thunix_2.0_website/contact.lib.php

3389 lines
124 KiB
PHP
Raw Normal View History

2019-01-12 00:31:17 +00:00
<?php
define( 'PAYPAL_ID' , '' ); // Put donation ID here to disable the bottom backlink
2019-02-13 00:47:11 +00:00
define( 'PHPFMG_TO' , 'root@thunix.net' );
2019-01-12 00:31:17 +00:00
define( 'PHPFMG_REDIRECT', '' );
define( 'PHPFMG_ID' , '20190109-6f06' );
define( 'PHPFMG_GDPR' , 'Y' ); // 'Y' to enable General Data Protection Regulation(GDPR), don't save data and log
define( 'PHPFMG_ROOT_DIR' , dirname(__FILE__) );
define( 'PHPFMG_SAVE_FILE' , PHPFMG_ROOT_DIR . '/form-data-log.php' ); // save submitted data to this file
define( 'PHPFMG_EMAILS_LOGFILE' , PHPFMG_ROOT_DIR . '/email-traffics-log.php' ); // log email traffics to this file
if( !defined('PHPFMG_ADMIN_URL') ) define( 'PHPFMG_ADMIN_URL' , 'contact.admin.php' ); // might be defined already by wordpress form loader plugin
define( 'PHPFMG_SAVE_ATTACHMENTS' , '' );
define( 'PHPFMG_SAVE_ATTACHMENTS_DIR' , PHPFMG_ROOT_DIR . '/uploaded/' );
// three options : empty - always mail file as attachment, 0 - always mail file as link, N - mail file as link if filesize larger than N Kilobytes
define( 'PHPFMG_FILE2LINK_SIZE' , '' );
define( 'PHPFMG_UPLOAD_CONTROL' , '' );
define( 'PHPFMG_HARMFUL_EXTS' , ".php, .php2, .php3, .php4, .php5, .php6, .php7, .html, .css, .js, .exe, .com, .bat, .vb, .vbs, scr, .inf, .reg, .lnk, .pif, .ade, .adp, .app, .bas, .chm, .cmd, .cpl, .crt, .csh, .fxp, .hlp, .hta, .ins, .isp, .jse, .ksh, .Lnk, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msi, .msp, .mst, .ops, .pcd, .prf, .prg, .pst, .scf, .scr, .sct, .shb, .shs, .url, .vbe, .wsc, .wsf, .wsh" );
define( 'PHPFMG_HARMFUL_EXTS_MSG' , 'File is potential harmful. Upload is not allowed.' );
define( 'PHPFMG_ALLOW_EXTS' , ".jpg, .gif, .png, .bmp" );
define( 'PHPFMG_ALLOW_EXTS_MSG' , "Upload is not allowed. Please check your file type." );
define( 'PHPFMG_SUBJECT' , "thunix contact form" );
define( 'PHPFMG_CC' , '' );
define( 'PHPFMG_BCC', '' );
// for auto-response email
define( 'PHPFMG_RETURN_ENABLE' , 'Y' ); // 'Y' to enable auto-response email, use '' or 'N' to turn off
define( 'PHPFMG_YOUR_NAME' , '' ); // name of auto-response mail address
define( 'PHPFMG_RETURN_EMAIL' , "" );
define( 'PHPFMG_RETURN_SUBJECT' , "" ); // auto-response mail subject
define( 'PHPFMG_RETURN_NO_ATTACHMENT' , '' ); // Y - No attachements will be included for auto-response email
define( 'PHPFMG_CHARSET' , 'UTF-8' );
define( 'PHPFMG_MAIL_TYPE' , 'text' ); // send mail in html format or plain text.
define( 'PHPFMG_ACTION' , 'mailonly' ); // delivery method
define( 'PHPFMG_TEXT_ALIGN' , 'top' ); // field label text alignment: top, right, left
define( 'PHPFMG_NO_FROM_HEADER' , '' ); // don't make up From: header.
define( 'PHPFMG_SENDMAIL_FROM' , '' ); // force sender's email
define( 'PHPFMG_USE_PHPMAILER' , 'Y' ); // Y - use phpmailer as the default
// smtp options
define( 'PHPFMG_USE_SMTP' , '' ); // Y - enable
define( 'PHPFMG_SMTP_HOST' , '' );
define( 'PHPFMG_SMTP_USER' , '' );
define( 'PHPFMG_SMTP_PASSWORD' , '' );
define( 'PHPFMG_SMTP_PLAIN_PASSWORD' , '' ); // use this to overwrite above password
define( 'PHPFMG_SMTP_PORT' , '' ); // default 25, use 465 for gmail
define( 'PHPFMG_SMTP_SECURE' , '' );
define( 'PHPFMG_SMTP_DEBUG_LEVEL' , '' ); // empty or 0 - trun off debug
if( !class_exists('PHPMailer') && file_exists(PHPFMG_ROOT_DIR.'/contact.phpmailer.php') ){
include_once( PHPFMG_ROOT_DIR.'/contact.phpmailer.php' );
};
define( 'PHPFMG_SIMPLE_CAPTCHA_NAME' , phpfmg_captcha_name() ); // comment this line if you want to disable the simple built-in captcha code
define( 'HOST_NAME',getEnv( 'SERVER_NAME' ) );
define( 'PHP_SELF', getEnv( 'SCRIPT_NAME' ) );
define( 'PHPFMG_LNCR', phpfmg_linebreak() );
define( 'PHPFMG_ANTI_HOTLINKING' , 'Y' );
define( 'PHPFMG_REFERERS_ALLOW', "" ); // Referers - domains/ips that you will allow forms to reside on.
