<?php
function injected($data) {
return eregi("(bcc:|cc:|to:|subject:|from:)" , $data) ; // Look for bcc, cc, etc.
}
function valid_name($name) {
/* return eregi("^(([a-záàâäãåçéèêëíìîïñóòôöõúùûüßÿ])+ ?)+([a-záàâäãåçéèêëíìîïñóòôöõúùûüßÿ])* *$", $name) ; */
/* echo "-->$name<---" ; */
/* return eregi("^(([a-záàâäãåçéèêëíìîïñóòôöõúùûüßÿ])+(\-?|( ?)*))+$", $name) ; */
/* return eregi('^(([[:alpha:]])+(\-?|( ?)*))+$', $name) ; */
/* return ereg("^(\p{L&})+$\u", $name) ; */
/* return eregi("(.)*([][?/'\"0-9~`!@#$%^&*()_=+{}:;<>,\\])+(.)*$" , $name) ; */
/* This final regex is what I came up with. It was easier to test for invalid characters than for valid
characters, since I don't have preg() available. The diacritics above would fail. */
return eregi("^[^][?/'\"0-9~`!@#$%^&*()_=+{}:;<>,\\]+$" , $name) ;
}
$secret = "ok" ; // double secret decoder ring code word
$error = false ; // assume no errors.
$fn_class = "normal" ;
$ln_class = "normal" ;
$email_class = "normal" ;
if (isset($_POST['reset'])) {
foreach ($_POST as $key => $value) {
/* echo "key=$key => $value<br />" ; */
$_POST[$key] = "" ;
}
/* echo "in reset code<br/>" ; */
$fn_class = "normal" ;
$ln_class = "normal" ;
$email_class = "normal" ;
}
else if ( isset($_POST['submitted']) ) {
/* echo "Form Submitted<br/>" ; */
$first_name = trim($_POST['first_name']) ;
$last_name = trim($_POST['last_name']) ;
$email = trim($_POST['email']) ;
$message = trim(stripslashes(($_POST['message']))) ;
/** Do Validation.
*/
/** First & Last name validation. */
$first_name = trim($first_name) ;
$_POST['first_name'] = $first_name ;
$last_name = trim($last_name) ;
$_POST['last_name'] = $last_name ;
if (!valid_name($first_name)) { $fn_class = "error" ; $error = true ; }
if (!valid_name($last_name)) { $ln_class = "error" ; $error = true ; }
/** Email validation. */
if (!eregi("^([[:alnum:]]|_|\.|-)+@([[:alnum:]]|\.|-)+(\.)([a-z]{2,4})$", $email)) {
/* echo "<b>Invalid EMAIL address:</b> $email" ; */
$email_class = "error" ;
$error = true ;
}
/** Look for email injections. */
$spam = false ;
$table = "<table border='1'><tr><th>Form Field</th><th>Value</th><th>Valid?</th></tr>\n" ;
$rowdata = "" ;
foreach ($_POST as $key => $value ) {
$rowdata = "<tr><td>$key</td><td>$value</td>" ;
if (injected($value)) {
$spam = true ;
$rowdata .= "<td style='background:yellow;'>No" ;
}
else {
$rowdata .= "<td style='background:green;'>Yes" ;
}
$rowdata .= "</td></tr>\n" ;
if ($key!='secret') { $table .= $rowdata ; }
}
$table .= "</table><br/><br/>\n\n" ;
if ($spam) {
echo $table ;
$errtext = "Disallowed data exists in the form. Please remove anything that looks like an email header." ;
$errtext .= "<br/>\nBy the presence of this data, it appears you are attempting to spam using this mail server.<br/>" ;
$errtext .= "<br/>\n\nPress your browsers BACK button to continue, reset the form, and start over." ;
echo $errtext ;
die() ;
}
/** send the email if all is well */
if (!$error) {
$subject = "Todd's User Group Membership Confirmation" ;
$body = "Sign me up!\n" ;
$body .= "$first_name $last_name\n" ;
$body .= "email=$email\n" ;
$body .= "$message\n\n" ;
$body .= "Thanks!" ;
$add_headers = 'From: me@example.com' . "\r\n" ;
$add_headers .= 'Reply-To: me@example.com' . "\r\n" ;
$add_headers .= 'X-Mailer: PHP/' . phpversion() . "\r\n" ;
$info_sent = true ;
/* $result = mail ($email, $subject, $body, $add_headers) ; */
$confirm = "<html>\n" ;
$confirm .= "<head>\n" ;
$confirm .= "<title>Alert Page</title>\n" ;
$confirm .= "</head>\n" ;
$confirm .= "<body>\n" ;
$confirm .= "<p>Email not sent yet- still in development...<br/><br/>\n\n" ;
$confirm .= "headers=$add_headers<br/><br/>\n\nemail=$email<br/><br/>\n\nsubject=$subject<br/><br/>\n\nbody=$body\n" ;
$confirm .= "</p>\n</body>\n" ;
$confirm .= "</html>" ;
//print "<br>email (not really) sent: $result" ;
echo $confirm ;
die() ;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content Type" content="text/xhtml;charset=iso-8859-1" />
<title>Todd's User's Group</title>
<!-- link type="text/css" rel="stylesheet" media="screen" href="css/todds.css" / -->
<style>
.normal {
color: blue ;
}
p {
color: green ;
}
.fineprint {
font-size: .5em ;
}
.error {
color: red ;
}
</style>
</head>
<body BGCOLOR=#FFFFFF>
<div id="page">
<div id="myform">
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<fieldset>
<legend accesskey=F>Todd's Membership Form</legend>
<h3 class="normal">Join Today</he>
<p>Join Todd's User's Group and start receiving member
benefits immediately.</p>
<label class="<?php echo $fn_class ?>" for="first_name">First Name*</label><br />
<input name="first_name" type="text" size="25" id="first_name" value="<?php echo $_POST['first_name'] ?>" /><br />
<label class="<?php echo $ln_class ?>" for="last_name">Last Name*</label><br />
<input name="last_name" type="text" size="25" id="last_name" value="<?php echo $last_name ?>" /><br />
<label class="<?php echo $email_class ?>" for="email">Email*</label><br />
<input name="email" type="text" size="25" id="email" value="<?php echo $email ?>" /><br />
<INPUT type="radio" name="sex" value="Male"> Male<br />
<INPUT type="radio" name="sex" value="Female"> Female<br />
<label class="normal" for="message">Enter your comments or questions</label><br />
<textarea name="message" rows="6" cols="65" id="message"><?php echo $message ?></textarea><br />
<p class="fineprint">Your information will not be sold or shared with others.</p>
<input class="formButton" name="submitted" type="submit" value="Go" />
<input class="formButton" name="reset" type="submit" value="Reset Form" />
<input type="hidden" name="secret" value="<?php echo $secret ?>">
<p>Problems with this form? <a href="mailto:me@example.com">Email us</a>
</fieldset>
</form>
</div
<?php if ($error) {
echo "<p class='error'>Please correct the fields in error and resubmit.</p>" ;
} ?>
</div>
</body>
</html>