From 8905de70ba2588202b45de9cec210dc53bf8bb09 Mon Sep 17 00:00:00 2001 From: Helen Chong <119173961+helenclx@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:32:28 +0800 Subject: [PATCH] Replace PHP mail() functions with PHPMailer script --- admin.php | 130 ++++++++++-------- contact.php | 46 ++++--- .../{config.example.php => config.php} | 0 join.php | 97 +++++++------ update.php | 63 +++++---- 5 files changed, 193 insertions(+), 143 deletions(-) rename contactform/{config.example.php => config.php} (100%) diff --git a/admin.php b/admin.php index e499345..3679211 100644 --- a/admin.php +++ b/admin.php @@ -1,5 +1,21 @@ setLanguage(CONTACTFORM_LANGUAGE); +$mail->SMTPDebug = CONTACTFORM_PHPMAILER_DEBUG_LEVEL; +$mail->isSMTP(); +$mail->Host = CONTACTFORM_SMTP_HOSTNAME; +$mail->SMTPAuth = true; +$mail->Username = CONTACTFORM_SMTP_USERNAME; +$mail->Password = CONTACTFORM_SMTP_PASSWORD; +$mail->SMTPSecure = CONTACTFORM_SMTP_ENCRYPTION; +$mail->Port = CONTACTFORM_SMTP_PORT; +$mail->CharSet = CONTACTFORM_MAIL_CHARSET; +$mail->Encoding = CONTACTFORM_MAIL_ENCODING; + if (isset($_COOKIE['bellabuffs'])) { if ($_COOKIE['bellabuffs'] == md5($admin_name.$admin_pass.$secret)) { if (isset($_GET['ap'])) { $page = $_GET['ap']; } else { $page = ""; } @@ -17,9 +33,9 @@ if (isset($_COOKIE['bellabuffs'])) { $pageurl = "admin.php?ap=manage_members"; $fileurl = "members.txt"; } - + echo "

Warning: Do not try to edit multiple members at once, do not try to approve and delete the same member.

"; - + $count = count($file); if ($count == 0) { echo '

No '.$wording.' members at this time.

Back to admin panel?

'; exit(include('footer.php')); } @@ -37,12 +53,12 @@ if (isset($_COOKIE['bellabuffs'])) { echo " "; } echo "

