" . FixedHTMLEntities($title) . "

FormMail. * * Author: Russell Robinson * First released: 2nd October 2001 * * Read This First * ~~~~~~~~~~~~~~~ * This script is very well documented and quite large! It looks daunting, * but really isn't. * If you have experience with PHP or other scripting languages, * here's what you *need* to read: * - Configuration (TARGET_EMAIL & DEF_ALERT) * - Creating Forms * That's it! (Alternatively, just read the Quick Start and/or * Quicker Start section below). * Full configuration documentation is here: * http://www.tectite.com/fmdoc/index.php * * NOTE: do not read or modify this script or any PHP script * with DreamWeaver or FrontPage! * Many versions of those programs silently corrupt PHP scripts. * * Purpose: * ~~~~~~~~ * To accept information from an HTML form via HTTP and mail it to recipients. * * What does this PHP script do? * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * On your web site, you may have one or more HTML forms that accept * information from people visiting your website. Your aim is for your * website to email that information to you and/or add it to a database. * FormMail performs those functions. * * Quick Start * ~~~~~~~~~~~ * 1. Edit this file and set TARGET_EMAIL for your requirements (near * line 512 in this file - replace "yourhost\.com" with your mail server's * name). We also strongly recommend you set DEF_ALERT (the next * configuration below TARGET_EMAIL). * 2. Install this file as formmail.php (or other name ending in .php) * on your web server. * Test alerts by using your browser to open a URL to the script: * http://www.yourhost.com/formmail.php?testalert=1 * Alerts are the only way FormMail can tell you the details of * errors or faults. * 3. Create an HTML form and: * - specify a hidden field called "recipients" with the email address * of the person to receive the form's results. * - in the your form tag set the action attribute to * the formmail.php you uploaded to your web server * * Once you have FormMail working, you may be interested in some advanced * usage and features. We have HOW-TO guides at www.tectite.com which * describe many of the advanced processing you can do with FormMail. * http://www.tectite.com/fmhowto/guides.php * * Quicker Start * ~~~~~~~~~~~~~ * Use the FormMail Configuration Wizard here: * http://www.tectite.com/wizards/fmconf.php * By answering a few questions you'll get a configured FormMail and * a sample HTML form ready to upload and use on your server. * * Features * ~~~~~~~~ * For a list of features go to: http://www.tectite.com/formmailpage.php * * Security * ~~~~~~~~ * Security is the primary concern in accepting data from your website * visitors. * Tectite FormMail has several security features designed into it. Note, * however, it requires configuration for your particular web site. * * Configuration * ~~~~~~~~~~~~~ * To configure this script, go to the section titled "CONFIGURATION" * (after reading the legal stuff below). * * There is only one mandatory setting: TARGET_EMAIL * and one strongly recommended setting: DEF_ALERT * * Full configuration information is available here: * http://www.tectite.com/fmdoc/index.php * * Creating Forms * ~~~~~~~~~~~~~~ * Go to this URL to learn how to write HTML forms for use with * Tectite FormMail: http://www.tectite.com/fmdoc/creating_forms.php * * Copying and Use (Software License) * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Tectite FormMail is provided free of charge and may be freely distributed * and used provided that you: * 1. keep this header, including copyright and comments, * in place and unmodified; and, * 2. do not charge a fee for distributing it, without an agreement * in writing with Root Software allowing you to do so; and, * 3. if you modify FormMail before distributing it, you clearly * identify: * a) who you are * b) how to contact you * c) what changes you have made * d) why you have made those changes. * * By using any of our products, including this script, you are * agreeing to our standard Terms and Conditions, available here: * http://www.tectite.com/TermsAndConditions.pdf * * This is free software and the Software License shown above * is to be read in conjunction with our standard Terms and Conditions. * * Warranty and Disclaimer * ~~~~~~~~~~~~~~~~~~~~~~~ * Tectite FormMail is provided free-of-charge and with ABSOLUTELY NO WARRANTY. * It has not been verified for use in critical applications, including, * but not limited to, medicine, defense, aircraft, space exploration, * or any other potentially dangerous activity. * * By using Tectite FormMail you agree to indemnify Root Software and * Open Concepts (Vic) Pty Ltd, their agents, employees, directors and * associated companies and businesses from any liability whatsoever. * * We still care * ~~~~~~~~~~~~~ * If you find a bug or fault in FormMail, please report it to us. * We will respond to your report and make endeavours to rectify any * faults you've detected as soon as possible. * * To contact us view our contact information: * http://www.tectite.com/contacts.php * * Version History * ~~~~~~~~~~~~~~~ * Near the top of this file, you'll find its version. The version * line looks like this: * $FM_VERS = "N.MM"; /* script version ... * * The version history used to be located within this file. However, * starting with Version 8.00 we've moved it... * * You can read the complete version history of FormMail on our * main website here: * http://www.tectite.com/fmdoc/version_history.php */ /** * An alternative function for sending email. * You can override this variable in a hook script to use a different function. */ $ALT_MAIL_FUNCTION = ''; FMDebug('Submission to: ' . (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '') . ' from: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '')); if (isset($_SERVER['REQUEST_METHOD']) && strtoupper($_SERVER['REQUEST_METHOD']) === 'OPTIONS') { FMDebug('CORS OPTIONS request'); CORS_Response(); FormMailExit(); } // // Capture the current date and time, for various purposes. // date_default_timezone_set('UTC'); /* prevent notice in PHP 5.1+ */ $lNow = time(); ini_set('track_errors',1); // enable $php_errormsg $aAlertInfo = array(); $sLangID = ""; // the language ID $aMessages = array(); // all FormMail messages in the appropriate language function FormMailExit($s_mesg = '') { if (!@include(Settings::get('HOOK_DIR') . "/fmhookonexit.inc.php")) { @include(Settings::get('HOOK_DIR') . "/fmhookonexit.inc"); } exit($s_mesg); } /** * Interrogate and manage the execution environment. * * @package tectite_formmail * @subpackage setup */ class ExecEnv { /** * Value of phpversion(). * * @var string */ private $_sPHPVersionString; /** * Array containing the elements of the PHP version * * @var array */ private $_aPHPVersion; /** * The URL for the script. * * @var string */ private $_sScript; /** * Construct the class, and check PHP version. */ function __construct() { $this->_Init(); $this->_CheckVersion(); } /** * Initialise the object. * Sets {@link $_aPHPVersion} and {@link $_sPHPVersionString} */ private function _Init() { $this->_sPHPVersionString = phpversion(); $this->_aPHPVersion = explode(".",$this->_ZapHyphenPart($this->_sPHPVersionString)); } /** * Remove any hyphenated component of a version string. * * @param $str * * @return false|string */ private function _ZapHyphenPart($str) { if (($i_pos = strpos($str,'-')) !== false) { return substr($str,0,$i_pos); } else { return $str; } } /** * @return array */ public function getPHPVersion() { return $this->_aPHPVersion; } /** * @return string */ public function getPHPVersionString() { return $this->_sPHPVersionString; } /** * Check for old version of PHP - die with a message if too old. * * This is actually not required because PHP 4 won't even accept * the syntax of a PHP 5 script. However, we might need some * other version check in the future, so this is a useful method * to have around in that case. */ private function _CheckVersion() { $s_req_string = "5.0.0"; // We only support PHP 5 onward. $a_too_old = explode(".",$s_req_string); $i_cannot_use = ($a_too_old[0] * 10000) + ($a_too_old[1] * 100) + $a_too_old[2]; $i_this_num = ($this->_aPHPVersion[0] * 10000) + ($this->_aPHPVersion[1] * 100) + $this->_aPHPVersion[2]; if ($i_this_num <= $i_cannot_use) { FormMailExit(GetMessage(MSG_SCRIPT_VERSION, array("PHPREQ" => $s_req_string,"PHPVERS" => $this->_sPHPVersionString))); } } /** * Test PHP version against a particular version string. * * @param $s_vers * * @return boolean true if the PHP version is at or later than the version * specified */ public function IsPHPAtLeast($s_vers) { $a_test_version = explode(".",$s_vers); if (count($a_test_version) < 3) { return (false); } return ($this->_aPHPVersion[0] > $a_test_version[0] || ($this->_aPHPVersion[0] == $a_test_version[0] && ($this->_aPHPVersion[1] > $a_test_version[1] || $this->_aPHPVersion[1] == $a_test_version[1] && $this->_aPHPVersion[2] >= $a_test_version[2]))); } public function GetScript() { if (!isset($this->_sScript)) { if (isset($_SERVER["PHP_SELF"]) && !empty($_SERVER["PHP_SELF"]) && isset($_SERVER["SERVER_NAME"]) && !empty($_SERVER["SERVER_NAME"]) ) { if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"] != 80 ) { if ($_SERVER["SERVER_PORT"] == 443) // SSL port // // just use https prefix // { $this->_sScript = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"]; } else // // use http with port number // { $this->_sScript = "http://" . $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["PHP_SELF"]; } } else { $this->_sScript = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"]; } } else { Error("no_php_self",GetMessage(MSG_NO_PHP_SELF),false,false); } } return ($this->_sScript); } /** * Get a boolean PHP setting. * * @param string $s_name the name of the setting * * @return bool|null the value of the setting */ public function getINIBool($s_name) { $m_val = ini_get($s_name); if ($m_val !== null) { if (is_numeric($m_val)) { $m_val = (int)$m_val; } elseif (is_string($m_val)) { $m_val = strtolower($m_val); switch ($m_val) { case "1": case "on": case "true": $m_val = true; break; default: $m_val = false; break; } } } return ($m_val); } /** * Return whether the session can be passed in a URL. * * @return bool true if the session can be passed in a URL */ public function allowSessionURL() { $m_only_cookies = $this->getINIBool('session.use_only_cookies'); FMDebug('only_cookies=' . $m_only_cookies); if ($m_only_cookies === null) { $m_only_cookies = $this->IsPHPAtLeast('5.3.0'); FMDebug('php=' . $this->IsPHPAtLeast('5.3.0') . ',only_cookies=' . $m_only_cookies); } return (!$m_only_cookies); } public function getPostMaxSize() { $s_max_value = ini_get('post_max_size'); $number = (int)substr($s_max_value,0,-1); switch (strtoupper(substr($s_max_value,-1))) { case "K": return $number * 1024; case "M": return $number * pow(1024,2); case "G": return $number * pow(1024,3); default: return (int)$s_max_value; } } public function checkUploadSize() { if (isset($_SERVER['CONTENT_LENGTH'])) { $n_size = (int)$_SERVER['CONTENT_LENGTH']; $n_max = $this->getPostMaxSize(); // echo "Size = $n_size, max = $n_max\n"; if ($n_size > $n_max) { UserError("post_size_limit",GetMessage(MSG_POST_SIZE_LIMIT,array(),false,false)); } } } public function checkFileUploadSize($a_file_vars) { if (Settings::get('FILEUPLOADS')) { $a_field_names = array_keys($a_file_vars); foreach ($a_field_names as $s_name => $a_upload) { if (isset($a_upload)) { switch (isset($a_upload['error']) ? $a_upload['error'] : 0) { case 0: // no error case 4: // no file uploaded break; default: UserError('file_upload_error',FieldManager::GetFileUploadErrorMesg($a_upload['error'])); } } } } } } $ExecEnv = new ExecEnv(); if (!$ExecEnv->IsPHPAtLeast("5.3.0")) { // // disable this silly setting (usually not enabled) // it's also deprecated from PHP version 5.3.0 // if (function_exists('set_magic_quotes_runtime')) { /** @noinspection PhpElementIsNotAvailableInCurrentPhpVersionInspection */ @set_magic_quotes_runtime(0); } } // // We set references to the appropriate arrays to handle PHP version differences // Session vars are selected after we start the session. // $aServerVars = &$_SERVER; $aGetVars = &$_GET; $aFormVars = &$_POST; $aFileVars = &$_FILES; $aEnvVars = &$_ENV; $bIsGetMethod = false; $bHasGetData = false; if (!isset($REAL_DOCUMENT_ROOT)) { SetRealDocumentRoot(); } if (isset($aServerVars['SERVER_PORT'])) { $SCHEME = ($aServerVars['SERVER_PORT'] == 80) ? "http://" : "https://"; } else { $SCHEME = ""; } if (isset($aServerVars['SERVER_NAME']) && $aServerVars['SERVER_NAME'] !== "") { $SERVER = $aServerVars['SERVER_NAME']; } elseif (isset($aServerVars['SERVER_ADDR']) && $aServerVars['SERVER_ADDR'] !