function SendResults($a_fld_order, $a_clean_fields, $s_to, $s_cc, $s_bcc, $a_raw_fields)
{
global $SPECIAL_VALUES, $aFileVars, $FILE_REPOSITORY, $FIXED_SENDER;
//
// check for a filter and how to use it
//
$b_filter_attach = false;
$a_attach_spec = array();
$s_filter = "";
$a_filter_list = array();
if ($b_got_filter = GetFilterSpec($s_filter, $a_filter_list)) {
if ($a_filter_list === false) {
//
// not a limited filter, so filter all fields
//
$b_limited_filter = false;
$a_filter_list = array();
} else {
$b_limited_filter = true;
}
FMDebug("SendResults: got filter '{$s_filter}', limited={$b_limited_filter}");
$s_filter_attach_name = GetFilterOption("Attach");
if (isset($s_filter_attach_name)) {
if (!is_string($s_filter_attach_name) || empty($s_filter_attach_name)) {
SendAlert(GetMessage(MSG_ATTACH_NAME));
} else {
$b_filter_attach = true;
$a_attach_spec = array("Name" => $s_filter_attach_name);
if (($s_mime = GetFilterAttrib($s_filter, "MIME")) !== false) {
$a_attach_spec["MIME"] = $s_mime;
}
//
// Regarding the character set...
// A filter will not generally change the character set
// of the message, however, if it does, then we
// provide that information to the MIME encoder.
// Remember: this character set specification refers
// to the data *after* the effect of the filter
// has been reversed (e.g. an encrypted message
// in UTF-8 is in UTF-8 when it is decrypted).
//
if (($s_cset = GetFilterAttrib($s_filter, "CharSet")) !== false) {
$a_attach_spec["CharSet"] = $s_cset;
}
}
}
}
//
// check the need for MIME formatted mail
//
$b_mime_mail = IsMailOptionSet("HTMLTemplate") || count($aFileVars) > 0 || $b_filter_attach;
//
// create the email header lines - CC, BCC, From, and Reply-To
//
$a_headers = array();
if (!empty($s_cc)) {
$a_headers['Cc'] = SafeHeader($s_cc);
}
if (!empty($SPECIAL_VALUES["replyto"])) {
//
// expand replyto list
//
CheckEmailAddress($SPECIAL_VALUES["replyto"], $s_list, $s_invalid, false);
if (!empty($s_list)) {
$a_headers['Reply-To'] = SafeHeader($s_list);
}
}
//
// note that BCC is documented to not work prior to PHP 4.3
//
if (!empty($s_bcc)) {
global $aPHPVERSION;
if ($aPHPVERSION[0] < 4 || $aPHPVERSION[0] == 4 && $aPHPVERSION[1] < 3) {
SendAlert(GetMessage(MSG_PHP_BCC, array("PHPVERS" => implode(".", $aPHPVERSION))));
}
$a_headers['Bcc'] = SafeHeader($s_bcc);
}
//
// create the From address
//
// Some servers won't let you set the email address to the
// submitter of the form. Therefore, use FromAddr if it's been
// specified to set the sender and the "From" address.
//
$s_sender = GetMailOption("FromAddr");
if (!isset($s_sender)) {
$s_sender = "";
if (!empty($SPECIAL_VALUES["email"])) {
$a_headers['From'] = MakeFromLine($SPECIAL_VALUES["email"], $SPECIAL_VALUES["realname"]);
}
} elseif ($s_sender !== "") {
$s_sender = $a_headers['From'] = SafeHeader(UnMangle($s_sender));
}
/*
* Override sender if $FIXED_SENDER is set.
*/
if ($FIXED_SENDER !== "") {
$s_sender = $FIXED_SENDER;
}
if ($s_sender === "") {
if (SET_SENDER_FROM_EMAIL) {
$s_sender = $SPECIAL_VALUES["email"];
}
}
//
// special case: if there is only one non-special string value, then
// format it as an email (unless an option says not to)
//
$a_keys = array_keys($a_raw_fields);
if (count($a_keys) == 1 && is_string($a_raw_fields[$a_keys[0]]) && !IsMailOptionSet("AlwaysList") && !IsMailOptionSet("DupHeader")) {
if (IsMailExcluded($a_keys[0])) {
SendAlert("Exclusion of single field '" . $a_keys[0] . "' ignored");
}
$s_value = $a_raw_fields[$a_keys[0]];
//
// replace carriage return/linefeeds with <br>
//
$s_value = str_replace("\r\n", '<br />', $s_value);
//
// replace lone linefeeds with <br>
//
$s_value = str_replace("\n", '<br />', $s_value);
//
// remove lone carriage returns
//
$s_value = str_replace("\r", "", $s_value);
//
// replace all control chars with <br />
//
$s_value = preg_replace('/[[:cntrl:]]+/', '<br />', $s_value);
//
// strip HTML (note that all the <br> above will now be
// replaced with BODY_LF)
//
$s_value = StripHTML($s_value, BODY_LF);
if ($b_mime_mail) {
if ($b_got_filter) {
//
// filter the whole value (ignore filter_fields for this
// special case) if a filter has been specified
//
$s_results = Filter($s_filter, $s_value);
if ($b_filter_attach) {
$a_attach_spec["Data"] = $s_results;
//
// KeepInLine keeps the filtered version inline as well
// as an attachment
//
if (!IsFilterOptionSet("KeepInLine")) {
$s_results = "";
}
$s_filter = "";
// no more filtering
}
} else {
$s_results = $s_value;
}
//
// send this single value off to get formatted in a MIME
// email
//
if (!MakeMimeMail($s_results, $a_headers, $a_raw_fields, GetMailOption('HTMLTemplate'), GetMailOption('TemplateMissing'), IsMailOptionSet("NoPlain"), $s_filter, $aFileVars, $a_attach_spec)) {
return false;
}
} elseif ($b_got_filter) {
//
// filter the whole value (ignore filter_fields for this special case)
// if a filter has been specified
//
$s_results = Filter($s_filter, $s_value);
} else {
$s_results = $s_value;
if (IsMailOptionSet("CharSet")) {
//
// sending plain text email, and the CharSet has been
// specified; include a header
//
$a_headers['Content-Type'] = "text/plain; charset=" . SafeHeader(GetMailOption("CharSet"));
}
}
} else {
if ($b_mime_mail) {
//
// get the plain text version of the email then send it
// to get MIME formatted
//
list($s_results, $s_unfiltered_results, $s_filtered_results) = MakePlainEmail($a_fld_order, $a_clean_fields, $s_to, $s_cc, $s_bcc, $a_raw_fields, $s_filter, $a_filter_list);
if ($b_filter_attach) {
//
// attached the filtered results
//
$a_attach_spec["Data"] = $s_filtered_results;
//
// KeepInLine keeps the filtered version inline as well
// as an attachment
//
if (!IsFilterOptionSet("KeepInLine")) {
//
// put the unfiltered results in the body of the message
//
$s_results = $s_unfiltered_results;
}
$s_filter = "";
// no more filtering
}
if (!MakeMimeMail($s_results, $a_headers, $a_raw_fields, GetMailOption('HTMLTemplate'), GetMailOption('TemplateMissing'), IsMailOptionSet("NoPlain"), $s_filter, $aFileVars, $a_attach_spec)) {
return false;
}
} else {
list($s_results, $s_unfiltered_results, $s_filtered_results) = MakePlainEmail($a_fld_order, $a_clean_fields, $s_to, $s_cc, $s_bcc, $a_raw_fields, $s_filter, $a_filter_list);
if (!$b_got_filter && IsMailOptionSet("CharSet")) {
//
// sending plain text email, and the CharSet has been
// specified; include a header
//
$a_headers['Content-Type'] = "text/plain; charset=" . SafeHeader(GetMailOption("CharSet"));
}
}
}
//
// now save uploaded files to the repository
//
if (FILEUPLOADS && $FILE_REPOSITORY !== "") {
if (!SaveAllFilesToRepository()) {
return false;
}
}
//
// send the mail - assumes the email addresses have already been checked
//
return SendCheckedMail($s_to, $SPECIAL_VALUES["subject"], $s_results, $s_sender, $a_headers);
}
/**
* Determines if the sender is a valid user.
