<?php
// Variables
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$phone = trim($_POST['phone']);
$phone = trim($_POST['ticket']);
// Email address validation - works with php 5.2+
function is_email_valid($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
if (isset($name) && isset($email) && isset($ticket) && isset($phone) && is_email_valid($email)) {
// Avoid Email Injection and Mail Form Script Hijacking
$pattern = "/(content-type|bcc:|cc:|to:)/i";
if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $ticket) || preg_match($pattern, $phone)) {
exit;
}
// Email will be send
$to = "*****@*****.**";
// Change with your email address
$subject = "New Event Subscription from GetLeads";
// If you want a default subject
// HTML Elements for Email Body
$body = <<<EOD
\t<strong>Name:</strong> {$name} <br>
\t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br>
\t<strong>Phone:</strong> {$phone} <br>
\t<strong>Ticket:</strong> {$ticket} <br>
EOD;
//Must end on first column
<?php
// Variables
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$phone = trim($_POST['phone']);
$date = trim($_POST['date']);
$message = trim($_POST['message']);
// Email address validation - works with php 5.2+
function is_email_valid($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
if (isset($name) && isset($email) && isset($phone) && isset($date) && isset($message) && is_email_valid($email)) {
// Avoid Email Injection and Mail Form Script Hijacking
$pattern = "/(content-type|bcc:|cc:|to:)/i";
if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $phone) || preg_match($pattern, $date) || preg_match($pattern, $message)) {
exit;
}
// Email will be send
$to = "*****@*****.**";
// Change with your email address
$subject = "New appointment request from GetLeads";
// If you want a default subject
// HTML Elements for Email Body
$body = <<<EOD
\t<strong>Name:</strong> {$name} <br>
\t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br>
\t<strong>Phone:</strong> {$phone} <br>
\t<strong>Booking Date:</strong> {$date} <br>
\t<strong>Message:</strong> {$message} <br>
function update_info($username, $email, $gender, $student_no, $campus, $qq, $phone, $hide_phone)
{
if (is_name_valid($username) != '') {
return '用户不存在';
}
if (is_email_valid($email) != '') {
return '邮箱格式不正确';
}
if ($gender == 1) {
$gender = 'm';
} else {
if ($gender == 2) {
$gender = 'f';
} else {
if ($gender == 3) {
$gender = 'u';
} else {
return '性别为必填项';
}
}
}
if (strlen($student_no) != 8 || !is_numeric($student_no)) {
return '无法识别的学号';
}
if (!(is_numeric($campus) && $campus > 0 && $campus < 7)) {
return '无效的校区';
}
if (strlen($qq) != 0 && (!is_numeric($qq) || strlen($qq) < 5)) {
return 'QQ格式不正确,只支持纯数字';
}
if (strlen($phone) != 0 && (!is_numeric($phone) || strlen($phone) != 11)) {
return '手机号码格式不正确,请输入11位手机号';
}
if ($hide_phone != 'true') {
$hide_phone = 'n';
} else {
$hide_phone = 'y';
}
$profile = get_user_information($username);
if ($profile == null) {
return '用户不存在';
}
if ($profile['verified'] == 'y') {
$student_no = $profile['student_no'];
}
if ($profile['email_verified'] == 'y') {
$email = $profile['email'];
}
if ($profile['phone_verified'] == 'y') {
$phone = $profile['phone'];
}
$sql = "UPDATE `ewu_account` SET `email` = ?, `gender` = ?, `student_no` = ?,`campus` = ?, `qq` = ?, `phone` = ?, `hide_phone` = ? WHERE `username` = ? LIMIT 1";
$a_params = array($email, $gender, $student_no, $campus, $qq, $phone, $hide_phone, $username);
$count = (new MysqlPDO())->execute($sql, $a_params);
if ($count == 1) {
return '1';
} else {
return '服务器繁忙,更新失败';
}
}
<?php
// Variables
$email = trim($_POST['email']);
// Email address validation - works with php 5.2+
function is_email_valid($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
if (isset($email) & is_email_valid($email)) {
// Avoid Email Injection and Mail Form Script Hijacking
$pattern = "/(content-type|bcc:|cc:|to:)/i";
if (preg_match($pattern, $email)) {
exit;
}
// Email will be send
$to = "*****@*****.**";
// Change with your email address
$subject = "New email contact from GetLeads";
// If you want a default subject
// HTML Elements for Email Body
$body = <<<EOD
\t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br>
EOD;
//Must end on first column
$headers = "From: <{$email}>\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// PHP email sender
mail($to, $subject, $body, $headers);
}
public function form_to_db($post, $add_defaults = false, $is_panic = true)
{
$this->is_panic = $is_panic;
$db = array();
foreach ($this->fields as $field => $rules) {
if (!isset($post[$field])) {
if ($add_defaults) {
if (isset($rules['default'])) {
$post[$field] = $rules['default'];
} else {
throw new Exception("No default value for field '{$field}'");
}
} else {
if (isset($rules['required'])) {
$this->panic($field, 'required');
continue;
} else {
continue;
}
}
}
$value = $post[$field];
if (isset($rules['enum'])) {
if (!isset($rules['enum'][$value])) {
$this->panic($field, 'enum');
continue;
}
}
if (isset($rules['limit'])) {
$value = (int) $value;
if (isset($rules['limit']['min']) && $value < $rules['limit']['min']) {
$this->panic($field, 'limit_min');
continue;
} else {
if (isset($rules['limit']['max']) && $value > $rules['limit']['max']) {
$this->panic($field, 'limit_max');
continue;
}
}
}
if (isset($rules['length'])) {
$len = mb_strlen($value, 'utf-8');
if (isset($rules['length']['min']) && $len < $rules['length']['min']) {
$this->panic($field, 'length_min');
continue;
} else {
if (isset($rules['length']['max']) && $len > $rules['length']['max']) {
$this->panic($field, 'length_max');
continue;
}
}
}
if (isset($rules['regexp'])) {
if (!preg_match($rules['regexp'], $value)) {
$this->panic($field, 'regexp');
continue;
}
}
if (isset($rules['id'])) {
//todo?
