API tools faq
paste
Guest User

Untitled

a guest
Sep 27th, 2011
148
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.91 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. if($_POST['step']==2){
  4.  
  5. define("LOGIN_TIME_LIMIT", (60*20));
  6.  
  7. //Test to see if Token was passed
  8. if ($_POST['tkn']!= $_SESSION['tkn']) {
  9. echo "Invalid data!";
  10. exit();
  11. }
  12. //Test for token expiration
  13. $token_age = time() - $_SESSION['tkn_time'];
  14. if ($token_age >= LOGIN_TIME_LIMIT) {
  15. echo "Timed out!";
  16. exit();
  17. }
  18. unset($_SESSION['tkn']);
  19.  
  20. //EMAIL SETTINGS ---------------------------------
  21. $EmailTo = "[email protected]";
  22. //------------------------------------------------
  23. $Subject = Trim(stripslashes($_POST['Subject']));
  24. $firstName = Trim(stripslashes($_POST['firstName']));
  25. $lastName = Trim(stripslashes($_POST['lastName']));
  26. $address = Trim(stripslashes($_POST['address']));
  27. $email = Trim(stripslashes($_POST['email']));
  28. $phoneNumber = Trim(stripslashes($_POST['phoneNumber']));
  29. $comments = Trim(stripslashes($_POST['comments']));
  30. $customerNumber = Trim(stripslashes($_POST['customerNumber']));
  31. $EmailFrom = $email;
  32.  
  33. // prepare email body text
  34. $Body = "\nDate: ". date("F j, Y, g:i a");
  35. $Body .= "\n First Name: ";
  36. $Body .= $firstName;
  37. $Body .= "\n";
  38. $Body .= "Last Name: ";
  39. $Body .= $lastName;
  40. $Body .= "\n";
  41. $Body .= "Address: ";
  42. $Body .= $address;
  43. $Body .= "\n";
  44. $Body .= "Email: ";
  45. $Body .= $email;
  46. $Body .= "\n";
  47. $Body .= "Phone Number: ";
  48. $Body .= $phoneNumber;
  49. $Body .= "\n";
  50. $Body .= "Comments: ";
  51. $Body .= $comments;
  52. $Body .= "\n";
  53. $Body .= "Customer Number: ";
  54. $Body .= $customerNumber;
  55.  
  56. sendEML($EmailTo, $Subject, $Body, $EmailFrom);
  57.  
  58. }else{
  59. $token = md5(uniqid(rand(), TRUE));
  60. $_SESSION['tkn'] = $token;
  61. $_SESSION['tkn_time'] = time();
  62. }
  63.  
  64. function sendEML($EmailTo, $Subject, $Body, $EmailFrom){
  65. $header_injection_attempts = array( "bcc:", "cc:", "to:", "content-type:", "mime-version:", "multipart/mixed", "content-transfer-encoding:");
  66. $email_body_lower = strtolower($Body);
  67. // innocent until proven guilty
  68. $injection_attempted = false;
  69. foreach($header_injection_attempts as $attempt){
  70. // check the email for each possible attempt
  71. if(strpos($email_body_lower, $attempt)!==false){
  72. // we found something bad being attempted
  73. $injection_attempted = true;
  74. // get out of the loop
  75. break;
  76. }
  77. }
  78. if($injection_attempted){
  79. // don't send the email
  80. print "There was an error with your submission.";
  81. } else {
  82. $spamErrorMessage = "No Website URLs permitted";
  83. if (preg_match("/http/i", "$Body")) {echo "$spamErrorMessage"; exit();}
  84.  
  85. $headers = "From: <$EmailFrom>";
  86. $headers = preg_replace( "/[\n\r]+/", " ", $headers );
  87. $EmailTo = preg_replace( "/[\n\r]+/", " ", $EmailTo );
  88. $Subject = preg_replace( "/[\n\r]+/", " ", $Subject );
  89.  
  90. // send email
  91. $success = mail($EmailTo, $Subject, $Body, $headers);
  92.  
  93. // redirect to success page
  94. if (!$success){
  95. print "There was an error with your submission.";
  96. }
  97. }
  98. }
  99. ?>
  100.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!