estimate-request.php 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236
  1. <?php
  2. //Send Confirmation Email
  3. $confirmtext="<p>Thank you for contacting Uni-Serve Air Conditioning. We have received your communication and will get back to you as soon as possible.</p>
  4. <p><strong>Uni-Serve Air Conditioning</strong><br>
  5. 2723 Cedarville Drive<br />
  6. Kingwood, Texas 77345<br />
  7. Kingwood: (281) 360-9898<br />
  8. Pasadena/Charlotte: (281) 998-9168<br />
  9. </p>";
  10. $confirmemail='noreply@uniserveair.com';
  11. $confirmname='Uni-Serve Air Conditioning';
  12. $confirmsubject='Uni-Serve Air Conditioning Contact Form Confirmation';
  13. // L10Fm - v1.3 (11/10/06) (patched for XSS)
  14. // requirements for session data -
  15. // 1. LevelTen Hit Counter PHP v3.15 rel 3
  16. // 2. L10HC_API.php v3.15 v1.0 rel 1
  17. //
  18. //////////////////////////////////////////////////////////////////////////////////////
  19. //
  20. // configuration variables
  21. //
  22. //////////////////////////////////////////////////////////////////////////////////////
  23. // List all domains, including posible subdomains (e.g. www.) that are allowed to submit
  24. // requests to this script and the domains of any posible recipient email address.
  25. $validReferrers = array('www.climategreenwood.com','climategreenwood.com','gmail.com','www.gmail.com');
  26. // Use the this array (or create new arrays with a different association) to replace
  27. // setting fields in the form. Don't delete the 'default' array.
  28. $formAction['default'] = array(
  29. 'recipient' => 'jodi@climategreenwood.com',
  30. 'recipient_cc' => '',
  31. 'recipient_bcc' => '',
  32. 'subject' => 'Estimate Request Form | Climate Control Systems of Greenwood Inc',
  33. 'redirect' => 'http://climategreenwood.com/thank-you/',
  34. 'email' => '',
  35. 'realname' => '',
  36. 'required' => 'Name,Email,Home_Phone',
  37. 'format' => 'html',
  38. 'sesrep_max_items' => '10',
  39. );
  40. // If set to 0, the form can set the email recipient. For security reasons you should
  41. // always set this variable to 1.
  42. define('DISABLE_FORM_RECIPIENTS', 1);
  43. //////////////////////////////////////////////////////////////////////////////////////
  44. //
  45. // Start of code
  46. // Don't edit below this line
  47. //
  48. //////////////////////////////////////////////////////////////////////////////////////
  49. $pageHdr = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} h1 {font-size: medium;} .err {color: #EE0000; font-weight: bold;}</style></head><body bgcolor=#FFFFFF><table width='500' align=center><tr><td>";
  50. $pageFtr = "</td></tr>\n</body></html>";
  51. $L10_LIBLoaded = 0;
  52. if(file_exists("L10_LIB.php")) {
  53. include_once("L10_LIB.php");
  54. $L10_LIBLoaded = 1;
  55. }
  56. $http_ref = $_SERVER['HTTP_REFERER'];
  57. $array = parse_url($http_ref);
  58. $a = $array['host'];
  59. if(!in_array($a,$validReferrers)) {
  60. print "$pageHdr<p class=err>Invalid Referrer '$a'</p><p>Referrer does not have permission to access this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
  61. exit;
  62. }
  63. if(! $_POST['form_action'] or ! $formAction[$_POST['form_action']]['recipient']) {
  64. $fAIndex = 'default';
  65. } else {
  66. $fAIndex = $_POST['form_action'];
  67. }
  68. $recipient = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient'] != '')) ? $_POST['recipient'] : $formAction[$fAIndex]['recipient'];
  69. $subject = ($_POST['subject'] != '') ? $_POST['subject'] : $formAction[$fAIndex]['subject'];
  70. $redirect = ($_POST['redirect'] != '') ? $_POST['redirect'] : $formAction[$fAIndex]['redirect'];
  71. $email = ($_POST['email'] != '') ? $_POST['email'] : $formAction[$fAIndex]['email'];
  72. $realname = ($_POST['realname']) ? $_POST['realname'] : $formAction[$fAIndex]['realname'];
  73. $recipient_cc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_cc'] != '')) ? $_POST['recipient_cc'] : $formAction[$fAIndex]['recipient_cc'];
  74. $recipient_bcc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_bcc'] != '')) ? $_POST['recipient_bcc'] : $formAction[$fAIndex]['recipient_bcc'];
  75. $format = ($_POST['format'] != '') ? $_POST['format'] : $formAction[$fAIndex]['format'];
  76. $required = ($_POST['required'] != '') ? $_POST['required'] : $formAction[$fAIndex]['required'];
  77. $sesrep_max_items = ($_POST['sesrep_max_items'] != '') ? $_POST['sesrep_max_items'] : $formAction[$fAIndex]['sesrep_max_items'];
  78. $recipient_secured = ($_POST['recipient_secured'] != '') ? $_POST['recipient_secured'] : $formAction[$fAIndex]['recipient_secured'];
  79. $a = explode("@",$recipient);
  80. $a = array_pop($a);
  81. if(!in_array($a,$validReferrers)) {
  82. print "$pageHdr<p class=err>Invalid Recipient '$recipient'</p><p> Email address does not have permission to relay through this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
  83. exit;
  84. }
  85. $rccArray = explode(",",$recipient_cc);
  86. $recipient_cc = '';
  87. if($rccArray[0] != '') {
  88. foreach($rccArray as $rcc) {
  89. $a = explode("@",$rcc);
  90. $a = array_pop($a);
  91. if(in_array($a,$validReferrers)) {
  92. $recipient_cc .= "$rcc,";
  93. }
  94. }
  95. }
  96. $recipient_cc = substr($recipient_cc,0,-1);
  97. $rbccArray = explode(",",$recipient_bcc);
  98. $recipient_bcc = '';
  99. if($rbccArray[0] != '') {
  100. foreach($rbccArray as $rbcc) {
  101. $a = explode("@",$rbcc);
  102. $a = array_pop($a);
  103. if(in_array($a,$validReferrers)) {
  104. $recipient_bcc .= "$rbcc,";
  105. }
  106. }
  107. }
  108. $recipient_bcc = substr($recipient_bcc,0,-1);
  109. $a = explode(",",$required);
  110. if($a[0] != '') {
  111. foreach($a as $req) {
  112. if($_POST[$req] == '') {
  113. print "$pageHdr<p class=err>Required Field '$req' is missing!</p><p> You must input a value for this field before submitting<p align=center><a href='javascript: history.back(-1)'>back to form</a>$pageFtr";
  114. exit;
  115. }
  116. }
  117. }
  118. $htmlFormat = (strtolower(substr($format,0,1)) == 'h');
  119. $msg = '';
  120. if($htmlFormat) {
  121. $msg = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} .fldname {font-weight:bold;font-size:x-small;} .flddata {font-size:x-small;} .tblhdr { font-size:x-small;font-weight:bold;color:#FFFFFF;background-color=#000088}</style></head><body>\n";
  122. $msg .= "<table border=0 cellspacing=0 cellpadding=0 width=640>\n";
  123. $msg .= "<tr><td colspan=3 class='tblhdr'>Form Data</td></tr>\n";
  124. } else {
  125. $msg = "Form data\n\n";
  126. }
  127. $bl0 = '';
  128. $bl1 = '';
  129. $ld = ' ';
  130. $el = "\n\n";
  131. $creditStrAdd = '';
  132. if($htmlFormat) {