== "") { $SERVER = $aServerVars['SERVER_ADDR']; } else { $SERVER = ""; } /* * Load an optional include file before the configuration. * You can use this to set variables that can be used in the * configuration section. */ @include("formmail-preconfig.inc.php"); /*****************************************************************************/ /* CONFIGURATION (do not alter this line in any way!!!) */ /***************************************************************************** * This is the *only* place where you need to modify things to use formmail.php * on your particular system. This section finishes at "END OF CONFIGURATION". * Help for all settings can be found on our website: * http://www.tectite.com/fmdoc/index.php * * Also, above each setting is a direct URL to the help information for the * setting. *****************************************************************************/ /* Help: http://www.tectite.com/fmdoc/email_name.php */ $EMAIL_NAME = "^[-a-z0-9._]+"; /* the '^' is an important security feature! */ /* Help: http://www.tectite.com/fmdoc/target_email.php */ $TARGET_EMAIL = array($EMAIL_NAME . "@yourhost\.com$"); /* Help: http://www.tectite.com/fmdoc/email_addrs.php */ $EMAIL_ADDRS = array(); /* Help: http://www.tectite.com/fmdoc/def_alert.php */ $DEF_ALERT = ""; /* Help: http://www.tectite.com/fmdoc/site_domain.php */ $SITE_DOMAIN = ""; /* your website domain name */ /* Help: http://www.tectite.com/fmdoc/set_real_document_root.php */ $SET_REAL_DOCUMENT_ROOT = ""; /* overrides the value set by SetRealDocumentRoot function */ // // override $REAL_DOCUMENT_ROOT from the $SET_REAL_DOCUMENT_ROOT value (if any) // Do not alter the following code (next 3 lines)! // if (isset($SET_REAL_DOCUMENT_ROOT) && $SET_REAL_DOCUMENT_ROOT !== "") { $REAL_DOCUMENT_ROOT = $SET_REAL_DOCUMENT_ROOT; } /* Help: http://www.tectite.com/fmdoc/config_check.php */ $CONFIG_CHECK = array("TARGET_EMAIL"); /* Help: http://www.tectite.com/fmdoc/at_mangle.php */ $AT_MANGLE = ""; /* Help: http://www.tectite.com/fmdoc/target_urls.php */ $TARGET_URLS = array(); /* default; no URLs allowed */ /* Help: http://www.tectite.com/fmdoc/head_crlf.php */ $HEAD_CRLF = "\r\n"; /* Help: http://www.tectite.com/fmdoc/body_lf.php */ $BODY_LF = "\r\n"; /* the new default: use this for CR+LF */ //$BODY_LF = "\n"; /* the old default: just LF */ /* Help: http://www.tectite.com/fmdoc/from_user.php */ $FROM_USER = ""; /* the default - setting not used */ /* Help: http://www.tectite.com/fmdoc/sendmail_f_option.php */ $SENDMAIL_F_OPTION = false; $SENDMAIL_F_OPTION_LINE = __LINE__ - 1; /* don't modify this line! */ /* Help: http://www.tectite.com/fmdoc/fixed_sender.php */ $FIXED_SENDER = ""; /* Help: http://www.tectite.com/fmdoc/set_sender_from_email.php */ $SET_SENDER_FROM_EMAIL = false; /* Help: http://www.tectite.com/fmdoc/ini_set_from.php */ $INI_SET_FROM = false; /* Help: http://www.tectite.com/fmdoc/logdir.php */ $LOGDIR = ""; /* directory for log files; empty string to disallow log files */ /* Help: http://www.tectite.com/fmdoc/autorespondlog.php */ $AUTORESPONDLOG = ""; /* file name in $LOGDIR for the auto responder log; empty string for no auto responder log */ /* Help: http://www.tectite.com/fmdoc/csv_file_settings.php */ $CSVDIR = ""; /* directory for csv files; empty string to disallow csv files */ $CSVSEP = ","; /* comma separator between fields (columns) */ $CSVINTSEP = ";"; /* semicolon is the separator for fields (columns) with multiple values (checkboxes, etc.) */ $CSVQUOTE = '"'; /* all fields in the CSV are quoted with this character; default is double quote. You can change it to single quote or leave it empty for no quotes. */ //$CSVQUOTE = "'"; /* use this if you want single quotes */ $CSVOPEN = ""; /* set to "b" to force line terminations to be kept as $CSVLINE setting below, regardless of operating system. Keep as empty string and leave $CSVLINE unchanged, to get text file terminations for your server's operating system. (Line feed on UNIX, carriage-return line feed on Windows). */ $CSVLINE = "\n"; /* line termination for CSV files. The default is a single line feed, which may be modified for your server's operating system. If you want to change this value, you *must* set $CSVOPEN = "b". */ /* Help: http://www.tectite.com/fmdoc/templatedir.php */ $TEMPLATEDIR = ""; /* directory for template files; empty string if you don't have any templates */ /* Help: http://www.tectite.com/fmdoc/templateurl.php */ $TEMPLATEURL = ""; /* default; no template URL */ /* Help: http://www.tectite.com/fmdoc/multiformdir.php */ $MULTIFORMDIR = ""; /* directory for multi-form template files; empty string if you're not using multi-forms */ /* Help: http://www.tectite.com/fmdoc/multiformurl.php */ $MULTIFORMURL = ""; /* default; no multi-forms templates URL */ /* Help: http://www.tectite.com/fmdoc/text_subs.php */ $TEXT_SUBS = array( array("srch" => "/\\\\r\\\\n/","repl" => "\r\n",), array("srch" => "/\\\\n/","repl" => "\n",), array("srch" => "/\\\\t/","repl" => "\t",), array("srch" => "/\\[NL\\]/","repl" => "\n",), array("srch" => "/\\[TAB\\]/","repl" => "\t",), array("srch" => "/\\[NBSP\\]/","repl" => " ",), array("srch" => "/\\[DQUOT\\]/","repl" => '"',), array("srch" => "/\\[SQUOT\\]/","repl" => "'",), array("srch" => "/\\[COLON\\]/","repl" => ":",), array("srch" => "/\\[SLOSH\\]/","repl" => "\\",), array("srch" => "/\\[OPCURL\\]/","repl" => "{",), array("srch" => "/\\[CLCURL\\]/","repl" => "}",), array("srch" => "/(on[a-z]*|href|src)\\s*=\\s*/i","repl" => ""), /* strip html attributes that could be unsafe */ array("srch" => "/<\\s*(table|tr|td|th|p|ul|ol|li|b|i|u|strong|pre|h[1-6]|em|dl|dd|dt|hr|span|br)(\\b[^>]*?)>/i", "repl" => "<\$1\$2>", ), array("srch" => "#<\\s*/\\s*(table|tr|td|th|p|ul|ol|li|b|i|u|strong|pre|h[1-6]|em|dl|dd|dt|hr|span|br)\\s*>#i", "repl" => "", ), ); /* Help: http://www.tectite.com/fmdoc/authentication_settings.php */ $AUTHENTICATE = ""; //$AUTHENTICATE = "Basic cnVzc2VsbHI6dGVzdA=="; // example $AUTH_USER = ""; $AUTH_PW = ""; /* Help: http://www.tectite.com/fmdoc/form_ini_file.php */ $FORM_INI_FILE = ""; /* Help: http://www.tectite.com/fmdoc/moduledir.php */ $MODULEDIR = "."; /* Help: http://www.tectite.com/fmdoc/fmcompute.php */ $FMCOMPUTE = "fmcompute.php"; /* Help: http://www.tectite.com/fmdoc/fmgeoip.php */ $FMGEOIP = "fmgeoip.php"; /* Help: http://www.tectite.com/fmdoc/advanced_templates.php */ $ADVANCED_TEMPLATES = false; /* set to true for advanced templates */ /* Help: http://www.tectite.com/fmdoc/limited_import.php */ $LIMITED_IMPORT = true; /* set to true if your database cannot handle escaped quotes or newlines within imported data. Microsoft Access is one example. */ /* Help: http://www.tectite.com/fmdoc/valid_env.php */ $VALID_ENV = array('HTTP_REFERER','REMOTE_HOST','REMOTE_ADDR','REMOTE_USER', 'HTTP_USER_AGENT' ); /* Help: http://www.tectite.com/fmdoc/fileuploads.php */ $FILEUPLOADS = false; /* set to true to allow file attachments */ /* Help: http://www.tectite.com/fmdoc/max_file_upload_size.php */ $MAX_FILE_UPLOAD_SIZE = 0; /* default of 0 means that other software */ // controls the maximum file upload size // (FormMail doesn't test the file size) /* Help: http://www.tectite.com/fmdoc/file_repository.php */ $FILE_REPOSITORY = ""; /* Help: http://www.tectite.com/fmdoc/file_mode.php */ $FILE_MODE = 0664; /* always precede with 0 to specify octal! */ /* Help: http://www.tectite.com/fmdoc/file_overwrite.php */ $FILE_OVERWRITE = true; /* Help: http://www.tectite.com/fmdoc/next_num_file.php */ $NEXT_NUM_FILE = ""; /* Help: http://www.tectite.com/fmdoc/put_data_in_url.php */ $PUT_DATA_IN_URL = true; /* set to true to place data in the URL */ // for bad_url redirects /* Help: http://www.tectite.com/fmdoc/allow_get_method.php */ $ALLOW_GET_METHOD = false; /* Help: http://www.tectite.com/fmdoc/db_see_input.php */ $DB_SEE_INPUT = false; /* set to true to just see the input values */ /* Help: http://www.tectite.com/fmdoc/db_see_ini.php */ $DB_SEE_INI = false; /* set to true to just see the ini file */ /* Help: http://www.tectite.com/fmdoc/maxstring.php */ $MAXSTRING = 1024; /* maximum string length for a value */ /* Help: http://www.tectite.com/fmdoc/require_captcha.php */ $REQUIRE_CAPTCHA = ""; /* set to a message string if your forms */ // must provide a CAPTCHA string /* Help: http://www.tectite.com/fmdoc/recaptcha_private_key.php */ $RECAPTCHA_PRIVATE_KEY = ""; /* Help: http://www.tectite.com/fmdoc/bshowmesgnumbers.php */ $bShowMesgNumbers = false; /* Help: http://www.tectite.com/fmdoc/filters.php */ /* Note for Tectite personnel: the upgrade Wizard will merge new values * but be careful of $var usage and quoting in new entries. */ /** @noinspection PhpUndefinedVariableInspection */ $FILTERS = array("encode" => "$REAL_DOCUMENT_ROOT/cgi-bin/fmencoder -kpubkey.txt", "null" => "null", "csv" => "csv" ); /* Help: http://www.tectite.com/fmdoc/socket_filters.php */ $SOCKET_FILTERS = array( "httpencode" => array("site" => "YourSiteHere", "port" => 80, "path" => "/cgi-bin/fmencoder", "params" => array(array("name" => "key", "file" => "$REAL_DOCUMENT_ROOT/cgi-bin/pubkey.txt" ) ) ), "sslencode" => array("site" => "ssl://YourSecureSiteHere", "port" => 443, "path" => "/cgi-bin/fmencoder", "params" => array(array("name" => "key", "file" => "$REAL_DOCUMENT_ROOT/cgi-bin/pubkey.txt" ) ) ), ); /* Help: http://www.tectite.com/fmdoc/filter_attribs.php */ $FILTER_ATTRIBS = array("encode" => "Strips,MIME=application/vnd.fmencoded,Encrypts", "httpencode" => "Strips,MIME=application/vnd.fmencoded,Encrypts", "sslencode" => "Strips,MIME=application/vnd.fmencoded,Encrypts", "csv" => "Strips,MIME=text/csv", ); /* Help: http://www.tectite.com/fmdoc/check_for_new_version.php */ $CHECK_FOR_NEW_VERSION = true; $CHECK_DAYS = 30; /* Help: http://www.tectite.com/fmdoc/scratch_pad.php */ $SCRATCH_PAD = ""; /* Help: http://www.tectite.com/fmdoc/cleanup_time.php */ $CLEANUP_TIME = 60; /* cleanup time in minutes */ /* Help: http://www.tectite.com/fmdoc/cleanup_chance.php */ $CLEANUP_CHANCE = 20; /* percentage probability that cleanup will be performed */ /* Help: http://www.tectite.com/fmdoc/pear_settings.php */ $PEAR_SMTP_HOST = ""; $PEAR_SMTP_PORT = 25; $PEAR_SMTP_USER = ""; $PEAR_SMTP_PWD = ""; /* Help: http://www.tectite.com/fmdoc/alert_on_user_error.php */ $ALERT_ON_USER_ERROR = true; /* Help: http://www.tectite.com/fmdoc/enable_attack_detection.php */ $ENABLE_ATTACK_DETECTION = true; /* Help: http://www.tectite.com/fmdoc/attack_detection_url.php */ $ATTACK_DETECTION_URL = ""; /* Help: http://www.tectite.com/fmdoc/alert_on_attack_detection.php */ $ALERT_ON_ATTACK_DETECTION = false; /* Help: http://www.tectite.com/fmdoc/attack_detection_mime.php */ $ATTACK_DETECTION_MIME = true; /* Help: http://www.tectite.com/fmdoc/attack_detection_junk.php */ $ATTACK_DETECTION_JUNK = false; $ATTACK_DETECTION_JUNK_CONSONANTS = "bcdfghjklmnpqrstvwxz"; $ATTACK_DETECTION_JUNK_VOWELS = "aeiouy"; $ATTACK_DETECTION_JUNK_CONSEC_CONSONANTS = 5; $ATTACK_DETECTION_JUNK_CONSEC_VOWELS = 4; $ATTACK_DETECTION_JUNK_TRIGGER = 2; $ATTACK_DETECTION_JUNK_LANG_STRIP = array( "aiia", /* Hawaiian */ "aeoa", /* palaeoanthropic */ "aeoe", /* palaeoethnic */ "ayou", /* layout */ "ayee", /* payee */ "buyout", /* buyout */ "clayey", /* clayey */ "hooey", /* hooey */ "ioau", /* radioautograph */ "opoeia", /* pharmacopoeia, onomatopoeia */ "ooee", /* cooee */ "oyee", /* employee */ "ioau", /* radioautograph */ "uaia", /* guaiac */ "uaya", /* uruguayan */ "ueou", /* aqueous */ "uiou", /* obsequious */ "uoya", /* buoyant */ "queue", /* queue, queueing */ "earth", /* earthquake, earthslide */ "cks", /* jockstrap, backscratcher */ "ngth", /* strengths, length */ "ndths", /* thousandths */ "ght", /* nightclub, knightsbridge */ "phth", /* ophthalmology */ "sch", /* rothschild */ "shch", /* borshch */ "scr", /* corkscrew */ "spr", /* wingspread, offspring */ "str", /* armstrong, songstress */ "sts", /* bursts, postscript */ "tch", /* catchphrase, scratchproof */ "thst", /* northstar, birthstone */ "http", /* https, http */ "html", /* HTML, XHTML */ ); $ATTACK_DETECTION_JUNK_IGNORE_FIELDS = array(); /* Help: http://www.tectite.com/fmdoc/attack_detection_dups.php */ $ATTACK_DETECTION_DUPS = array("realname","address1","address2","country","zip", "phone","postcode","state","email" ); /* Help: http://www.tectite.com/fmdoc/attack_detection_specials.php */ $ATTACK_DETECTION_SPECIALS = true; /* Help: http://www.tectite.com/fmdoc/attack_detection_specials.php */ $ATTACK_DETECTION_SPECIALS_ONLY_EMAIL = array("derive_fields","required", "mail_options","good_url","bad_url","good_template", "bad_template" ); /* Help: http://www.tectite.com/fmdoc/attack_detection_specials.php */ $ATTACK_DETECTION_SPECIALS_ANY_EMAIL = array("subject"); /* Help: http://www.tectite.com/fmdoc/attack_detection_many_urls.php */ $ATTACK_DETECTION_MANY_URLS = 0; /* Help: http://www.tectite.com/fmdoc/attack_detection_many_url_fields.php */ $ATTACK_DETECTION_MANY_URL_FIELDS = 0; /* Help: http://www.tectite.com/fmdoc/attack_detection_url_patterns.php */ $ATTACK_DETECTION_URL_PATTERNS = array( '(^|[^-a-z_.0-9]+)(?'; debug_print_backtrace(); echo ''; FormMailExit("No FormMail setting called '$s_name' exists."); } } /** * Tests if the given config setting is empty. * * @param string $s_name the name of the config setting * * @return boolean true if the config setting is empty */ public static function isEmpty($s_name) { Settings::_check($s_name); if (gettype($GLOBALS[$s_name]) == 'string') { return ($GLOBALS[$s_name] === ''); } else { return (empty($GLOBALS[$s_name])); } } /** * Returns the value of the given config setting. * * @param string $s_name the name of the config setting * * @return mixed the value of the config setting */ public static function get($s_name) { Settings::_check($s_name); return ($GLOBALS[$s_name]); } /** * Set the value of a config setting. * * @param string $s_name the name of the config setting * @param mixed $m_value the value to set for the config setting */ public static function set($s_name,$m_value) { Settings::_check($s_name); if (($s_orig_type = gettype($GLOBALS[$s_name])) != ($s_new_type = gettype($m_value))) { echo '

