-
Notifications
You must be signed in to change notification settings - Fork 3
/
sendMail.php
73 lines (66 loc) · 2.2 KB
/
sendMail.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
if(isset($_POST['submit']))
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email_from = $_POST['email'];
$message = $_POST['message'];
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
//Validate the form
if(empty($firstname) || empty($lastname) || empty($email_from) || empty($message))
{
echo ('<script type="text/javascript">alert("Please fill in all the form fields!"); window.location.href = "./egate.html";</script>');
}
else if(IsInjected($email_from))
{
echo "IsInjected stuck";
echo ('<script type="text/javascript">');
echo ('alert("Please enter a valid e-mail adress!");');
echo ('window.location.href = "./egate.html";');
echo ('</script>');
}
else
{
$email_to = "[email protected]";
$email_subject = "New message from my eGate website";
$email_body = "$firstname $lastname has send you a message.\n".
"Please send a respons to $email_from.\n".
"Here is the message.\n\n".
"$message\n".
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_body, $headers);
// empty the form
$_POST=array();
echo ('<script type="text/javascript">alert("Your message has been send!"); window.location.href = "./egate.html";</script>');
}
}
else
{
//This page should not be accessed directly. Need to submit the form.
echo ('<script type="text/javascript">alert("Error, you need to fill in the contact form."); window.location.href = "./egate.html";</script>');
}
?>