|
@@ -0,0 +1,236 @@
|
|
|
|
+<?php
|
|
|
|
+//Send Confirmation Email
|
|
|
|
+
|
|
|
|
+$confirmtext="<p>Thank you for contacting Uni-Serve Air Conditioning. We have received your communication and will get back to you as soon as possible.</p>
|
|
|
|
+<p><strong>Uni-Serve Air Conditioning</strong><br>
|
|
|
|
+2723 Cedarville Drive<br />
|
|
|
|
+Kingwood, Texas 77345<br />
|
|
|
|
+Kingwood: (281) 360-9898<br />
|
|
|
|
+Pasadena/Charlotte: (281) 998-9168<br />
|
|
|
|
+</p>";
|
|
|
|
+$confirmemail='noreply@uniserveair.com';
|
|
|
|
+$confirmname='Uni-Serve Air Conditioning';
|
|
|
|
+$confirmsubject='Uni-Serve Air Conditioning Contact Form Confirmation';
|
|
|
|
+
|
|
|
|
+// L10Fm - v1.3 (11/10/06) (patched for XSS)
|
|
|
|
+// requirements for session data -
|
|
|
|
+// 1. LevelTen Hit Counter PHP v3.15 rel 3
|
|
|
|
+// 2. L10HC_API.php v3.15 v1.0 rel 1
|
|
|
|
+//
|
|
|
|
+
|
|
|
|
+//////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
+//
|
|
|
|
+// configuration variables
|
|
|
|
+//
|
|
|
|
+//////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
+
|
|
|
|
+// List all domains, including posible subdomains (e.g. www.) that are allowed to submit
|
|
|
|
+// requests to this script and the domains of any posible recipient email address.
|
|
|
|
+
|
|
|
|
+$validReferrers = array('www.climategreenwood.com','climategreenwood.com','gmail.com','www.gmail.com');
|
|
|
|
+
|
|
|
|
+// Use the this array (or create new arrays with a different association) to replace
|
|
|
|
+// setting fields in the form. Don't delete the 'default' array.
|
|
|
|
+
|
|
|
|
+$formAction['default'] = array(
|
|
|
|
+ 'recipient' => 'jodi@climategreenwood.com',
|
|
|
|
+ 'recipient_cc' => '',
|
|
|
|
+ 'recipient_bcc' => '',
|
|
|
|
+ 'subject' => 'Contact Form | Climate Control Systems of Greenwood Inc',
|
|
|
|
+ 'redirect' => 'http://climategreenwood.com/thank-you/',
|
|
|
|
+ 'email' => '',
|
|
|
|
+ 'realname' => '',
|
|
|
|
+ 'required' => 'Name,Email,Comments',
|
|
|
|
+ 'format' => 'html',
|
|
|
|
+ 'sesrep_max_items' => '10',
|
|
|
|
+);
|
|
|
|
+
|
|
|
|
+// If set to 0, the form can set the email recipient. For security reasons you should
|
|
|
|
+// always set this variable to 1.
|
|
|
|
+
|
|
|
|
+define('DISABLE_FORM_RECIPIENTS', 1);
|
|
|
|
+
|
|
|
|
+//////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
+//
|
|
|
|
+// Start of code
|
|
|
|
+// Don't edit below this line
|
|
|
|
+//
|
|
|
|
+//////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
+
|
|
|
|
+$pageHdr = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} h1 {font-size: medium;} .err {color: #EE0000; font-weight: bold;}</style></head><body bgcolor=#FFFFFF><table width='500' align=center><tr><td>";
|
|
|
|
+$pageFtr = "</td></tr>\n</body></html>";
|
|
|
|
+
|
|
|
|
+$L10_LIBLoaded = 0;
|
|
|
|
+if(file_exists("L10_LIB.php")) {
|
|
|
|
+ include_once("L10_LIB.php");
|
|
|
|
+ $L10_LIBLoaded = 1;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+$http_ref = $_SERVER['HTTP_REFERER'];
|
|
|
|
+$array = parse_url($http_ref);
|
|
|
|
+$a = $array['host'];
|
|
|
|
+
|
|
|
|
+if(!in_array($a,$validReferrers)) {
|
|
|
|
+ print "$pageHdr<p class=err>Invalid Referrer '$a'</p><p>Referrer does not have permission to access this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
|
|
|
|
+ exit;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+if(! $_POST['form_action'] or ! $formAction[$_POST['form_action']]['recipient']) {
|
|
|
|
+ $fAIndex = 'default';
|
|
|
|
+} else {
|
|
|
|
+ $fAIndex = $_POST['form_action'];
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+$recipient = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient'] != '')) ? $_POST['recipient'] : $formAction[$fAIndex]['recipient'];