';
			debug_print_backtrace();
			echo '

The following settings were found in the file '$s_file':

"; foreach ($a_sections as $s_sect => $a_settings) { $s_text .= "

[$s_sect]\n"; foreach ($a_settings as $s_name => $s_value) { $s_text .= "$s_name = \"$s_value\"\n"; } $s_text .= "

" . htmlspecialchars($s_item) . "

"; } $a_specs["fmerroritemlist"] = $s_list; if (ShowErrorTemplate($bad_template,$a_specs,$b_user_error)) { return; } } $s_text = GetMessage(MSG_ERROR_PROC); if ($b_user_error) { $s_text .= $error_mesg . "\n" . FixedHTMLEntities($s_extra_info); } else { global $SERVER; if ($b_alerted) { $s_text .= GetMessage(MSG_ALERT_DONE,array("SERVER" => $SERVER)); } else { $s_text .= GetMessage(MSG_PLS_CONTACT,array("SERVER" => $SERVER)); } $s_text .= GetMessage(MSG_APOLOGY,array("SERVER" => $SERVER)); } CreatePage($s_text,GetMessage(MSG_FORM_ERROR),false); // // the session data is not needed now // ZapSession(); } } // // Report an error. Same as Error, but implements // ATTACK_DETECTION_IGNORE_ERRORS. // function ErrorWithIgnore($error_code,$error_mesg,$b_filter = true,$show = true,$int_mesg = "") { if (function_exists('FMHookErrorWithIgnore')) { FMHookErrorWithIgnore($error_code,$error_mesg,$b_filter,$show,$int_mesg); } $b_alerted = false; if (!Settings::get('ATTACK_DETECTION_IGNORE_ERRORS')) { if (SendAlert("$error_code\n *****$int_mesg*****\nError=$error_mesg\n",$b_filter)) { $b_alerted = true; } } if ($show) { ShowError($error_code,$error_mesg,false,$b_alerted); } else // // show something to the user // { ShowError($error_code,GetMessage(MSG_SUBM_FAILED),false,$b_alerted); } FormMailExit(); } // // Report an error // function Error($error_code,$error_mesg,$b_filter = true,$show = true,$int_mesg = "") { if (function_exists('FMHookError')) { FMHookError($error_code,$error_mesg,$b_filter,$show,$int_mesg); } $b_alerted = false; if (SendAlert("$error_code\n *****$int_mesg*****\nError=$error_mesg\n",$b_filter)) { $b_alerted = true; } if ($show) { ShowError($error_code,$error_mesg,false,$b_alerted); } else // // show something to the user // { ShowError($error_code,GetMessage(MSG_SUBM_FAILED),false,$b_alerted); } FormMailExit(); } // // Report a user error // function UserError($s_error_code,$s_error_mesg, $s_extra_info = "",$a_item_list = array()) { if (function_exists('FMHookUserError')) { FMHookUserError($s_error_code,$s_error_mesg,$s_extra_info,$a_item_list); } $b_alerted = false; if (Settings::get('ALERT_ON_USER_ERROR') && SendAlert("$s_error_code\nError=$s_error_mesg\n$s_extra_info\n") ) { $b_alerted = true; } ShowError($s_error_code,$s_error_mesg,true,$b_alerted,$a_item_list,$s_extra_info); FormMailExit(); } // // Create a simple page with the given text. // function CreatePage($text,$title = "",$b_show_about = true) { global $FM_VERS,$sHTMLCharSet; if (IsAjax()) { // // CreatePage should not be called in Ajax mode. // If it is, it must be an error or debugging state. // JSON_Result("ERROR",array("ErrorCode" => $title, "ErrorMesg" => $text )); } else { echo '' . "\n"; echo '' . "\n"; echo "\n"; if (isset($sHTMLCharSet) && $sHTMLCharSet !== "") { echo "\n"; } if ($title != "") { echo "" . FixedHTMLEntities($title) . "\n"; } echo "\n"; echo "\n"; echo nl2br($text); echo "