\n\n "; - + if (isset($_GET['page']) && is_numeric($_GET['page'])) $i = $perpage * ($_GET['page'] - 1); else $i = 0; - + $end = $i + $perpage; - + if ($end > $count) $end=$count; ?>
@@ -52,7 +68,7 @@ if (isset($_COOKIE['bellabuffs'])) { Fave"; } ?> Add'; ?> -$name "; if (isset($favefield) && $favefield == "yes") echo ""; - - if (isset($_GET['s']) && $_GET['s'] == "newbies") - echo ''; - + + if (isset($_GET['s']) && $_GET['s'] == "newbies") + echo ''; + echo ''; echo ''; echo "\r\n"; @@ -87,7 +103,7 @@ if (isset($_COOKIE['bellabuffs'])) { if (isset($_POST['appr']) && is_array($_POST['appr'])) { $newbies = file(NEWBIES); $approved = array(); - + foreach ($_POST['appr'] as $member => $value) { if (is_numeric($member) && array_key_exists($member, $newbies)) { $approved[] = $newbies[$member]; @@ -106,19 +122,21 @@ if (isset($_COOKIE['bellabuffs'])) { while ($i < $apprAmount) { list($name,$email,$dispemail,$url,$country,$fave) = preg_split("/,(?! )/",$approved[$i]); - $subject = "You have been approved at $title"; + // Recipients + $mail->setFrom($admin_email, $title); + $mail->addAddress(fixEmail($email), $name); + $mail->addReplyTo($admin_email); - $message = $approvalMsg; - $message .= "Name: {$name} \r\n"; - $message .= "Email: " . fixEmail($email) . " \r\n"; - $message .= "URL: {$url} \r\n"; - $message .= "Country: {$country} \r\n"; - if (isset($favefield) && $favefield == "yes") $message .= strip_tags($favetext) . ": {$fave} \r\n"; + $mail->Subject = "You have been approved at $title"; - if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) $headers = "From: $admin_email \n"; - else $headers = "From: $title <$admin_email> \n"; + $mail->Body = $approvalMsg; + $mail->Body .= "Name: {$name} \r\n"; + $mail->Body .= "Email: " . fixEmail($email) . " \r\n"; + $mail->Body .= "URL: {$url} \r\n"; + $mail->Body .= "Country: {$country} \r\n"; + if (isset($favefield) && $favefield == "yes") $mail->Body .= strip_tags($favetext) . ": {$fave} \r\n"; - mail(fixEmail($email),$subject,$message,$headers); + $mail->send(); $i++; } @@ -128,17 +146,17 @@ if (isset($_COOKIE['bellabuffs'])) { if ($defaultSort == "newest") { $newmembers = implode("", $approved) . "\r\n"; $olddata = file_get_contents(MEMBERS); - + $fp = fopen(MEMBERS, "w"); fwrite($fp, $newmembers); fclose($fp); - + $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); fwrite($fp, $olddata); fclose($fp); } elseif ($defaultSort == "oldest") { $newmembers = "\r\n" . implode("", $approved); - + $fp = fopen(MEMBERS, "a") or die ("Couldn't open members.txt"); fwrite($fp, $newmembers); fclose($fp); @@ -156,7 +174,7 @@ if (isset($_COOKIE['bellabuffs'])) { fwrite($fp, $update); fclose($fp); } - + blanklinefix(NEWBIES); blanklinefix(MEMBERS); @@ -164,12 +182,12 @@ if (isset($_COOKIE['bellabuffs'])) { } if (isset($_POST['del']) && is_array($_POST['del'])) { if (isset($_POST['fileloc'])) - $fileloc = basename($_POST['fileloc']); + $fileloc = basename($_POST['fileloc']); else exit; - + $members = file(MEMBERS); $newbies = file(NEWBIES); - + foreach ($_POST['del'] as $member => $file) { if (is_numeric($member)) { if ($fileloc == "newbies.txt" && array_key_exists($member, $newbies)) unset($newbies[$member]); @@ -177,18 +195,18 @@ if (isset($_COOKIE['bellabuffs'])) { } } if ($fileloc == "newbies.txt") $backlink = 'Delete other pending members?'; else $backlink = 'Delete other approved members?'; - + $members = implode("", $members); $newbies = implode("", $newbies); $fh = fopen(MEMBERS, "w"); fwrite($fh, $members); fclose($fh); - + $fb = fopen(NEWBIES, "w"); fwrite($fb, $newbies); fclose($fb); - + echo '

Member(s) deleted.

'; } echo '

Jump to: members / pending members

'; @@ -204,11 +222,11 @@ if (isset($_COOKIE['bellabuffs'])) { } elseif (!isset($_GET['file']) || $_GET['file'] == "" || !file_exists($_GET['file'])) { echo "

You didn't select a valid file.

"; include('footer.php'); - exit; + exit; } else { if (is_numeric($_GET['mem'])) $mem = $_GET['mem']; else exit("Oops, not a valid member number."); if (file_exists($_GET['file'])) $file = $_GET['file']; else exit("Oops, the important .txt files don't exist!"); - + $fh = fopen($file, "r"); while(!feof($fh)) { $content[] = fgets($fh, 4096); @@ -244,7 +262,7 @@ if (isset($_COOKIE['bellabuffs'])) { - +

The following word is now blacklisted:

\n\n

{$_POST['spamword']}

\n\n"; @@ -439,7 +457,7 @@ if (isset($_COOKIE['bellabuffs'])) {



- Yes + Yes No

@@ -454,12 +472,12 @@ if (isset($_COOKIE['bellabuffs'])) { echo "

The \"buttons\" directory does not exist and therefore the button could not be uploaded.

"; include('footer.php'); exit; - } + } if (empty($_FILES['file'])) { echo "

You did not choose an image to upload.

"; include('footer.php'); exit; - } + } if (getimagesize($_FILES['file']['tmp_name']) === FALSE) { echo "

That is not a valid image file.

"; include('footer.php'); @@ -658,10 +676,10 @@ if (isset($_COOKIE['bellabuffs'])) { } else { $filename = $clean['filename']; } - + $editedButton = $filename . "," . $clean['width'] . "," . $clean['height'] . "," . $clean['donated'] . "," . $clean['donatorname'] . "," . $clean['donatorurl'] . "\n"; - $button = $clean['buttonnum']; + $button = $clean['buttonnum']; $fh = fopen(BUTTONS, "r"); while(!feof($fh)) { @@ -685,7 +703,7 @@ if (isset($_COOKIE['bellabuffs'])) { ?>

Add New Update

If updates details is left blank, only a date will be shown.

