The form was not submitted for the following reasons
"; print "$errorlist

"; echo "

Brought to you by HiQ Formmail Version $this_version\n\n"; include($efoot); exit; } function issueSingleError($errorlist) { global $this_version; print "
An error was encountered. Mail may not have been sent.
"; print "$errorlist

"; echo "

Brought to you by HiQ Formmail Version $this_version\n\n"; } // See if user is in the banned list. function isBanned($banned, $email) { global $errorlist; $found = 0; $temp_mail = explode("@", $email); if($email != '') { for ($x=0; $x < count($banned); $x++) { $temp_ban = explode("@", $banned[$x]); if (eregi ($temp_ban[1], $temp_mail[1])) { if($temp_ban[0] == '*') $found = 1; if(strtolower($temp_ban[0]) == strtolower($temp_mail[0])) $found = 1; } } } if($found != 0) $errorlist .= "
You attempting to use from a banned email address - $email.
"; } // parse the form and create the content string which we will send function parseForm($includeBlank) { // global $HTTP_POST_VARS; $formData = ""; // build reserved keyword array $hidden_list[] = "MAX_FILE_SIZE"; $hidden_list[] = "subject"; $hidden_list[] = "redirect"; // $hidden_list[] = "auto_responder"; $hidden_list[] = "configfilename"; $hidden_list[] = "SelectRecipient"; $hidden_list[] = "SelectRecipient_Special"; $hidden_list[] = "MultipleValueFormat"; $seperator = " & "; $listas = explode(",", getPostValue("MultipleValueFormat")); if($listas[0] == 'column' && $listas[1] != '') $seperator = " $listas[1] "; foreach($_POST as $varName => $value){ $found = 0; $varN = str_replace("_", " ", $varName); // Turn underscores into blanks if(in_array($varName, $hidden_list)) $found = 1; if($found == 0) { if(is_array($value)) { if($listas[0] != 'column') { for($k=0; $k < count($value); $k++) { $formData .= "$varN: $value[$k]\n"; } } else { $formdata .= "$varN: " . implode($seperator, $value) . "\n"; } } else { if($value != '') { $formData .= "$varN: $value\n"; } else { // BY default blank fields are not printed. if($includeBlank != '') $formData .= "$varN: $value\n"; } } } } return $formData; } // mail the content include ('./mailit.php'); function getPostValue($fieldName, $default = '') { if (array_key_exists($fieldName, $_POST)) { return $_POST[$fieldName]; } else { return $default; } } // function to delete temp files from the server. Make sure things are cleaned up. function deleteTempFiles () { global $attachtemp; for($i = 0; $i < count($attachtemp); $i++) { if(file_exists($attachtemp[$i])) { unlink($attachtemp[$i]); // delete temp file } } } //****** PROCESSING BEGINS HERE if($_SERVER['REQUEST_METHOD'] == "GET") { print "

Sorry but HiQ FormMail is not designed to be used in this manner"; print "
TERMINATED

