Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if($_POST['step']==2){
- define("LOGIN_TIME_LIMIT", (60*20));
- //Test to see if Token was passed
- if ($_POST['tkn']!= $_SESSION['tkn']) {
- //see how these differ if the error is thrown
- //mikotondria3
- echo 'POST tkn is: '.$_POST['tkn'].'<br>';
- echo 'SESS tkn is: '.$_SESSION['tkn'];
- echo "Invalid data!";
- exit();
- }
- //Test for token expiration
- $token_age = time() - $_SESSION['tkn_time'];
- if ($token_age >= LOGIN_TIME_LIMIT) {
- echo "Timed out!";
- exit();
- }
- unset($_SESSION['tkn']);
- //EMAIL SETTINGS ---------------------------------
- $EmailTo = "chad@designracy.com";
- //------------------------------------------------
- $Subject = Trim(stripslashes($_POST['Subject']));
- $firstName = Trim(stripslashes($_POST['firstName']));
- $lastName = Trim(stripslashes($_POST['lastName']));
- $address = Trim(stripslashes($_POST['address']));
- $email = Trim(stripslashes($_POST['email']));
- $phoneNumber = Trim(stripslashes($_POST['phoneNumber']));
- $comments = Trim(stripslashes($_POST['comments']));
- $customerNumber = Trim(stripslashes($_POST['customerNumber']));
- $EmailFrom = $email;
- // prepare email body text
- $Body = "\nDate: ". date("F j, Y, g:i a");
- $Body .= "\n First Name: ";
- $Body .= $firstName;
- $Body .= "\n";
- $Body .= "Last Name: ";
- $Body .= $lastName;
- $Body .= "\n";
- $Body .= "Address: ";
- $Body .= $address;
- $Body .= "\n";
- $Body .= "Email: ";
- $Body .= $email;
- $Body .= "\n";
- $Body .= "Phone Number: ";
- $Body .= $phoneNumber;
- $Body .= "\n";
- $Body .= "Comments: ";
- $Body .= $comments;
- $Body .= "\n";
- $Body .= "Customer Number: ";
- $Body .= $customerNumber;
- sendEML($EmailTo, $Subject, $Body, $EmailFrom);
- }else{
- $token = md5(uniqid(rand(), TRUE));
- $_SESSION['tkn'] = $token;
- $_SESSION['tkn_time'] = time();
- }
- function sendEML($EmailTo, $Subject, $Body, $EmailFrom){
- $header_injection_attempts = array( "bcc:", "cc:", "to:", "content-type:", "mime-version:", "multipart/mixed", "content-transfer-encoding:");
- $email_body_lower = strtolower($Body);
- // innocent until proven guilty
- $injection_attempted = false;
- foreach($header_injection_attempts as $attempt){
- // check the email for each possible attempt
- if(strpos($email_body_lower, $attempt)!==false){
- // we found something bad being attempted
- $injection_attempted = true;
- // get out of the loop
- break;
- }
- }
- if($injection_attempted){
- // don't send the email
- print "There was an error with your submission.";
- } else {
- $spamErrorMessage = "No Website URLs permitted";
- if (preg_match("/http/i", "$Body")) {echo "$spamErrorMessage"; exit();}
- $headers = "From: <$EmailFrom>";
- $headers = preg_replace( "/[\n\r]+/", " ", $headers );
- $EmailTo = preg_replace( "/[\n\r]+/", " ", $EmailTo );
- $Subject = preg_replace( "/[\n\r]+/", " ", $Subject );
- // send email
- $success = mail($EmailTo, $Subject, $Body, $headers);
- // redirect to success page
- if (!$success){
- print "There was an error with your submission.";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement