Here is the copy of the source of the .php file. I filled out the form and uploaded it in ASCII, and I got a few more error messages like:
Warning: Undefined variable: missing_field_list in w:\inetpub\10476\php\FormMail.php on line 168
Warning: Undefined variable: content in w:\inetpub\10476\php\FormMail.php on line 86
Warning: Undefined variable: file_name in w:\inetpub\10476\php\FormMail.php on line 207
Warning: Server Error in w:\inetpub\10476\php\FormMail.php on line 94
Warning: Cannot add header information - headers already sent by (output started at w:\inetpub\10476\php\FormMail.php:168) in w:\inetpub\10476\php\FormMail.php on line 243
-- Now here is the actual PHP source --
<?
/*
##############################################################################
FormMail.php v3.0
##############################################################################
*/
// referers.. domains/ips that you will allow forms to
// reside on.
$referers = array ('www.myurl.com','myurl.com');
// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers){
if (count($referers)){
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++){
if ($referers[$x] == $referer){
$found = true;
}
}
if (!$found){
print_error("You are coming from an <b>unauthorized domain.</b>");
error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; //Not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);
// parse the form and create the content string which we will send
function parse_form($array) {
// build reserved keyword array
$reserved_keys[] = "MAX_FILE_SIZE";
$reserved_keys[] = "file_name";
$reserved_keys[] = "required";
$reserved_keys[] = "require";
$reserved_keys[] = "path_to_file";
$reserved_keys[] = "recipient";
$reserved_keys[] = "subject";
$reserved_keys[] = "name";
$reserved_keys[] = "address";
$reserved_keys[] = "city";
$reserved_keys[] = "state";
$reserved_keys[] = "zip";
$reserved_keys[] = "phone";
$reserved_keys[] = "email";
$reserved_keys[] = "single";
$reserved_keys[] = "familymembership";
$reserved_keys[] = "bgcolor";
$reserved_keys[] = "text_color";
$reserved_keys[] = "link_color";
$reserved_keys[] = "vlink_color";
$reserved_keys[] = "alink_color";
$reserved_keys[] = "title";
$reserved_keys[] = "missing_field_list";
$reserved_keys[] = "missing_fields_redirect";
$reserved_keys[] = "env_report";
if (count($array)) {
while (list($key, $val) = each($array)) {
// exclude reserved keywords
$reserved_violation = 0;
for ($ri=0; $ri<count($reserved_keys); $ri++) {
if ($key == $reserved_keys[$ri]) {
$reserved_violation = 1;
}
}
// prepare content
if ($reserved_violation != 1)
$content .= "$key: $val\n";
}
}
return $content;
}
// mail the content we figure out in the following steps
function mail_it($content, $subject, $email, $recipient) {
mail($recipient, $subject, $content, "From: $email\r\nReply-To: email\r\nX-Mailer: DT_formmail");
}
// take in the body building arguments and build the body tag for page display
function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color) {
if ($title)
echo "<title>$title</title>";
if (!$bgcolor)
$bgcolor = "#FFFFFF";
if (!$text_color)
$text_color = "#000000";
if (!$link_color)
$link_color = "#0000FF";
if (!$vlink_color)
$vlink_color = "#FF0000";
if (!$alink_color)
$alink_color = "#000088";
if ($background)
$background = "background=\"$background\"";
echo "<body bgcolor=\"$bgcolor\" text=\"$text_color\" link=\"$link_color\" vlink=\"$vlink_color\" alink=\"$alink_color\" $background>\n\n";
}
// our mighty error function..
function print_error($reason,$type = 0) {
build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color);
// for missing required data
if ($type == "missing") {
?>
The form was not submitted for the following reasons:<p>
<ul><?
echo $reason."\n";
?></ul>
Please use your browser's back button to return to the form and try again.<?
} else { // every other error
?>
The form was not submitted because of the following reasons:<p>
<?
}
echo "<br><br>\n";
exit;
}
// check for a recipient email address and check the validity of it
$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
$recipient_to_test = trim($recipient_in[$i]);
if (!eregi("[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $recipient_to_test)) {
print_error("<b>I NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE</b>");
}
}
// This is because I originally had it require but too many people
// were used to Matt's Formmail.pl which used required instead.
if ($required)
$require = $required;
// handle the required fields
if ($require) {
// seperate at the commas
$require = ereg_replace( " +", "", $require);
$required = split(",",$require);
for ($i=0;$i<count($required);$i++) {
$string = trim($required[$i]);
// check if they exsist
if((!(${$string})) || (!(${$string}))) {
// if the missing_fields_redirect option is on: redirect them
if ($missing_fields_redirect) {
header ("Location: $missing_fields_redirect");
exit;
}
$require;
$missing_field_list .= "<b>Missing: $required[$i]</b><br>\n";
}
}
// send error to our mighty error function
if ($missing_field_list)
print_error($missing_field_list,"missing");
}
// check the email fields for validity
if (($email) || ($email)) {
$email = trim($email);
if ($email)
$email = trim($email);
if (!eregi("[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,3}$", $email)) {
print_error("your <b>email address</b> is invalid");
}
$email = $email;
}
// check zipcodes for validity
if (($zip) || ($zip)) {
$zip = trim($zip);
if ($zip)
$zip = trim($zip);
if (!ereg("([0-9]{5})-([0-9]{4}$)", trim($zip)) && (!ereg("[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip))) && (!ereg("([0-9]{5})", trim($zip)))) {
print_error("your <b>zip/postal code</b> is invalid");
}
}
// check phone for validity
if (($phone) || ($phone)) {
$phone = trim($phone);
if ($phone)
$phone = trim($phone);
if (!ereg("((.)[0-9]{3})(.)([0-9]{3})(.*)([0-9]{4}$)", $phone)) {
print_error("your <b>phone number</b> is invalid");
}
}
// prepare the content
$content = parse_form($HTTP_POST_VARS);
// check for a file if there is a file upload it
if ($file_name) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
copy($file,$location);
unlink($file);
$content .= "Uploaded File: ".$path_to_file.$file_name."\n";
}
// if the env_report option is on: get eviromental variables
if ($env_report) {
$env_report = ereg_replace( " +", "", $env_report);
$env_reports = split(",",$env_report);
$content .= "------ eviromental variables ------\n";
for ($i=0;$i<count($env_reports);$i++) {
$string = trim($env_reports[$i]);
if ($env_reports[$i] == "REMOTE_HOST")
$content .= "REMOTE HOST: ".$REMOTE_HOST."\n";
else if ($env_reports[$i] == "REMOTE_USER")
$content .= "REMOTE USER: ". $REMOTE_USER."\n";
else if ($env_reports[$i] == "REMOTE_ADDR")
$content .= "REMOTE ADDR: ". $REMOTE_ADDR."\n";
else if ($env_reports[$i] == "HTTP_USER_AGENT")
$content .= "BROWSER: ". $HTTP_USER_AGENT."\n";
}
}
// if the subject option is not set: set the default
if (!$subject)
$subject = "Form submission";
// send it off
mail_it(stripslashes($content), stripslashes($subject), $email, $recipient);
// if the redirect option is set: redirect them
if ($redirect) {
header ("Location: $redirect");
exit;
} else {
print "Thank you for your submission\n";
}
// <---------- THE END ----------> //