define( 'PHPFMG_REFERERS_DENIED_MSG', "You are coming from an <b>unauthorized domain.</b>" );
define( 'PHPFMG_ONE_ENTRY' , '' );
define( 'PHPFMG_ONE_ENTRY_METHOD' , '' );
phpfmg_init();
# -----------------------------------------------------------------------------
function phpfmg_thankyou(){
phpfmg_redirect_js();
?>
<!-- [Your confirmation message goes here] -->
<br>
<b>Your form has been sent. Thank you!</b>
<br><br>
<?php
} // end of function phpfmg_thankyou()
function phpfmg_auto_response_message(){
ob_start();
?>
<?php
$msg = ob_get_contents() ;
ob_end_clean();
return trim($msg);
}
function phpfmg_mail_template(){
ob_start();
?>
<?php
$msg = ob_get_contents() ;
ob_end_clean();
return trim($msg);
}
# --- Array of Form Elements ---
$GLOBALS['form_mail'] = array();
$GLOBALS['form_mail']['field_0'] = array( "name" => "field_0", "text" => "Contact Name:", "type" => "sender's name", "instruction" => "", "required" => "Required" ) ;
$GLOBALS['form_mail']['field_1'] = array( "name" => "field_1", "text" => "Email Address:", "type" => "sender's email", "instruction" => "", "required" => "Required" ) ;
$GLOBALS['form_mail']['field_2'] = array( "name" => "field_2", "text" => "Subject:", "type" => "text", "instruction" => "", "required" => "Required" ) ;
$GLOBALS['form_mail']['field_3'] = array( "name" => "field_3", "text" => "Message:", "type" => "textarea", "instruction" => "", "required" => "Required" ) ;
/**
* GNU Library or Lesser General Public License version 2.0 (LGPLv2)
*/
function phpfmg_init(){
error_reporting( E_ERROR );
ini_set('magic_quotes_runtime', 0);
ini_set( 'max_execution_time', 0 );
ini_set( 'max_input_time', 36000 );
session_start();
if( !isset($_SESSION['HTTP_REFERER']) )
$_SESSION['HTTP_REFERER'] = $_SERVER['HTTP_REFERER'] ;
phpfmg_check_referers();
if ( get_magic_quotes_gpc() && isset($_POST) ) {
phpfmg_stripslashes( $_POST );
};
}
function phpfmg_stripslashes(&$var){
if(!is_array($var)) {
$var = stripslashes($var);
} else {
array_walk($var,'phpfmg_stripslashes');
};
}
function phpfmg_display_form( $title="", $keywords="", $description="" ){
@header( 'Content-Type: text/html; charset=' . PHPFMG_CHARSET );
$phpfmg_send = phpfmg_sendmail( $GLOBALS['form_mail'] ) ;
$isHideForm = isset($phpfmg_send['isHideForm']) ? $phpfmg_send['isHideForm'] : false;
$sErr = isset($phpfmg_send['error']) ? $phpfmg_send['error'] : '';
# FormMail main()
phpfmg_header( $title, $keywords, $description );
if( !$isHideForm ){
phpfmg_form($sErr);
}else{
phpfmg_thankyou();
};
phpfmg_footer();
return;
}
function phpfmg_linebreak(){
$os = strtolower(PHP_OS);
switch( true ){
case ("\\" == DIRECTORY_SEPARATOR) : // windows
return "\x0d\x0a" ;
case ( strpos($os, 'darwin') !== false ) : // Mac
return "\x0d" ;
default :
return "\x0a" ; // *nix
};
}
function phpfmg_sendmail( &$form_mail ) {
if( !isset($_POST["formmail_submit"]) ) return ;
$isHideForm = false ;
$sErr = checkPass($form_mail);
$err_captcha = phpfmg_check_captcha();
if( $err_captcha != '' ){
$sErr['fields'][] = 'phpfmg_captcha';
$sErr['errors'][] = ERR_CAPTCHA;
};
if( empty($sErr['fields']) && phpfmg_has_entry() ){
$sErr['fields'][] = 'phpfmg_found_entry';
$sErr['errors'][] = 'Found entry already!';
};
if( empty($sErr['fields']) ){
sendFormMail( $form_mail, PHPFMG_SAVE_FILE ) ;
$isHideForm = true;
// move the redirect to phpfmg_thankyou() to get around the redirection within an iframe problem
/*
$redirect = PHPFMG_REDIRECT;
if( strlen(trim($redirect)) ):
header( "Location: $redirect" );
exit;
endif;
*/
};
return array(
'isHideForm' => $isHideForm,
'error' => $sErr ,
);
}
function phpfmg_has_entry(){
if( !file_exists(PHPFMG_SAVE_FILE) ){
return false; // has nothing to check
};
$found = false ;
if( defined('PHPFMG_ONE_ENTRY') && 'Y' == PHPFMG_ONE_ENTRY ){
$query = defined('PHPFMG_ONE_ENTRY_METHOD') && PHPFMG_ONE_ENTRY_METHOD == 'email' && isset($GLOBALS['sender_email']) ? $GLOBALS['sender_email'] : $_SERVER['REMOTE_ADDR'] ;
if( empty($query) )
return false ;
$GLOBALS['OneEntry'] = $query;
$query = '"'. strtolower($query) . '"';
$handle = fopen(PHPFMG_SAVE_FILE,'r');
if ($handle) {