$value = (int) $value;
if ($value <= 0) {
$this->panic($field, 'id');
continue;
}
}
if (isset($rules['url'])) {
if (!is_url_valid($value)) {
$this->panic($field, 'url');
continue;
}
}
if (isset($rules['email'])) {
if (!is_email_valid($value)) {
$this->panic($field, 'email');
continue;
}
}
if (isset($rules['required'])) {
if (!$value) {
$this->panic($field, 'required');
continue;
}
}
if (isset($rules['checkbox'])) {
if (!in_array($value, array('y', 'n'))) {
$this->panic($field, 'checkbox');
continue;
}
}
$db[$field] = $value;
}
return $db;
}
// FROM NOW ON, WE USE THIS
$cName = '';
$cEmail = '';
$cSubject = '';
$cContent = '';
$cDate = '';
$cBody = '';
// REGISTRATION SENT
if (!empty($_POST['submitContact'])) {
if (!empty($_POST['cName'])) {
$cName = trim($_POST['cName']);
} else {
$error['cName'] = 'A name is needed to send this contact form.';
}
// email
if (!empty($_POST['cEmail']) && is_email_valid($_POST['cEmail'])) {
$cEmail = $_POST['cEmail'];
} else {
$error['cEmail'] = 'A valid email address is needed.';
}
// subject
if (!empty($_POST['cSubject'])) {
$cSubject = trim($_POST['cSubject']);
} else {
$error['cSubject'] = 'Subject is needed.';
}
// body
if (!empty($_POST['cBody'])) {
$cBody = trim($_POST['cBody']);
} else {
$error['cBody'] = 'No message, no contact. Please, write something if you want to contact.';
<?php
// Variables
$name = trim($_POST['name']);
$email = trim($_POST['email']);
// Email address validation - works with php 5.2+
function is_email_valid($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
if (isset($name) && isset($email) && is_email_valid($email)) {
// Avoid Email Injection and Mail Form Script Hijacking
$pattern = "/(content-type|bcc:|cc:|to:)/i";
if (preg_match($pattern, $name) || preg_match($pattern, $email)) {
exit;
}
// Email will be send
$to = "*****@*****.**";
// Change with your email address
$subject = "New contact from GetLeads";
// If you want a default subject
// HTML Elements for Email Body
$body = <<<EOD
\t<strong>Name:</strong> {$name} <br>
\t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br>
EOD;
//Must end on first column
$headers = "From: {$name} <{$email}>\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// PHP email sender
<?php
// Variables
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$subject = trim($_POST['subject']);
$message = trim($_POST['message']);
// Email address validation - works with php 5.2+
function is_email_valid($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
if (isset($name) && isset($email) && isset($message) && isset($subject) && is_email_valid($email)) {
// Avoid Email Injection and Mail Form Script Hijacking
$pattern = "/(content-type|bcc:|cc:|to:)/i";
if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $message) || preg_match($pattern, $subject)) {
exit;
}
// Email will be send
$to = "*****@*****.**";
// Change with your email address
// HTML Elements for Email Body
$body = <<<EOD
\t<strong>Name:</strong> {$name} <br>
\t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br>
\t<strong>Message:</strong> {$message} <br>
EOD;
//Must end on first column
$headers = "From: {$name} <{$email}>\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
function register_account($email, $email_confirmation, $civility, $firstname, $lastname, $adress, $country, $postal_code, $city, $phone_fixe, $phone_mobile, $password, $password_confirmation)
{
if (!is_email_valid($email) || check_if_email_already_taken($email) || !do_passwords_match($email, $email_confirmation) || $civility != 'M' && $civility != 'Mlle' && $civility != 'Mme' || !is_name_valid($firstname) || !is_name_valid($lastname) || !is_adress_valid($adress) || !is_postal_code_valid($postal_code) || !is_city_valid($city) || !is_phone_number_valid($phone_fixe) || !is_phone_number_valid($phone_mobile) || !is_password_valid($password) || !do_passwords_match($password, $password_confirmation)) {