"; if ($b_show_about) { echo "

\n"; echo GetMessage(MSG_ABOUT_FORMMAIL,array("FM_VERS" => $FM_VERS, "TECTITE" => "www.tectite.com" )); echo "

Pattern: '".htmlspecialchars($s_pat)."': count=".preg_match($s_pat,$s_value)."

pat: ".htmlspecialchars($s_pat); $s_buf = preg_replace($s_pat,$s_repl,$s_buf); return ($s_buf); } // // This function handles multiple selects. // function FixMultiSelect($s_name,$a_values,$s_buf) { // // we search for: // // foreach ($a_values as $s_value) { $s_pat = '/(<\s*select[^>]*name="'; $s_pat .= preg_quote($s_name,"/"); $s_pat .= '\[\]".*?<\s*option[^>]*value="'; $s_pat .= preg_quote($s_value,"/"); $s_pat .= '"[^>]*)>'; $s_pat .= '/ims'; $s_repl = '$1 selected="selected">'; // echo "

pat: ".htmlspecialchars($s_pat); $s_buf = preg_replace($s_pat,$s_repl,$s_buf); } return ($s_buf); } // // This function unchecks all checkboxes and select options. // function UnCheckStuff($s_buf) { global $php_errormsg; // // we search for: // // $s_pat = '/(<\s*input[^>]*type="checkbox"[^>]*?[^"\w])checked(="checked"|(?=[^"\w]))?([^>]*?)(\s*\/\s*)?>'; $s_pat .= '/ims'; $s_buf = preg_replace($s_pat,'$1$3$4>',$s_buf); // // we search for: // // $s_pat = '/(<\s*option[^>]*?[^"\w])selected(="selected"|(?=[^"\w]))?([^>]*)>'; $s_pat .= '/ims'; $s_buf = preg_replace($s_pat,'$1$3>',$s_buf); return ($s_buf); } // // Add the user agent to the url as a parameter called USER_AGENT. // This allows dynamic web sites to know what the user's browser is. // function AddUserAgent($s_url) { global $aServerVars,$aGetVars; // // check if the USER_AGENT has been passed as a URL parameter, // if so, use it // $s_agent = ""; if (isset($aGetVars['USER_AGENT']) && $aGetVars['USER_AGENT'] !== "") { $s_agent = $aGetVars['USER_AGENT']; // // check for URL encoding, and if not, then encode it // if (!IsURLEncoded($s_agent)) { $s_agent = urlencode($s_agent); } } elseif (isset($aServerVars['HTTP_USER_AGENT'])) { $s_agent = urlencode($aServerVars['HTTP_USER_AGENT']); } if ($s_agent !== "") { return (AddURLParams($s_url,"USER_AGENT=$s_agent",false)); } else { return ($s_url); } } // // Try to determine if the given string is already URL-encoded // function IsURLEncoded($s_str) { // // the only non-alphanumeric characters we'd expect // to see are defined as safe or extra in RFC 1738: // safe = "$" | "-" | "_" | "." | "+" // extra = "!" | "*" | "'" | "(" | ")" | "," // plus the encoding character % // if (preg_match('/[^a-z0-9$_.+!*\'(),%-]/i',$s_str,$a_matches)) { FMDebug("IsURLEncoded: '$s_str' matched '" . $a_matches[0] . "' and is therefore not URL-encoded"); return (false); } return (true); } // // Sets previous values in a form. // function SetPreviousValues($s_form_buf,$a_values,$a_strip = array()) { // // Uncheck any checkboxes and select options // $s_form_buf = UnCheckStuff($s_form_buf); foreach ($a_values as $s_name => $m_value) { if (is_array($m_value)) { // // note that if no values are selected for a field, // then we will never get here for that field // $s_form_buf = FixCheckboxes($s_name,$m_value,$s_form_buf); $s_form_buf = FixMultiSelect($s_name,$m_value,$s_form_buf); } else { // // Fix the field if it's an input type "text" or "password". // $s_form_buf = FixInputText($s_name,$m_value,$s_form_buf); // // Fix the field if it's radio button. // $s_form_buf = FixButton($s_name,$m_value,$s_form_buf); // // Fix the field if it's a "textarea". // $s_form_buf = FixTextArea($s_name,$m_value,$s_form_buf); // // Fix the field if it's a "select". // $s_form_buf = FixSelect($s_name,$m_value,$s_form_buf); } } // // Now strip particular field values. // foreach ($a_strip as $s_name) { $s_form_buf = RemoveFieldValue($s_name,$s_form_buf); } return ($s_form_buf); } // // Open a URL, do value substitutions, and send to browser. // The a_strip array provides a list of fields (usually // hidden fields) to remove from the form (their values are // set to empty). // function ProcessReturnToForm($s_url,$a_values,$a_strip = array()) { global $php_errormsg; // // read the original form, and modify it to provide values // for the fields // if (!CheckValidURL($s_url)) { Error("invalid_url",GetMessage(MSG_RETURN_URL_INVALID, array("URL" => $s_url)),false,false); } $s_form_url = AddUserAgent($s_url); $s_error = ""; $s_form_buf = GetURL($s_form_url,$s_error); if ($s_form_buf === false) { Error( "invalid_url", GetMessage(MSG_OPEN_URL, array("URL" => $s_form_url, "ERROR" => $s_error . ": " . (isset($php_errormsg) ? $php_errormsg : "") )), false, false); } // // Next, we replace or set actual field values. // echo SetPreviousValues($s_form_buf,$a_values,$a_strip); } // // To return the URL for returning to a particular multi-page form URL. // function GetReturnLink($s_this_script,$i_form_index) { global $aServerVars; if (!CheckValidURL($s_this_script)) { Error("not_valid_url",GetMessage(MSG_RETURN_URL_INVALID, array("URL" => $s_this_script)),false,false); } $a_params = array(); $a_params[] = "return=$i_form_index"; if (isset($aServerVars["QUERY_STRING"])) { $a_params[] = $aServerVars["QUERY_STRING"]; } $a_params[] = session_name() . "=" . session_id(); return (AddURLParams($s_this_script,$a_params)); } // // Process a multi-page form template. // function ProcessMultiFormTemplate($s_template,$a_values,&$a_lines) { global $SPECIAL_VALUES; if (Settings::isEmpty('MULTIFORMDIR') && Settings::isEmpty('MULTIFORMURL')) { SendAlert(GetMessage(MSG_MULTIFORM)); return (false); } // // create the "this_form_url" field // $i_index = GetSession("FormIndex"); $a_list = GetSession("FormList"); $a_values["this_form_url"] = $a_list[$i_index]["URL"]; // // get the persistent file fields // $a_values = GetSavedFileNames($a_values); //$a_values["prev_form"] = GetReturnLink($SPECIAL_VALUES["this_form"]); return (DoProcessTemplate(Settings::get('MULTIFORMDIR'),Settings::get('MULTIFORMURL'),$s_template,$a_lines, $a_values,"",'SubstituteValueForPage')); } // // Output the multi-form template after filling in the fields. // function OutputMultiFormTemplate($s_template,$a_values) { $a_lines = array(); if (!ProcessMultiFormTemplate($s_template,$a_values,$a_lines)) { Error("multi_form_failed",GetMessage(MSG_MULTIFORM_FAILED, array("NAME" => $s_template)),false,false); } else { $n_lines = count($a_lines); $s_buf = ""; for ($ii = 0 ; $ii < $n_lines ; $ii++) { $s_buf .= $a_lines[$ii] . "\n"; unset($a_lines[$ii]); // free memory (hopefully) } unset($a_lines); // free memory (hopefully) if (IsSetSession("FormKeep")) // // put in any values that are being forward-remembered // { echo SetPreviousValues($s_buf,GetSession("FormKeep")); } else { echo $s_buf; } } } // // Insert a preamble into a MIME message. // function MimePreamble(&$a_lines,$a_mesg = array()) { $a_preamble = explode("\n",GetMessage(MSG_MIME_PREAMBLE)); foreach ($a_preamble as $s_line) { $a_lines[] = $s_line . Settings::get('HEAD_CRLF'); } $a_lines[] = Settings::get('HEAD_CRLF'); // blank line $b_need_blank = false; foreach ($a_mesg as $s_line) { $a_lines[] = $s_line . Settings::get('HEAD_CRLF'); if (!empty($s_line)) { $b_need_blank = true; } } if ($b_need_blank) { $a_lines[] = Settings::get('HEAD_CRLF'); } // blank line } // // Create the HTML mail // function HTMLMail(&$a_lines,&$a_headers,$s_body,$s_template,$s_missing,$s_filter, $s_boundary,$a_raw_fields,$b_no_plain,$b_process_template) { $s_charset = GetMailOption("CharSet"); if (!isset($s_charset)) { $s_charset = "ISO-8859-1"; } if ($b_no_plain) { $b_multi = false; // // don't provide a plain text version - just the HTML // $a_headers['Content-Type'] = SafeHeader("text/html; charset=$s_charset"); } else { $b_multi = true; $a_headers['Content-Type'] = "multipart/alternative; boundary=\"$s_boundary\""; $a_pre_lines = explode("\n",GetMessage(MSG_MIME_HTML, array("NAME" => $s_template))); MimePreamble($a_lines,$a_pre_lines); // // first part - the text version only // $a_lines[] = "--$s_boundary" . Settings::get('HEAD_CRLF'); $a_lines[] = "Content-Type: text/plain; charset=$s_charset" . Settings::get('HEAD_CRLF'); $a_lines[] = Settings::get('HEAD_CRLF'); // blank line // // treat the body like one line, even though it isn't // $a_lines[] = $s_body; $a_lines[] = Settings::get('HEAD_CRLF'); // blank line // // second part - the HTML version // $a_lines[] = "--$s_boundary" . Settings::get('HEAD_CRLF'); $a_lines[] = "Content-Type: text/html; charset=$s_charset" . Settings::get('HEAD_CRLF'); $a_lines[] = Settings::get('HEAD_CRLF'); // blank line } $a_html_lines = array(); if (!$b_process_template) { if (!ProcessTemplate($s_template,$a_html_lines,$a_raw_fields,NULL,'SubstituteValueDummy')) { return (false); } } elseif (!ProcessTemplate($s_template,$a_html_lines,$a_raw_fields,$s_missing)) { return (false); } if (!empty($s_filter)) // // treat the data like one line, even though it isn't // { $a_lines[] = Filter($s_filter,$a_html_lines); } else { foreach ($a_html_lines as $s_line) { $a_lines[] = $s_line; } } if ($b_multi) { // // end // $a_lines[] = "--$s_boundary--" . Settings::get('HEAD_CRLF'); $a_lines[] = Settings::get('HEAD_CRLF'); // blank line } return (true); } // // Add the contents of a file in base64 encoding. // function AddFile(&$a_lines,$s_file_name,$i_file_size,$b_remove = true) { global $php_errormsg; @ $fp = fopen($s_file_name,"rb"); if ($fp === false) { SendAlert(GetMessage(MSG_FILE_OPEN_ERROR,array("NAME" => $s_file_name, "TYPE" => "attachment", "ERROR" => CheckString($php_errormsg) ))); return (false); } // // PHP under IIS has problems with the filesize function when // the file is on another drive. So, we replaced a call // to filesize with the $i_file_size parameter (this occurred // in version 3.01). // $s_contents = fread($fp,$i_file_size); // // treat as a single line, even though it isn't // $a_lines[] = chunk_split(base64_encode($s_contents)); fclose($fp); if ($b_remove) { @unlink($s_file_name); } return (true); } // // Add the contents of a string in base64 encoding. // function AddData(&$a_lines,$s_data) { // // treat as a single line, even though it isn't // $a_lines[] = chunk_split(base64_encode($s_data)); return (true); } /** * Check if a file is a valid uploaded file. * * This function is obsolete and is only kept for use by * existing hook files. Do not use this function in new code. * * @param array $a_file_spec file specification * * @return bool */ function IsUploadedFile($a_file_spec) { return FieldManager::IsUploadedFile($a_file_spec); } // // Save an uploaded file to the repository directory. // function SaveFileInRepository(&$a_file_spec) { global $php_errormsg; // // if a replacement name has been specified, use that, otherwise // use the original name // if (isset($a_file_spec["new_name"])) { $s_file_name = basename($a_file_spec["new_name"]); } else { $s_file_name = basename($a_file_spec["name"]); } $s_dest = Settings::get('FILE_REPOSITORY') . "/" . $s_file_name; $b_ok = true; $s_error = ""; if (isset($a_file_spec["saved_as"]) && !empty($a_file_spec["saved_as"])) { FMDebug("SaveFileInRepository: saved_as"); $s_srce = $a_file_spec["saved_as"]; } else { $s_srce = $a_file_spec["tmp_name"]; } FMDebug("SaveFileInRepository: $s_srce"); if (!Settings::get('FILE_OVERWRITE')) { clearstatcache(); if (@file_exists($s_dest)) { $b_ok = false; $s_error = GetMessage(MSG_SAVE_FILE_EXISTS,array("FILE" => $s_dest)); } } if (Settings::get('MAX_FILE_UPLOAD_SIZE') != 0 && $a_file_spec["size"] > Settings::get('MAX_FILE_UPLOAD_SIZE') * 1024 ) // // this exits // { UserError("upload_size",GetMessage(MSG_FILE_UPLOAD_SIZE, array("NAME" => $a_file_spec["name"], "SIZE" => $a_file_spec["size"], "MAX" => Settings::get('MAX_FILE_UPLOAD_SIZE') ))); } if ($b_ok) { if (isset($a_file_spec["saved_as"]) && !empty($a_file_spec["saved_as"])) { if (!copy($s_srce,$s_dest) || !