BellaBuffs-PHPMailer/contact.php

<?php
require_once('prefs.php');

$error_msg = null;
$result = null;

if ($_SERVER['REQUEST_METHOD'] == "POST") {
	if (isBot() !== false)
		$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'];

	// lets check a few things - not enough to trigger an error on their own, but worth assigning a spam score..
	// score quickly adds up therefore allowing genuine users with 'accidental' score through but cutting out real spam :)
	$points = (int)0;

	$badwords = file(SPAMWDS);

	foreach ($badwords as $word)
		if (
			strpos(strtolower($_POST['comments']), $word) !== false ||
			strpos(strtolower($_POST['name']), $word) !== false
		)
			$points += 2;

	if (strpos($_POST['comments'], "http://") !== false || strpos($_POST['comments'], "www.") !== false)
		$points += 2;
	if (isset($_POST['nojs']))
		$points += 1;
	if (preg_match("/(<.*>)/i", $_POST['comments']))
		$points += 2;
	if (strlen($_POST['name']) < 3)
		$points += 1;
	if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500))
		$points += 2;
	// end score assignments

	foreach($requiredFields as $field) {
		trim($_POST[$field]);

		if (!isset($_POST[$field]) || empty($_POST[$field]))
			$error_msg .= "Please fill in all the required fields and submit again.\r\n";
	}

	if (!preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name'])))
		$error_msg .= "The name field is required, and must not contain special characters.\r\n";
	if (!preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($_POST['email'])))
		$error_msg .= "The e-mail field is required, and must be a valid e-mail address.\r\n";
	if (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url']))
		$error_msg .= "Invalid website url.\r\n";

	if ($error_msg == NULL && $points <= $maxPoints) {
		$subject = "Contact form submission from ". $title;

		$message = "You received this e-mail message through your fanlisting: \n\n";
		foreach ($_POST as $key => $val) {
			$message .= ucwords($key) . ": " . clean($val) . "\r\n";
		}
		$message .= "\r\n";
		$message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
		$message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
		$message .= 'Points: '.$points;

		if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
			$headers = "From: {$admin_email}\n";
			$headers .= "Reply-To: {$_POST['email']}";
		} else {
			$headers = "From: {$title} <{$admin_email}>\n";
			$headers .= "Reply-To: {$_POST['email']}";
		}

		if (mail($admin_email,$subject,$message,$headers)) {
			$result = 'Your mail was successfully sent.';
			$disable = true;
		} else {
			$error_msg = 'Your mail could not be sent this time. ['.$points.']';
		}
	} else {
		if (empty($error_msg))
			$error_msg = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']';
	}
}
include_once('header.php');
?>
<h1>Contact Admin</h1>
<p>This form is for contacting the fanlisting owner only -- it is not to be used to join the fanlisting unless you have been directed to do so. (Name, e-mail and comments are required fields.)</p>

<?php
if ($error_msg != NULL)
	echo '<p class="error">ERROR: '. nl2br($error_msg) . "</p>";

if ($result != NULL)
	echo '<p class="success">'. $result . "</p>";
?>

<form action="contact.php" method="post">
<noscript>
	<p><input type="hidden" name="nojs" id="nojs" /></p>
</noscript>
<p>
	<label for="name">Name *</label><br /> <input type="text" id="name" name="name" value="<?php get_data("name"); ?>" /> <br />
	<label for="email">E-mail *</label><br /> <input type="text" id="email" name="email" value="<?php get_data("email"); ?>" /> <br />
	<label for="url">Website</label><br /> <input type="text" id="url" name="url" value="http://" /> <br />
	<label for="reason">Reason for contact</label><br /> <select name="reason" id="reason">
								<option value="affiliate-request">Affiliate Request</option>
								<option value="couldnt-join">Joining Problem</option>
								<option value="button-donation">Button Donation</option>
								<option value="other">Other</option>
	</select> <br />
	<label for="comments">Comments *</label><br /> <textarea name="comments" id="comments" rows="3" cols="25"><?php get_data("comments"); ?></textarea><br />
</p>
<p>
	<input type="submit" name="submit" id="submit" value="Send" <?php if (isset($disable) && $disable === true) echo ' disabled="disabled"'; ?> />
</p>
</form>

<?php include('footer.php'); ?>
version 2 in progress 2012-05-21 12:42:55 +00:00			`<?php`
			`require_once('prefs.php');`

			`$error_msg = null;`
			`$result = null;`

			`if ($_SERVER['REQUEST_METHOD'] == "POST") {`
			`if (isBot() !== false)`
			`$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'];`

			`// lets check a few things - not enough to trigger an error on their own, but worth assigning a spam score..`
			`// score quickly adds up therefore allowing genuine users with 'accidental' score through but cutting out real spam :)`
			`$points = (int)0;`