|
|
|
|
+$subject = ($_POST['subject'] != '') ? $_POST['subject'] : $formAction[$fAIndex]['subject'];
|
|
|
|
+$redirect = ($_POST['redirect'] != '') ? $_POST['redirect'] : $formAction[$fAIndex]['redirect'];
|
|
|
|
+$email = ($_POST['email'] != '') ? $_POST['email'] : $formAction[$fAIndex]['email'];
|
|
|
|
+$realname = ($_POST['realname']) ? $_POST['realname'] : $formAction[$fAIndex]['realname'];
|
|
|
|
+$recipient_cc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_cc'] != '')) ? $_POST['recipient_cc'] : $formAction[$fAIndex]['recipient_cc'];
|
|
|
|
+$recipient_bcc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_bcc'] != '')) ? $_POST['recipient_bcc'] : $formAction[$fAIndex]['recipient_bcc'];
|
|
|
|
+$format = ($_POST['format'] != '') ? $_POST['format'] : $formAction[$fAIndex]['format'];
|
|
|
|
+$required = ($_POST['required'] != '') ? $_POST['required'] : $formAction[$fAIndex]['required'];
|
|
|
|
+$sesrep_max_items = ($_POST['sesrep_max_items'] != '') ? $_POST['sesrep_max_items'] : $formAction[$fAIndex]['sesrep_max_items'];
|
|
|
|
+$recipient_secured = ($_POST['recipient_secured'] != '') ? $_POST['recipient_secured'] : $formAction[$fAIndex]['recipient_secured'];
|
|
|
|
+
|
|
|
|
+$a = explode("@",$recipient);
|
|
|
|
+$a = array_pop($a);
|
|
|
|
+if(!in_array($a,$validReferrers)) {
|
|
|
|
+ print "$pageHdr<p class=err>Invalid Recipient '$recipient'</p><p> Email address does not have permission to relay through this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
|
|
|
|
+ exit;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+$rccArray = explode(",",$recipient_cc);
|
|
|
|
+$recipient_cc = '';
|
|
|
|
+if($rccArray[0] != '') {
|
|
|
|
+ foreach($rccArray as $rcc) {
|
|
|
|
+ $a = explode("@",$rcc);
|
|
|
|
+ $a = array_pop($a);
|
|
|
|
+ if(in_array($a,$validReferrers)) {
|
|
|
|
+ $recipient_cc .= "$rcc,";
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+$recipient_cc = substr($recipient_cc,0,-1);
|
|
|
|
+
|
|
|
|
+$rbccArray = explode(",",$recipient_bcc);
|
|
|
|
+$recipient_bcc = '';
|
|
|
|
+if($rbccArray[0] != '') {
|
|
|
|
+ foreach($rbccArray as $rbcc) {
|
|
|
|
+ $a = explode("@",$rbcc);
|
|
|
|
+ $a = array_pop($a);
|
|
|
|
+ if(in_array($a,$validReferrers)) {
|
|
|
|
+ $recipient_bcc .= "$rbcc,";
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+$recipient_bcc = substr($recipient_bcc,0,-1);
|
|
|
|
+
|
|
|
|
+$a = explode(",",$required);
|
|
|
|
+if($a[0] != '') {
|
|
|
|
+ foreach($a as $req) {
|
|
|
|
+ if($_POST[$req] == '') {
|
|
|
|
+ print "$pageHdr<p class=err>Required Field '$req' is missing!</p><p> You must input a value for this field before submitting<p align=center><a href='javascript: history.back(-1)'>back to form</a>$pageFtr";
|
|
|
|
+ exit;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+$htmlFormat = (strtolower(substr($format,0,1)) == 'h');
|
|
|
|
+
|
|
|
|
+$msg = '';
|
|
|
|
+if($htmlFormat) {
|
|
|
|
+ $msg = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} .fldname {font-weight:bold;font-size:x-small;} .flddata {font-size:x-small;} .tblhdr { font-size:x-small;font-weight:bold;color:#FFFFFF;background-color=#000088}</style></head><body>\n";
|
|
|
|
+ $msg .= "<table border=0 cellspacing=0 cellpadding=0 width=640>\n";
|
|
|
|
+ $msg .= "<tr><td colspan=3 class='tblhdr'>Form Data</td></tr>\n";
|
|
|
|
+} else {
|
|
|
|
+ $msg = "Form data\n\n";
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+$bl0 = '';
|
|
|
|
+$bl1 = '';
|
|
|
|
+$ld = ' ';
|
|
|
|
+$el = "\n\n";
|
|
|
|
+
|
|
|
|
+$creditStrAdd = '';
|
|
|
|
+
|
|
|
|
+if($htmlFormat) {
|
|
|
|
+ $bl0 = '<tr bgcolor=#E8E8FF><td class="fldname" valign=top>';