- +



@@ -839,7 +857,7 @@ if (isset($_COOKIE['bellabuffs'])) { include('footer.php'); exit; } - + ?>

Name E-mail Website Country Edit Delete
$email $url $country" . str_replace('|', ',', $fave) . "edit
@@ -894,7 +912,7 @@ if (isset($_COOKIE['bellabuffs'])) { $filename = $clean['filename']; } $editedAff = $filename . "," . $clean['affName'] . "," . breakEmail($clean['affEmail']) . "," . $clean['affURL'] . "," . $clean['affSitename'] . "\n"; - $aff = $clean['affnum']; + $aff = $clean['affnum']; $fh = fopen(AFFILIATES, "r"); while(!feof($fh)) { @@ -918,22 +936,16 @@ if (isset($_COOKIE['bellabuffs'])) { if (isset($_GET['p']) && $_GET['p'] == "process") { foreach ($_POST as $key => $val) { $clean[$key] = stripslashes(trim($val)); - } - - $subject = "E-mail from the $FLsubject fanlisting"; - - if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { - $clean['to'] = str_replace('>', '', $clean['to']); - $clean['to'] = str_replace('<', '', $clean['to']); - - $headers = "From: $admin_email \n"; - $headers .= "Reply-To: $admin_email"; - } else { - $headers = "From: $title <$admin_email> \n"; - $headers .= "Reply-To: <$admin_email>"; } - if (mail($clean['to'],$subject,$clean['message'],$headers)) { + // Recipients + $mail->setFrom($admin_email, $title); + $mail->addAddress($clean['to']); + $mail->addReplyTo($admin_email); + + $mail->Subject = "E-mail from the $FLsubject fanlisting"; + + if ($mail->send()) { echo "

E-mail sent!

"; echo "

Back to admin panel?

"; } else { @@ -1005,7 +1017,7 @@ if (isset($_COOKIE['bellabuffs'])) {
Button Name Email URL Site Name Admin
Fave"; } ?> - + diff --git a/contact.php b/contact.php index b631e54..863f5c3 100644 --- a/contact.php +++ b/contact.php @@ -1,5 +1,7 @@ setLanguage(CONTACTFORM_LANGUAGE); + $mail->SMTPDebug = CONTACTFORM_PHPMAILER_DEBUG_LEVEL; + $mail->isSMTP(); + $mail->Host = CONTACTFORM_SMTP_HOSTNAME; + $mail->SMTPAuth = true; + $mail->Username = CONTACTFORM_SMTP_USERNAME; + $mail->Password = CONTACTFORM_SMTP_PASSWORD; + $mail->SMTPSecure = CONTACTFORM_SMTP_ENCRYPTION; + $mail->Port = CONTACTFORM_SMTP_PORT; + $mail->CharSet = CONTACTFORM_MAIL_CHARSET; + $mail->Encoding = CONTACTFORM_MAIL_ENCODING; + + // Recipients + $mail->setFrom($admin_email, $title.' Contact Form'); + $mail->addAddress($admin_email, $admin_name); + $mail->addReplyTo($_POST['email'], $_POST['name']); + + $mail->Subject = "Contact form submission from ". $title; + + $mail->Body = "You received this e-mail message through your fanlisting: \n\n"; foreach ($_POST as $key => $val) { - $message .= ucwords($key) . ": " . cleanUp($val) . "\r\n"; + $mail->Body .= ucwords($key) . ": " . cleanUp($val) . "\r\n"; } - $message .= "\r\n"; - $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n"; - $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n"; - $message .= 'Points: '.$points; + $mail->Body .= "\r\n"; + $mail->Body .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n"; + $mail->Body .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n"; + $mail->Body .= 'Points: '.$points; - if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { - $headers = "From: {$admin_email}\n"; - $headers .= "Reply-To: {$_POST['email']}"; - } else { - $headers = "From: {$title} <{$admin_email}>\n"; - $headers .= "Reply-To: {$_POST['email']}"; - } - - if (mail($admin_email,$subject,$message,$headers)) { + if ($mail->send()) { $result = 'Your mail was successfully sent.'; $disable = true; } else { diff --git a/contactform/config.example.php b/contactform/config.php similarity index 100% rename from contactform/config.example.php rename to contactform/config.php diff --git a/join.php b/join.php index 545f3c7..953bf0f 100644 --- a/join.php +++ b/join.php @@ -1,6 +1,8 @@ 1) $error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n"; - + $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; if (filesize(SPAMWDS) > 0) $spamlist = file(SPAMWDS); @@ -53,7 +55,7 @@ if (isset($_POST['submit'])) { $error_msg .= "No HTML, please.\r\n"; $clean[$key] = cleanUp($val); - } + } // set default values for empty/unset fields if (empty($clean['dispemail'])) @@ -77,11 +79,11 @@ if (isset($_POST['submit'])) { $error_msg .= "The website url you provided is not valid. Please remove and try again or fix the URL.\r\n"; if ($clean['country'] == "null" || (filesize(COUNTRIES) > 0 && checkTXTfile(COUNTRIES, $clean['country'], "country") === false)) $error_msg .= "Please select a valid country. \r\n"; - + if (filesize(IPBLOCKLST) > 0 && checkTXTfile(IPBLOCKLST, $_SERVER['REMOTE_ADDR'], "ip") === true) { echo "

