<?php
$anti_spam_option = false;
$anti_spam_mask = '<ANTI-SPAM>';
$domains = array(
0 => 'www.brosner.com'
);
$user_defined_subject = false;
$mail_from = 'Web Form';
$reply_to = '';
$mail_seperator = ': ';
$mail_header_data = false;
$mail_header_data_pos = 'bottom';
define('VERSION','2.0');
if(!get_magic_quotes_gpc()) {
define('QUOTES',false);
}
else {
define('QUOTES',true);
}
if($_SERVER['REQUEST_METHOD'] == 'GET') {
print_error("This error is due to either:<br />\n1. A GET method was used.<br />\n2. No form was submitted.",true);
}
$email_reg = '^[a-zA-Z]+@[a-zA-Z]+\.[a-zA-Z]+$';
$data_types = array(
0 => 'blank',
1 => 'email',
2 => 'letters',
3 => 'numbers',
4 => 'age',
5 => 'url'
);
// fetch hidden fields from form
$recipients = (isset($_POST['recipients'])) ? $_POST['recipients'] : '';
$subject = (isset($_POST['subject'])) ? $_POST['subject'] : '';
$redirect = (isset($_POST['redirect'])) ? $_POST['redirect'] : '';
$required = (isset($_POST['required'])) ? $_POST['required'] : '';
// delete parts of _POST array...they are not needed anymore
unset($_POST['recipients'],$_POST['subject'],$_POST['required'],$_POST['redirect']);
// function: print_error() - prints an error
function print_error($error,$kill = false) {
// display error
print '<font face="verdana" size="2" color="#ff0000"><b>Error:</b> '.$error.'</font>';
// terminate script if requested
if($kill == true) exit;
}
// function: check_referers() - tests referer against allowed list
function check_referer() {
global $domains;
// grab the url of the form
$replace = str_replace('http://','',getenv('HTTP_REFERER'));
$referer = strtok($replace,'/');
// loop through each allowed domains and compare with referer
$count = 0;
while(list($k,$v) = each($domains)) {
if($v == $referer) $count++;
}
if($count >= 1) return true;
else return false;
}
// function: check_hidden() - validate the hidden fields
function check_hidden() {
// grab config and form vars
global $anti_spam_option,$anti_spam_mask,$user_defined_subject;
global $recipients,$subject,$redirect,$email_reg;
// test if there are no recipients (required)
if($recipients == '') print_error('Please enter an e-mail address in the recipients hidden field.',true);
// test if there is no subject (optional)
if($user_defined_subject == false && $subject == '') $subject = 'Web Form';
// test if there is no redirect (optional)
if($redirect == '') $redirect = false;
// break up e-mails
$email_arr = explode(',',$recipients);
// loop through e-mails and test validaty
while(list($k,$email) = each($email_arr)) {
// fix any spamming thing if set on
if($anti_spam_option == true) {
$email = str_replace($anti_spam_mask,'@',$email);
}
else {
if(strstr($email,$anti_spam_mask)) {
print_error('br_form2mail noticed you are using the anti-spam mask. You must turn on the anti-spam option.',true);
}
}
if(!eregi($email_reg,$email,$trash)) {
print_error("The e-mail address ".$email." is not a valid address.<br />\n");
if((sizeof($email_arr) - 1) == $k) exit;
}
else {
$email_arr[$k] = $email;
}
}
$recipients = implode(',',$email_arr);
return true;
}
function vali_blank($field,$val) {
if(empty($val)) {
print_error('The '.$field.' field was left empty.');
return false;
}
else return true;
}
function vali_email($field,$val) {
global $email_reg_ex;
if(vali_blank($field,$val)) {
if(!eregi($email_reg_ex,$val,$trash)) {
print_error('The email address supplied in the '.$field.' field is in incorrect format.');
return false;
}
else return true;
}
}
function vali_letters($field,$val) {
if(vali_blank($field,$val)) {
if(!eregi('^[a-z]+$',$val)) {
print_error('Only letters are accepted in the '.$field.' field.');
return false;
}
else return true;
}
}
function vali_numbers($field,$val) {
if(vali_blank($field,$val)) {
if(!eregi('^[0-9]+$',$val)) {
print_error('Only numbers are accepted in the '.$field.' field.');
return false;
}
else return true;
}
}
function vali_age($field,$val) {
// test blank first
if(vali_blank($field,$val)) {
// split the birthdate up in month, day and year
list($month,$day,$year) = explode('/',$val);
// if they put a two digit year change it to four with the 19 prefix
if(strlen($year) == 2) {
print_error('The year in the '.$field.' field must be a four digits.');
return false;
}
// test to see if the date given is even a date on the calendar
if(!checkdate($month,$day,$year)) {
print_error('The given date in the '.$field.' field is not a valid date.');
return false;
}
// grab an array of date info
$bd_date = getdate(mktime(0,0,0,$month,$day,$year));
$now_date = getdate(time());
//adjust for day of the month and get final age.