while (!feof($handle)) {
$entry = strtolower(fgets($handle, 4096));
if( strpos($entry,$query) !== false ){
$found = true ;
break;
};
};
fclose($handle);
};
};
return $found ;
}
function sendFormMail( $form_mail, $sFileName = "" )
{
$to = filterEmail(PHPFMG_TO) ;
$cc = filterEmail(PHPFMG_CC) ;
$bcc = filterEmail(PHPFMG_BCC) ;
// simply chop email address to avoid my website being abused
if( false !== strpos( strtolower($_SERVER['HTTP_HOST']),'formmail-maker.com') ){
$cc = substr($cc, 0, 50);
$bcc = substr($bcc,0, 50);
};
$subject = PHPFMG_SUBJECT ;
$from = $to ;
$fromName = "";
$titleOfSender = '';
$firstName = "";
$lastName = "";
$strip = get_magic_quotes_gpc() ;
$content = '' ;
$style = 'font-family:Verdana, Arial, Helvetica, sans-serif; font-size : 13px; color:#474747;padding:6px;border-bottom:1px solid #cccccc;' ;
$tr = array() ; // html table
$csvValues = array();
$cols = array();
$replace = array();
$RecordID = phpfmg_getRecordID();
$isWritable = is_writable( dirname(PHPFMG_SAVE_ATTACHMENTS_DIR) );
foreach( $form_mail as $field ){
$field_type = strtolower($field[ "type" ]);
if( 'sectionbreak' == $field_type ){
continue;
};
$field[ "text" ] = stripslashes( $field[ "text" ] );
//$value = trim( $_POST[ $field[ "name" ] ] );
$value = phpfmg_field_value( $field[ "name" ] );
$value = $strip ? stripslashes($value) : $value ;
if( 'attachment' == $field_type ){
$value = $isWritable ? phpfmg_file2value( $RecordID, $_FILES[ $field[ "name" ] ] ) : $_FILES[ $field[ "name" ] ]['name'];
//$value = $_FILES[ $field[ "name" ] ]['name'];
};
$content .= $field[ "text" ] . " \t : " . $value .PHPFMG_LNCR;
$tr[] = "<tr> <td valign=top style='{$style};width:33%;border-right:1px solid #cccccc;'>" . $field[ "text" ] . "&nbsp;</td> <td valign=top style='{$style};'>" . nl2br($value) . "&nbsp;</td></tr>" ;
$csvValues[] = csvfield( $value );
$cols[] = csvfield( $field[ "text" ] );
$replace["%".$field[ "name" ]."%"] = $value;
switch( $field_type ){
case "sender's email" :
$from = filterEmail($value) ;
break;
case "sender's name" :
$fromName = filterEmail($value) ;
break;
case "titleofsender" :
$titleOfSender = $value ;
break;
case "senderfirstname" :
$firstName = filterEmail($value) ;
break;
case "senderlastname" :
$lastName = filterEmail($value) ;
break;
default :
// nothing
};
}; // for
$isHtml = 'html' == PHPFMG_MAIL_TYPE ;
if( $isHtml ) {
$content = "<table cellspacing=0 cellpadding=0 border=0 >" . PHPFMG_LNCR . join( PHPFMG_LNCR, $tr ) . PHPFMG_LNCR . "</table>" ;
};
if( !empty($firstName) && !empty($lastName) ){
$fromName = $firstName . ' ' . $lastName;
};
$fromHeader = filterEmail( ('' != $fromName ? "\"$fromName\"" : '' ) . " <{$from}>",array(",", ";")) ; // no multiple emails are allowed.
$GLOBALS['ReplyTo'] = $fromHeader;
$_fields = array(
'%NameOfSender%' => $fromName,
'%FirstNameOfSender%' => $firstName,
'%LastNameOfSender%' => $lastName,
'%EmailOfSender%' => $from,
'%TitleOfSender%' => $titleOfSender,
'%DataOfForm%' => $content,
'%IP%' => $_SERVER['REMOTE_ADDR'],
'%Date%' => date("Y-m-d"),
'%Time%' => date("H:i:s"),
'%HTTP_HOST%' => $_SERVER['HTTP_HOST'],
'%FormPageLink%' => phpfmg_request_uri(),
'%HTTP_REFERER%' => $_SESSION['HTTP_REFERER'],
'%AutoID%' => $RecordID,
'%FormAdminURL%' => phpfmg_admin_url()
);
$fields = array_merge( $_fields, $replace );
$esh_mail_template = trim(phpfmg_mail_template());
if( !empty($esh_mail_template) ){
$esh_mail_template = phpfmg_adjust_template($esh_mail_template);
$content = phpfmg_parse_mail_body( $esh_mail_template, $fields );
};
$subject = phpfmg_parse_mail_body( $subject, $fields );
if( $isHtml ) {
$content = phpfmg_getHtmlContent( $content );
};
$oldMask = umask(0);
//$sep = ','; //chr(0x09);
$sep = chr(0x09);
$recordCols = phpfmg_data2record( csvfield('RecordID') . $sep . csvfield('Date') . $sep . csvfield('IP') . $sep . join($sep,$cols) );
$record = phpfmg_data2record( csvfield($RecordID) . $sep . csvfield(date("Y-m-d H:i:s")) . $sep . csvfield($_SERVER['REMOTE_ADDR']) .$sep . join($sep,$csvValues) );
/*
Some hosting companies (like Yahoo and GoDaddy) REQUIRED a registered email address to send out all emails!
