| ";
$pageFtr = " |
\n";
$L10_LIBLoaded = 0;
if(file_exists("L10_LIB.php")) {
include_once("L10_LIB.php");
$L10_LIBLoaded = 1;
}
$http_ref = $_SERVER['HTTP_REFERER'];
$array = parse_url($http_ref);
$a = $array['host'];
if(!in_array($a,$validReferrers)) {
print "$pageHdrInvalid Referrer '$a'
Referrer does not have permission to access this LevelTen Formmail script.
For help on this issue, see LevelTen Formmail troubleshooting$pageFtr";
exit;
}
if(! $_POST['form_action'] or ! $formAction[$_POST['form_action']]['recipient']) {
$fAIndex = 'default';
} else {
$fAIndex = $_POST['form_action'];
}
$recipient = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient'] != '')) ? $_POST['recipient'] : $formAction[$fAIndex]['recipient'];
$subject = ($_POST['subject'] != '') ? $_POST['subject'] : $formAction[$fAIndex]['subject'];
$redirect = ($_POST['redirect'] != '') ? $_POST['redirect'] : $formAction[$fAIndex]['redirect'];
$email = ($_POST['email'] != '') ? $_POST['email'] : $formAction[$fAIndex]['email'];
$realname = ($_POST['realname']) ? $_POST['realname'] : $formAction[$fAIndex]['realname'];
$recipient_cc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_cc'] != '')) ? $_POST['recipient_cc'] : $formAction[$fAIndex]['recipient_cc'];
$recipient_bcc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_bcc'] != '')) ? $_POST['recipient_bcc'] : $formAction[$fAIndex]['recipient_bcc'];
$format = ($_POST['format'] != '') ? $_POST['format'] : $formAction[$fAIndex]['format'];
$required = ($_POST['required'] != '') ? $_POST['required'] : $formAction[$fAIndex]['required'];
$sesrep_max_items = ($_POST['sesrep_max_items'] != '') ? $_POST['sesrep_max_items'] : $formAction[$fAIndex]['sesrep_max_items'];
$recipient_secured = ($_POST['recipient_secured'] != '') ? $_POST['recipient_secured'] : $formAction[$fAIndex]['recipient_secured'];
$a = explode("@",$recipient);
$a = array_pop($a);
if(!in_array($a,$validReferrers)) {
print "$pageHdr
Invalid Recipient '$recipient'
Email address does not have permission to relay through this LevelTen Formmail script.
For help on this issue, see LevelTen Formmail troubleshooting$pageFtr";
exit;
}
$rccArray = explode(",",$recipient_cc);
$recipient_cc = '';
if($rccArray[0] != '') {
foreach($rccArray as $rcc) {
$a = explode("@",$rcc);
$a = array_pop($a);
if(in_array($a,$validReferrers)) {
$recipient_cc .= "$rcc,";
}
}
}
$recipient_cc = substr($recipient_cc,0,-1);
$rbccArray = explode(",",$recipient_bcc);
$recipient_bcc = '';
if($rbccArray[0] != '') {
foreach($rbccArray as $rbcc) {
$a = explode("@",$rbcc);
$a = array_pop($a);
if(in_array($a,$validReferrers)) {
$recipient_bcc .= "$rbcc,";
}
}
}
$recipient_bcc = substr($recipient_bcc,0,-1);
$a = explode(",",$required);
if($a[0] != '') {
foreach($a as $req) {
if($_POST[$req] == '') {
print "$pageHdr
Required Field '$req' is missing!
You must input a value for this field before submitting
back to form$pageFtr";
exit;
}
}
}
$htmlFormat = (strtolower(substr($format,0,1)) == 'h');
$msg = '';
if($htmlFormat) {
$msg = "
\n";
$msg .= "\n";
$msg .= "| Form Data |
\n";
} else {
$msg = "Form data\n\n";
}
$bl0 = '';
$bl1 = '';
$ld = ' ';
$el = "\n\n";
$creditStrAdd = '';
if($htmlFormat) {
$bl0 = '| ';
$bl1 = ' |
| ';
$ld = ' | | ';
$el = " |
\n";
}
$i = 0;
foreach($_POST as $k => $v) {
if($htmlFormat) {
$v = str_replace("\n","
\n",$v);
}
if($i) {
$msg .= "$bl0$k:$ld$v$el";
} else {
$msg .= "$bl1$k:$ld$v$el";
}
$i = !$i;
}
if(file_exists("L10HC_API.php")) {
include("L10HC_API.php");
$vID = getVID();
if($htmlFormat) {
$msg .= "
|
\n| ";
$creditStrAdd = ' & LevelTen Hit Counter';
} else {
$msg .= "\n\n";
$creditStrAdd = ' & LevelTen Hit Counter';
}
$msg .= getSessions($vID,$max_sessions,$recipient_secured,$htmlFormat+1);
if($htmlFormat) {
$msg .= " |
\n";
} else {
}
}
if($htmlFormat) {
$msg .= "| |
Generated by
LevelTen Formmail$creditStrAdd | |
\n";
} else {
$msg .= "\n\nGenerated by LevelTen Formmail$creditStrAdd\n";
}
if (! preg_match("/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $recipient, $result)) {echo "Invalid recipient"; exit;}
if (strlen($recipient) > 80 or strlen($recipient_cc) > 200 or strlen($recipient_bcc) > 200) {echo "Possible hack attempt"; exit;}
if(stristr($subject, "Bcc:") or stristr($subject, "cc:") or stristr($subject, "to:")) {echo "Invalid content in subject"; exit;}
if(stristr($msg, "Bcc:") or stristr($msg, "cc:") or stristr($msg, "to:")) {echo "Invalid content in message"; exit;}
if(stristr($realname, "Bcc:") or stristr($realname, "cc:") or stristr($realname, "to:") or stristr($realname, "Content-type")) {echo "Invalid content"; exit;}
if(stristr($email, "Bcc:") or stristr($email, "cc:") or stristr($email, "to:")) {echo "Invalid content"; exit;}
$extraHeaders = "";
if($email) { $extraHeaders .= "From: \"". $realname ."\" <". trim($email) .">\r\n"; }
if($email) { $extraHeaders .= "Return-Path: ". trim($email) ."\r\n"; }
if($email) { $extraHeaders .= "Reply-To: ". trim($email) ."\r\n"; }
if($htmlFormat == 'h') { $extraHeaders .= "Content-type: text/html\r\n"; }
if($recipient_cc != '') { $extraHeaders .= "Cc: ". trim($recipient_cc) ."\r\n"; }
if($recipient_bcc != '') { $extraHeaders .= "Bcc: ". trim($recipient_bcc) ."\r\n"; }
$confirmfrom = "";
$confirmfrom .= "From: \"". $confirmname ."\" <". trim($confirmemail) .">\r\n";
$confirmfrom .= "Return-Path: ". trim($confirmemail) ."\r\n";
$confirmfrom .= "Reply-To: ". trim($confirmemail) ."\r\n";
$confirmfrom .= "Content-type: text/html\r\n";
$success = 1;
$success = mail($recipient,$subject,$msg,$extraHeaders);
//$success = mail($_POST['email'],$confirmsubject,$confirmtext,$confirmfrom);
if(!$success && $L10_LIBLoaded) {
log_event("Unsuccesful Email Attempt: $recipient");
}
//print "mail($recipient,$subject,$msg,$extraHeaders)";
//print "$msg";
header("Location: $redirect");
?>