  133. $bl0 = '<tr bgcolor=#E8E8FF><td class="fldname" valign=top>';
  134. $bl1 = '<tr bgcolor=#FFFFFF><td class="fldname" valign=top>';
  135. $ld = '</td><td> &nbsp; </td><td width=80% class="flddata">';
  136. $el = "</td></tr>\n";
  137. }
  138. $i = 0;
  139. foreach($_POST as $k => $v) {
  140. if($htmlFormat) {
  141. $v = str_replace("\n","<br>\n",$v);
  142. }
  143. if($i) {
  144. $msg .= "$bl0$k:$ld$v$el";
  145. } else {
  146. $msg .= "$bl1$k:$ld$v$el";
  147. }
  148. $i = !$i;
  149. }
  150. if(file_exists("L10HC_API.php")) {
  151. include("L10HC_API.php");
  152. $vID = getVID();
  153. if($htmlFormat) {
  154. $msg .= "<tr><td colspan=3><br>&nbsp;<br></td></tr>\n<tr><td colspan=3 border=1>";
  155. $creditStrAdd = ' &amp; LevelTen Hit Counter';
  156. } else {
  157. $msg .= "\n\n";
  158. $creditStrAdd = ' & LevelTen Hit Counter';
  159. }
  160. $msg .= getSessions($vID,$max_sessions,$recipient_secured,$htmlFormat+1);
  161. if($htmlFormat) {
  162. $msg .= "</td></tr>\n";
  163. } else {
  164. }
  165. }
  166. if($htmlFormat) {
  167. $msg .= "<tr><td colspan=3>&nbsp;</td></tr><tr><td colspan=3 align=center>Generated by<br>LevelTen Formmail$creditStrAdd<td></tr></table></body></html>\n";
  168. } else {
  169. $msg .= "\n\nGenerated by LevelTen Formmail$creditStrAdd\n";
  170. }
  171. if (! preg_match("/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $recipient, $result)) {echo "Invalid recipient"; exit;}
  172. if (strlen($recipient) > 80 or strlen($recipient_cc) > 200 or strlen($recipient_bcc) > 200) {echo "Possible hack attempt"; exit;}
  173. if(stristr($subject, "Bcc:") or stristr($subject, "cc:") or stristr($subject, "to:")) {echo "Invalid content in subject"; exit;}
  174. if(stristr($msg, "Bcc:") or stristr($msg, "cc:") or stristr($msg, "to:")) {echo "Invalid content in message"; exit;}
  175. if(stristr($realname, "Bcc:") or stristr($realname, "cc:") or stristr($realname, "to:") or stristr($realname, "Content-type")) {echo "Invalid content"; exit;}
  176. if(stristr($email, "Bcc:") or stristr($email, "cc:") or stristr($email, "to:")) {echo "Invalid content"; exit;}
  177. $extraHeaders = "";
  178. if($email) { $extraHeaders .= "From: \"". $realname ."\" <". trim($email) .">\r\n"; }
  179. if($email) { $extraHeaders .= "Return-Path: ". trim($email) ."\r\n"; }
  180. if($email) { $extraHeaders .= "Reply-To: ". trim($email) ."\r\n"; }
  181. if($htmlFormat == 'h') { $extraHeaders .= "Content-type: text/html\r\n"; }
  182. if($recipient_cc != '') { $extraHeaders .= "Cc: ". trim($recipient_cc) ."\r\n"; }
  183. if($recipient_bcc != '') { $extraHeaders .= "Bcc: ". trim($recipient_bcc) ."\r\n"; }
  184. $confirmfrom = "";
  185. $confirmfrom .= "From: \"". $confirmname ."\" <". trim($confirmemail) .">\r\n";
  186. $confirmfrom .= "Return-Path: ". trim($confirmemail) ."\r\n";
  187. $confirmfrom .= "Reply-To: ". trim($confirmemail) ."\r\n";
  188. $confirmfrom .= "Content-type: text/html\r\n";
  189. $success = 1;
  190. $success = mail($recipient,$subject,$msg,$extraHeaders);
  191. //$success = mail($_POST['email'],$confirmsubject,$confirmtext,$confirmfrom);
  192. if(!$success && $L10_LIBLoaded) {
  193. log_event("Unsuccesful Email Attempt: $recipient");
  194. }
  195. //print "mail($recipient,$subject,$msg,$extraHeaders)";
  196. //print "$msg";
  197. header("Location: $redirect");
  198. ?>