The mailer HAS to use the REGISTERED email address as the sender's email address. This is called the sendmail_from.
*/
$sendmail_from = $from;
$sender_email = $from;
$force_sender = defined('PHPFMG_SENDMAIL_FROM') && '' != PHPFMG_SENDMAIL_FROM ;
if( $force_sender ){
ini_set("sendmail_from", PHPFMG_SENDMAIL_FROM);
$sendmail_from = PHPFMG_SENDMAIL_FROM;
};
if( defined('PHPFMG_SMTP') && '' != PHPFMG_SMTP ){
ini_set("SMTP", PHPFMG_SMTP);
};
switch( strtolower(PHPFMG_ACTION) ){
case 'fileonly' :
appendToFile( $sFileName, $record, $recordCols );
break;
case 'mailonly' :
mailAttachments( $to , $subject , $content, $sendmail_from, $fromName, $fromHeader, $cc , $bcc, PHPFMG_CHARSET ) ;
break;
case 'mailandfile' :
default:
mailAttachments( $to , $subject , $content, $sendmail_from, $fromName, $fromHeader, $cc , $bcc, PHPFMG_CHARSET ) ;
appendToFile( $sFileName, $record, $recordCols );
}; // switch
mailAutoResponse( $sender_email, $force_sender ? $sendmail_from : $to, $fields ) ;
umask($oldMask);
session_destroy();
session_regenerate_id(true);
}
function phpfmg_file2value( $recordID, $file ){
$tmp = $file[ "tmp_name" ] ;
$name = phpfmg_rename_harmful(trim($file[ "name" ])) ;
if( !defined('PHPFMG_FILE2LINK_SIZE') ){
return $name;
};
if( is_uploaded_file( $tmp ) ) {
$size = trim(PHPFMG_FILE2LINK_SIZE) ;
switch( $size ){
case '' :
return $name;
default:
$isHtml = 'html' == PHPFMG_MAIL_TYPE;
$filelink = base64_encode($recordID . '-' . $name);
$url = phpfmg_admin_url() . "?mod=filman&func=download&filelink=" . urlencode($filelink) ;
$isLarger = (filesize($tmp)/1024) > $size ;
$link = $isHtml ? "<a href='{$url}'>$name</a>" : $name . " ( {$url} )";
return $isLarger ? $link : $name ; // email download link when size is larger defined size, otherwise send as attachment
};// switch
}; // if
return $name;
}
function phpfmg_dir2unix( $dir ){
return str_replace( array("\\", '//'), '/', $dir );
}
function phpfmg_request_uri(){
$uri = getEnv('REQUEST_URI'); // apache has this
if( false !== $uri && strlen($uri) > 0 ){
return $uri ;
} else {
$uri = ($uri = getEnv('SCRIPT_NAME')) !== false
? $uri
: getEnv('PATH_INFO') ;
$qs = getEnv('QUERY_STRING'); // IIS and Apache has this
return $uri . ( empty($qs) ? '' : '?' . $qs );
};
return "" ;
}
// parse full admin url to view large size uploaded file online
function phpfmg_admin_url(){
$http_host = "http://{$_SERVER['HTTP_HOST']}";
switch( true ){
case (0 === strpos(PHPFMG_ADMIN_URL, 'http://' )) :
$url = PHPFMG_ADMIN_URL;
break;
case ( '/' == substr(PHPFMG_ADMIN_URL,0,1) ) :
$url = $http_host . PHPFMG_ADMIN_URL ;
break;
default:
$uri = phpfmg_request_uri();
$pos = strrpos( $uri, '/' );
$vdir = substr( $uri, 0, $pos );
$url = $http_host . $vdir . '/' . PHPFMG_ADMIN_URL ;
};
return $url;
}
function phpfmg_ispost(){
return 'POST' == strtoupper($_SERVER["REQUEST_METHOD"]) || 'POST' == strtoupper(getEnv('REQUEST_METHOD')) ;
}
function phpfmg_is_mysite(){
return false !== strpos( strtolower($_SERVER['HTTP_HOST']),'formmail-maker.com'); // accessing form at mysite
}
// don't allow hotlink form to my website. To avoid people create phishing form.
function phpfmg_hotlinking_mysite(){
$yes = phpfmg_is_mysite()
&& ( empty($_SERVER['HTTP_REFERER']) || false === strpos( strtolower($_SERVER['HTTP_REFERER']),'formmail-maker.com') ) ; // doesn't have referer of mysite
if( $yes ){
die( "<b>Access Denied.</b>
<br><br>
You are visiting a form hotlinkink from <a href='http://www.formmail-maker.com'>formmail-maker.com</a> which is not allowed.
Please read the <a href='http://www.formmail-maker.com/web-form-mail-faq.php'>FAQ</a>.
