Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $_YEAR;
- class Config {
- public $CONFIG;
- public $parsed;
- public function __construct($file) {
- define('ON', '1');
- define('OFF', '2');
- define('AUTOMATIC', 'A');
- $this->CONFIG = parse_ini_file($file, true);
- }
- public function result() {
- return $this->CONFIG;
- }
- public function get($section, $field) {
- return $this->CONFIG[$section][$field];
- }
- public function parse($section, $field) {
- if(isset($this->parsed[$section]))
- if(isset($this->parsed[$section][$field]))
- return $this->parsed[$section][$field];
- else
- $this->parsed[$section] = array();
- $value = $this->CONFIG[$section][$field];
- switch($field) {
- case 'start':
- $match = array('',date('m'),date('d'),date('y'));
- preg_match('/^([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{2})$/', $value, $match);
- $value = max($now-3600*24*7, mktime(1,1,1,$match[1],$match[2],'20'.$match[3]));
- break;
- case 'table':
- if($value === 'A') {
- $year = max(date('y'), date('y', $this->parse('Range','start')));
- $value = $this->get('Database','prefix').$year;
- }
- break;
- }
- $this->parsed[$section][$field] = $value;
- return $value;
- }
- }
- class DateCode {
- public function unix($d) {
- global $_YEAR;
- return mktime(substr($d,4,2),0,0,substr($d,0,2),substr($d,2,2),$_YEAR);
- }
- }
- class DB {
- public function select($dbname) {
- $host = ("localhost");
- $dbuser = ("root");
- $dbpass = ("");
- $db = mysql_connect("$host", "$dbuser", "$dbpass") or die(mysql_error());
- mysql_select_db("$dbname",$db) or die(mysql_error());
- }
- public function QCount($table, $where=FALSE) {
- $query = "SELECT * FROM `".$table."`";
- if($where!==FALSE)
- $query .= " WHERE ".$where;
- $result = mysql_query($query);
- if($result)
- return mysql_num_rows($result);
- return FALSE;
- }
- public function Remove($table, $where) {
- $query = "DELETE FROM `".$table."` WHERE ".$where;
- return mysql_query($query);
- }
- public function Update($table, $set, $to, $where) {
- $query = "UPDATE `" . $table . "` SET `" . $set . "` = '" . $to . "' WHERE " . $where;
- $result = mysql_query($query);
- if(false !== $result)
- return mysql_affected_rows();
- else return false;
- }
- public function Insert($database, $table, $values, $error="Critical sytem error.") {
- $field = implode('`,`',array_keys($values));
- $value = implode("','",$values);
- $query = "INSERT INTO `".$database."`.`".$table."` (`".$field."`) VALUES('".$value."')";
- $result = mysql_query($query) or die($error);
- }
- }
- if(!isset($_COOKIE['who']) || !isset($_POST['code'])) {
- header('Location: /');
- exit;
- }
- $who = $_COOKIE['who'];
- $code = $_POST['code'];
- $fields = array(
- 'firstname' => '/^\s*[a-z\-]+( [a-z\.\-]+)?\s*$/i',
- 'lastname' => '/^\s*[a-z\-]+( [a-z\.\-]+)?\s*$/i',
- 'phone' => '/^1?[\.\- ]{0,3}\(?[2-9][0-9]{2}\)?[\.\- ]{0,3}[2-9][0-9]{2}[\.\- ]{0,3}[0-9]{4}([\.\- ]{0,3}[ext]{0,3}[0-9]{4})?$/',
- 'Email' => '/^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}$/i',
- );
- $accept = array();
- $reject = array();
- foreach($fields as $field => $regex) {
- if(!isset($_POST[$field]) || $_POST[$field] === '') {
- $user[] = '';
- $reject[] = 'no_'.$field;
- }
- else {
- $value = $_POST[$field];
- $user[] = preg_replace('/;/','',$value);
- if(preg_match($regex,$value))
- $accept[] = $field;
- else
- $reject[] = 'invalid_'.$field;
- }
- }
- setcookie('user',implode(';',$user));
- if(sizeof($reject) !== 0) {
- setcookie('fields',implode(';',$accept));
- setcookie('errors',implode(';',$reject));
- header('Location: /submit.'.$code);
- exit;
- }
- $ini = new Config('../config.ini');
- $_CONFIG = $ini->result();
- $_YEAR = date('Y', $ini->parse('Range','start'));
- $date = DateCode::unix($code);
- $confirmation = $_CONFIG['Confirm']['confirmation'];