* @return integer|NULL
*/
function ValidatePoster(&$mimeDecodedEmail, $config)
{
extract($config);
global $wpdb;
$poster = NULL;
$from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"]));
$resentFrom = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["resent-from"]));
/*
if ( empty($from) ) {
echo 'Invalid Sender - Emtpy! ';
return;
}
*/
//See if the email address is one of the special authorized ones
print "Confirming Access For {$from} \n";
$sql = 'SELECT id FROM ' . $wpdb->users . ' WHERE user_email=\'' . addslashes($from) . "' LIMIT 1;";
$user_ID = $wpdb->get_var($sql);
if (!empty($user_ID)) {
$user = new WP_User($user_ID);
if ($user->has_cap("post_via_postie")) {
$poster = $user_ID;
echo "posting as user {$poster}";
} else {
$poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE\n user_login = '******'");
}
} elseif ($turn_authorization_off || CheckEmailAddress($from, $authorized_addresses) || CheckEmailAddress($resentFrom, $authorized_addresses)) {
$poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE\n user_login = '******'");
}
$validSMTP = checkSMTP($mimeDecodedEmail, $smtp);
if (!$poster || !$validSMTP) {
echo 'Invalid sender: ' . htmlentities($from) . "! Not adding email!\n";
if ($forward_rejected_mail) {
$admin_email = get_option("admin_email");
if (MailToRecipients($mimeDecodedEmail, $test_email, array($admin_email), $return_to_sender)) {
echo "A copy of the message has been forwarded to the administrator.\n";
} else {
echo "The message was unable to be forwarded to the adminstrator.\n";
}
}
return;
}
return $poster;
}
/**
* Determines if the sender is a valid user.
* @return integer|NULL
*/
function ValidatePoster(&$mimeDecodedEmail, $config)
{
global $wpdb;
$poster = NULL;
$from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"]));
$resentFrom = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["resent-from"]));
/*
if ( empty($from) ) {
echo 'Invalid Sender - Emtpy! ';
return;
}
*/
//See if the email address is one of the special authorized ones
print "Confirming Access For {$from} \n";
$sql = 'SELECT id FROM ' . $wpdb->users . ' WHERE user_email=\'' . addslashes($from) . "' LIMIT 1;";
$user_ID = $wpdb->get_var($sql);
$user = new WP_User($user_ID);
if ($config["TURN_AUTHORIZATION_OFF"] || CheckEmailAddress($from, $config['AUTHORIZED_ADDRESSES']) || CheckEmailAddress($resentFrom, $config['AUTHORIZED_ADDRESSES'])) {
if (empty($user_ID)) {
print "{$from} is authorized to post as the administrator\n";
$from = get_option("admin_email");
$adminUser = $config['ADMIN_USERNAME'];
echo "adminUser='******'";
$poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE\n user_login = '******'");
} else {
$poster = $user_ID;
}
} else {
if ($user->has_cap("post_via_postie")) {
$poster = $user_ID;
}
}
$validSMTP = checkSMTP($mimeDecodedEmail, $config['SMTP']);
if (!$poster || !$validSMTP) {
echo 'Invalid sender: ' . htmlentities($from) . "! Not adding email!\n";
if ($config["FORWARD_REJECTED_MAIL"]) {
if (MailToRecipients($mimeDecodedEmail, $config['TEST_EMAIL'], array(), $config['RETURN_TO_SENDER'])) {
echo "A copy of the message has been forwarded to the administrator.\n";
} else {
echo "The message was unable to be forwarded to the adminstrator.\n";
}
}
return;
}
return $poster;
}
/**
* Determines if the sender is a valid user.