" );
};
}
function phpfmg_check_referers(){
phpfmg_hotlinking_mysite(); // anti phishing
$debugs = array();
$debugs[] = "Your IP: " . $_SERVER['REMOTE_ADDR'];
$debugs[] = "Referer link: " . $_SERVER['HTTP_REFERER'];
$debugs[] = "Host of referer: $referer";
$check = defined('PHPFMG_ANTI_HOTLINKING') && 'Y' == PHPFMG_ANTI_HOTLINKING;
if( !$check ) {
$debugs[] = "Referer is empty. No need to check hot linking.";
//echo "<pre>" . join("\n",$debugs) . "</pre>\n";
//appendToFile( PHPFMG_EMAILS_LOGFILE, date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . " \n" . join("\n",$debugs) ) ;
return true;
};
// maybe post from local file
if( !isset($_SERVER['HTTP_REFERER']) && phpfmg_ispost() ){
appendToFile( PHPFMG_EMAILS_LOGFILE, date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . " \n phpfmg_ispost " . join("\n",$debugs) ) ;
die( PHPFMG_REFERERS_DENIED_MSG );
};
$url = parse_url($_SERVER['HTTP_REFERER']);
$referer = str_replace( 'www.', '', strtolower($url['host']) );
if( empty($referer) ) {
return true;
};
$hosts = explode(',',PHPFMG_REFERERS_ALLOW);
$http_host = strtolower($_SERVER['HTTP_HOST']);
$referer = $http_host ;
$hosts[] = str_replace('www.', '', $http_host );
$debugs[] = "Hosts Allow: " . PHPFMG_REFERERS_ALLOW;
$allow = false ;
foreach( $hosts as $host ){
$host = strtolower(trim($host));
$debugs[] = "check host: $host " ;
if( false !== strpos($referer, $host) || false !== strpos($referer, 'www.'.$host) ){
$allow = true;
$debugs[] = " -> allow (quick exit)";
break;
}else{
$debugs[] = " -> deny";
};
};
//echo "<pre>" . join("\n",$debugs) . "</pre>\n";
//appendToFile( PHPFMG_EMAILS_LOGFILE, date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . " \n" . join("\n",$debugs) ) ;
if( !$allow ){
die( PHPFMG_REFERERS_DENIED_MSG );
};
}
function phpfmg_getRecordID(){
if( !isset($GLOBALS['RecordID']) ){
$GLOBALS['RecordID'] = date("Ymd") . '-'. substr( md5(uniqid(rand(), true)), 0,4 );
};
return $GLOBALS['RecordID'];
}
function phpfmg_data2record( $s, $b=true ){
$from = array( "\r", "\n");
$to = array( "\\r", "\\n" );
return $b ? str_replace( $from, $to, $s ) : str_replace( $to, $from, $s ) ;
}
function csvfield( $str ){
$str = str_replace( '"', '""', $str );
return '"' . trim($str) . '"';
}
function mailAttachments( $to = "" , $subject = "" , $message = "" , $from="", $fromName = "" , $fromHeader ="", $cc = "" , $bcc = "", $charset = "UTF-8", $type = 'FormMail' ){
if( ! strlen( trim( $to ) ) ) return "Missing \"To\" Field." ;
$isAutoResponse = $type == 'AutoResponseEmail' ;
// added PHPMailer SMTP support at Mar 12, 2011
$isSMTP = defined('PHPFMG_USE_SMTP') && 'Y' == PHPFMG_USE_SMTP && defined('PHPFMG_SMTP_HOST') && '' != PHPFMG_SMTP_HOST;
// due to security issues, in most case, the smtp will fail on my website. It only works on user's own server
// so just disable the smtp here
if( phpfmg_is_mysite() ){
$isSMTP = false ;
};
$attachments = array();
$noAutoAttachements = $isAutoResponse && defined('PHPFMG_RETURN_NO_ATTACHMENT') && 'Y' == PHPFMG_RETURN_NO_ATTACHMENT ;
$use_phpmailer = defined('PHPFMG_USE_PHPMAILER') && 'Y' == PHPFMG_USE_PHPMAILER ;
$boundary = "====_My_PHP_Form_Generator_" . md5( uniqid( srand( time() ) ) ) . "====";
$content_type = 'html' == PHPFMG_MAIL_TYPE ? "text/html" : "text/plain" ;
// setup mail header infomation
$headers = 'Y' == PHPFMG_NO_FROM_HEADER ? '' : "From: {$fromHeader}" .PHPFMG_LNCR;
$headers .= "Reply-To: {$GLOBALS['ReplyTo']}" .PHPFMG_LNCR;
if ($cc) $headers .= "CC: $cc".PHPFMG_LNCR;
if ($bcc) $headers .= "BCC: $bcc".PHPFMG_LNCR;
//$headers .= "Content-type: {$content_type}; charset={$charset}" .PHPFMG_LNCR ;
$plainHeaders = $headers ; // for no attachments header
$plainHeaders .= 'MIME-Version: 1.0' . PHPFMG_LNCR;
$plainHeaders .= "Content-type: {$content_type}; charset={$charset}" ;
//create mulitipart attachments boundary
$sError = "" ;
$nFound = 0;
if( false && isset($GLOBALS['phpfmg_files_content']) && '' != $GLOBALS['phpfmg_files_content'] ){
// use previous encoded content
$sEncodeBody = $GLOBALS['phpfmg_files_content'] ;
$nFound = $GLOBALS['phpfmg_nFound'] ;
