Debug: " ; print_r($_POST); echo "" ; # uncomment for debugging # echo "
Debug: " ; print_r($_REQUEST); echo "
" ; $clientid = $_SERVER[REMOTE_ADDR] . "|" . $_SERVER[REMOTE_HOST] ; # . "|" . $_SERVER[HTTP_USER_AGENT] . "|" . $_SERVER[HTTP_REFERER] ; #useful mostly for debugging #----------------------------------------------------------------------------- # ADMIN FUNCTIONS #Checking if this is an admin request must be first.. before anything else.. #You should not have to edit any of this section if($_REQUEST['mode'] != "") { $seclevel = checkauth($passwd) ; } #see end of file below, I just couldn't talk myself into cutting and passing that function here. if($seclevel > 49 and $_REQUEST['mode'] == "get") { # checks to see if it is a 'get data' request from an admin if($_REQUEST['formname'] == "") { $formname = "default" ; } else { $formname = $_REQUEST['formname'] ; } ; if($_REQUEST['format'] == "") { $format = "html" ; } else { $format = $_REQUEST['format'] ; } ; $file = "$archive/glmailer/$formname.$format" ; $f = fopen("$file","r") ; $data = fread($f,filesize("$file")) ; fclose($f) ; if($format == "html") { print "\n$data\n
" ; } else { print "
\n$data\n
" ; } ; die ; # yea I know.. } ; if($seclevel > 49 and $_REQUEST['mode'] == "del") { #check to see if it is a delete data request, from an admin if($_REQUEST['formname'] == "") { $formname = "default" ; } else { $formname = $_REQUEST['formname'] ; } ; if($_REQUEST['format'] == "") { $format = "html" ; } else { $format = $_REQUEST['format'] ; } ; $file = "$archive/glmailer/$formname.xml" ; @unlink("$file") ; $file = "$archive/glmailer/$formname.html" ; @unlink("$file") ; $file = "$archive/glmailer/$formname.csv" ; @unlink("$file") ; print "Deleted all $formname data from server" ; die ; # yea I know.. } ; # END ADMIN FUNCTIONS #----------------------------------------------------------------------------- # EXAMPLE FORM: if(count($_POST) < 2 and count($_REQUEST) < 2 ) { # set to 2 to ignore a couple of cookies/session variables print <<GeekLabs FormMail.php Example/Demo Form
GeekLabs FormMail.PHP Example/Testing Form
The following items can be embedded in the form, or set in the script:
formname:exampleoptional: useful if you use multiple forms in the same script to store the output in seperate data files
recipient:$recipient optional: e-mail address to send forms to. can be hard set in script, which disables being set in forms.
thanks:$thanks optional: page to send client to after form submission, defaults to /
referrers:$referrersrequired: set in script: domains to accept form submissions from
clientid / referrer:$clientid / $_SERVER[HTTP_REFERER]just being displayed for diagnostic purposes.
The following is an example form:
emailemail is a special field name. If you use it, the script will check if it appears valid and do a MX record check on the domain. If valid, it will email a copy of the plain ASCII form response to that email address.

name
comments:
radio:Yes - No
checkBox:Yes
   
EOF ; print <<Minimal Example HTML: (cut and paste and modify)
<form name="contactform" action="/code/gl-formmail.php" method="post">
<input type='hidden' name='formname' value='example'>
<input type='hidden' name='recipient' value='sales@yourdomain.com'><input type='hidden' name='thanks' value='/thanks.html'>

email:      <input type="text" name="email" value="" size="40" maxlength="80"/><br />
name:       <input type="text" name="Name" value="" size="40" maxlength="80"/><br />
comments:   <textarea name="Comments" cols="40" rows="6"></textarea><br />
radio:      <input type='radio' name='agree' value='Yes' checked>Yes - <input type='radio' name='agree' value='No'>No <br />
checkBox:   <input type='checkbox' name='agree2' value='Yes'>Yes <br />

<input type="reset" name="action" value="reset"/>   <input type="submit" name="action" value="submit"/><br />

