------------------------------------------------------------------------------- for i = LBound(query3) to UBound(query3) if query3(i) = query2(0) then if query2(1) = "" then response.write ("you must enter a valid ") & query2(0) response.end end if end if '---------------------------------------------------------------------------------------------------- 'form validation, checks a valid email address has been specified for email field '---------------------------------------------------------------------------------------------------- if query2(0) = "email" then trim(query2(0)) if len(query2(1))<8 then response.Write("You must specify a valid ") & query2(0) response.end end if if instr(query2(1),"@")=0 and instr(query2(1),".")=0 then response.write query2(1) response.Write("You must specify a valid ") & query2(0) response.end end if strEmail1 = split(query2(1),"@") if len(strEmail1(1))<3 then response.Write("You must specify a valid ") & query2(0) response.end end if strEmail2 = split(strEmail1(1),".") if len(strEmail2(0))<3 then response.Write("You must specify a valid ") & query2(0) response.end end if if len(strEmail2(1))<2 then response.Write("You must specify a valid ") & query2(0) response.end end if end if '---------------------------------------------------------------------------------------------------- 'form validation, checks terms and conditions checkbox has been ticked '---------------------------------------------------------------------------------------------------- Next if not query2(0) = "redirect" and not query2(0) = "subject" and not query2(0) = "realname" and not query2(0) = "email" and not query2(0) = "required" and not query2(0) = "agree" then strBody = strBody & vbnewline & "" strABody = strABody & query2(0) & "" keyl = len(query2(0)) keyl = 25 - keyl keyfrom = 1 For i = 1 To keyl strABody = strABody & " " Next strABody = strABody & query2(1) & vbnewline end if Next strBody = strBody & vbnewline & "

" & query2(0) &"	" & query2(1) & "

" & vbnewline if email = "" then email = "GL-FormMail@" & referer(2) end if '---------------------------------------------------------------------------------------------------- 'replaces any special characters parsed through the query string '---------------------------------------------------------------------------------------------------- strbody = replace(strbody, "+"," ") strbody = replace(strbody, "%26%238364%3B","€") strbody = replace(strbody, "%A1","¡") strbody = replace(strbody, "%A3","£") strbody = replace(strbody, "%A8","¨") strbody = replace(strbody, "%AA","ª") strbody = replace(strbody, "%AC","¬") strbody = replace(strbody, "%B4","´") strbody = replace(strbody, "%B7","·") strbody = replace(strbody, "%BA","º") strbody = replace(strbody, "%BF","¿") strbody = replace(strbody, "%C7","Ç") strbody = replace(strbody, "%E7","ç") strbody = replace(strbody, "%0D%0A",vbnewline) strbody = replace(strbody, "%21","!") strbody = replace(strbody, "%23","#") strbody = replace(strbody, "%24","$") strbody = replace(strbody, "%25","%") strbody = replace(strbody, "%26","&") strbody = replace(strbody, "%27","'") strbody = replace(strbody, "%28","(") strbody = replace(strbody, "%29",")") strbody = replace(strbody, "%2B","+") strbody = replace(strbody, "%2C",",") strbody = replace(strbody, "%2D","-") strbody = replace(strbody, "%2E",".") strbody = replace(strbody, "%2F","/") strbody = replace(strbody, "%3A",":") strbody = replace(strbody, "%3B",";") strbody = replace(strbody, "%3C","<") strbody = replace(strbody, "%3D","=") strbody = replace(strbody, "%3E",">") strbody = replace(strbody, "%3F","?") strbody = replace(strbody, "%5B","[") strbody = replace(strbody, "%5C","\") strbody = replace(strbody, "%5D","]") strbody = replace(strbody, "%5E","^") strbody = replace(strbody, "%5F","_") strbody = replace(strbody, "%60","`") strbody = replace(strbody, "%7B","{") strbody = replace(strbody, "%7C","|") strbody = replace(strbody, "%7D","}") strbody = replace(strbody, "%7E","~") strABody = replace(strABody, "+"," ") strABody = replace(strABody, "%26%238364%3B","€") strABody = replace(strABody, "%A1","¡") strABody = replace(strABody, "%A3","£") strABody = replace(strABody, "%A8","¨") strABody = replace(strABody, "%AA","ª") strABody = replace(strABody, "%AC","¬") strABody = replace(strABody, "%B4","´") strABody = replace(strABody, "%B7","·") strABody = replace(strABody, "%BA","º") strABody = replace(strABody, "%BF","¿") strABody = replace(strABody, "%C7","Ç") strABody = replace(strABody, "%E7","ç") strABody = replace(strABody, "%0D%0A",vbnewline) strABody = replace(strABody, "%21","!") strABody = replace(strABody, "%23","#") strABody = replace(strABody, "%24","$") strABody = replace(strABody, "%25","%") strABody = replace(strABody, "%26","&") strABody = replace(strABody, "%27","'") strABody = replace(strABody, "%28","(") strABody = replace(strABody, "%29",")") strABody = replace(strABody, "%2B","+") strABody = replace(strABody, "%2C",",") strABody = replace(strABody, "%2D","-") strABody = replace(strABody, "%2E",".") strABody = replace(strABody, "%2F","/") strABody = replace(strABody, "%3A",":") strABody = replace(strABody, "%3B",";") strABody = replace(strABody, "%3C","<") strABody = replace(strABody, "%3D","=") strABody = replace(strABody, "%3E",">") strABody = replace(strABody, "%3F","?") strABody = replace(strABody, "%5B","[") strABody = replace(strABody, "%5C","\") strABody = replace(strABody, "%5D","]") strABody = replace(strABody, "%5E","^") strABody = replace(strABody, "%5F","_") strABody = replace(strABody, "%60","`") strABody = replace(strABody, "%7B","{") strABody = replace(strABody, "%7C","|") strABody = replace(strABody, "%7D","}") strABody = replace(strABody, "%7E","~") ' Spaces will be %20 or + '---------------------------------------------------------------------------------------------------- strBody = vbnewline & "A web-form was submitted from:

" & vbnewline & "Name: " & realname & "

" & vbnewline & "Email: " & email & "

" & vbnewline & strBody & vbnewline & vbnewline & "

--end

" strABody = vbnewline & "A web-form was submitted from " & vbnewline & "Name: " & realname & vbnewline & vbnewline & "Email: " & email & vbnewline & vbnewline & strABody & vbnewline & vbnewline & "--end" '---------------------------------------------------------------------------------------------------- 'checks if a smtp port has been specified, if not it uses the default port 25 '---------------------------------------------------------------------------------------------------- if intport <> 25 then intport = intport else intport = 25 end if '---------------------------------------------------------------------------------------------------- 'send the mail message '---------------------------------------------------------------------------------------------------- set objMessage = CreateObject("CDO.Message") objMessage.To = recipient 'objMessage.To = "geeks@geeklabs.com" ' I highly suggest hard coding a TO: address in this.. keeps the abuse way down. objMessage.From = email objMessage.Subject = subject objMessage.Sender = email objMessage.Textbody = strABody objMessage.Htmlbody = strBody '---------------------------------------------------------------------------------------------------- 'cdosys configuration setup '---------------------------------------------------------------------------------------------------- set objConfig = CreateObject("CDO.Configuration") objConfig.Fields(cdoSendUsingMethod) = cdoSendUsingPort objConfig.Fields(cdoSMTPServer) = strServer objConfig.Fields(cdoSMTPServerPort) = intPort objConfig.Fields(cdoSMTPAuthenticate) = cdoAnonymous objConfig.Fields.Update set objMessage.Configuration = objConfig '---------------------------------------------------------------------------------------------------- 'define error handling procedures '---------------------------------------------------------------------------------------------------- On Error Resume Next objMessage.Send If Err.Number = 0 then response.write("GL-FormMail v1.0 processed all operations successfully!") else response.write("GL-FormMail v1.0 detected the following errors:")& "
" response.write("error no.: ")&err.number & "
" response.write("description: ")&err.description & "
" response.end End If On Error Goto 0 '---------------------------------------------------------------------------------------------------- 'send them to the page specified '---------------------------------------------------------------------------------------------------- Response.Redirect redirect %>