<?php
if (isset($_POST['submit'])) {
error_reporting(E_NOTICE);
function valid_email($str)
{
return !preg_match("/^([a-z0-9\\+_\\-]+)(\\.[a-z0-9\\+_\\-]+)*@([a-z0-9\\-]+\\.)+[a-z]{2,6}\$/ix", $str) ? FALSE : TRUE;
}
if ($_POST['name'] != '' && $_POST['email'] != '' && valid_email($_POST['email']) == TRUE && strlen($_POST['comment']) > 1) {
$to = preg_replace("([\r\n])", "", hexstr($_POST['receiver']));
$from = preg_replace("([\r\n])", "", $_POST['email']);
$subject = "Website contact message from " . $_POST['name'];
$message = $_POST['comment'];
$match = "/(bcc:|cc:|content\\-type:)/i";
if (preg_match($match, $to) || preg_match($match, $from) || preg_match($match, $message)) {
die("Header injection detected.");
}
$headers = "From: " . $from . "\r\n";
$headers .= "Reply-to: " . $from . "\r\n";
if (mail($to, $subject, $message, $headers)) {
echo 1;
//SUCCESS
} else {
echo 2;
//FAILURE - server failure
}
} else {
echo 3;
//FAILURE - not valid email
}
} else {
function hexstr($hexstr)
{
$hexstr = str_replace(' ', '', $hexstr);
$hexstr = str_replace('\\x', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
function strhex($string)
{
$hexstr = unpack('H*', $string);
return array_shift($hexstr);
}
$teststr = "64 65 74 61 69 6c 73";
#$teststr = "01 02 63 00 39 00 45 00 36 00 43 00 32 00 30 00 41 00 30 00 00 00";
ini_set('display_errors', 1);
error_reporting(E_ALL);
$ascii_inputs = array("details", "abcde");
$hex_inputs = array("64 65 74 61 69 6c 73", "64657461696c73", '\\x64\\x65\\x74\\x61\\x69\\x6c\\x73');
print "<pre>";
foreach ($ascii_inputs as $str) {
$str2 = strhex($str);
//printf("strhex('%s') = %s [%s]\n", $str, var_export($str2, true), implode(" ", str_split($str2, 2)));
echo $str2;
}
foreach ($hex_inputs as $str) {
$str2 = hexstr($str);
//printf("hexstr('%s') = %s\n", $str, var_export($str2, true));
}
print "</pre><hr>\n";
//show_source(__FILE__);
<?php
get_header();
$title = DEAL_PAY_CANCELATION_TITLE;
$pid = explode("|", hexstr($_REQUEST['pid']));
$filecontent = stripslashes(get_option('post_payment_cancel_msg_content'));
if ($filecontent == "") {
$filecontent = DEAL_CANCEL_TEXT;
}
$post_link = get_permalink($_REQUEST['pid']);
$store_name = get_option('blogname');
$search_array = array('[#order_amt#]', '[#bank_name#]', '[#account_number#]', '[#orderId#]', '[#site_name#]', '[#submited_information_link#]');
$replace_array = array($paid_amount, $bankInfo, $accountinfo, $order_id, $store_name, $post_link);
$filecontent = str_replace($search_array, $replace_array, $filecontent);
?>
<?php
if (get_option('ptthemes_breadcrumbs')) {
?>
<div class="breadcrumb clearfix">
<div class="breadcrumb_in"><?php
yoast_breadcrumb('', ' / ' . $title);
?>
</div>
</div>
<?php
}
?>
<h1 class="singleh1"><?php
echo $title;
fclose($fp);
$info = implode(',', $info);
if (eregi('VERIFIED', $info)) {
$to = get_site_emailId();
$fromEmail = get_site_emailId();
$fromEmailName = get_site_emailName();
// yes valid, f.e. change payment status
$postid = $_POST['custom'];
$item_name = $_POST['item_name'];
$txn_id = $_POST['txn_id'];
$payment_status = $_POST['payment_status'];
$payment_type = $_POST['payment_type'];
$payment_date = $_POST['payment_date'];
$txn_type = $_POST['txn_type'];
$amount = $_POST['amount'];
$deal_details = explode("|", hexstr($postid));
$postid = $deal_details[0];
if ($deal_details[1] == '3' || $deal_details[1] == '4' || $deal_details[1] == '5') {
$coupon_code_arr = explode(",", get_post_meta($postid, 'coupon_code', true));
$coup = array_shift($coupon_code_arr);
update_post_meta($postid, "coupon_code", implode(",", $coupon_code_arr));
if (get_post_meta($postid, 'used_coupon_code', true) == "") {
update_post_meta($postid, "used_coupon_code", $coup);
} else {
$old_used_coupon = get_post_meta($postid, 'used_coupon_code', true);
$coupon = $old_used_coupon . "," . $coup;
update_post_meta($postid, "used_coupon_code", $coupon);
}
} else {
$coup = get_post_meta($postid, 'single_coupon_code', true);
}