* @return integer|NULL
*/
function ValidatePoster(&$mimeDecodedEmail)
{
global $wpdb;
$config = GetConfig();
$poster = NULL;
$from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"]));
$resentFrom = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["resent-from"]));
if (empty($from)) {
echo 'Invalid Sender - Emtpy! ';
return;
}
//See if the email address is one of the special authorized ones
print "Confirming Access For {$from} \n";
$sql = 'SELECT id FROM ' . $wpdb->users . ' WHERE user_email=\'' . addslashes($from) . "' LIMIT 1;";
$user_ID = $wpdb->get_var($sql);
$user = new WP_User($user_ID);
if ($config["TURN_AUTHORIZATION_OFF"] || CheckEmailAddress($from) || CheckEmailAddress($resentFrom)) {
if (empty($user_ID)) {
print "{$from} is authorized to post as the administrator\n";
$from = get_option("admin_email");
$poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE ID = 1");
} else {
$poster = $user_ID;
}
} else {
if ($user->has_cap("post_via_postie")) {
$poster = $user_ID;
}
}
if (!$poster) {
echo 'Invalid sender: ' . htmlentities($from) . "! Not adding email!\n";
if ($config["FORWARD_REJECTED_MAIL"]) {
if (ForwardRejectedMailToAdmin($mimeDecodedEmail)) {
echo "A copy of the message has been forwarded to the administrator.\n";
} else {
echo "The message was unable to be forwarded to the adminstrator.\n";
}
}
return;
}
return $poster;
}
function SendAlert($s_error, $b_filter = true, $b_non_error = false)
{
global $SPECIAL_VALUES, $FORMATTED_INPUT, $FROM_USER, $aServerVars, $aStrippedFormVars;
global $aAlertInfo;
$s_error = str_replace("\n", BODY_LF, $s_error);
$b_got_filter = isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"]);
//
// if there is a filter specified and we're not sending the alert
// through the filter, don't show the user's data. This is
// on the assumption that the filter is an encryption program; so,
// we don't want to send the user's data in clear text inside the
// alerts.
//
$b_show_data = true;
if ($b_got_filter && !$b_filter) {
$b_show_data = false;
}
$s_form_subject = $s_alert_to = "";
$b_check = true;
//
// might be too early to have $SPECIAL_VALUES set, so
// look in the form vars too
//
if (isset($SPECIAL_VALUES["alert_to"])) {
$s_alert_to = trim($SPECIAL_VALUES["alert_to"]);
}
if (empty($s_alert_to) && isset($aStrippedFormVars["alert_to"])) {
$s_alert_to = trim($aStrippedFormVars["alert_to"]);
}
if (isset($SPECIAL_VALUES["subject"])) {
$s_form_subject = trim($SPECIAL_VALUES["subject"]);
}
if (empty($s_form_subject) && isset($aStrippedFormVars["subject"])) {
$s_form_subject = trim($aStrippedFormVars["subject"]);
}
if (empty($s_alert_to)) {
$s_alert_to = DEF_ALERT;
$b_check = false;
}
if (!empty($s_alert_to)) {
$s_from_addr = $s_from = "";
$a_headers = array();
if (isset($FROM_USER) && !empty($FROM_USER)) {
if ($FROM_USER != "NONE") {
$a_headers['From'] = $FROM_USER;
$s_from = "From: {$FROM_USER}";
$s_from_addr = $FROM_USER;
}