"; exit; } // Process config file $configname = getPostValue ('configfilename'); if($configname == '') $configname = "HiQFMConfg"; include ('./class.HiQFMConfig.php'); $config = new FormConfiguration ($configname); $email = trim(getPostValue ('email')); $thebanned = $config->getDirective('banned'); if($email != '') { if ($thebanned[0] != '')isBanned($thebanned, $email); if (!eregi('^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}$', $email)) $errorlist .= "
The email address ($email) is not valid.
"; } // Process recipient information //$config->dump (); $temp = getPostValue('SelectRecipient_Special'); // Adding SelectRecipient - scalar $selectedMultiple = getPostValue('SelectRecipient'); // Adding SelectRecipient - array $recipient_in[0] = ''; $incount = 0; if(!($temp == '' && $selectedMultiple == '')) { if(is_array($selectedMultiple)) { $selectedTemp = implode(",", $selectedMultiple); } else { $selectedTemp = $selectedMultiple; } if($selectedTemp != '') { if($temp != '') $temp .= ","; $temp .= $selectedTemp; // Add recipients array to $temp } $recipientList = $config->getDirective('recipient'); $selectedRecipient = explode(",", $temp); //Selected reipients as an array for ($k=0; $k < count($selectedRecipient); $k++) { $temp1 = trim(strtolower($selectedRecipient[$k])); // $temp1 set to user if($selectedRecipient[$k] != '') { $found = 0; for($l=0; $l < count($recipientList); $l++) { $temp2 = explode('@', $recipientList[$l]); // $temp2 set to user portion of email if(trim(strtolower($temp2[0])) == $temp1) { $recipient_in[$incount] = $recipientList[$l]; // Add valid recipient to list $incount++; $found = 1; } } if($found == 0) $errorlist .= "
The user ($temp1) has no entry in the list of valid recipients.
"; } } } // If there were no valid selected recipients send mail to full list if($incount == 0) $recipient_in = $config->getDirective('recipient'); if ($recipient_in[0] == '') { $errorlist .= "
Config file contains no recipient entry. Correct or contact Admin."; } for ($i=0; $i < count($recipient_in);$i++) { $recipient_to_test = trim($recipient_in[$i]); if (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}$", $recipient_to_test)) { $errorlist .= "
The recipient address ($recipient_to_test) is not valid.
"; } // Build recipent string if ($i == 0) { $recipient .= $recipient_to_test; } else { $recipient .= ",$recipient_to_test"; } } // Check for a bcc $bcc_in = $config->getDirective('bcc'); if($bcc_in[0] != '') { for ($i=0; $i < count($bcc_in);$i++) { $bcc_to_test = trim($bcc_in[$i]); if (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}$", $bcc_to_test)) { $errorlist .= "
The bcc address ($bcc_to_test) is not valid.
"; } // Build recipent string if ($i == 0) { $bcc .= $bcc_to_test; } else { $bcc .= ",$bcc_to_test"; } } } // prepare the content $sent_at = date('F jS, Y') . ' at ' . date('h:iA (T).'); $content .= "The following was submitted on " . $sent_at . "\n"; $content .= "HiQFormMail version $this_version - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . "\n\n"; // Set the mail subject. $subject = getPostValue('subject'); if($subject == '') $subject = $config->getDirective('subject'); $content .= "Subject: $subject\n"; $sendBlank = $config->getDirective('send_blank_fields'); $content .= parseForm($sendBlank); $required_list = $config->getDirective('required_fields'); if ($required_list[0] != '') { for ($i=0; $i < count($required_list);$i++) { $required_list[$i] = trim($required_list[$i]); $the_value = getPostValue($required_list[$i]); if ($the_value == '') $errorlist .= "Missing field: $required_list[$i]
\n"; } } // Check if there are file(s) to attach -- if so do it. $blockextns = $config->getDirective('non_valid_extensions'); // allowed extensions setup. $temp = strtolower(implode(",", $blockextns)); $nono = $badextns; if($temp != '') $nono .= ",$temp"; $nonoexts = explode(",", $nono); $content .= "\n"; $temp = ''; $valid_types = $config->getDirective('valid_attach_types'); // valid file types setup. $temp = strtolower(implode(",", $valid_types)); $valid_types = explode(",", $temp); $temp = ''; $valid_extns = $config->getDirective('valid_attach_extensions'); //valid file extensions setup. if($valid_extns[0] != '') $temp = strtolower(implode(",", $valid_extns)); $valid_extns = explode(",", $temp); $content .= "\n"; $attachCount = 0; if (isset($_FILES['attachment']['name'])) { $vname = 'attachment'; for ($i=0; $i < count($_FILES['attachment']['name']); $i++) { $file_name = $_FILES[$vname]['name'][$i]; $file_tmp_name = $_FILES[$vname]['tmp_name'][$i]; $tmp_files[] = $file_tmp_name; // Keep uploaded file names for deletion in case of errors. $file_type = $_FILES[$vname]['type'][$i]; $file_size = $_FILES[$vname]['size'][$i]; $file_error = $_FILES[$vname]['error'][$i]; if ($file_size <= 0) { if (trim($file_name)!= "") { $errorlist .= "
file attach failed - $file_name