Your IP is in the block list, that means you're not allowed to join at this time. \r\n

"; exit(include('footer.php')); - } + } if (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($clean['email']), "email") === true) { echo "

You're already in the pending queue, you can't join twice!

\n"; exit(include('footer.php')); @@ -98,55 +100,66 @@ if (isset($_POST['submit'])) { $clean['email'] = breakEmail(strtolower($clean['email'])); // send off some emails + $mail = new \PHPMailer\PHPMailer\PHPMailer(true); + // Server settings + $mail->setLanguage(CONTACTFORM_LANGUAGE); + $mail->SMTPDebug = CONTACTFORM_PHPMAILER_DEBUG_LEVEL; + $mail->isSMTP(); + $mail->Host = CONTACTFORM_SMTP_HOSTNAME; + $mail->SMTPAuth = true; + $mail->Username = CONTACTFORM_SMTP_USERNAME; + $mail->Password = CONTACTFORM_SMTP_PASSWORD; + $mail->SMTPSecure = CONTACTFORM_SMTP_ENCRYPTION; + $mail->Port = CONTACTFORM_SMTP_PORT; + $mail->CharSet = CONTACTFORM_MAIL_CHARSET; + $mail->Encoding = CONTACTFORM_MAIL_ENCODING; + if ($emailnewbies == "yes") { - $subject = "Thank you for joining $title"; + // Recipients + $mail->setFrom($admin_email, $title); + $mail->addAddress(fixEmail($clean['email']), $clean['name']); + $mail->addReplyTo($admin_email); - $message = $thanksjoinMsg; - $message .= "Name: {$clean['name']} \n"; - $message .= "Email: " . fixEmail($clean['email']) . " \n"; - $message .= "URL: {$clean['url']} \n"; - $message .= "Country: {$clean['country']} \n"; + // Content + $mail->Subject = "Thank you for joining $title"; + $mail->Body = $thanksjoinMsg . "\n\n"; + $mail->Body .= "== Your Details == \n"; + $mail->Body .= "Name: {$clean['name']} \n"; + $mail->Body .= "Email: " . fixEmail($clean['email']) . " \n"; + $mail->Body .= "URL: {$clean['url']} \n"; + $mail->Body .= "Country: {$clean['country']} \n"; if (isset($favefield) && $favefield == "yes") { - $message .= "$favetext: {$clean['fave']} \n"; + $mail->Body .= "$favetext: {$clean['fave']} \n"; } - $message .= "Comments: {$clean['comments']} \n\n"; + $mail->Body .= "Comments: {$clean['comments']} \n\n"; - if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { - $headers = "From: $admin_email \n"; - $headers .= "Reply-To: $admin_email"; - } else { - $headers = "From: $title <$admin_email> \n"; - $headers .= "Reply-To: <$admin_email>"; - } - - mail(fixEmail($clean['email']),$subject,$message,$headers); + $mail->send(); } + if ($emailadmin == "yes") { - $subject = "New member at $title"; + // Remove previous recipients + $mail->ClearAllRecipients(); - $message = "There's a new member at your $FLsubject fanlisting with the following details: \n\n"; + $mail->setFrom($admin_email, $title); + $mail->addAddress($admin_email, $admin_name); - $message .= "Name: {$clean['name']} \n"; - $message .= "Email: " . fixEmail($clean['email']) . " \n"; - $message .= "URL: {$clean['url']} \n"; - $message .= "Country: {$clean['country']} \n"; + $mail->Subject = "New member at $title"; + + $mail->Body = "There's a new member at your $FLsubject fanlisting with the following details: \n\n"; + + $mail->Body .= "Name: {$clean['name']} \n"; + $mail->Body .= "Email: " . fixEmail($clean['email']) . " \n"; + $mail->Body .= "URL: {$clean['url']} \n"; + $mail->Body .= "Country: {$clean['country']} \n"; if (isset($favefield) && $favefield == "yes") { - $message .= "$favetext: {$clean['fave']} \n"; + $mail->Body .= "$favetext: {$clean['fave']} \n"; } - $message .= "Comments: {$clean['comments']} \n"; - $message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + $mail->Body .= "Comments: {$clean['comments']} \n"; + $mail->Body .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; - $message .= "Manage members: {$FLurl}/admin.php?ap=manage_members&s=newbies"; + $mail->Body .= "Manage members: {$FLurl}/admin.php?ap=manage_members&s=newbies"; - if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { - $headers = "From: $admin_email \n"; - $headers .= "Reply-To: " . fixEmail($clean['email']) . ""; - } else { - $headers = "From: $title <$admin_email> \n"; - $headers .= "Reply-To: <" . fixEmail($clean['email']) . ">"; - } - - mail($admin_email,$subject,$message,$headers); + $mail->send(); } // add the member to the newbies txt file @@ -197,7 +210,7 @@ if (!isset($_POST['submit']) || $show_form == true) { } ?>