} else {
global $SERVER;
$s_from_addr = "FormMail@" . $SERVER;
$a_headers['From'] = $s_from_addr;
$s_from = "From: {$s_from_addr}";
}
$s_mesg = "To: " . UnMangle($s_alert_to) . BODY_LF;
if (!empty($s_from)) {
$s_mesg .= $s_from . BODY_LF;
}
$s_mesg .= BODY_LF;
if (count($aAlertInfo) > 0) {
if ($b_show_data) {
$s_error .= BODY_LF . GetMessage(MSG_MORE_INFO) . BODY_LF;
$s_error .= implode(BODY_LF, $aAlertInfo);
} else {
$s_error .= BODY_LF . GetMessage(MSG_INFO_STOPPED) . BODY_LF;
}
}
if ($b_non_error) {
$s_mesg .= $s_error . BODY_LF . BODY_LF;
$s_subj = GetMessage(MSG_FM_ALERT);
if (!empty($s_form_subject)) {
$s_subj .= " ({$s_form_subject})";
}
} else {
$s_mesg .= GetMessage(MSG_FM_ERROR_LINE) . BODY_LF . $s_error . BODY_LF . BODY_LF;
$s_subj = GetMessage(MSG_FM_ERROR);
if (!empty($s_form_subject)) {
$s_subj .= " ({$s_form_subject})";
}
if ($b_show_data) {
$s_mesg .= implode(BODY_LF, $FORMATTED_INPUT);
} else {
$s_mesg .= GetMessage(MSG_USERDATA_STOPPED);
}
}
if ($b_filter && $b_got_filter) {
$s_mesg = GetMessage(MSG_FILTERED, array("FILTER" => $SPECIAL_VALUES["filter"])) . BODY_LF . BODY_LF . Filter($SPECIAL_VALUES["filter"], $s_mesg);
}
if ($b_check) {
if (CheckEmailAddress($s_alert_to, $s_valid, $s_invalid)) {
return SendCheckedMail($s_valid, $s_subj, $s_mesg, $s_from_addr, $a_headers);
}
} else {
return SendCheckedMail($s_alert_to, $s_subj, $s_mesg, $s_from_addr, $a_headers);
}
}
return false;
}
}
$postId = $_GET['postId'];
if ($postId == null) {
$postId = -1;
}
echo GetPostList($_GET['boardName'], $postId, $pageNo, $_GET['postLimit'], json_decode($_GET['tags'], true), $searchParam, $_GET['searchOptions']);
//BY: added json_decode
} else {
if ($_GET['t'] == 2) {
echo GetPostContent($_GET['postId']);
} else {
if ($_GET['t'] == 3) {
echo CheckUserName($_GET['UserName']);
} else {
if ($_GET['t'] == 4) {
echo CheckEmailAddress($_GET['EmailAddress']);
} else {
if ($_GET['t'] == 5) {
echo GetLatestFeed(json_decode($_GET['FeedBoard'], true));
//BY: added json_decode
} else {
if ($_GET['t'] == 6) {
for ($i = 0; $i < sizeof($addedTags); $i++) {
echo $addedTags[$i] . " ";
}
echo DBSavePost(-1, $_GET['pinned'], $_GET['bName'], $_GET['title'], $_GET['content'], $_GET['UserID'], $_GET['addedTags'], $_GET['deletedTags']);
} else {
if ($_GET['t'] == 7) {
echo EnableUser(fnDecrypt($_GET['c']));
} else {
if ($_GET['t'] == 8) {
function SendAlert($s_error, $b_filter = true, $b_non_error = false)
{
global $SPECIAL_VALUES, $FORMATTED_INPUT, $FROM_USER, $aServerVars, $aStrippedFormVars;
global $aAlertInfo;
$s_error = str_replace("\n", BODY_LF, $s_error);
$b_got_filter = isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"]);
//
// if there is a filter specified and we're not sending the alert
// through the filter, don't show the user's data. This is
// on the assumption that the filter is an encryption program; so,
// we don't want to send the user's data in clear text inside the
// alerts.
