<?php
//Send Confirmation Email

$confirmtext="<p>Thank you for contacting Uni-Serve Air Conditioning. We have received your communication and will get back to you as soon as possible.</p>
<p><strong>Uni-Serve Air Conditioning</strong><br>
2723 Cedarville Drive<br />
Kingwood, Texas 77345<br />
Kingwood: (281) 360-9898<br />
Pasadena/Charlotte: (281) 998-9168<br />
</p>";
$confirmemail='noreply@uniserveair.com';
$confirmname='Uni-Serve Air Conditioning';
$confirmsubject='Uni-Serve Air Conditioning Contact Form Confirmation';

// L10Fm - v1.3 (11/10/06) (patched for XSS)
// requirements for session data -
//	1. LevelTen Hit Counter PHP v3.15 rel 3
//	2. L10HC_API.php v3.15 v1.0 rel 1
//

//////////////////////////////////////////////////////////////////////////////////////
//
// configuration variables
//
//////////////////////////////////////////////////////////////////////////////////////

// List all domains, including posible subdomains (e.g. www.) that are allowed to submit
// requests to this script and the domains of any posible recipient email address.

$validReferrers = array('www.climategreenwood.com','climategreenwood.com','gmail.com','www.gmail.com');

// Use the this array (or create new arrays with a different association) to replace
// setting fields in the form. Don't delete the 'default' array.

$formAction['default'] = array(
	'recipient' => 'jodi@climategreenwood.com',
	'recipient_cc' => '',
	'recipient_bcc' => '',
	'subject' => 'Service Request Form | Climate Control Systems of Greenwood Inc',
	'redirect' => 'http://climategreenwood.com/thank-you/',
	'email' => '',
	'realname' => '',
	'required' => 'Name,Email,Home_Phone',
	'format' => 'html',
	'sesrep_max_items' => '10',
);

// If set to 0, the form can set the email recipient. For security reasons you should
// always set this variable to 1.

define('DISABLE_FORM_RECIPIENTS', 1);

//////////////////////////////////////////////////////////////////////////////////////
//
// Start of code
// Don't edit below this line
//
//////////////////////////////////////////////////////////////////////////////////////

$pageHdr = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} h1 {font-size: medium;} .err {color: #EE0000; font-weight: bold;}</style></head><body bgcolor=#FFFFFF><table width='500' align=center><tr><td>";
$pageFtr = "</td></tr>\n</body></html>";

$L10_LIBLoaded = 0;
if(file_exists("L10_LIB.php")) {
	include_once("L10_LIB.php");
	$L10_LIBLoaded = 1;
}

$http_ref = $_SERVER['HTTP_REFERER'];
$array = parse_url($http_ref);
$a = $array['host'];

if(!in_array($a,$validReferrers)) {
	print "$pageHdr<p class=err>Invalid Referrer '$a'</p><p>Referrer does not have permission to access this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
	exit;
}

if(! $_POST['form_action'] or ! $formAction[$_POST['form_action']]['recipient']) {
	$fAIndex = 'default';
} else {
	$fAIndex = $_POST['form_action'];
}

$recipient  = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient'] != '')) ? $_POST['recipient'] : $formAction[$fAIndex]['recipient'];
$subject  = ($_POST['subject'] != '') ? $_POST['subject'] : $formAction[$fAIndex]['subject'];
$redirect = ($_POST['redirect'] != '') ? $_POST['redirect'] : $formAction[$fAIndex]['redirect'];
$email = ($_POST['email'] != '') ? $_POST['email'] : $formAction[$fAIndex]['email'];
$realname = ($_POST['realname']) ? $_POST['realname'] : $formAction[$fAIndex]['realname'];
$recipient_cc  = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_cc'] != '')) ? $_POST['recipient_cc'] : $formAction[$fAIndex]['recipient_cc'];
$recipient_bcc  = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_bcc'] != '')) ? $_POST['recipient_bcc'] : $formAction[$fAIndex]['recipient_bcc'];
$format = ($_POST['format'] != '') ? $_POST['format'] : $formAction[$fAIndex]['format'];
$required  = ($_POST['required'] != '') ? $_POST['required'] : $formAction[$fAIndex]['required'];
$sesrep_max_items  = ($_POST['sesrep_max_items'] != '') ? $_POST['sesrep_max_items'] : $formAction[$fAIndex]['sesrep_max_items'];
$recipient_secured  = ($_POST['recipient_secured'] != '') ? $_POST['recipient_secured'] : $formAction[$fAIndex]['recipient_secured'];

$a = explode("@",$recipient);
$a = array_pop($a);
if(!in_array($a,$validReferrers)) {
	print "$pageHdr<p class=err>Invalid Recipient '$recipient'</p><p> Email address does not have permission to relay through this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
	exit;
}

$rccArray = explode(",",$recipient_cc);
$recipient_cc = '';
if($rccArray[0] != '') {
	foreach($rccArray as $rcc) {
		$a = explode("@",$rcc);
		$a = array_pop($a);
		if(in_array($a,$validReferrers)) {
			$recipient_cc .= "$rcc,";
		}
	}
}
$recipient_cc = substr($recipient_cc,0,-1);