			`$badwords = file(SPAMWDS);`

			`foreach ($badwords as $word)`
			`if (`
			`strpos(strtolower($_POST['comments']), $word) !== false \|\|`
			`strpos(strtolower($_POST['name']), $word) !== false`
			`)`
			`$points += 2;`

			`if (strpos($_POST['comments'], "http://") !== false \|\| strpos($_POST['comments'], "www.") !== false)`
			`$points += 2;`
			`if (isset($_POST['nojs']))`
			`$points += 1;`
			`if (preg_match("/(<.*>)/i", $_POST['comments']))`
			`$points += 2;`
			`if (strlen($_POST['name']) < 3)`
			`$points += 1;`
			`if (strlen($_POST['comments']) < 15 \|\| strlen($_POST['comments'] > 1500))`
			`$points += 2;`
			`// end score assignments`

			`foreach($requiredFields as $field) {`
			`trim($_POST[$field]);`

			`if (!isset($_POST[$field]) \|\| empty($_POST[$field]))`
			`$error_msg .= "Please fill in all the required fields and submit again.\r\n";`
			`}`

			`if (!preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name'])))`
			`$error_msg .= "The name field is required, and must not contain special characters.\r\n";`
			`if (!preg_match('/^([a-z0-9])(([-a-z0-9._])([a-z0-9]))\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($_POST['email'])))`
			`$error_msg .= "The e-mail field is required, and must be a valid e-mail address.\r\n";`
			`if (!empty($_POST['url']) && !preg_match('/^(http\|https):\/\/(([A-Z0-9][A-Z0-9_-])(\.[A-Z0-9][A-Z0-9_-])+)(:(\d+))?\/?/i', $_POST['url']))`
			`$error_msg .= "Invalid website url.\r\n";`

			`if ($error_msg == NULL && $points <= $maxPoints) {`
			`$subject = "Contact form submission from ". $title;`

			`$message = "You received this e-mail message through your fanlisting: \n\n";`
			`foreach ($_POST as $key => $val) {`
			`$message .= ucwords($key) . ": " . clean($val) . "\r\n";`
			`}`
			`$message .= "\r\n";`
			`$message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";`
			`$message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";`
			`$message .= 'Points: '.$points;`

			`if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {`
			`$headers = "From: {$admin_email}\n";`
			`$headers .= "Reply-To: {$_POST['email']}";`
			`} else {`
			`$headers = "From: {$title} <{$admin_email}>\n";`
			`$headers .= "Reply-To: {$_POST['email']}";`
			`}`

			`if (mail($admin_email,$subject,$message,$headers)) {`
			`$result = 'Your mail was successfully sent.';`
			`$disable = true;`
			`} else {`
			`$error_msg = 'Your mail could not be sent this time. ['.$points.']';`
			`}`
			`} else {`
			`if (empty($error_msg))`
			`$error_msg = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']';`
			`}`
			`}`
			`include_once('header.php');`
			`?>`
			`<h1>Contact Admin</h1>`
			`<p>This form is for contacting the fanlisting owner only -- it is not to be used to join the fanlisting unless you have been directed to do so. (Name, e-mail and comments are required fields.)</p>`

			`<?php`
			`if ($error_msg != NULL)`
			`echo '<p class="error">ERROR: '. nl2br($error_msg) . "</p>";`

			`if ($result != NULL)`
			`echo '<p class="success">'. $result . "</p>";`
			`?>`

			`<form action="contact.php" method="post">`
			`<noscript>`
			`<p><input type="hidden" name="nojs" id="nojs" /></p>`
			`</noscript>`
			`<p>`
			`<label for="name">Name *</label><br /> <input type="text" id="name" name="name" value="<?php get_data("name"); ?>" /> <br />`
			`<label for="email">E-mail *</label><br /> <input type="text" id="email" name="email" value="<?php get_data("email"); ?>" /> <br />`
			`<label for="url">Website</label><br /> <input type="text" id="url" name="url" value="http://" /> <br />`
			`<label for="reason">Reason for contact</label><br /> <select name="reason" id="reason">`
			`<option value="affiliate-request">Affiliate Request</option>`
			`<option value="couldnt-join">Joining Problem</option>`
			`<option value="button-donation">Button Donation</option>`
			`<option value="other">Other</option>`
			`</select> <br />`
			`<label for="comments">Comments *</label><br /> <textarea name="comments" id="comments" rows="3" cols="25"><?php get_data("comments"); ?></textarea><br />`
			`</p>`
			`<p>`
			`<input type="submit" name="submit" id="submit" value="Send" <?php if (isset($disable) && $disable === true) echo ' disabled="disabled"'; ?> />`
			`</p>`
			`</form>`

			`<?php include('footer.php'); ?>`