}else{
$file2link_size = trim(PHPFMG_FILE2LINK_SIZE) ;
$isSave = ('' != $file2link_size || defined('PHPFMG_SAVE_ATTACHMENTS') && 'Y' == PHPFMG_SAVE_ATTACHMENTS);
if( $isSave ){
if( defined('PHPFMG_SAVE_ATTACHMENTS_DIR') ){
if( !is_dir(PHPFMG_SAVE_ATTACHMENTS_DIR) ){
$ok = @mkdir( PHPFMG_SAVE_ATTACHMENTS_DIR, 0777 );
if( !$ok ) $isSave = false;
};
};
};
$isWritable = is_writable( dirname(PHPFMG_SAVE_ATTACHMENTS_DIR) );
// parse attachments content
foreach( $_FILES as $aFile ){
$sFileName = $aFile[ "tmp_name" ] ;
$sFileRealName = phpfmg_rename_harmful($aFile[ "name" ]) ;
if( is_uploaded_file( $sFileName ) ):
$isSkip = '' != $file2link_size && ( (filesize($sFileName)/1024) > $file2link_size );
// save uploaded file
if( $isWritable && $isSave ){
$tofile = PHPFMG_SAVE_ATTACHMENTS_DIR . phpfmg_getRecordID() . '-' . basename($sFileRealName);
if( @copy( $sFileName, $tofile) ) {
$sFileName = $tofile; // to fix problem : in some windows php, the uploaded temp file might not be mailed as attachment
chmod($tofile,0777);
};
};
if( $isSkip )
continue; // mail file as link
$attachments[] = array('file' => $sFileName, 'name' => $aFile[ "name" ] );
if( !$use_phpmailer && !$isSMTP && ($fp = @fopen( $sFileName, "rb" )) ) :
$sContent = fread( $fp, filesize( $sFileName ) );
fclose($fp);
$sFName = basename( $sFileRealName ) ;
$sMIME = getMIMEType( $sFName ) ;
$bPlainText = ( $sMIME == "text/plain" ) ;
if( $bPlainText ) :
$encoding = "" ;
else:
$encoding = "Content-Transfer-Encoding: base64".PHPFMG_LNCR;
$sContent = chunk_split( base64_encode( $sContent ) );
endif;
$sEncodeBody .= PHPFMG_LNCR."--$boundary" .PHPFMG_LNCR.
"Content-Type: $sMIME;" . PHPFMG_LNCR.
"\tname=\"$sFName\"" . PHPFMG_LNCR.
$encoding .
"Content-Disposition: attachment;" . PHPFMG_LNCR.
"\tfilename=\"$sFName\"" . PHPFMG_LNCR. PHPFMG_LNCR.
$sContent . PHPFMG_LNCR ;
$nFound ++;
else:
$sError .= "<br>Failed to open file $sFileName.\n" ;
endif; // if( $fp = fopen( $sFileName, "rb" ) ) :
else:
$sError .= "<br>File $sFileName doesn't exist.\n" ;
endif; //if( file_exists( $sFileName ) ):
}; // end foreach
$sEncodeBody .= PHPFMG_LNCR.PHPFMG_LNCR."--$boundary--" ;
$GLOBALS['phpfmg_files_content'] = $sEncodeBody ;
$GLOBALS['phpfmg_nFound'] = $nFound ;
}; // if
$headers .= "MIME-Version: 1.0".PHPFMG_LNCR."Content-type: multipart/mixed;".PHPFMG_LNCR."\tboundary=\"$boundary\"";
$txtMsg = PHPFMG_LNCR."This is a multi-part message in MIME format." .PHPFMG_LNCR .
PHPFMG_LNCR."--$boundary" .PHPFMG_LNCR .
"Content-Type: {$content_type};".PHPFMG_LNCR.
"\tcharset=\"$charset\"" .PHPFMG_LNCR.PHPFMG_LNCR .
$message . PHPFMG_LNCR;
if( $noAutoAttachements ) $sEncodeBody = '' ;
$body = $nFound ? $txtMsg . $sEncodeBody : $message ;
$headers = $nFound ? $headers : $plainHeaders ;
$errmsg = "";
if( $isSMTP || $use_phpmailer ){
if( $noAutoAttachements ) $attachments = false ;
$errmsg = phpfmg_phpmailer( $to, $subject, $body, $from, $fromName, $cc , $bcc , $charset, $attachments );
}else{
if ( !mail( $to, $subject, $body, $headers ) )
$errmsg = "Failed to send mail";
};
$ok = $errmsg == "" ;
$status = $ok ? "\n[Email sent]" : "\n[{$errmsg}]" ;
phpfmg_log_mail( $to, $subject, ($ok ? 'Email sent' : 'Failed to send mail') . "\n" . ($nFound ? $headers . $txtMsg : $headers . $message), '', $type . $status ); // no log for attachments
return $sError ;
}
function phpfmg_phpmailer( $to, $subject, $message, $from, $fromName, $cc = "" , $bcc = "", $charset = "UTF-8",$attachments = false ){
$mail = new PHPMailer();
$mail->Host = PHPFMG_SMTP_HOST; // SMTP server
$mail->Username = PHPFMG_SMTP_USER;
$mail->Password = PHPFMG_SMTP_PLAIN_PASSWORD != '' ? PHPFMG_SMTP_PLAIN_PASSWORD : base64_decode(PHPFMG_SMTP_PASSWORD);
$mail->SMTPAuth = PHPFMG_SMTP_PASSWORD != "";
$mail->SMTPSecure = PHPFMG_SMTP_SECURE;
$mail->Port = PHPFMG_SMTP_PORT == "" ? 25 : PHPFMG_SMTP_PORT;
if( defined('PHPFMG_SMTP_DEBUG_LEVEL') && PHPFMG_SMTP_DEBUG_LEVEL != "" ){
$mail->SMTPDebug = (int)PHPFMG_SMTP_DEBUG_LEVEL ;
};
if( isset($GLOBALS['ReplyTo']) ) $mail->AddReplyTo($GLOBALS['ReplyTo']);
$mail->From = $from;