$rbccArray = explode(",",$recipient_bcc);
$recipient_bcc = '';
if($rbccArray[0] != '') {
	foreach($rbccArray as $rbcc) {
		$a = explode("@",$rbcc);
		$a = array_pop($a);
		if(in_array($a,$validReferrers)) {
			$recipient_bcc .= "$rbcc,";
		}
	}
}
$recipient_bcc = substr($recipient_bcc,0,-1);

$a = explode(",",$required);
if($a[0] != '') {
	foreach($a as $req) {
		if($_POST[$req] == '') {
			print "$pageHdr<p class=err>Required Field '$req' is missing!</p><p> You must input a value for this field before submitting<p align=center><a href='javascript: history.back(-1)'>back to form</a>$pageFtr";
			exit;
		}
	}
}


$htmlFormat = (strtolower(substr($format,0,1)) == 'h');

$msg = '';
if($htmlFormat) {
	$msg = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} .fldname {font-weight:bold;font-size:x-small;} .flddata {font-size:x-small;} .tblhdr { font-size:x-small;font-weight:bold;color:#FFFFFF;background-color=#000088}</style></head><body>\n";
	$msg .= "<table border=0 cellspacing=0 cellpadding=0 width=640>\n";
	$msg .= "<tr><td colspan=3 class='tblhdr'>Form Data</td></tr>\n";
} else {
	$msg = "Form data\n\n";
}

$bl0 = '';
$bl1 = '';
$ld = ' ';
$el = "\n\n";

$creditStrAdd = '';

if($htmlFormat) {
	$bl0 = '<tr bgcolor=#E8E8FF><td class="fldname" valign=top>';
	$bl1 = '<tr bgcolor=#FFFFFF><td class="fldname" valign=top>';
	$ld = '</td><td> &nbsp; </td><td width=80% class="flddata">';
	$el = "</td></tr>\n";
}
$i = 0;
foreach($_POST as $k => $v) {
	if($htmlFormat) {
		$v = str_replace("\n","<br>\n",$v);
	}
	if($i) {
		$msg .= "$bl0$k:$ld$v$el";
	} else {
		$msg .= "$bl1$k:$ld$v$el";
	}
	$i = !$i;
}

if(file_exists("L10HC_API.php")) {
	include("L10HC_API.php");
	$vID = getVID();
	if($htmlFormat) {
		$msg .= "<tr><td colspan=3><br>&nbsp;<br></td></tr>\n<tr><td colspan=3 border=1>";
		$creditStrAdd = ' &amp; LevelTen Hit Counter';
	} else {
		$msg .= "\n\n";
		$creditStrAdd = ' & LevelTen Hit Counter';
	}
	$msg .= getSessions($vID,$max_sessions,$recipient_secured,$htmlFormat+1);
	if($htmlFormat) {
		$msg .= "</td></tr>\n";
	} else {

	}
}

if($htmlFormat) {
	$msg .= "<tr><td colspan=3>&nbsp;</td></tr><tr><td colspan=3 align=center>Generated by<br>LevelTen Formmail$creditStrAdd<td></tr></table></body></html>\n";
} else {
	$msg .= "\n\nGenerated by LevelTen Formmail$creditStrAdd\n";
}



if (! preg_match("/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $recipient, $result)) {echo "Invalid recipient"; exit;}
if (strlen($recipient) > 80 or strlen($recipient_cc) > 200 or strlen($recipient_bcc) > 200) {echo "Possible hack attempt"; exit;}
if(stristr($subject, "Bcc:") or stristr($subject, "cc:") or stristr($subject, "to:")) {echo "Invalid content in subject"; exit;}
if(stristr($msg, "Bcc:") or stristr($msg, "cc:") or stristr($msg, "to:")) {echo "Invalid content in message"; exit;}
if(stristr($realname, "Bcc:") or stristr($realname, "cc:") or stristr($realname, "to:") or stristr($realname, "Content-type")) {echo "Invalid content"; exit;}
if(stristr($email, "Bcc:") or stristr($email, "cc:") or stristr($email, "to:")) {echo "Invalid content"; exit;}


$extraHeaders = "";
if($email) { $extraHeaders .= "From: \"". $realname ."\" <". trim($email) .">\r\n"; }
if($email) { $extraHeaders .= "Return-Path: ". trim($email) ."\r\n"; }
if($email) { $extraHeaders .= "Reply-To: ". trim($email) ."\r\n"; }
if($htmlFormat == 'h') { $extraHeaders .= "Content-type: text/html\r\n"; }
if($recipient_cc != '') { $extraHeaders .= "Cc: ". trim($recipient_cc) ."\r\n"; }
if($recipient_bcc != '') { $extraHeaders .= "Bcc: ". trim($recipient_bcc) ."\r\n"; }

$confirmfrom = "";
$confirmfrom .= "From: \"". $confirmname ."\" <". trim($confirmemail) .">\r\n";
$confirmfrom .= "Return-Path: ". trim($confirmemail) ."\r\n";
$confirmfrom .= "Reply-To: ". trim($confirmemail) ."\r\n";
$confirmfrom .= "Content-type: text/html\r\n";

$success = 1;
$success = mail($recipient,$subject,$msg,$extraHeaders);
//$success = mail($_POST['email'],$confirmsubject,$confirmtext,$confirmfrom);
if(!$success && $L10_LIBLoaded) {
	log_event("Unsuccesful Email Attempt: $recipient");
}

//print "mail($recipient,$subject,$msg,$extraHeaders)";
//print "$msg";

header("Location: $redirect");
?>