- $email_sent = $_CONFIG['Confirm']['email_sent'];
- $automatic_email = $_CONFIG['Email']['automatic_email'];
- $php_path = $_CONFIG['Email']['php_path'];
- $subject = $_CONFIG['Email']['subject'];
- $body = $_CONFIG['Email']['body'];
- $key = FALSE;
- foreach($_CONFIG['Users']['name'] as $index => $user) {
- if($user == $who) {
- $key = $index;
- break;
- }
- }
- if($key === FALSE || !preg_match('/[0-9\.]+/',$_SERVER['REMOTE_ADDR']))
- die('Hacking attempt');
- $email = $_CONFIG['Users']['email'][$key];
- $password = $_CONFIG['Users']['password'][$key];
- $user_firstname = $_POST['firstname'];
- $user_lastname = $_POST['lastname'];
- $user_phone = $_POST['phone'];
- $user_email = $_POST['Email'];
- $user_comments = $_POST['comments'];
- $database = $ini->parse('Database','table');
- DB::select($database);
- $table = $who.'-avail';
- $where = "`DateId`='".$code."'";
- if(DB::QCount($table,$where) === 0) {
- readfile('./pages/error');
- exit;
- }
- if(DB::Remove($table,$where) === FALSE) {
- readfile('./page/error');
- exit;
- }
- if(DB::QCount($who.'-appts',$where) === FALSE) {
- readfile('./page/error');
- exit;
- }
- $user_phone = preg_replace('/^1?[\.\- ]{0,3}\(?([2-9][0-9]{2})\)?[\.\- ]{0,3}([2-9][0-9]{2})[\.\- ]{0,3}([0-9]{4})(?:[\.\- ]{0,3}[ext]{0,3}([0-9]{4}))?$/',
- '$1$2$3$4', $user_phone);
- $user_comments = preg_replace("/'/", "\\'", $user_comments);
- $insert = array(
- 'DateId' => $code,
- 'ip' => $_SERVER['REMOTE_ADDR'],
- 'email' => $user_email,
- 'firstname' => $user_firstname,
- 'lastname' => $user_lastname,
- 'phone' => $user_phone,
- 'comments' => $user_comments,
- 'date' => time(),
- );
- DB::Insert($database, $who.'-appts', $insert);
- $i = 0;
- $date_match = explode('.',date('n.j.jS.y.M.F.D.l.Y.g.a', $date));
- $replace = array(
- '/%who%/' => ucfirst($who),
- '/%email%/' => $user_email,
- '/%first%/' => $user_firstname,
- '/%last%/' => $user_lastname,
- '/%m%/' => $date_match[$i++],
- '/%d%/' => $date_match[$i++],
- '/%dd%/' => $date_match[$i++],
- '/%y%/' => $date_match[$i++],
- '/%month%/' => $date_match[$i++],
- '/%Month%/' => $date_match[$i++],
- '/%day%/' => $date_match[$i++],
- '/%Day%/' => $date_match[$i++],
- '/%[yY]ear%/' => $date_match[$i++],
- '/%hour%/' => $date_match[$i++],
- '/%ampm%/i' => $date_match[$i++],
- );
- $confirmation = preg_replace(array_keys($replace), $replace, $confirmation);
- $email_sent = preg_replace(array_keys($replace), $replace, $email_sent);
- if($automatic_email == TRUE) {
- require_once $php_path;
- $subject = preg_replace(array_keys($replace), $replace, $subject);
- $body = preg_replace(array_keys($replace), $replace, $body);
- $headers = array(
- 'From' => $email,
- 'To' => $user_firstname.' '.$user_lastname.' <'.$user_email.'>',
- 'Subject' => $subject,
- );
- $host = $_CONFIG['Email']['smtp'];
- $username = preg_replace('/[^<]*<([^>]+)>/','$1',$email);
- $smtp = Mail::factory('smtp', array(
- 'host' => $host,
- 'auth' => TRUE,
- 'username' => $username,
- 'password' => $password,
- ));
- $mail = @$smtp->send($user_email, $headers, $body);
- if(PEAR::isError($mail)) {
- $email_confirmation = $mail->getMessage();
- } else {
- $email_confirmation = $email_sent;
- }
- }
- echo '
- <html>
- <head>
- <title>Regalia & Associates CPAs</title>
- <style>
- body {
- background-color: darkSlateGray;
- font: 12pt Arial;
- }
- div {
- margin-left: 150px;
- margin-top: 30pt;
- border: 2px solid #A0A0A0;
- padding: 35px;
- background-color: beige;
- width: 500pt;
- padding-left: 10pt;
- padding-right: 10pt;
- padding-top: 10pt;
- padding-bottom: 15pt;
- }
- span {
- color: blue;
- margin-left: 5px;
- font: 15pt Arial;
- }
- </style></head><body>
- <div>
- '.$confirmation.'
- <br><br>
- '.$email_confirmation.'
- </div>
- </body>
- </html>';
Add Comment
Please, Sign In to add comment