//address using FILTER_VALIDATE_EMAIL
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
if ($_POST['spamCheck'] != "cold") {
echo "NO bots";
} elseif (empty($_POST['name']) || empty($_POST['email']) || $_POST['subject'] == "x" || empty($_POST['spamCheck']) || empty($_POST['message'])) {
echo '<p>Please fill in all required fields.</p><p>Please use your browsers back button to complete the form.</p>';
} else {
if (isset($_POST['email'])) {
//if "email" and fields is filled out, proceed
//check if the email address is invalid
$mailcheck = spamcheck($_POST['email']);
if ($mailcheck == FALSE) {
echo "Email is not correctly formatted or is invalid.";
} else {
//send email
$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$logs = $_POST['logs'];
$message = $message;
$full = wordwrap($message, 70);
mail("*****@*****.**", $subject, $full, "From: {$name} <{$email}>");
header("Location: thanks.html");
}
} else {
</div>
</div>
</div>
<div class="small-12 medium-3 columns">
</div>
</div>
</form>
<?php
} else {
// the user has submitted the form
// Check if the "from" input field is filled out
if (isset($_POST["from"])) {
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST["from"]);
if ($mailcheck == FALSE) {
echo "Invalid input";
} else {
$fName = strip_tags($_POST["first"]);
$lName = strip_tags($_POST["last"]);
$from = strip_tags($_POST['from']);
// sender
$to = strip_tags($_POST["to"]);
// reicipient
$subject = "Remember to renew your ASCE membership";
$message = '<html><body>';
$message .= '<p>Hi,</p><p>' . $fName . ' ' . $lName . ' reminded you to renew your ASCE membership.<br>The Section with the highest percentage of renewed members by December 12, 2014 will win a cash prize of $1,000!</p> <p>Go to <a href="http://www.asce.org/ymfinishline/">www.asce.org/finishline</a> today.</p>';
$message .= '</body></html>';
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
function spamcheck($field)
{
// The FILTER_SANITIZE_EMAIL filter removes all forbidden e-mail characters from the inserted string.
$field = filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail address that is inserted.
// The FILTER_VALIDATE_EMAIL filter validates the value of the text inserted as an e-mail address
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
if (isset($_POST['contact_email'])) {
//this is a simple check that makes sure the email field not empty
//this is the check that uses the validation function to ensure the email address is valid
$mailcheck = spamcheck($_POST['contact_email']);
if ($mailcheck == FALSE) {
echo "You have inserted an incorrect email address or have left some of the fields empty";
die;
} else {
$to = "*****@*****.**";
$name = $_POST['contact_name'];
$email = $_POST['contact_email'];
$subject = $_POST['contact_subject'];
$message = nl2br($_POST['contact_message']);
mail($to, $subject, $message, "Reply-To:{$email}\r\nFrom: \"{$name}\" <{$email}>");
}
}
header('location:' . $_SERVER['HTTP_REFERER']);
exit;
?>
<form id="contact_block" method="post" action="<?php
echo $_SERVER["PHP_SELF"];
?>
">
<name>name</name><input type="text" name="name" required placeholder="John Smith"><br>
<name>email</name><input type="email" name="email" required placeholder="*****@*****.**"><br>
<name>message</name><textarea required name="message" placeholder="I would like to talk to you!"></textarea><br>
<input class="button" type="submit" value="send" />
</form>
<?php
} else {
// the user has submitted the form
// Check if the "from" input field is filled out
if (isset($_POST["email"])) {
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST["email"]);
if ($mailcheck == FALSE) {
echo "Invalid input";
} else {
$name = $_POST["name"];
$from = $_POST["email"];
// sender
$message = "Message From: " . $name . "\n\n";
$message = $message . $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail("*****@*****.**", "Contact Form Message", $message, "From: {$from}\n");
echo "<br><br><br>Thank you, I'll get to your comment as soon as I can!";
}
}
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field = filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
if (isset($_REQUEST['EmailAddress'])) {
//if "email" is filled out, proceed
//check if the email address is invalid
$mailcheck = spamcheck($_REQUEST['EmailAddress']);
$code = $_REQUEST['Code'];
if ($mailcheck == FALSE || $code == "Code") {
echo "Invalid input";
} elseif ($code == "Code") {
echo "Please input a valid code.";
} else {
//send email
// echo "Getting data . . . ";
$firstName = $_REQUEST['FirstName'];
$lastName = $_REQUEST['LastName'];
