123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236 |
- <?php
- //Send Confirmation Email
- $confirmtext="<p>Thank you for contacting Uni-Serve Air Conditioning. We have received your communication and will get back to you as soon as possible.</p>
- <p><strong>Uni-Serve Air Conditioning</strong><br>
- 2723 Cedarville Drive<br />
- Kingwood, Texas 77345<br />
- Kingwood: (281) 360-9898<br />
- Pasadena/Charlotte: (281) 998-9168<br />
- </p>";
- $confirmemail='noreply@uniserveair.com';
- $confirmname='Uni-Serve Air Conditioning';
- $confirmsubject='Uni-Serve Air Conditioning Contact Form Confirmation';
- // L10Fm - v1.3 (11/10/06) (patched for XSS)
- // requirements for session data -
- // 1. LevelTen Hit Counter PHP v3.15 rel 3
- // 2. L10HC_API.php v3.15 v1.0 rel 1
- //
- //////////////////////////////////////////////////////////////////////////////////////
- //
- // configuration variables
- //
- //////////////////////////////////////////////////////////////////////////////////////
- // List all domains, including posible subdomains (e.g. www.) that are allowed to submit
- // requests to this script and the domains of any posible recipient email address.
- $validReferrers = array('www.climategreenwood.com','climategreenwood.com','gmail.com','www.gmail.com');
- // Use the this array (or create new arrays with a different association) to replace
- // setting fields in the form. Don't delete the 'default' array.
- $formAction['default'] = array(
- 'recipient' => 'jodi@climategreenwood.com',
- 'recipient_cc' => '',
- 'recipient_bcc' => '',
- 'subject' => 'Estimate Request Form | Climate Control Systems of Greenwood Inc',
- 'redirect' => 'http://climategreenwood.com/thank-you/',
- 'email' => '',
- 'realname' => '',
- 'required' => 'Name,Email,Home_Phone',
- 'format' => 'html',
- 'sesrep_max_items' => '10',
- );
- // If set to 0, the form can set the email recipient. For security reasons you should
- // always set this variable to 1.
- define('DISABLE_FORM_RECIPIENTS', 1);
- //////////////////////////////////////////////////////////////////////////////////////
- //
- // Start of code
- // Don't edit below this line
- //
- //////////////////////////////////////////////////////////////////////////////////////
- $pageHdr = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} h1 {font-size: medium;} .err {color: #EE0000; font-weight: bold;}</style></head><body bgcolor=#FFFFFF><table width='500' align=center><tr><td>";
- $pageFtr = "</td></tr>\n</body></html>";
- $L10_LIBLoaded = 0;
- if(file_exists("L10_LIB.php")) {
- include_once("L10_LIB.php");
- $L10_LIBLoaded = 1;
- }
- $http_ref = $_SERVER['HTTP_REFERER'];
- $array = parse_url($http_ref);
- $a = $array['host'];
- if(!in_array($a,$validReferrers)) {
- print "$pageHdr<p class=err>Invalid Referrer '$a'</p><p>Referrer does not have permission to access this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
- exit;
- }
- if(! $_POST['form_action'] or ! $formAction[$_POST['form_action']]['recipient']) {
- $fAIndex = 'default';
- } else {
- $fAIndex = $_POST['form_action'];
- }
- $recipient = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient'] != '')) ? $_POST['recipient'] : $formAction[$fAIndex]['recipient'];
- $subject = ($_POST['subject'] != '') ? $_POST['subject'] : $formAction[$fAIndex]['subject'];
- $redirect = ($_POST['redirect'] != '') ? $_POST['redirect'] : $formAction[$fAIndex]['redirect'];
- $email = ($_POST['email'] != '') ? $_POST['email'] : $formAction[$fAIndex]['email'];
- $realname = ($_POST['realname']) ? $_POST['realname'] : $formAction[$fAIndex]['realname'];
- $recipient_cc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_cc'] != '')) ? $_POST['recipient_cc'] : $formAction[$fAIndex]['recipient_cc'];
- $recipient_bcc = (! DISABLE_FORM_RECIPIENTS && ($_POST['recipient_bcc'] != '')) ? $_POST['recipient_bcc'] : $formAction[$fAIndex]['recipient_bcc'];
- $format = ($_POST['format'] != '') ? $_POST['format'] : $formAction[$fAIndex]['format'];
- $required = ($_POST['required'] != '') ? $_POST['required'] : $formAction[$fAIndex]['required'];
- $sesrep_max_items = ($_POST['sesrep_max_items'] != '') ? $_POST['sesrep_max_items'] : $formAction[$fAIndex]['sesrep_max_items'];
- $recipient_secured = ($_POST['recipient_secured'] != '') ? $_POST['recipient_secured'] : $formAction[$fAIndex]['recipient_secured'];
- $a = explode("@",$recipient);
- $a = array_pop($a);
- if(!in_array($a,$validReferrers)) {
- print "$pageHdr<p class=err>Invalid Recipient '$recipient'</p><p> Email address does not have permission to relay through this LevelTen Formmail script.<p>For help on this issue, see <a href='http://www.leveltendesign.com/L10Apps/Fm/help_troubleshooting.php#invalidReferrer?hct=L10Fm-ErrMsg' target=_blank>LevelTen Formmail troubleshooting</a>$pageFtr";