@unlink($s_srce)) { $b_ok = false; } } else { if (!move_uploaded_file($s_srce,$s_dest)) { $b_ok = false; } } if ($b_ok) { // // Flag to say it's been put in the repository. // $a_file_spec["in_repository"] = true; // // Its new location // $a_file_spec["saved_as"] = $s_dest; // // Now that the file has been saved, "is_uploaded_file" // will return false. So, we create a flag to say it was // valid. // $a_file_spec["moved"] = true; } else { $s_error = $php_errormsg; } } if (!$b_ok) { SendAlert(GetMessage(MSG_SAVE_FILE,array( "FILE" => $s_srce, "DEST" => $s_dest, "ERR" => $s_error ))); return (false); } // // ignore chmod fails (other than reporting them) // if (Settings::get('FILE_MODE') != 0 && !chmod($s_dest,Settings::get('FILE_MODE'))) { SendAlert(GetMessage(MSG_CHMOD,array( "FILE" => $s_dest, "MODE" => Settings::get('FILE_MODE'), "ERR" => $s_error ))); } return (true); } // // Save all uploaded files to the repository directory. // function SaveAllFilesToRepository() { global $aFileVars; if (!Settings::get('FILEUPLOADS') || Settings::get('FILE_REPOSITORY') === "") // // nothing to do // { return (true); } foreach ($aFileVars as $m_file_key => $a_upload) { // // One customer reported: // Possible file upload attack detected: name='' temp name='none' // on PHP 4.1.2 on RAQ4. // So, we now also test for "name". // if (!isset($a_upload["tmp_name"]) || empty($a_upload["tmp_name"]) || !isset($a_upload["name"]) || empty($a_upload["name"]) ) { continue; } if (isset($a_upload["in_repository"]) && $a_upload["in_repository"]) // // already saved // { continue; } if (!FieldManager::IsUploadedFile($a_upload)) { SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload["name"], "TEMP" => $a_upload["tmp_name"], "FLD" => $m_file_key ))); continue; } if (!SaveFileInRepository($aFileVars[$m_file_key])) { return (false); } // // Now the file has been saved in the repository, make // the field persistent through all further processing // (e.g. all movements in a multi-page form) // if (IsSetSession("FormSavedFiles")) { $a_saved_files = GetSession("FormSavedFiles"); } else { $a_saved_files = array(); } $a_saved_files["repository_" . $m_file_key] = $aFileVars[$m_file_key]; SetSession("FormSavedFiles",$a_saved_files); } return (true); } // // Delete an uploaded file from the repository directory. // For security reasons, only the field name can be used. This // uniquely identifies an uploaded file by this form process. // function DeleteFileFromRepository($s_fld) { global $aFileVars; if (!Settings::get('FILEUPLOADS') || Settings::get('FILE_REPOSITORY') === "") // // nothing to do // { return (false); } if (($a_upload = GetFileInfo($s_fld)) === false) { return (false); } if (isset($a_upload["in_repository"]) && $a_upload["in_repository"]) { if (isset($a_upload["saved_as"]) && !empty($a_upload["saved_as"])) { @unlink($a_upload["saved_as"]); } } DeleteFileInfo($s_fld); return (true); } // // Save an uploaded file for later processing. // function SaveUploadedFile(&$a_file_spec,$s_prefix) { global $php_errormsg; FMDebug("SaveUploadedFile"); $s_dest = GetScratchPadFile($s_prefix); if (!move_uploaded_file($a_file_spec["tmp_name"],$s_dest)) { SendAlert(GetMessage(MSG_SAVE_FILE,array( "FILE" => $a_file_spec["tmp_name"], "DEST" => $s_dest, "ERR" => $php_errormsg ))); return (false); } $a_file_spec["saved_as"] = $s_dest; $a_file_spec["moved"] = true; return (true); } // // Remove old files from the scratchpad directory. // function CleanScratchPad($s_prefix = "") { global $lNow; global $php_errormsg; if (Settings::isEmpty('SCRATCH_PAD')) // // no scratchpad to cleanup! // { return; } if (Settings::get('CLEANUP_TIME') <= 0) // // cleanup disabled // { return; } // // compute chance of cleanup // if (Settings::get('CLEANUP_CHANCE') < 100) { $i_rand = mt_rand(1,100); if ($i_rand > Settings::get('CLEANUP_CHANCE')) { return; } } if (($f_dir = @opendir(Settings::get('SCRATCH_PAD'))) === false) { Error("open_scratch_pad",GetMessage(MSG_OPEN_SCRATCH_PAD,array( "DIR" => Settings::get('SCRATCH_PAD'), "ERR" => $php_errormsg )), false,false); return; } $i_len = strlen($s_prefix); while (($s_file = readdir($f_dir)) !== false) { $s_path = Settings::get('SCRATCH_PAD') . "/" . $s_file; if (is_file($s_path) && ($i_len == 0 || substr($s_file,0,$i_len) == $s_prefix)) { if (($a_stat = @stat($s_path)) !== false) { if (isset($a_stat['mtime'])) { $l_time = $a_stat['mtime']; } else { $l_time = $a_stat[9]; } if (($lNow - $l_time) / 60 >= Settings::get('CLEANUP_TIME')) { @unlink($s_path); } } } } closedir($f_dir); } // // Save all uploaded files for later processing. // function SaveAllUploadedFiles(&$a_file_vars) { global $php_errormsg; $s_prefix = "UPLD"; if (Settings::isEmpty('SCRATCH_PAD')) { Error("need_scratch_pad",GetMessage(MSG_NEED_SCRATCH_PAD),false,false); return (false); } // // remove old uploaded files that have not been moved out. // CleanScratchPad($s_prefix); foreach (array_keys($a_file_vars) as $m_file_key) { $a_upload = &$a_file_vars[$m_file_key]; // // One customer reported: // Possible file upload attack detected: name='' temp name='none' // on PHP 4.1.2 on RAQ4. // So, we now also test for "name". // if (!isset($a_upload["tmp_name"]) || empty($a_upload["tmp_name"]) || !isset($a_upload["name"]) || empty($a_upload["name"]) ) { continue; } // // ensure we don't move the file more than once // if (!isset($a_upload["saved_as"]) || empty($a_upload["saved_as"])) { if (!FieldManager::IsUploadedFile($a_upload)) { SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload["name"], "TEMP" => $a_upload["tmp_name"], "FLD" => $m_file_key ))); } elseif (!SaveUploadedFile($a_upload,$s_prefix)) { return (false); } } } return (true); } // // Attach a file to the body of a MIME formatted email. $a_lines is the // current body, and is modified to include the file. // $a_file_spec must have the following values (just like an uploaded // file specification): // name the name of the file // type the mime type // tmp_name the name of the temporary file // size the size of the temporary file // // Alternatively, you supply the following instead of tmp_name and size: // data the data to attach // function AttachFile(&$a_lines,$s_att_boundary,$a_file_spec,$s_charset,$b_remove = true) { $a_lines[] = "--$s_att_boundary" . Settings::get('HEAD_CRLF'); // // if a replacement name has been specified, use that, otherwise // use the original name // if (isset($a_file_spec["new_name"])) { $s_file_name = $a_file_spec["new_name"]; } else { $s_file_name = $a_file_spec["name"]; } $s_file_name = str_replace('"','',$s_file_name); $s_mime_type = $a_file_spec["type"]; // // The following says that the data is encoded in // base64 and is an attachment and that once decoded the // character set of the decoded data is $s_charset. // (See RFC 1521 Section 5.) // $a_lines[] = "Content-Type: $s_mime_type; name=\"$s_file_name\"; charset=$s_charset" . Settings::get('HEAD_CRLF'); $a_lines[] = "Content-Transfer-Encoding: base64" . Settings::get('HEAD_CRLF'); $a_lines[] = "Content-Disposition: attachment; filename=\"$s_file_name\"" . Settings::get('HEAD_CRLF'); $a_lines[] = Settings::get('HEAD_CRLF'); // blank line if (isset($a_file_spec["tmp_name"]) && isset($a_file_spec["size"])) { $s_srce = $a_file_spec["tmp_name"]; // // check if the file has been saved elsewhere // if (isset($a_file_spec["saved_as"]) && !empty($a_file_spec["saved_as"])) { $s_srce = $a_file_spec["saved_as"]; } FMDebug("AttachFile: $s_srce"); return (AddFile($a_lines,$s_srce,$a_file_spec["size"],$b_remove)); } if (!isset($a_file_spec["data"])) { SendAlert(GetMessage(MSG_ATTACH_DATA)); return (false); } return (AddData($a_lines,$a_file_spec["data"])); } // // Reformat the email to be in MIME format. // Process file attachments and and fill out any // specified HTML template. // function MakeMimeMail(&$s_body,&$a_headers,$a_raw_fields,$s_template = "", $s_missing = NULL,$b_no_plain = false, $s_filter = "",$a_file_vars = array(), $a_attach_spec = array(),$b_process_template = true) { global $FM_VERS; global $SPECIAL_VALUES; $s_charset = GetMailOption("CharSet"); if (!isset($s_charset)) { $s_charset = "ISO-8859-1"; } $b_att = $b_html = false; $b_got_filter = (isset($s_filter) && !empty($s_filter)); if (isset($s_template) && !empty($s_template)) { $b_html = true; } if (count($a_file_vars) > 0) { if (!Settings::get('FILEUPLOADS')) { SendAlert(GetMessage(MSG_FILE_UPLOAD)); // // if storing files in the server repository, don't attach // unless the mail_options insist // } elseif (Settings::get('FILE_REPOSITORY') === "" || IsMailOptionSet("AlwaysEmailFiles")) { foreach ($a_file_vars as $a_upload) { // // One customer reported: // Possible file upload attack detected: name='' temp name='none' // on PHP 4.1.2 on RAQ4. // So, we now also test for "name". // if (isset($a_upload["tmp_name"]) && !empty($a_upload["tmp_name"]) && isset($a_upload["name"]) && !empty($a_upload["name"]) ) { $b_att = true; break; } } } } // // check for an internally-generated attachment // if (isset($a_attach_spec["Data"])) { $b_att = true; } $s_uniq = md5($s_body); $s_body_boundary = "BODY$s_uniq"; $s_att_boundary = "PART$s_uniq"; $a_headers['MIME-Version'] = "1.0 (produced by FormMail $FM_VERS from www.tectite.com)"; // // if the filter strips formatting, then we'll only have plain text // to send, even after the template has been used // if ($b_got_filter && IsFilterAttribSet($s_filter,"Strips")) // // no HTML if the filter strips the formatting // { $b_html = false; } $a_new = array(); if ($b_att) { $a_headers['Content-Type'] = "multipart/mixed; boundary=\"$s_att_boundary\""; MimePreamble($a_new); // // add the body of the email // $a_new[] = "--$s_att_boundary" . Settings::get('HEAD_CRLF'); if ($b_html) { $a_lines = $a_local_headers = array(); if (!HTMLMail($a_lines,$a_local_headers,$s_body,$s_template, $s_missing,($b_got_filter) ? $s_filter : "", $s_body_boundary,$a_raw_fields,$b_no_plain, $b_process_template) ) { return (false); } $a_new = array_merge($a_new,ExpandMailHeadersArray($a_local_headers)); $a_new[] = Settings::get('HEAD_CRLF'); // blank line after header $a_new = array_merge($a_new,$a_lines); } else { $a_new[] = "Content-Type: text/plain; charset=$s_charset" . Settings::get('HEAD_CRLF'); $a_new[] = Settings::get('HEAD_CRLF'); // blank line // // treat the body like one line, even though it isn't // $a_new[] = $s_body; } // // now add the attachments or save to the $FILE_REPOSITORY // if (Settings::get('FILEUPLOADS') && (Settings::get('FILE_REPOSITORY') === "" || IsMailOptionSet("AlwaysEmailFiles")) ) { foreach ($a_file_vars as $m_file_key => $a_upload) { // // One customer reported: // Possible file upload attack detected: name='' temp name='none' // on PHP 4.1.2 on RAQ4. // So, we now also test for "name". // if (!isset($a_upload["tmp_name"]) || empty($a_upload["tmp_name"]) || !isset($a_upload["name"]) || empty($a_upload["name"]) ) { continue; } if (!FieldManager::IsUploadedFile($a_upload)) { SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload["name"], "TEMP" => $a_upload["tmp_name"], "FLD" => $m_file_key ))); continue; } if (Settings::get('MAX_FILE_UPLOAD_SIZE') != 0 && $a_upload["size"] > Settings::get('MAX_FILE_UPLOAD_SIZE') * 1024 ) { UserError("upload_size",GetMessage(MSG_FILE_UPLOAD_SIZE, array("NAME" => $a_upload["name"], "SIZE" => $a_upload["size"], "MAX" => Settings::get('MAX_FILE_UPLOAD_SIZE') ))); } if (!AttachFile($a_new,$s_att_boundary,$a_upload,$s_charset, Settings::get('FILE_REPOSITORY') === "") ) { return (false); } } } if (isset($a_attach_spec["Data"])) { // // build a specification similar to a file upload // $a_file_spec["name"] = isset($a_attach_spec["Name"]) ? $a_attach_spec["Name"] : "attachment.dat"; $a_file_spec["type"] = isset($a_attach_spec["MIME"]) ? $a_attach_spec["MIME"] : "text/plain"; $a_file_spec["data"] = $a_attach_spec["Data"]; if (!AttachFile($a_new,$s_att_boundary,$a_file_spec, isset($a_attach_spec["CharSet"]) ? $a_attach_spec["CharSet"] : $s_charset) ) { return (false); } } $a_new[] = "--$s_att_boundary--" . Settings::get('HEAD_CRLF'); // the end $a_new[] = Settings::get('HEAD_CRLF'); // blank line } elseif ($b_html) { if (!HTMLMail($a_new,$a_headers,$s_body,$s_template, $s_missing,($b_got_filter) ? $s_filter : "", $s_body_boundary,$a_raw_fields,$b_no_plain, $b_process_template) ) { return (false); } } else { $a_headers['Content-Type'] = SafeHeader("text/plain; charset=$s_charset"); // // treat the body like one line, even though it isn't // $a_new[] = $s_body; } $s_body = JoinLines(Settings::get('BODY_LF'),$a_new); return (true); } // // to make a From line for the email // function MakeFromLine($s_email,$s_name) { $s_style = GetMailOption("FromLineStyle"); $s_line = ""; if (!isset($s_style)) { $s_style = ""; } // // the following From line styles are in accordance with RFC 822 // switch ($s_style) { default: case "": case "default": case "AddrSpecName": // // this is the original From line style that FormMail produced // e.g. // jack@nowhere.com (Jack Smith) // this is an addr-spec with a trailing comment with the name // if (!empty($s_email)) { $s_line .= SafeHeaderEmail($s_email) . " "; } if (!empty($s_name)) { $s_line .= "(" . SafeHeaderComment(EncodeHeaderText($s_name)) . ")"; } break; case "NameAddrSpec": // // email address as an addr-spec preceded by a comment with the name // e.g. // (Jack Smith) jack@nowhere.com // if (!empty($s_name)) { $s_line .= "(" . SafeHeaderComment(EncodeHeaderText($s_name)) . ") "; } if (!empty($s_email)) { $s_line .= SafeHeaderEmail($s_email); } break; case "RouteAddr": // // just the email address as a route-addr // e.g. // // if (!empty($s_email)) { $s_line .= "<" . SafeHeaderEmail($s_email) . ">"; } break; case "QuotedNameRouteAddr": // // email address as a route-addr preceded // by the name of the user as a quoted string // e.g. // "Jack Smith" // if (!empty($s_name)) { $s_line .= '"' . SafeHeaderQString(EncodeHeaderText($s_name)) . '" '; } if (!empty($s_email)) { $s_line .= "<" . SafeHeaderEmail($s_email) . ">"; } break; case "NameRouteAddr": // // email address as a route-addr preceded // by the name of the user as words // e.g. // Jack Smith // if (!empty($s_name)) { $s_line .= SafeHeaderWords(EncodeHeaderText($s_name)) . ' '; } if (!empty($s_email)) { $s_line .= "<" . SafeHeaderEmail($s_email) . ">"; } break; } return ($s_line); } // // Return two sets of plain text output: the filtered fields and the // non-filtered fields. // function GetFilteredOutput($a_fld_order,$a_clean_fields,$s_filter,$a_filter_list) { // // find the non-filtered fields and make unfiltered text from them // $a_unfiltered_list = array(); $n_flds = count($a_fld_order); for ($ii = 0 ; $ii < $n_flds ; $ii++) { if (!in_array($a_fld_order[$ii],$a_filter_list)) { $a_unfiltered_list[] = $a_fld_order[$ii]; } } $s_unfiltered_results = MakeFieldOutput($a_unfiltered_list,$a_clean_fields); // // filter the specified fields only // $s_filtered_results = MakeFieldOutput($a_filter_list,$a_clean_fields); $s_filtered_results = Filter($s_filter,$s_filtered_results); return (array($s_unfiltered_results,$s_filtered_results)); } // // Make a plain text email body // function MakePlainEmail($a_fld_order,$a_clean_fields, $s_to,$s_cc,$s_bcc,$a_raw_fields,$s_filter,$a_filter_list) { global $SPECIAL_VALUES; $s_unfiltered_results = $s_filtered_results = ""; $b_got_filter = (isset($s_filter) && !empty($s_filter)); if ($b_got_filter) { if (isset($a_filter_list) && count($a_filter_list) > 0) { $b_limited_filter = true; } else { $b_limited_filter = false; } } $b_used_template = false; if (IsMailOptionSet("PlainTemplate")) { $s_template = GetMailOption("PlainTemplate"); if (ProcessTemplate($s_template,$a_lines,$a_raw_fields,GetMailOption('TemplateMissing'), 'SubstituteValuePlain') ) { $b_used_template = true; $s_unfiltered_results = implode(Settings::get('BODY_LF'),$a_lines); if ($b_got_filter) { // // with a limited filter, the template goes unfiltered // and the named fields get filtered // if ($b_limited_filter) { list ($s_discard,$s_filtered_results) = GetFilteredOutput($a_fld_order, $a_clean_fields, $s_filter,$a_filter_list); } else { $s_filtered_results = Filter($s_filter,$s_unfiltered_results); $s_unfiltered_results = ""; } } } } if (!$b_used_template) { $res_hdr = ""; if (IsMailOptionSet("DupHeader")) { // // write some standard mail headers // $res_hdr = "To: $s_to" . Settings::get('BODY_LF'); if (!empty($s_cc)) { $res_hdr .= "Cc: $s_cc" . Settings::get('BODY_LF'); } if (!empty($SPECIAL_VALUES["email"])) { $res_hdr .= "From: " . MakeFromLine($SPECIAL_VALUES["email"], $SPECIAL_VALUES["realname"]) . Settings::get('BODY_LF'); } $res_hdr .= Settings::get('BODY_LF'); if (IsMailOptionSet("StartLine")) { $res_hdr .= "--START--" . Settings::get('BODY_LF'); } // signals the beginning of the text to filter } // // put the realname and the email address at the top of the results // (if not excluded) // if (!IsMailExcluded("realname")) { array_unshift($a_fld_order,"realname"); $a_clean_fields["realname"] = $SPECIAL_VALUES["realname"]; } if (!IsMailExcluded("email")) { array_unshift($a_fld_order,"email"); $a_clean_fields["email"] = $SPECIAL_VALUES["email"]; } if ($b_got_filter) { if ($b_limited_filter) { list($s_unfiltered_results,$s_filtered_results) = GetFilteredOutput($a_fld_order,$a_clean_fields, $s_filter,$a_filter_list); } else { // // make text output and filter it (filter all fields) // $s_filtered_results = MakeFieldOutput($a_fld_order,$a_clean_fields); $s_filtered_results = Filter($s_filter,$s_filtered_results); } } else { //SendAlert("There are ".count($a_fld_order)." fields in the order array"); //SendAlert("Here is the clean fields array:\r\n".var_export($a_clean_fields,true)); $s_unfiltered_results = MakeFieldOutput($a_fld_order,$a_clean_fields); } $s_unfiltered_results = $res_hdr . $s_unfiltered_results; } $s_results = $s_unfiltered_results; if ($b_got_filter && !empty($s_filtered_results)) { if (!empty($s_results)) { $s_results .= Settings::get('BODY_LF'); } $s_results .= $s_filtered_results; } // // append the environment variables report // if (isset($SPECIAL_VALUES["env_report"]) && !empty($SPECIAL_VALUES["env_report"])) { $s_results .= Settings::get('BODY_LF') . "==================================" . Settings::get('BODY_LF'); $s_results .= Settings::get('BODY_LF') . GetEnvVars(TrimArray(explode(",",$SPECIAL_VALUES["env_report"])), Settings::get('BODY_LF')); } return (array($s_results,$s_unfiltered_results,$s_filtered_results)); } // // Return the list of fields to be filtered, FALSE if no list provided. // function GetFilterList($b_file_fields) { global $SPECIAL_VALUES; // // no filter means no list of fields // if (!empty($SPECIAL_VALUES["filter"])) { if ($b_file_fields) { if (isset($SPECIAL_VALUES["filter_files"]) && !empty($SPECIAL_VALUES["filter_files"])) { return (TrimArray(explode(",",$SPECIAL_VALUES["filter_files"]))); } } else { if (isset($SPECIAL_VALUES["filter_fields"]) && !empty($SPECIAL_VALUES["filter_fields"])) { return (TrimArray(explode(",",$SPECIAL_VALUES["filter_fields"]))); } } } return (false); } /* * Function: GetFilterSpec * Parameters: $s_filter returns the filter name * $m_filter_list returns the list of fields to filter (an array) * or is set to false if there is no filter list * $b_file_fields if true, return file fields, otherwise return non-file fields * Returns: bool true if filtering a list of fields of the specified type * Description: * Checks whether the form has specified to filter a list of * fields of the specified type (file fields or non-file fields). */ function GetFilterSpec(&$s_filter,&$m_filter_list,$b_file_fields = false) { global $SPECIAL_VALUES; if (isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"])) { $s_filter = $SPECIAL_VALUES["filter"]; $m_filter_list = GetFilterList($b_file_fields); return (true); } return (false); } // // send the given results to the given email addresses // function SendResults($a_fld_order,$a_clean_fields,$s_to,$s_cc,$s_bcc,$a_raw_fields) { global $SPECIAL_VALUES,$aFileVars,$ValidEmails; // // check for a filter and how to use it // $b_filter_attach = false; $a_attach_spec = array(); $s_filter = ""; $a_filter_list = array(); if ($b_got_filter = GetFilterSpec($s_filter,$a_filter_list)) { if ($a_filter_list === false) { // // not a limited filter, so filter all fields // $b_limited_filter = false; $a_filter_list = array(); } else { $b_limited_filter = true; } FMDebug("SendResults: got filter '$s_filter', limited=$b_limited_filter"); $s_filter_attach_name = GetFilterOption("Attach"); if (isset($s_filter_attach_name)) { if (!is_string($s_filter_attach_name) || empty($s_filter_attach_name)) { SendAlert(GetMessage(MSG_ATTACH_NAME)); } else { $b_filter_attach = true; $a_attach_spec = array("Name" => $s_filter_attach_name); if (($s_mime = GetFilterAttrib($s_filter,"MIME")) !