//
$b_show_data = true;
if ($b_got_filter && !$b_filter) {
$b_show_data = false;
}
$s_form_subject = $s_alert_to = "";
$b_check = true;
//
// might be too early to have $SPECIAL_VALUES set, so
// look in the form vars too
//
if (isset($SPECIAL_VALUES["alert_to"])) {
$s_alert_to = trim($SPECIAL_VALUES["alert_to"]);
}
if (empty($s_alert_to) && isset($aStrippedFormVars["alert_to"])) {
$s_alert_to = trim($aStrippedFormVars["alert_to"]);
}
if (isset($SPECIAL_VALUES["subject"])) {
$s_form_subject = trim($SPECIAL_VALUES["subject"]);
}
if (empty($s_form_subject) && isset($aStrippedFormVars["subject"])) {
$s_form_subject = trim($aStrippedFormVars["subject"]);
}
if (empty($s_alert_to)) {
$s_alert_to = DEF_ALERT;
$b_check = false;
}
if (!empty($s_alert_to)) {
$s_from_addr = $s_from = "";
$a_headers = array();
if (isset($FROM_USER)) {
if ($FROM_USER != "NONE") {
$a_headers['From'] = $FROM_USER;
$s_from = "From: {$FROM_USER}";
$s_from_addr = $FROM_USER;
}
} else {
global $SERVER;
$s_from_addr = "FormMail@" . $SERVER;
$a_headers['From'] = $s_from_addr;
$s_from = "From: {$s_from_addr}";
}
$s_mesg = "To: " . UnMangle($s_alert_to) . BODY_LF;
if (!empty($s_from)) {
$s_mesg .= $s_from . BODY_LF;
}
$s_mesg .= BODY_LF;
if (count($aAlertInfo) > 0) {
if ($b_show_data) {
$s_error .= BODY_LF . "More information:" . BODY_LF;
$s_error .= implode(BODY_LF, $aAlertInfo);
} else {
$s_error .= BODY_LF . "(Extra alert information suppressed for security purposes.)" . BODY_LF;
}
}
if ($b_non_error) {
$s_mesg .= $s_error . BODY_LF . BODY_LF;
$s_subj = "FormMail alert";
if (!empty($s_form_subject)) {
$s_subj .= " ({$s_form_subject})";
}
} else {
$s_mesg .= "The following error occurred in FormMail:" . BODY_LF . $s_error . BODY_LF . BODY_LF;
$s_subj = "FormMail script error";
if (!empty($s_form_subject)) {
$s_subj .= " ({$s_form_subject})";
}
if ($b_show_data) {
$s_mesg .= implode(BODY_LF, $FORMATTED_INPUT);
} else {
$s_mesg .= "(User data suppressed for security purposes.)";
}
}
if ($b_filter && $b_got_filter) {
$s_mesg = "This alert has been filtered through '" . $SPECIAL_VALUES["filter"] . "' for security purposes." . BODY_LF . BODY_LF . Filter($SPECIAL_VALUES["filter"], $s_mesg);
}
if ($b_check) {
if (CheckEmailAddress($s_alert_to, $s_valid, $s_invalid)) {
return SendCheckedMail($s_valid, $s_subj, $s_mesg, $s_from_addr, $a_headers);
}
} else {
return SendCheckedMail($s_alert_to, $s_subj, $s_mesg, $s_from_addr, $a_headers);
}
}
return false;
}
function SendAlert($s_error, $b_filter = true, $b_non_error = false)
{
global $SPECIAL_VALUES, $FORMATTED_INPUT, $FROM_USER, $aServerVars, $aStrippedFormVars;
global $aAlertInfo, $aCleanedValues, $aFieldOrder;
$s_error = str_replace("\n", BODY_LF, $s_error);
$b_got_filter = isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"]);
//
// if there is a filter specified and we're not sending the alert
// through the filter, don't show the user's data. This is
// on the assumption that the filter is an encryption program; so,
// we don't want to send the user's data in clear text inside the
// alerts.
//
$b_show_data = true;
if ($b_got_filter && !$b_filter) {
$b_show_data = false;
}
$s_form_subject = $s_alert_to = "";
$b_check = true;
//
// might be too early to have $SPECIAL_VALUES set, so
// look in the form vars too
//
if (isset($SPECIAL_VALUES["alert_to"])) {
$s_alert_to = trim($SPECIAL_VALUES["alert_to"]);
}