$address = $_REQUEST['PostalAddress'];
$city = $_REQUEST['City'];
$province = $_REQUEST['Province'];
$postalCode = $_REQUEST['PostalCode'];
$phoneNumber = $_REQUEST['PhoneNumber'];
} else {
echo '<body>';
}
echo '<div id="main" style="padding: 5px; width: 215px; height: 170px; margin-top: 10px;">';
if (login_checklogin()) {
if ($_GET['action'] == 'reply') {
draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_GET['answereid']);
} elseif ($_GET['action'] == 'send_reply') {
if (userblock_check($_GET['userid'], $_SESSION['login']['id']) == 1) {
jscript_alert('Den användare som du har angivit som mottagare har blockerat dig, och ditt meddelande kan därför inte skickas!');
echo '<script language="javascript">history.go(-1);</script>';
die;
}
/*
if(644314 == $_SESSION['login']['id'])
log_to_file('henrik', LOGLEVEL_DEBUG, __FILE__, __LINE__, $_POST['message']);
*/
$spamval = spamcheck($_SESSION['login']['id'], $_POST['message']);
if ($spamval == 1) {
echo '<script language="javascript">setTimeout(\'window.close();\',500);</script>';
new_entry($_GET['userid'], $_SESSION['login']['id'], $_POST['message'], $_POST['is_private'], $_GET['answereid']);
echo '<h1>Inlägget skickat!</h1>';
} else {
echo '<script language="javascript">alert("' . $spamval . '");</script>';
draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_POST['message']);
}
}
} else {
die('Du tycks ha loggats ut :(');
}
echo '</div></body></html>';
for ($i = 0; $i < count($addresses); $i++) {
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$addresses[$i] = filter_var($addresses[$i], FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if (!filter_var($addresses[$i], FILTER_VALIDATE_EMAIL)) {
return FALSE;
}
}
return TRUE;
}
if (isset($_REQUEST['to'])) {
//if "email" is filled out, proceed
//check if the email address is invalid
$mailcheck = spamcheck($_REQUEST['to']);
if ($mailcheck == FALSE) {
echo "One or more of the email addresses you entered was malformed. Please input valid email addresses separated by commas or semi-colons.<br>";
echo "<a href=mailform.php>Back</a>";
} else {
//send email
$to = $_REQUEST['to'];
$from = $_REQUEST['from'];
$subject = $_REQUEST['subject'];
$message = $_REQUEST['message'];
$htmlmail = $_REQUEST['htmlmail'];
$headers = 'From: ' . $from . "\r\n";
$headers .= 'Bcc: spencerbartz@gmail.com' . "\r\n";
if (isset($_REQUEST['attach'])) {
$file = $_REQUEST['attach'];
$filename = "server/uploads/" . $_REQUEST['attach'];
//address using FILTER_VALIDATE_EMAIL
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
$message = "";
if (isset($_POST['submit'])) {
$email = $_POST['email'];
$query = "SELECT * FROM BandsOfTheYearVotersPublic WHERE EmailHash = PASSWORD('{$email}')";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
$message = "That email address has already signed up to vote!";
} else {
if (!spamcheck($email)) {
$message = "Invalid Email Address";
} else {
$query = "INSERT INTO BandsOfTheYearVotersPublic (EmailHash, Voted) VALUES (PASSWORD('{$email}'), 0)";
mysql_query($query);
//Send Email
$subject = "Bands of the Year Public Vote";
$from = "*****@*****.**";
$body = "Thank you for chosing to vote in ILMarching.com's Bands of the Year Public Vote\n\n";
$body .= "The entire public vote will count for 1 ballot in the real Bands of the Year vote.\n\n";
$body .= "To cast your vote, go to the following website:\n";
$body .= "http://ilmarching.com/botyBallotPublic.php\n\n";
$body .= "Your username is: {$email} \n";
$body .= "Your password is: " . substr(sha1($email), 0, 6);
$body .= "\n\nThis password is Case Sensitive. Type it in exactly as you see here.\n\n";
$body .= "Cast your ballot as you see fit, remembering that Number 1. is the best band in the division, and so on down the line.\n\n";
<form method="post" action="<?php
echo $_SERVER["PHP_SELF"];
?>
">
Suggest a map [URL]: <input type="text" name="url">
Your email [optional]: <input type="text" name="from_user">
<input type="submit" name="submit" value="Send">
</form>
</small></h5>
<?php
} else {
// the user has submitted the form
// Check if the "from" input field is filled out
if (isset($_POST["from_user"])) {
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST["from_user"]);
if ($mailcheck == FALSE) {
echo "Invalid input";
} else {
$from_add = "EMAIL";
$to_add = "EMAIL";
$message = "{$_POST["url"]}\n{$_POST["from_user"]}";
$subject = "Novo mapa sugerido";
$headers = "From: {$from_add} \r\n";
$headers .= "Reply-To: {$from_add} \r\n";
$headers .= "Return-Path: {$from_add}\r\n";
$headers .= "X-Mailer: PHP \r\n";
// send mail
mail($to_add, $subject, $message, $headers);