== false) { $a_attach_spec["MIME"] = $s_mime; } // // Regarding the character set... // A filter will not generally change the character set // of the message, however, if it does, then we // provide that information to the MIME encoder. // Remember: this character set specification refers // to the data *after* the effect of the filter // has been reversed (e.g. an encrypted message // in UTF-8 is in UTF-8 when it is decrypted). // if (($s_cset = GetFilterAttrib($s_filter,"CharSet")) !== false) { $a_attach_spec["CharSet"] = $s_cset; } } } } // // check the need for MIME formatted mail // $b_mime_mail = (IsMailOptionSet("HTMLTemplate") || count($aFileVars) > 0 || $b_filter_attach); // // create the email header lines - CC, BCC, From, and Reply-To // $a_headers = array(); if (!empty($s_cc)) { $a_headers['Cc'] = SafeHeader($s_cc); } if (!empty($SPECIAL_VALUES["replyto"])) { // // expand replyto list // CheckEmailAddress($SPECIAL_VALUES["replyto"],$s_list,$s_invalid,false); if (!empty($s_list)) { $a_headers['Reply-To'] = SafeHeader($s_list); } } if (!empty($s_bcc)) { $a_headers['Bcc'] = SafeHeader($s_bcc); } // // create the From address // // Some servers won't let you set the email address to the // submitter of the form. Therefore, use FromAddr if it's been // specified to set the sender and the "From" address. // $s_sender = GetMailOption("FromAddr"); if (!isset($s_sender)) { $s_sender = ""; if (!empty($SPECIAL_VALUES["email"])) { $a_headers['From'] = MakeFromLine($SPECIAL_VALUES["email"], $SPECIAL_VALUES["realname"]); } } elseif ($s_sender !== "") { $s_sender = UnMangle($s_sender); if ($ValidEmails->CheckAddress($s_sender)) { $s_sender = $a_headers['From'] = SafeHeader($s_sender); } else { SendAlert(GetMessage(MSG_INVALID_SENDER,array("LOC" => "FromAddr in mail_options","EMAIL" => $s_sender))); $s_sender = ""; } } /* * Override sender if $FIXED_SENDER is set. */ if (Settings::get('FIXED_SENDER') !== "") { $s_sender = Settings::get('FIXED_SENDER'); } // // special case: if there is only one non-special string value, then // format it as an email (unless an option says not to) // $a_keys = array_keys($a_raw_fields); if (count($a_keys) == 1 && is_string($a_raw_fields[$a_keys[0]]) && !IsMailOptionSet("AlwaysList") && !IsMailOptionSet("DupHeader") ) { if (IsMailExcluded($a_keys[0])) { SendAlert("Exclusion of single field '" . $a_keys[0] . "' ignored"); } $s_value = $a_raw_fields[$a_keys[0]]; // // replace carriage return/linefeeds with
// $s_value = str_replace("\r\n",'
',$s_value); // // replace lone linefeeds with
// $s_value = str_replace("\n",'
',$s_value); // // remove lone carriage returns // $s_value = str_replace("\r","",$s_value); // // replace all control chars with
// $s_value = preg_replace('/[[:cntrl:]]+/','
',$s_value); // // strip HTML (note that all the
above will now be // replaced with BODY_LF) // $s_value = StripHTML($s_value,Settings::get('BODY_LF')); if ($b_mime_mail) { if ($b_got_filter) { // // filter the whole value (ignore filter_fields for this // special case) if a filter has been specified // $s_results = Filter($s_filter,$s_value); if ($b_filter_attach) { $a_attach_spec["Data"] = $s_results; // // KeepInLine keeps the filtered version inline as well // as an attachment // if (!IsFilterOptionSet("KeepInLine")) { $s_results = ""; } $s_filter = ""; // no more filtering } } else { $s_results = $s_value; } // // send this single value off to get formatted in a MIME // email // if (!MakeMimeMail($s_results,$a_headers,$a_raw_fields, GetMailOption('HTMLTemplate'), GetMailOption('TemplateMissing'), IsMailOptionSet("NoPlain"), $s_filter,$aFileVars,$a_attach_spec) ) { return (false); } } elseif ($b_got_filter) // // filter the whole value (ignore filter_fields for this special case) // if a filter has been specified // { $s_results = Filter($s_filter,$s_value); } else { $s_results = $s_value; if (IsMailOptionSet("CharSet")) // // sending plain text email, and the CharSet has been // specified; include a header // { $a_headers['Content-Type'] = "text/plain; charset=" . SafeHeader(GetMailOption("CharSet")); } } } else { if ($b_mime_mail) { // // get the plain text version of the email then send it // to get MIME formatted // list($s_results,$s_unfiltered_results,$s_filtered_results) = MakePlainEmail($a_fld_order,$a_clean_fields, $s_to,$s_cc,$s_bcc,$a_raw_fields,$s_filter, $a_filter_list); if ($b_filter_attach) { // // attached the filtered results // $a_attach_spec["Data"] = $s_filtered_results; // // KeepInLine keeps the filtered version inline as well // as an attachment // if (!IsFilterOptionSet("KeepInLine")) // // put the unfiltered results in the body of the message // { $s_results = $s_unfiltered_results; } $s_filter = ""; // no more filtering } if (!MakeMimeMail($s_results,$a_headers,$a_raw_fields, GetMailOption('HTMLTemplate'), GetMailOption('TemplateMissing'), IsMailOptionSet("NoPlain"), $s_filter,$aFileVars,$a_attach_spec) ) { return (false); } } else { list($s_results,$s_unfiltered_results,$s_filtered_results) = MakePlainEmail($a_fld_order,$a_clean_fields, $s_to,$s_cc,$s_bcc,$a_raw_fields,$s_filter, $a_filter_list); if (!$b_got_filter && IsMailOptionSet("CharSet")) // // sending plain text email, and the CharSet has been // specified; include a header // { $a_headers['Content-Type'] = "text/plain; charset=" . SafeHeader(GetMailOption("CharSet")); } } } // // now save uploaded files to the repository // if (Settings::get('FILEUPLOADS') && Settings::get('FILE_REPOSITORY') !== "") { if (!SaveAllFilesToRepository()) { return (false); } } // // send the mail - assumes the email addresses have already been checked // return (SendCheckedMail($s_to,$SPECIAL_VALUES["subject"],$s_results, $s_sender,$a_headers)); } // // append an entry to a log file // function WriteLog($log_file) { global $SPECIAL_VALUES,$php_errormsg; @ $log_fp = fopen($log_file,"a"); if ($log_fp === false) { SendAlert(GetMessage(MSG_FILE_OPEN_ERROR,array("NAME" => $log_file, "TYPE" => "log", "ERROR" => CheckString($php_errormsg) ))); return; } $date = gmdate("H:i:s d-M-y T"); $entry = $date . ":" . $SPECIAL_VALUES["email"] . "," . $SPECIAL_VALUES["realname"] . "," . $SPECIAL_VALUES["subject"] . "\n"; fwrite($log_fp,$entry); fclose($log_fp); } // // write the data to a comma-separated-values file // function WriteCSVFile($s_csv_file,$a_vars) { global $SPECIAL_VALUES; // // create an array of column values in the order specified // in $SPECIAL_VALUES["csvcolumns"] // $a_column_list = $SPECIAL_VALUES["csvcolumns"]; if (!isset($a_column_list) || empty($a_column_list) || !is_string($a_column_list)) { SendAlert(GetMessage(MSG_CSVCOLUMNS,array("VALUE" => $a_column_list))); return; } if (!isset($s_csv_file) || empty($s_csv_file) || !is_string($s_csv_file)) { SendAlert(GetMessage(MSG_CSVFILE,array("VALUE" => $s_csv_file))); return; } @ $fp = fopen($s_csv_file,"a" . Settings::get('CSVOPEN')); if ($fp === false) { SendAlert(GetMessage(MSG_FILE_OPEN_ERROR,array("NAME" => $s_csv_file, "TYPE" => "CSV", "ERROR" => CheckString($php_errormsg) ))); return; } // // convert the column list to an array, trim the names too // $a_column_list = TrimArray(explode(",",$a_column_list)); $n_columns = count($a_column_list); // // if the file is currently empty, put the column names in the first line // $b_heading = false; if (filesize($s_csv_file) == 0) { $b_heading = true; } $csv_format = new CSVFormat(); // // now configure the CSVFormat object // according to FormMail's configuration settings // $csv_format->SetQuote(Settings::get('CSVQUOTE')); $csv_format->SetEscPolicy("conv"); $csv_format->SetSep(Settings::get('CSVSEP')); $csv_format->SetIntSep(Settings::get('CSVINTSEP')); if (Settings::get('LIMITED_IMPORT')) { $csv_format->SetCleanFunc(function ($m_value) { return CleanValue($m_value); }); } $s_csv = $csv_format->MakeCSVRecord($a_column_list,$a_vars); if ($b_heading) { fwrite($fp,$csv_format->MakeHeading($a_column_list) . Settings::get('CSVLINE')); } fwrite($fp,$s_csv . Settings::get('CSVLINE')); fclose($fp); // CreatePage($debug); // FormMailExit(); } function CheckConfig() { $a_mesgs = array(); if (in_array("TARGET_EMAIL",Settings::get('CONFIG_CHECK'))) { // // $TARGET_EMAIL values should begin with ^ and end with $ // $a_target_email = Settings::get('TARGET_EMAIL'); for ($ii = 0 ; $ii < count($a_target_email) ; $ii++) { $s_pattern = $a_target_email[$ii]; if (substr($s_pattern,0,1) != '^') { $a_mesgs[] = GetMessage(MSG_TARG_EMAIL_PAT_START, array("PAT" => $s_pattern)); } if (substr($s_pattern,-1) != '$') { $a_mesgs[] = GetMessage(MSG_TARG_EMAIL_PAT_END, array("PAT" => $s_pattern)); } } } if (Settings::get('SET_SENDER_FROM_EMAIL')) { $a_mesgs[] = GetMessage(MSG_SET_SENDER_FROM_EMAIL); } if (count($a_mesgs) > 0) { SendAlert(GetMessage(MSG_CONFIG_WARN, array("MESGS" => implode("\n",$a_mesgs))),false,true); } } // // append an entry to the Auto Responder log file // function WriteARLog($s_to,$s_subj,$s_info) { global $aServerVars,$php_errormsg; if (Settings::isEmpty('LOGDIR') || Settings::isEmpty('AUTORESPONDLOG')) { return; } $log_file = Settings::get('LOGDIR') . "/" . Settings::get('AUTORESPONDLOG'); @ $log_fp = fopen($log_file,"a"); if ($log_fp === false) { SendAlert(GetMessage(MSG_FILE_OPEN_ERROR,array("NAME" => $log_file, "TYPE" => "log", "ERROR" => CheckString($php_errormsg) ))); return; } $a_entry = array(); $a_entry[] = gmdate("H:i:s d-M-y T"); // date/time in GMT $a_entry[] = $aServerVars['REMOTE_ADDR']; // remote IP address $a_entry[] = $s_to; // target email address $a_entry[] = $s_subj; // subject line $a_entry[] = $s_info; // information $s_log_entry = implode(",",$a_entry) . "\n"; fwrite($log_fp,$s_log_entry); fclose($log_fp); } /* * The main logic starts here.... */ // // First, a special case; if formmail.php is called like this: // http://.../formmail.php?testalert=1 // it sends a test message to the default alert address with some // information about your PHP version and the DOCUMENT_ROOT. // if (isset($aGetVars["testalert"])) { if ($aGetVars["testalert"] == Settings::get('TEST_PASSWORD')) { function ShowServerVar($s_name) { global $aServerVars; return (isset($aServerVars[$s_name]) ? $aServerVars[$s_name] : "-not set-"); } $sAlert = GetMessage(MSG_ALERT, array("LANG" => $sLangID, "PHPVERS" => $ExecEnv->getPHPVersionString(), "FM_VERS" => $FM_VERS, "SERVER" => (IsServerWindows() ? "Windows" : "non-Windows"), "DOCUMENT_ROOT" => ShowServerVar('DOCUMENT_ROOT'), "SCRIPT_FILENAME" => ShowServerVar('SCRIPT_FILENAME'), "PATH_TRANSLATED" => ShowServerVar('PATH_TRANSLATED'), "REAL_DOCUMENT_ROOT" => CheckString($REAL_DOCUMENT_ROOT), )); if (Settings::get('DEF_ALERT') == "") { echo "