if($now_date['yday'] >= $bd_date['yday']) $age = $now_date['year'] - $year;
else $age = ($now_date['year'] - $year) - 1;
//age range check
if($age < 13) {
print_error('According to the <a href="http://members.lycos.co.uk/negaresh/farsi.html">COPPA</a> you must be 13 years of age or older to submit data on this website.');
return false;
}
else return true;
}
}
function valid_data($field,$type) {
global $data_types;
/* test if it isn't a valid field */
if(!isset($_POST[$field])) {
print_error('VALIDATION: The field '.$field.' is not valid to require validation.',true);
}
if(!in_array($type,$data_types)) {
print_error('VALIDATION: The vaildation type '.$type.' is not valid.',true);
}
}
// function: parse_required() - reads the required value and builds a nice array
function parse_required($data) {
// break up each validation
$each = explode('|',$data);
// the array to store the validation
$required_arr = array();
// loop through each validation set
while(list($k,$v) = each($each)) {
$vali_data = explode('.',$v);
// test if it splitted anything - if not store default
if(in_array($v,$vali_data)) {
// get rid of brackets and store values
$field = eregi_replace('\[|\]','',$vali_data[0]);
$vali_type = 'blank';
// determine if the field specified is even valid
valid_data($field,$vali_type);
}
else {
// store values
$field = eregi_replace('\[','',$vali_data[0]);
$vali_type = eregi_replace('\]','',$vali_data[1]);
// determine if the field specified is even valid
valid_data($field,$vali_type);
}
// make the nice array
$required_arr[$field] = $vali_type;
}
return $required_arr;
}
// function: check_required() - checks the required fields with the proper validation
function check_required() {
global $required;
// parse the required data
$required_arr = parse_required($required);
/* reset the POST data */
reset($_POST);
// loop through and validate the required fields
$counter = 0;
while(list($var,$val) = each($_POST)) {
// is that var apart of required vars?
if(isset($required_arr[$var])) {
// perform the validation on the value
eval("\$ret_val = vali_".$required_arr[$var]."(\"".$var."\",\"".$val."\");");
if($ret_val == false) {
$counter++;
}
}
}
if($counter >= 1) {
print '<br /><br /><font face="verdana" size="2">Please <a href="#" onclick="history.back(1);">go back</a> and correct these errors. Thank you.';
exit;
}
}
function build_mail() {
global $mail_seperator;
global $mail_header_data,$mail_header_data_pos;
// build body head
$head = "FORM INFORMATION:\n";
$head .= "-------------------------\n";
$head .= "Sent: ".date("n/d/Y - h:i:s A T")."\n";
$head .= "Browser: ".$_SERVER["HTTP_USER_AGENT"]."\n";
$head .= "IP: ".$_SERVER["REMOTE_ADDR"];
// build the form values in to e-mail
$body = "FORM VALUES:\n";
$body .= "-------------------------\n";
// reset the pointer in the post global
reset($_POST);
// loop thorugh and output to email
while(list($var,$val) = each($_POST)) {
if($var != "submit" || $var != "SUBMIT" || $var != "Submit") {
if(is_array($val)) {
while(list($k,$v) = each($val)) {
$body .= $var."[".$k."]".$mail_seperator.$val[$k]."\n";
}
}
else {
$body .= $var.$mail_seperator.$val."\n";
}
}
}
if($mail_header_data) {
if($mail_header_data_pos == 'top') {
$data = $head."\n\n".$body;
}
if($mail_header_data_pos == 'bottom') {
$data = $body."\n".$head;
}
}
else {
$data = $body;
}
return $data;
}
function build_headers() {
global $mail_from,$reply_to;
$from_line = $mail_from;
$reply_line = $reply_to;
$headers = '';
if($from_line != '') $headers .= "From: ".$from_line."\n";
else $headers = $mail_form;
if($reply_to != '') $headers .= "Reply-to: ".$reply_line."\n";
return $headers;
}
function send_mail($emails,$subject,$body,$headers) {
// send the mail to all the e-mails specified
while(list($index,$email) = each($emails)) {
$mail = mail($email,$subject,$body,$headers);
if(!$mail) {
print_error('The mail did not reach the mail server.',true);
}
}
}
if(check_referer() == false) print_error('Access Denied.',true);
check_hidden();
check_required();
$body = build_mail();
$headers = build_headers();
if(QUOTES) $body = stripslashes($body);
send_mail(explode(',',$recipients),$subject,$body,$headers);
if($redirect == false) print '<font face="verdana" size="2"><b>Form was successfully sent.</b></font>';
else @header('Location: '.$redirect);
?>