<?phpsession_start();if($_POST['step']==2){ define("LOGIN_TIME_LIMIT",

1. <?php
2. session_start();
3. if($_POST['step']==2){
4.  
5. define("LOGIN_TIME_LIMIT", (60*20));
6.  
7. //Test to see if Token was passed
8. if ($_POST['tkn']!= $_SESSION['tkn']) {
9.  
10. //see how these differ if the error is thrown
11. //mikotondria3
12.  
13. echo 'POST tkn is: '.$_POST['tkn'].'<br>';
14. echo 'SESS tkn is: '.$_SESSION['tkn'];
15.  
16.  
17. echo "Invalid data!";
18. exit();
19. }
20. //Test for token expiration
21. $token_age = time() - $_SESSION['tkn_time'];
22. if ($token_age >= LOGIN_TIME_LIMIT) {
23. echo "Timed out!";
24. exit();
25. }
26. unset($_SESSION['tkn']);
27.  
28. //EMAIL SETTINGS ---------------------------------
29. $EmailTo = "chad@designracy.com";
30. //------------------------------------------------
31. $Subject = Trim(stripslashes($_POST['Subject']));
32. $firstName = Trim(stripslashes($_POST['firstName']));
33. $lastName = Trim(stripslashes($_POST['lastName']));
34. $address = Trim(stripslashes($_POST['address']));
35. $email = Trim(stripslashes($_POST['email']));
36. $phoneNumber = Trim(stripslashes($_POST['phoneNumber']));
37. $comments = Trim(stripslashes($_POST['comments']));
38. $customerNumber = Trim(stripslashes($_POST['customerNumber']));
39. $EmailFrom = $email;
40.  
41. // prepare email body text
42. $Body = "\nDate: ". date("F j, Y, g:i a");
43. $Body .= "\n First Name: ";
44. $Body .= $firstName;
45. $Body .= "\n";
46. $Body .= "Last Name: ";
47. $Body .= $lastName;
48. $Body .= "\n";
49. $Body .= "Address: ";
50. $Body .= $address;
51. $Body .= "\n";
52. $Body .= "Email: ";
53. $Body .= $email;
54. $Body .= "\n";
55. $Body .= "Phone Number: ";
56. $Body .= $phoneNumber;
57. $Body .= "\n";
58. $Body .= "Comments: ";
59. $Body .= $comments;
60. $Body .= "\n";
61. $Body .= "Customer Number: ";
62. $Body .= $customerNumber;
63.  
64. sendEML($EmailTo, $Subject, $Body, $EmailFrom);
65.  
66. }else{
67. $token = md5(uniqid(rand(), TRUE));
68. $_SESSION['tkn'] = $token;
69. $_SESSION['tkn_time'] = time();
70. }
71.  
72. function sendEML($EmailTo, $Subject, $Body, $EmailFrom){
73. $header_injection_attempts = array( "bcc:", "cc:", "to:", "content-type:", "mime-version:", "multipart/mixed", "content-transfer-encoding:");
74. $email_body_lower = strtolower($Body);
75. // innocent until proven guilty
76. $injection_attempted = false;
77. foreach($header_injection_attempts as $attempt){
78. // check the email for each possible attempt
79. if(strpos($email_body_lower, $attempt)!==false){
80. // we found something bad being attempted
81. $injection_attempted = true;
82. // get out of the loop
83. break;
84. }
85. }
86. if($injection_attempted){
87. // don't send the email
88. print "There was an error with your submission.";
89. } else {
90. $spamErrorMessage = "No Website URLs permitted";
91. if (preg_match("/http/i", "$Body")) {echo "$spamErrorMessage"; exit();}
92.  
93. $headers = "From: <$EmailFrom>";
94. $headers = preg_replace( "/[\n\r]+/", " ", $headers );
95. $EmailTo = preg_replace( "/[\n\r]+/", " ", $EmailTo );
96. $Subject = preg_replace( "/[\n\r]+/", " ", $Subject );
97.  
98. // send email
99. $success = mail($EmailTo, $Subject, $Body, $headers);
100.  
101. // redirect to success page
102. if (!$success){
103. print "There was an error with your submission.";
104. }
105. }
106. }
107. ?>
108.  
109.