"; } } else { if (is_uploaded_file($file_tmp_name)) { $is_safe_mode = $config->getDirective('safe_mode'); if($is_safe_mode != '') { $destn = $config->getDirective('safemode_temp_dir'); $destn_dir = "./$destn"; if(is_writable($destn_dir)) { $fname = basename($file_tmp_name); $destn_file = "$destn_dir/$fname"; if(move_uploaded_file($file_tmp_name, $destn_file)) { $file_tmp_name = $destn_file; } else { $errorlist .= "
-SAFE MODE- move of $file_tmp_name to $destn_file failed"; } } else { $errorlist .= "
-SAFE MODE- can not write to $destn"; } } if (is_readable($file_tmp_name)) { $attachtemp[] = $file_tmp_name; $attachuser[] = $file_name; $attachsize[] = $file_size; } else { $errorlist .= "
File $file_tmp_name - ($file_name) cannot be opened for reading."; } } else { $errorlist .= "
Is_uploaded_file test on $file_tmp_name - ($file_name) failed."; } $type = explode('/', $file_type); $exts = explode('.', $file_name); $extn_to_test = strtolower($exts[count($exts) - 1]); //Value of 'all' passes type testing if ($valid_types[0] != 'all') { if(!in_array($type[0], $valid_types)) { $errorlist .= "
file attach failed invalid type of $type[0] - $file_name
"; } } // Test file extension against possible config file defined. if($valid_extns[0] != '') { if(!in_array($extn_to_test, $valid_extns)) { $errorlist .= "
File attach failed: this extension is not in the valid list / $extn_to_test - $file_name
"; } } if(in_array($extn_to_test, $nonoexts)) { $errorlist .= "
File attach failed: this extension is in the invalid list / $extn_to_test - $file_name
"; } $attachtype[] = $file_type; $attachCount ++; $content .= "Attached file: $file_name\n"; } } } //print "
attach count - $attachCount"; $temp = explode(',', $config->getDirective('require_attach')); if($temp[0] != '') { if($temp[1] == '') $temp[1] = 1; if($attachCount < $temp[1]) $errorlist .= "
Attachment of at least $temp[1] files is required"; } //End Attach File // Add eviromental variables to content if requested $thisDir = $config->getDirective('HTTP_HOST'); if($thisDir != '') $content .= "HTTP HOST: " . $_SERVER['HTTP_HOST']."\n"; $thisDir = $config->getDirective('HTTP_REFERER'); if($thisDir != '') $content .= "HTTP_REFERER: " . $_SERVER['HTTP_REFERER']."\n"; $thisDir = $config->getDirective('REMOTE_ADDR'); if($thisDir != '') $content .= "REMOTE_ADDR: " . $_SERVER['REMOTE_ADDR']."\n"; $thisDir = $config->getDirective('BROWSER'); if($thisDir != '') $content .= "BROWSER: " . $_SERVER['HTTP_USER_AGENT']."\n"; // IF NO ERRORS send it off // If there are errors we need to delete any temp files which may have // been uploaded prior to calling the issueErrors function. if ($errorlist != "") { deleteTempFiles(); $ehead = $config->getDirective('er_header_file'); $efoot = $config->getDirective('er_footer_file'); issueErrors($errorlist, $ehead, $efoot); } else { // //// security patch 09/22/05 if(eregi("\r", $recipient)) die("Error Exit Possible Spam Bot attack. Carriage return not allowed in To"); if(eregi("\n", $recipient)) die("Error Exit Possible Spam Bot attack. Line feed not allowed in To"); if(eregi("\r", $subject)) die("Error Exit Possible Spam Bot attack. Carriage return not allowed in subject"); if(eregi("\n", $subject)) die("Error Exit Possible Spam Bot attack. Line feed not allowed in subject"); if(eregi("\r", $mail)) die("Error Exit Possible Spam Bot attack. Carriage return not allowed in header"); if(eregi("\n", $mail)) die("Error Exit Possible Spam Bot attack. Line feed not allowed in header"); if(eregi("\r", $bcc)) die("Error Exit Possible Spam Bot attack. Carriage return not allowed in bcc"); if(eregi("\n", $bcc)) die("Error Exit Possible Spam Bot attack. Line feed not allowed in bcc"); //// //print "
Recipients are $recipient"; $content .= "\n\n"; mailIt(stripslashes($content), stripslashes($subject), $email, $recipient, $bcc); // } // If an auto responder defined in form, check existance & send it if exists. // For security reasons the responder file MUST exist in the same directory as the script. $autores = basename($config->getDirective('auto_responder')); $resto = getPostValue ('email'); if ($autores != '') { if (file_exists($autores)) { $fd = fopen($autores, "rb"); $ar_message = fread($fd, filesize($autores)); fclose($fd); $ressubj = "RE: $subject"; if(!mail($resto, $ressubj, $ar_message, "From: $recipient_in[0]\nContent-Type: text/html\n")) { issueSingleError("An undetermined error occured while attempting to send a response."); } } else { issueSingleError("The requested response file, $autores was not found."); } } $echo_it = str_replace("\n", "
", $content); // if the redirect option is set: redirect them $redirect = getPostValue('redirect'); if($redirect == '')$redirect = $config->getDirective('redirect'); if ($redirect != '') { header("Location: $redirect"); exit; } else { $hffile = $config->getDirective('header_file'); include($hffile); print "
$echo_it"; echo "

Brought to you by HiQ Formmail Version $this_version\n\n"; $hffile = $config->getDirective('footer_file'); include($hffile); exit; } ?>