|
|
|
|
+ $bl1 = '<tr bgcolor=#FFFFFF><td class="fldname" valign=top>';
|
|
|
|
+ $ld = '</td><td> </td><td width=80% class="flddata">';
|
|
|
|
+ $el = "</td></tr>\n";
|
|
|
|
+}
|
|
|
|
+$i = 0;
|
|
|
|
+foreach($_POST as $k => $v) {
|
|
|
|
+ if($htmlFormat) {
|
|
|
|
+ $v = str_replace("\n","<br>\n",$v);
|
|
|
|
+ }
|
|
|
|
+ if($i) {
|
|
|
|
+ $msg .= "$bl0$k:$ld$v$el";
|
|
|
|
+ } else {
|
|
|
|
+ $msg .= "$bl1$k:$ld$v$el";
|
|
|
|
+ }
|
|
|
|
+ $i = !$i;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+if(file_exists("L10HC_API.php")) {
|
|
|
|
+ include("L10HC_API.php");
|
|
|
|
+ $vID = getVID();
|
|
|
|
+ if($htmlFormat) {
|
|
|
|
+ $msg .= "<tr><td colspan=3><br> <br></td></tr>\n<tr><td colspan=3 border=1>";
|
|
|
|
+ $creditStrAdd = ' & LevelTen Hit Counter';
|
|
|
|
+ } else {
|
|
|
|
+ $msg .= "\n\n";
|
|
|
|
+ $creditStrAdd = ' & LevelTen Hit Counter';
|
|
|
|
+ }
|
|
|
|
+ $msg .= getSessions($vID,$max_sessions,$recipient_secured,$htmlFormat+1);
|
|
|
|
+ if($htmlFormat) {
|
|
|
|
+ $msg .= "</td></tr>\n";
|
|
|
|
+ } else {
|
|
|
|
+
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+if($htmlFormat) {
|
|
|
|
+ $msg .= "<tr><td colspan=3> </td></tr><tr><td colspan=3 align=center>Generated by<br>LevelTen Formmail$creditStrAdd<td></tr></table></body></html>\n";
|
|
|
|
+} else {
|
|
|
|
+ $msg .= "\n\nGenerated by LevelTen Formmail$creditStrAdd\n";
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+if (! preg_match("/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $recipient, $result)) {echo "Invalid recipient"; exit;}
|
|
|
|
+if (strlen($recipient) > 80 or strlen($recipient_cc) > 200 or strlen($recipient_bcc) > 200) {echo "Possible hack attempt"; exit;}
|
|
|
|
+if(stristr($subject, "Bcc:") or stristr($subject, "cc:") or stristr($subject, "to:")) {echo "Invalid content in subject"; exit;}
|
|
|
|
+if(stristr($msg, "Bcc:") or stristr($msg, "cc:") or stristr($msg, "to:")) {echo "Invalid content in message"; exit;}
|
|
|
|
+if(stristr($realname, "Bcc:") or stristr($realname, "cc:") or stristr($realname, "to:") or stristr($realname, "Content-type")) {echo "Invalid content"; exit;}
|
|
|
|
+if(stristr($email, "Bcc:") or stristr($email, "cc:") or stristr($email, "to:")) {echo "Invalid content"; exit;}
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+$extraHeaders = "";
|
|
|
|
+if($email) { $extraHeaders .= "From: \"". $realname ."\" <". trim($email) .">\r\n"; }
|
|
|
|
+if($email) { $extraHeaders .= "Return-Path: ". trim($email) ."\r\n"; }
|
|
|
|
+if($email) { $extraHeaders .= "Reply-To: ". trim($email) ."\r\n"; }
|
|
|
|
+if($htmlFormat == 'h') { $extraHeaders .= "Content-type: text/html\r\n"; }
|
|
|
|
+if($recipient_cc != '') { $extraHeaders .= "Cc: ". trim($recipient_cc) ."\r\n"; }
|
|
|
|
+if($recipient_bcc != '') { $extraHeaders .= "Bcc: ". trim($recipient_bcc) ."\r\n"; }
|
|
|
|
+
|
|
|
|
+$confirmfrom = "";
|
|
|
|
+$confirmfrom .= "From: \"". $confirmname ."\" <". trim($confirmemail) .">\r\n";
|
|
|
|
+$confirmfrom .= "Return-Path: ". trim($confirmemail) ."\r\n";
|
|
|
|
+$confirmfrom .= "Reply-To: ". trim($confirmemail) ."\r\n";
|
|
|
|
+$confirmfrom .= "Content-type: text/html\r\n";
|
|
|
|
+
|
|
|
|
+$success = 1;
|
|
|
|
+$success = mail($recipient,$subject,$msg,$extraHeaders);
|
|
|
|
+//$success = mail($_POST['email'],$confirmsubject,$confirmtext,$confirmfrom);
|
|
|
|
+if(!$success && $L10_LIBLoaded) {
|
|
|
|
+ log_event("Unsuccesful Email Attempt: $recipient");
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+//print "mail($recipient,$subject,$msg,$extraHeaders)";
|
|
|
|
+//print "$msg";
|
|
|
|
+
|
|
|
|
+header("Location: $redirect");
|
|
|
|
+?>
|