" . GetMessage(MSG_NO_DEF_ALERT) . "

"; } elseif (SendAlert($sAlert,false,true)) { echo "

" . GetMessage(MSG_TEST_SENT) . "

"; } else { echo "

" . GetMessage(MSG_TEST_FAILED) . "

"; } FormMailExit(); } else { echo "

Wrong password for testalert!

"; FormMailExit(); } } if (isset($aGetVars["testlang"]) && $aGetVars["testlang"] == 1) { function ShowMessages() { global $aMessages,$sLangID,$aGetVars,$sHTMLCharSet; // // force message numbers on unless "mnums=no" // if (isset($aGetVars["mnums"]) && $aGetVars["mnums"] == "no") { Settings::set('bShowMesgNumbers',false); } else { Settings::set('bShowMesgNumbers',true); } LoadBuiltinLanguage(); $s_def_lang = $sLangID; $a_def_mesgs = $aMessages; LoadLanguageFile(); $s_active_lang = $sLangID; $a_active_mesgs = $aMessages; $a_list = get_defined_constants(); echo "\n"; echo "\n"; if (isset($sHTMLCharSet) && $sHTMLCharSet !== "") { echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; foreach ($a_list as $s_name => $i_value) { if (substr($s_name,0,4) == "MSG_") { // // some PHP constants begin with MSG_, so we try to skip them // too // switch ($s_name) { case "MSG_IPC_NOWAIT": case "MSG_EAGAIN": case "MSG_ENOMSG": case "MSG_NOERROR": case "MSG_EXCEPT": case "MSG_OOB": case "MSG_PEEK": case "MSG_DONTROUTE": case "MSG_EOR": continue 2; } if ($i_value >= 256) { continue; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; } } echo "

\n"; echo "Message Number"; echo "	\n"; echo "$s_def_lang"; echo "	\n"; echo "$s_active_lang"; echo "
\n"; echo "$s_name ($i_value)"; echo "	\n"; $aMessages = $a_def_mesgs; $s_def_msg = GetMessage((int)$i_value,array(),true,true); echo nl2br(htmlentities($s_def_msg)); // English - don't need // FixedHTMLEntities echo "	\n"; $aMessages = $a_active_mesgs; $s_act_msg = GetMessage((int)$i_value,array(),true,true); if ($s_def_msg == $s_act_msg) { echo "identical\n"; } else { echo nl2br(FixedHTMLEntities($s_act_msg)); } echo "

";
	 * print_r($aFormVars);
	 * print_r($aServerVars);
	 * echo "