redirect('register.php');
} else {
insert_account_in_db($email, $civility, $firstname, $lastname, $adress, $country, $postal_code, $city, $phone_fixe, $phone_mobile, $password);
$_SESSION['email'] = $email;
redirect('../index.php');
}
}
$password = $password . $valid[rand(0, strlen($valid) - 1)];
}
for ($i = 0; $i < 8; $i++) {
$salt = $salt . $valid[rand(0, strlen($valid) - 1)];
}
$crypt = $salt . md5($salt . $password);
$doconf = 0;
if (LOCK_PWCHG_LEVEL > 0 || CONFIRM_STAR_PWRESET && is_email_valid(CONFIRM_STAR_PWRESET_MAIL)) {
$ra = pg_safe_exec("SELECT access FROM levels WHERE channel_id=1 AND user_id='" . $user->id . "'");
if ($oa = @pg_fetch_object($ra, 0)) {
if (LOCK_PWCHG_LEVEL > 0 && LOCK_PWCHG_LEVEL <= $oa->access) {
// lock prevails...
echo "<h1>Error</h1><h3><br>\nFor security reasons, this option has been disabled for you.</h3>\n";
echo "</body></html>\n\n";
die;
} elseif (CONFIRM_STAR_PWRESET && is_email_valid(CONFIRM_STAR_PWRESET_MAIL) && $oa->access > 0) {
$rp = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
if ($op = @pg_fetch_object($rp, 0)) {
echo "<h1>Error</h1><h3><br>\nA pending password change is already in progress for you.</h3>\n";
echo "</body></html>\n\n";
die;
} else {
$Xcrc = md5($user->id . "modFP" . CRC_SALT_0015 . $crypt);
pg_safe_exec("INSERT INTO pending_passwordchanges VALUES ('" . post2db($Xcrc) . "','" . $user->id . "','" . $user->password . "','" . $crypt . "','" . post2db($password) . "',now()::abstime::int4)");
if (LOCK_ON_PWCHG) {
$crypt = "*";
} else {
$crypt = $user->password;
}
$ss = "[Forgotten Password] Confirmation request for '" . $user->username . "'";
$mm = "";
echo "<input type=hidden name=username value=\"" . post2input($_POST["username"]) . "\">\n";
echo "<input type=hidden name=username_crc value=\"" . md5(CRC_SALT_0008 . $_POST["username"] . "UCHECK") . "\">\n";
echo "Please enter your primary email address. Use your ISP email address where possible. Your email address will never be used ";
echo "to send you unsolicited email. It will be used to send you information on how to obtain your ";
echo "password.<br><br>\n";
echo "<label>Email Address: <input type=text name=email maxlength=128>\n";
$jsf .= "\tif (f.email.value == '') { all_ok = false; }\n";
$jsf .= "\tvar msg = 'Please type in your e-mail address !';\n";
}
break;
case 4:
if (md5(CRC_SALT_0008 . $_POST["username"] . "UCHECK") != $_POST["username_crc"]) {
$err .= "<li> <b>Attempt to hack page content !</b> (username)\n";
$hackpc = 1;
}
if (!is_email_valid($_POST["email"])) {
$err .= "<li> Your e-mail address is invalid.\n";
}
if (is_email_locked($LOCK_USERNAME, $_POST["email"])) {
$err .= "<li> You are not allowed to create an account using this email address (" . $_POST["email"] . ")\n";
}
$email_nreg = pg_safe_exec("SELECT * FROM noreg WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "' and user_name='*'");
if (pg_numrows($email_nreg) > 0) {
$err .= "<li> This email account (" . $_POST["email"] . ") is in NOREG, you can't use it for username registration.\n";
}
$email_dbh = pg_safe_exec("SELECT user_name FROM users WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "'");
if (pg_numrows($email_dbh) > 0) {
$err .= "<li> There is already an account registered with that email address.<br>You can only have one account per person. If you have lost your password and require a new one to be resent <a href=\"forgotten_pass.php\">click here</a>.\n";
}
if ($err != "") {
err_newuser($err);