if (empty($s_alert_to) && isset($aStrippedFormVars["alert_to"])) {
$s_alert_to = trim($aStrippedFormVars["alert_to"]);
}
if (isset($SPECIAL_VALUES["subject"])) {
$s_form_subject = trim($SPECIAL_VALUES["subject"]);
}
if (empty($s_form_subject) && isset($aStrippedFormVars["subject"])) {
$s_form_subject = trim($aStrippedFormVars["subject"]);
}
if (empty($s_alert_to)) {
$s_alert_to = DEF_ALERT;
$b_check = false;
}
if (!empty($s_alert_to)) {
$s_from_addr = $s_from = "";
$a_headers = array();
if (isset($FROM_USER) && !empty($FROM_USER)) {
if ($FROM_USER != "NONE") {
$a_headers['From'] = $FROM_USER;
$s_from = "From: {$FROM_USER}";
$s_from_addr = $FROM_USER;
}
} else {
global $SERVER;
$s_from_addr = "FormMail@" . $SERVER;
$a_headers['From'] = $s_from_addr;
$s_from = "From: {$s_from_addr}";
}
$s_mesg = "To: " . UnMangle($s_alert_to) . BODY_LF;
if (!empty($s_from)) {
$s_mesg .= $s_from . BODY_LF;
}
$s_mesg .= BODY_LF;
if (count($aAlertInfo) > 0) {
if ($b_show_data) {
$s_error .= BODY_LF . GetMessage(MSG_MORE_INFO) . BODY_LF;
$s_error .= implode(BODY_LF, $aAlertInfo);
} else {
$s_error .= BODY_LF . GetMessage(MSG_INFO_STOPPED) . BODY_LF;
}
}
//
// some fields aren't security issues - show those in the alert
//
$a_safe_fields = array("email: " . $SPECIAL_VALUES["email"], "name: " . $SPECIAL_VALUES["name"]);
$s_safe_data = implode(BODY_LF, $a_safe_fields);
if ($b_non_error) {
$s_preamble = $s_error . BODY_LF . BODY_LF;
$s_mesg .= $s_preamble;
$s_subj = GetMessage(MSG_FM_ALERT);
if (!empty($s_form_subject)) {
$s_subj .= " ({$s_form_subject})";
}
} else {
$s_preamble = GetMessage(MSG_FM_ERROR_LINE) . BODY_LF . $s_error . BODY_LF . BODY_LF;
$s_mesg .= $s_preamble;
$s_subj = GetMessage(MSG_FM_ERROR);
if (!empty($s_form_subject)) {
$s_subj .= " ({$s_form_subject})";
}
$s_mesg .= $s_safe_data;
$s_mesg .= BODY_LF . BODY_LF;
if ($b_show_data) {
$s_mesg .= implode(BODY_LF, $FORMATTED_INPUT);
} else {
$s_mesg .= GetMessage(MSG_USERDATA_STOPPED);
}
}
/*
* We only need to filter the form fields if the filter that
* is specified is an encrypting filter.
*/
if ($b_filter && $b_got_filter && IsFilterAttribSet($SPECIAL_VALUES["filter"], "Encrypts")) {
$s_new_mesg = $s_preamble . $s_safe_data;
$s_new_mesg .= BODY_LF . BODY_LF;
$s_filter = $SPECIAL_VALUES["filter"];
if (($a_filter_list = GetFilterList()) !== false) {
//
// just filter the critical fields
//
list($s_unfiltered, $s_filtered_results) = GetFilteredOutput($aFieldOrder, $aCleanedValues, $s_filter, $a_filter_list);
$s_new_mesg .= $s_unfiltered;
} else {
//
// filter everything
//
$s_filtered_results = Filter($s_filter, $s_mesg);
}
$s_new_mesg .= GetMessage(MSG_FILTERED, array("FILTER" => $s_filter)) . BODY_LF . BODY_LF . $s_filtered_results;
$s_mesg = $s_new_mesg;
}
if (isset($aServerVars['HTTP_REFERER'])) {
$s_mesg .= BODY_LF . BODY_LF . "Referring page was " . $aServerVars['HTTP_REFERER'];
} elseif (isset($SPECIAL_VALUES['this_form']) && $SPECIAL_VALUES['this_form'] !== "") {
$s_mesg .= BODY_LF . BODY_LF . "Referring form was " . $SPECIAL_VALUES['this_form'];
}
if (isset($aServerVars['REMOTE_ADDR'])) {
$s_mesg .= BODY_LF . BODY_LF . "User IP address was " . $aServerVars['REMOTE_ADDR'];
}
if ($b_check) {
if (CheckEmailAddress($s_alert_to, $s_valid, $s_invalid)) {
return SendCheckedMail($s_valid, $s_subj, $s_mesg, $s_from_addr, $a_headers);
}
} else {
return SendCheckedMail($s_alert_to, $s_subj, $s_mesg, $s_from_addr, $a_headers);
}
}
return false;
}