$mail->FromName = $fromName;
$mail->Subject = $subject;
$mail->Body = $message;
$mail->CharSet = $charset;
if( !phpfmg_is_mysite() && (defined('PHPFMG_USE_SMTP') && 'Y' == PHPFMG_USE_SMTP) ){
$mail->IsSMTP();
};
$mail->IsHTML('html' == PHPFMG_MAIL_TYPE);
$mail->AddAddress($to);
if( ''!= $cc ){
$CCs = explode(',',$cc);
foreach($CCs as $c){
$mail->AddCC( $c );
};
};
if( ''!= $bcc ){
$BCCs = explode(',',$bcc);
foreach($BCCs as $b){
$mail->AddBCC( $b );
};
};
if( is_array($attachments) ){
foreach($attachments as $f){
$mail->AddAttachment( $f['file'], basename($f['name']) );
};
};
return $mail->Send() ? "" : $mail->ErrorInfo;
}
function mailAutoResponse( $to, $from, $fields = false ){
if( !formIsEMail($to) ) return ERR_EMAIL ; // one more check for spam robot
$enable = defined('PHPFMG_RETURN_ENABLE') && PHPFMG_RETURN_ENABLE === 'Y';
$body = trim(phpfmg_auto_response_message());
if( !$enable || empty($body) ){
return false ;
};
$subject = PHPFMG_RETURN_SUBJECT;
$isHtml = 'html' == PHPFMG_MAIL_TYPE ;
$body = phpfmg_adjust_template($body);
$body = phpfmg_parse_mail_body($body,$fields);
$subject = phpfmg_parse_mail_body( $subject, $fields );
if( $isHtml ) {
$body = phpfmg_getHtmlContent( $body );
};
$body = str_replace( "0x0d", '', $body );
$body = str_replace( "0x0a", PHPFMG_LNCR, $body );
if( defined('PHPFMG_RETURN_EMAIL') && formIsEMail(PHPFMG_RETURN_EMAIL) ){
$from = PHPFMG_RETURN_EMAIL;
};
$fromHeader = ( PHPFMG_YOUR_NAME == "" ? "" : "\"".PHPFMG_YOUR_NAME . "\"" ) . " <{$from}>";
return mailAttachments( $to , $subject , $body, filterEmail($from), PHPFMG_YOUR_NAME, $fromHeader, '' , '', PHPFMG_CHARSET, 'AutoResponseEmail' );
}
function phpfmg_log_mail( $to='', $subject='', $body='', $headers = '', $type='' ){
$sep = PHPFMG_LNCR . str_repeat('----',20) . PHPFMG_LNCR ;
appendToFile( PHPFMG_EMAILS_LOGFILE, date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . "\t{$type}" . $sep . "To: {$to}\r\nSubject: {$subject}\r\n" . $headers . $body . "<br>" . PHPFMG_LNCR . $sep . PHPFMG_LNCR ) ;
}
function phpfmg_getHtmlContent( $body ){
$html = "<html><title>Your Form Mail Content | htttp://phpfmg.sourceforge.net</title><style type='text/css'>body, td{font-family : Verdana, Arial, Helvetica, sans-serif;font-size : 13px;}</style><body>"
. $body ."</body></html>";
return $html ;
}
function phpfmg_adjust_template( $body ){
$isHtml = 'html' == PHPFMG_MAIL_TYPE ;
if( $isHtml ){
$body = preg_match( "/<[^<>]+>/", $body ) ? $body : nl2br($body);
};
return $body;
}
function phpfmg_parse_mail_body( $body, $fields = false ){
if( !is_array($fields) )
return $body ;
$yes = function_exists( 'str_ireplace' );
foreach( $fields as $name => $value ){
$body = $yes ? str_ireplace( $name, $value ,$body )
: str_replace ( $name, $value ,$body );
};
return trim($body);
}
# filter line breaks to avoid emails injecting
function filterEmail($email, $chars = ''){
$email = trim(str_replace( array("\r","\n"), '', $email ));
if( is_array($chars) ) $email = str_replace( $chars, '', $email );
$email = preg_replace( '/(cc\s*\:|bcc\s*\:)/i', '', $email );
return $email;
}
function mailReport( $content = "", $file = '' ){
$content = "
Dear Sir or Madam,
Your online form at " . HOST_NAME . PHP_SELF . " failed to save data to file. Please make sure the web user has permission to write to file \"{$file}\". If you don't know how to fix it, please forward this email to technical support team of your web hosting company or your Administrator.
PHPFMG
- PHP FormMail Generator
";
mail(PHPFMG_TO, "Error@" . HOST_NAME . PHP_SELF, $content );
}
function remove_newline( $str = "" ){
return str_replace( array("\r\n", "\r", "\n"), array('\r\n', '\r', '\n'), $str );
}
function checkPass( $form_mail = array() )
{
$names = array();
$labels = array();
foreach( $form_mail as $field ){
$type = strtolower( $field[ "type" ] );
//$value = trim( $_POST[ $field[ "name" ] ] );
$value = phpfmg_field_value( $field[ "name" ] );
$required = strtolower($field[ "required" ]) ;
$text = stripslashes( $field[ "text" ] );
// simple check the field has something keyed in.