</form>
EOF ; die ; # Don't do anything else.. } ; # END EXAMPLE FORM #----------------------------------------------------------------------------- # MAIN PROGRAM if(count($_POST) > count($_REQUEST)) { #trys to see if this is a GET or POST $array = $_POST ; #ands sets $array to the forms post from either } else { $array = $_REQUEST ; #if a GET.. uses $_REQUEST } ; #----------------------------------------------------------------------------- # Check Referrers based on the comma delimted list in the variable above. $ref = $_SERVER[HTTP_REFERER] ; $r = split(",",$referrers) ; $valid ="F" ; foreach($r as $rr) { if (preg_match("/$rr/",$ref,$matches)) { $valid ="T" ; } ; } ; if (preg_match("/\@/",$array['formname'],$matches)) { $valid = "F" ; } ; if (preg_match("/\@/",$array['thanks'],$matches)) { $valid = "F" ; } ; if (preg_match("/\@/",$array['action'],$matches)) { $valid = "F" ; } ; if (preg_match("/\@/",$array['Name'],$matches)) { $valid = "F" ; } ; if($valid == "F") { header('HTTP/1.0 401 Unauthorized'); print "Error 69: Mailer Misconfigured or Spammer Abuse:

$ref: not allowed to use this form

please check with the system admin if this is not correct." ; print "

Debug: " ; print_r($array); echo "
" ; die ; # ends this script here. } ; #----------------------------------------------------------------------------- #Verify 'email' field, set $validemail = 'F' if bad. - we still want to collect it, #but won't use it to send e-mail's if invalid. - CheckDNSRR may not work on Windows.. $validemail = "T" ; #we hope for the best $email = $array['email'] ; if(strlen($email) > 3) { list($muser,$mdomain) = split("@",$email) ; if (strlen($muser) > 1) { } else { $validemail = "F" ; } ; if (checkdnsrr($mdomain, "MX")) { } else { $validemail = "F" ; } ; } else { $validemail = "F" ; } ; $array['emailvalid'] = $validemail . " - $mdomain MX exists" ; #----------------------------------------------------------------------------- #start creating a message $mailhtml = "\n\n\n" ; $mailxml = "\n\n\n" ; foreach($array as $f_name=>$f_value) { if(("$f_name" != "recipient") and ("$f_name" != "subject") and ("$f_name" != "action") and ("$f_name" != "thanks") and ("$f_name" != "formname")) { #does not include certain fieldnames in the message body or data, just to look nicer $f_name = strip_tags($f_name) ; $f_value = strip_tags($f_value) ; $f_value = ereg_replace("Content-","BADMOJO",$f_value) ; #Strips out a Content-Insertion by Spammers $f_value = ereg_replace("To:","T0:",$f_value) ; #Strips out a Content-Insertion by Spammers $f_value = ereg_replace("TO:","T0:",$f_value) ; #Strips out a Content-Insertion by Spammers $f_value = ereg_replace("to:","T0:",$f_value) ; #Strips out a Content-Insertion by Spammers $f_value = ereg_replace("\n"," ",$f_value) ; #removes CR's for wordwrap and formatting $f_value = ereg_replace("\r"," ",$f_value) ; #removes CR's for wordwrap and formatting $f_namea = ereg_replace("_"," ",$f_name) ; #changes underscrores to spaces $f_valuea = ereg_replace("_"," ",$f_value) ; #changes underscrores to spaces $fw_valuea = wordwrap($f_valuea,60,"\n ") ; #nice wordwrap formatting for ascii message body if(strlen($f_namea) > 24) { #if the field name is long, puts the form data below it. $mailbody .= sprintf("%-25s:\n $fw_valuea\n\n",$f_namea) ; } else { $mailbody .= sprintf("%-25s $fw_valuea\n\n",$f_namea . ":") ; } $mailhtml .= "\n" ; $filehtml .= "" ; $mailxml .= "<$f_name>$f_valuea" ; $filexml .= "<$f_name>$f_valuea" ; $filecsv .= "\"$f_valuea\"," ; } ; # end if some fieldnames } ; #---------------------- $mailhtml .= "" ; $fw_valuea = wordwrap($clientid,60,"\n ") ; $mailbody .= "Client: $_SERVER[REMOTE_ADDR]\n $_SERVER[REMOTE_HOST]\n $_SERVER[HTTP_REFERER] " ; $mailxml .= "$clientid\n" ; #--------------------- $mailhtml .= "
$f_namea$f_valuea
$f_valuea
Client:$clientid
\n" ; $mailxml .= "\n" ; $boundary='=' . md5( uniqid("boundary") ); # should create a unique boundary for these messages $message .= "--$boundary\nContent-Type: text/plain; charset=iso-8859-1\nContent-Transfer-Encoding: 7bit\n\n" ; $message .= "$mailbody\n\n" ; $messagecopy = $message ; $message .= "note: html version of this message has data management links\n\n" ; $message .= "--$boundary\nContent-Type: text/html; name=\"message.html\" ; charset=iso-8859-1\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename=\"message.html\"\n\n" ; $message .= "$mailhtml\n\n" ; if($array['formname'] == "") { $formname = "default" ; } else { $formname = $array['formname'] ; } ; $url = "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['REQUEST_URI'] ; $message .= "