- +

1) $error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n"; @@ -88,33 +90,42 @@ if (isset($_POST['submit'])) { if ($error_msg == NULL) { $show_form = false; - - $subject = "Update member at $title"; - $message = "A member at your $FLsubject fanlisting wants updating with following details: \n\n"; + $mail = new \PHPMailer\PHPMailer\PHPMailer(true); + // Server settings + $mail->setLanguage(CONTACTFORM_LANGUAGE); + $mail->SMTPDebug = CONTACTFORM_PHPMAILER_DEBUG_LEVEL; + $mail->isSMTP(); + $mail->Host = CONTACTFORM_SMTP_HOSTNAME; + $mail->SMTPAuth = true; + $mail->Username = CONTACTFORM_SMTP_USERNAME; + $mail->Password = CONTACTFORM_SMTP_PASSWORD; + $mail->SMTPSecure = CONTACTFORM_SMTP_ENCRYPTION; + $mail->Port = CONTACTFORM_SMTP_PORT; + $mail->CharSet = CONTACTFORM_MAIL_CHARSET; + $mail->Encoding = CONTACTFORM_MAIL_ENCODING; - $message .= "Name: {$clean['name']} \n"; - $message .= "Email: ".strtolower($clean['email'])." \n"; - $message .= "New Email: {$clean['newemail']} \n"; - $message .= "New URL: {$clean['newurl']} \n"; - $message .= "Country: {$clean['country']} \n"; - $message .= "Comments: {$clean['comments']} \n"; - $message .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + // Recipients + $mail->setFrom($admin_email, $title); + $mail->addAddress($admin_email, $admin_name); - $message .= "Manage members: {$FLurl}/admin.php"; + $mail->Subject = "Update member at $title"; - if (!strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { - $headers = "From: $admin_email \n"; - $headers .= "Reply-To: $clean[email]"; + $mail->Body = "A member at your $FLsubject fanlisting wants updating with following details: \n\n"; + $mail->Body .= "Name: {$clean['name']} \n"; + $mail->Body .= "Email: ".strtolower($clean['email'])." \n"; + $mail->Body .= "New Email: {$clean['newemail']} \n"; + $mail->Body .= "New URL: {$clean['newurl']} \n"; + $mail->Body .= "Country: {$clean['country']} \n"; + $mail->Body .= "Comments: {$clean['comments']} \n"; + $mail->Body .= "IP: {$_SERVER['REMOTE_ADDR']} \n\n"; + + $mail->Body .= "Manage members: {$FLurl}/admin.php"; + + if ($mail->send()) { + echo "

Update Sent!

Your updated information has been sent to the fanlisting owner.

"; } else { - $headers = "From: $title <$admin_email> \n"; - $headers .= "Reply-To: <$clean[email]>"; - } - - if (mail($admin_email,$subject,$message,$headers)) { - echo "

Update Sent!

\n

Your updated information has been sent.

"; - } else { - echo "

Oops!

\n

Your updated information could not be sent this time, please contact the fanlisting owner.

"; + echo "

Oops!

Your updated information could not be sent this time, please contact the fanlisting owner.

"; } } } else { @@ -157,9 +168,9 @@ if (!isset($_POST['submit']) || $show_form == true) { -
+

- +

Name E-mail Website Country Admin
email"; ?>