- exit;
- }
- $rccArray = explode(",",$recipient_cc);
- $recipient_cc = '';
- if($rccArray[0] != '') {
- foreach($rccArray as $rcc) {
- $a = explode("@",$rcc);
- $a = array_pop($a);
- if(in_array($a,$validReferrers)) {
- $recipient_cc .= "$rcc,";
- }
- }
- }
- $recipient_cc = substr($recipient_cc,0,-1);
- $rbccArray = explode(",",$recipient_bcc);
- $recipient_bcc = '';
- if($rbccArray[0] != '') {
- foreach($rbccArray as $rbcc) {
- $a = explode("@",$rbcc);
- $a = array_pop($a);
- if(in_array($a,$validReferrers)) {
- $recipient_bcc .= "$rbcc,";
- }
- }
- }
- $recipient_bcc = substr($recipient_bcc,0,-1);
- $a = explode(",",$required);
- if($a[0] != '') {
- foreach($a as $req) {
- if($_POST[$req] == '') {
- print "$pageHdr<p class=err>Required Field '$req' is missing!</p><p> You must input a value for this field before submitting<p align=center><a href='javascript: history.back(-1)'>back to form</a>$pageFtr";
- exit;
- }
- }
- }
- $htmlFormat = (strtolower(substr($format,0,1)) == 'h');
- $msg = '';
- if($htmlFormat) {
- $msg = "<html><head><style>td {font: x-small, verdana, arial, helvetica, sans-serif;} .fldname {font-weight:bold;font-size:x-small;} .flddata {font-size:x-small;} .tblhdr { font-size:x-small;font-weight:bold;color:#FFFFFF;background-color=#000088}</style></head><body>\n";
- $msg .= "<table border=0 cellspacing=0 cellpadding=0 width=640>\n";
- $msg .= "<tr><td colspan=3 class='tblhdr'>Form Data</td></tr>\n";
- } else {
- $msg = "Form data\n\n";
- }
- $bl0 = '';
- $bl1 = '';
- $ld = ' ';
- $el = "\n\n";
- $creditStrAdd = '';
- if($htmlFormat) {
- $bl0 = '<tr bgcolor=#E8E8FF><td class="fldname" valign=top>';
- $bl1 = '<tr bgcolor=#FFFFFF><td class="fldname" valign=top>';
- $ld = '</td><td> </td><td width=80% class="flddata">';
- $el = "</td></tr>\n";
- }
- $i = 0;
- foreach($_POST as $k => $v) {
- if($htmlFormat) {
- $v = str_replace("\n","<br>\n",$v);
- }
- if($i) {
- $msg .= "$bl0$k:$ld$v$el";
- } else {
- $msg .= "$bl1$k:$ld$v$el";
- }
- $i = !$i;
- }
- if(file_exists("L10HC_API.php")) {
- include("L10HC_API.php");
- $vID = getVID();
- if($htmlFormat) {
- $msg .= "<tr><td colspan=3><br> <br></td></tr>\n<tr><td colspan=3 border=1>";
- $creditStrAdd = ' & LevelTen Hit Counter';
- } else {
- $msg .= "\n\n";
- $creditStrAdd = ' & LevelTen Hit Counter';
- }
- $msg .= getSessions($vID,$max_sessions,$recipient_secured,$htmlFormat+1);
- if($htmlFormat) {
- $msg .= "</td></tr>\n";
- } else {
- }
- }
- if($htmlFormat) {
- $msg .= "<tr><td colspan=3> </td></tr><tr><td colspan=3 align=center>Generated by<br>LevelTen Formmail$creditStrAdd<td></tr></table></body></html>\n";
- } else {
- $msg .= "\n\nGenerated by LevelTen Formmail$creditStrAdd\n";
- }
- if (! preg_match("/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $recipient, $result)) {echo "Invalid recipient"; exit;}
- if (strlen($recipient) > 80 or strlen($recipient_cc) > 200 or strlen($recipient_bcc) > 200) {echo "Possible hack attempt"; exit;}
- if(stristr($subject, "Bcc:") or stristr($subject, "cc:") or stristr($subject, "to:")) {echo "Invalid content in subject"; exit;}
- if(stristr($msg, "Bcc:") or stristr($msg, "cc:") or stristr($msg, "to:")) {echo "Invalid content in message"; exit;}
- if(stristr($realname, "Bcc:") or stristr($realname, "cc:") or stristr($realname, "to:") or stristr($realname, "Content-type")) {echo "Invalid content"; exit;}
- if(stristr($email, "Bcc:") or stristr($email, "cc:") or stristr($email, "to:")) {echo "Invalid content"; exit;}
- $extraHeaders = "";
- if($email) { $extraHeaders .= "From: \"". $realname ."\" <". trim($email) .">\r\n"; }
- if($email) { $extraHeaders .= "Return-Path: ". trim($email) ."\r\n"; }
- if($email) { $extraHeaders .= "Reply-To: ". trim($email) ."\r\n"; }
- if($htmlFormat == 'h') { $extraHeaders .= "Content-type: text/html\r\n"; }
- if($recipient_cc != '') { $extraHeaders .= "Cc: ". trim($recipient_cc) ."\r\n"; }
- if($recipient_bcc != '') { $extraHeaders .= "Bcc: ". trim($recipient_bcc) ."\r\n"; }
- $confirmfrom = "";
- $confirmfrom .= "From: \"". $confirmname ."\" <". trim($confirmemail) .">\r\n";
- $confirmfrom .= "Return-Path: ". trim($confirmemail) ."\r\n";
- $confirmfrom .= "Reply-To: ". trim($confirmemail) ."\r\n";
- $confirmfrom .= "Content-type: text/html\r\n";
- $success = 1;
- $success = mail($recipient,$subject,$msg,$extraHeaders);
- //$success = mail($_POST['email'],$confirmsubject,$confirmtext,$confirmfrom);
- if(!$success && $L10_LIBLoaded) {
- log_event("Unsuccesful Email Attempt: $recipient");
- }
- //print "mail($recipient,$subject,$msg,$extraHeaders)";
- //print "$msg";
- header("Location: $redirect");
- ?>
|