Display/Download Data: [ HTML/Table - pseudo-xml - CSV ]\n\n" ; $message .= " - [ Delete All Stored Data on Server ]\n" ; $message .= "

GeekLabs.com formmail.php

\n\n" ; $message .= "--$boundary\nContent-Type: text/xml; name=\"message.xml\"; charset=iso-8859-1\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename=\"message.xml\"\n\n" ; $message .= "$mailxml\n\n" ; $message .= "--$boundary\n" ; #You may want to use the $array['email'] instead of $from, and you may not want to do the CC: Coment it if so $headers .= "From: WebForm $from<$from>\r\n" ; # if($array['email'] == "") { } else { #sends a copy if email looks valid # if($validemail == "T") { $headers .= "Cc: $email" . "\r\n"; } ; # } $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-type: multipart/mixed; boundary=\"$boundary\"\n"; $headers .= "X-Mailer: GeekLabs-FormMail\nUser-Agent: GeekLabs-FormMail\n"; $headers .= "X-Priority: 3\n"; $headers .= "Importance: 3 (normal)\n"; $headers .= "X-MSMail-Priority: Normal\n"; $headers .= "\r\n\r\n" ; #stops header injections (hopefully) ; $headers .= "This is a MIME-formatted message. If you see this text it means that your\nE-mail software does not support MIME-formatted messages.\n\n" ; if($recipient == "") { # if the $recipient is not set, get it from the form, if still not set, use $recipient if($array['recipient'] == "") { $to = "$recipient" ; } else { $to = $array['recipient'] ; } ; } else { $to = $recipient ; } ; if($array[collectonly] == "") { # new feature, tells system to collect data only, not email. if(mail($to,$mailsubject . " $formname",$message . "\n\r" ,$headers)) { } else { print "

error 1099, for: $to - please e-mail: $from

" ; } ; if (preg_match("/BADMOJO/",$messagecopy,$matches)) { # Does not send a copy of content insertion spam attempts to spammers if they are trying content header insertions } else { if($validemail == "T") { # sends a copy to the sender if email is valid $messagecopy .= "\n\n - this is your copy\n" ; if(mail($email,$mailsubject . " your copy ",$messagecopy . "\n\r" ,$headers)) { } else { print "

error 1099, for: $email while trying to send a copy. Not critical.

" ; } ; } ; } ; } ; if($array['thanks'] == "") { $thanks = "/" ; } else { $thanks = $array['thanks'] ; } ; # There are LOTS of ways to do this.. I like this rather than javascript or Location: # but you can change it if you like.. print "\n\n\n" ; print "

Thank you! Form Submitted

Continue.." ; #---------Optional Section---------------Saves EMails and Files to Server for Storage if(!file_exists("$archive/glmailer")) { mkdir("$archive/glmailer", 0777); } if($array['formname'] == "") { $formname = "default" ; } else { $formname = $array['formname'] ; } ; $xml = fopen("$archive/glmailer/$formname.xml","a") ; fputs($xml,"$filexml\n") ; fclose($xml) ; $html = fopen("$archive/glmailer/$formname.html","a") ; fputs($html,"$filehtml\n") ; fclose($html) ; $csv = fopen("$archive/glmailer/$formname.csv","a") ; fputs($csv,"$filecsv\n") ; fclose($csv) ; #---------Optional Section---------------Saves EMails and Files to Server for Storage function checkauth($passwd) { //Enforces HTTP Auth, MUST be absolutely first thing output, BEFORE Header! if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="GeekLabs Free Stuff"'); header('HTTP/1.0 401 Unauthorized'); exit ; } else { if ("$passwd" == $_SERVER['PHP_AUTH_PW'] and $passwd != "12345678" ) { # won't let the default password work for admin functions $seclevel = 50 ; } ; } ; if ($seclevel < 1) { header('WWW-Authenticate: Basic realm="GeekLabs Free Stuff"'); header('HTTP/1.0 401 Unauthorized'); echo "$servername Error 401\n" ; echo "Error 401 a - You gotta have the right password" ; exit ; } ; return($seclevel) ; } ; //end function checkauth ?>