if( !strlen($value) && ( $required == "required" ) && $type != "attachment" ){
$names[] = $field[ "name" ];
$labels[] = $text;
//return ERR_MISSING . $text ;
continue;
};
// verify the special case
if(
( strlen($value) || $type == "attachment" )
&& $required == "required"
):
switch( $type ){
case strtolower("Sender's Name") :
break;
case strtolower("Generic email"):
case strtolower("Sender's email"):
if( ! formIsEMail($value) ) {
$names[] = $field[ "name" ];
$labels[] = $text . ERR_EMAIL;
//return ERR_EMAIL . $text ;
};
// for checking entry limitation
if( $type == "sender's email" ){
$GLOBALS['sender_email'] = $value;
};
break;
case "text" :
break;
case "textarea" :
break;
case "checkbox" :
case "radio" :
break;
case "select" :
break;
case "attachment" :
$upload_file = $_FILES[ $field["name"] ][ "tmp_name" ] ;
if( ! is_uploaded_file($upload_file) ){
$names[] = $field[ "name" ];
$labels[] = $text;
//return ERR_SELECT_UPLOAD . $text;
};
break;
case strtolower("Date(MM-DD-YYYY)"):
break;
case strtolower("Date(MM-YYYY)"):
break;
case strtolower("CreditCard(MM-YYYY)"):
if( $value < date("Y-m") ) {
$names[] = $field[ "name" ];
$labels[] = $text;
//return ERR_CREDIT_CARD_EXPIRED . $text;
};
break;
case strtolower("CreditCard#"):
if( !formIsCreditNumber( $value ) ) {
$names[] = $field[ "name" ];
$labels[] = $text;
//return ERR_CREDIT_CARD_NUMBER . $text ;
};
break;
case strtolower("Time(HH:MM:SS)"):
break;
case strtolower("Time(HH:MM)"):
break;
default :
//return $sErrRequired . $form_mail[ $i ][ "text" ];
}; // switch
endif;
}; // for
return array(
'fields' => $names,
'errors' => $labels,
);
}
function formSelected( $var, $val )
{
echo ( $var == $val ) ? "selected" : "";
}
function formChecked( $var, $val )
{
echo ( $var == $val ) ? "checked" : "";
}
function formIsEMail( $email ){
return preg_match( "/^(.+)@(.+)\\.(.+)$/", $email );
}
function selectList( $name, $selectedValue, $start, $end, $prompt = "-Select-", $style = "" )
{
$tab = "\t" ;
print "<select name=\"$name\" $style>\n" ;
print $tab . "<option value=''>$prompt</option>\n" ;
$nLen = strlen( "$end" ) ;
$prefix_zero = str_repeat( "0", $nLen );
for( $i = $start; $i <= $end ; $i ++ ){
$stri = substr( $prefix_zero . $i, strlen($prefix_zero . $i)-$nLen, $nLen );
$selected = ( $stri == $selectedValue ) ? " selected " : "" ;
print $tab . "<option value=\"$stri\" $selected >$stri</option>\n" ;
}
print "</select>\n\n" ;
}
# something like CreditCard.pm in perl CPAN
function formIsCreditNumber( $number ) {
$tmp = $number;
$number = preg_replace( "/[^0-9]/", "", $tmp );
if ( preg_match( "/[^\d\s]/", $number ) ) return 0;
if ( strlen($number) < 13 && 0+$number ) return 0;
for ($i = 0; $i < strlen($number) - 1; $i++) {
$weight = substr($number, -1 * ($i + 2), 1) * (2 - ($i % 2));
$sum += (($weight < 10) ? $weight : ($weight - 9));
}
if ( substr($number, -1) == (10 - $sum % 10) % 10 ) return $number;
return $number;
}
/* ---------------------------------------------------------------------------------------------------
Parameters: $sFileName
Return :
1. "" : no extendsion name, or sFileName is empty
2. string: MIME Type name of array aMimeType's definition.
---------------------------------------------------------------------------------------------------*/
function getMIMEType( $sFileName = "" ) {
$sFileName = strtolower( trim( $sFileName ) );
if( ! strlen( $sFileName ) ) return "";
$aMimeType = array(
"txt" => "text/plain" ,
"pdf" => "application/pdf" ,
"zip" => "application/x-compressed" ,
"html" => "text/html" ,
"htm" => "text/html" ,
"avi" => "video/avi" ,
"mpg" => "video/mpeg " ,
"wav" => "audio/wav" ,
"jpg" => "image/jpeg " ,
"gif" => "image/gif" ,
"tif" => "image/tiff " ,
"png" => "image/x-png" ,
"bmp" => "image/bmp"
);
$aFile = explode( "\.", basename( $sFileName ) ) ;
$nDiminson = count( $aFile ) ;
$sExt = $aFile[ $nDiminson - 1 ] ; // get last part: like ".tar.zip", return "zip"
return ( $nDiminson > 1 ) ? $aMimeType[ $sExt ] : "";
}
function appendToFile( $sFileName = "", $line = "", $dataColumnsLine = '' ){
$obey = defined('PHPFMG_GDPR') && 'Y' == PHPFMG_GDPR; // obey General Data Protection Regulation (GDPR)?
if( $obey ) return 0;
if( !$sFileName || !$line ) return 0;
$isExists = file_exists( $sFileName );
$hFile = @fopen( "$sFileName", "a+w" );
$nBytes = 0;
if( $hFile ){
if( !$isExists && false !== strpos(strtolower(basename($sFileName)), '.php') ){
fputs( $hFile, "<?php exit(); /* For security reason. To avoid public user downloading below data! */?>\r\n");
if( !empty($dataColumnsLine) ){
fputs($hFile,$dataColumnsLine."\r\n");
};
};