echo "Obrigado pela sugestão. Caso tenha providenciado um email, entraremos em contato em breve!";
}
$insert_prep->bindParam(':intercom', $intercom);
$insert_prep->bindParam(':pager', $pager);
//execute query
$insert_prep->execute();
//close cursor to free resources for next query
$insert_prep->closeCursor();
}
} catch (PDOException $exception) {
//show error messgae is an exception is thrown
echo $exception->getMessage();
}
}
//Update
if (isset($_POST['saveUpdate'])) {
try {
$email = spamcheck($_POST['up_email']);
//run email through spam check function defined above
if ($email == TRUE) {
//if the email passes function
//post data from the web form and save in variables
$fname = $_POST['up_fname'];
//
$lname = $_POST['up_lname'];
$dept = $_POST['up_department'];
$job_role = $_POST['up_job_role'];
//these form inputs are not required form fields and thus must be validated
$ophone = $_POST['up_ophone'];
if ($ophone == '502-___-____') {
$ophone = NULL;
}
$mphone = $_POST['up_mphone'];
<input type="password" name="pass2" /><br>
<input type="hidden" name="hash" value="<?php
echo $_SESSION['formhash'];
?>
" />
<input type="submit" name="submit" value="Register" /> <p><br>
</form>
<?php
//variables retrieved from a session and form, to check if your using a verified form
$formhash = $_POST['hash'];
$randomstring = $_SESSION['randomstring'];
// if your form is verified by this script, you are able to continue
if (password_verify($randomstring, $formhash)) {
//checks if nick name is set and email is real/not used for spamming
if (isset($_POST['nick']) && spamcheck($_POST['email']) == TRUE) {
//checks if you didnt make a mistake in your password
if ($_POST['pass'] == $_POST['pass2']) {
//encrypt password
$pass = password_hash($_POST['pass'], PASSWORD_BCRYPT);
//stops possible sql injection attacks
$nick = $_POST['nick'];
$email = $_POST['email'];
//creates part of verification url
$length = 10;
//generates random string
$verificationurl = generateRandomString($length);
//executes query from sqlfunctions class
$query = $sqldata->reg_sql($nick, $pass, $email, $verificationurl);
//checks if everything goes right
if ($query['querychecker'] == false || $query['querychecker'] == NULL) {
function myMailFunction($mailto, $subject, $message, $headers, $defaultMessageClose, $adminEmail, $notice)
{
$message = $message . "\n\n" . $defaultMessageClose;
// Check for suspected spam content
if (!spamcheck(array($mailto, $subject, $headers))) {
die('no spam please');
}
if (@mail($mailto, $subject, $message, $headers)) {
echo '<p style="align:center">Your message was successfully sent to ' . $mailto . '</p>';
if ($notice == 1) {
$message = "From email " . $headers . "\n\n" . "To email " . "\n\n" . $mailto . "\n\n" . $message;
@mail($adminEmail, "Referal notice", $message);
}
} else {
// This echo's the error message if the email did not send.
// You could change the text in between the <p> tags.
echo '<p>Mail could not be sent to ' . $mailto . ' Please use your back button to try them again.</p>';
}
}
} else {
if (isset($_SESSION['captcha']) && $_SESSION['captcha'] == $_POST['captcha'] && spamcheck($_POST['from']) && strlen($_POST['subject']) != 0 && strlen($_POST['message']) != 0) {
$from = $_POST["from"];
// sender
$subject = $_POST["subject"];
$message = $_POST["message"];
mail('*****@*****.**', $subject, $message, "From: {$from}\n");
echo 'Επιτυχής Αποστολή';
} else {
$captcha = $_POST['captcha'];
if ($_SESSION['captcha'] != $captcha && strlen($captcha) != 0) {
$wrongCaptcha = true;
} else {
$wrongCaptcha = false;
}
if (!spamcheck($_POST['from'])) {
$wrongFrom = true;
} else {
$wrongFrom = false;
}
?>
<h2>Αποστολή email</h2>
<form method="post">
<label class="newsletterLabel">Από:</label> <input id="from" class="textBox" type="text" name="from" value="<?php
echo $_POST['from'];
?>
"><label style="color:red;width:200px;" class="newsletterLabel"><?php
if ($wrongFrom) {
echo 'Η διεύθυνση δεν είναι έγκυρη';
}
/*============== Sanitizing Email Input for Spam Attack/Interception ===============*/
function spamcheck($field)
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field = filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
// check if the email address is invalid
$mailcheck = spamcheck($email);
if ($mailcheck == FALSE) {
echo "<font id='error'>That is not a valid email address!</font>";
} else {
if ($msg == "") {
// If name isn't blank
die("Something went wrong!");
} else {
// Check if the msg has been sent already
$check = mysql_query("SELECT * FROM feedback WHERE msg='{$msg}'") or die(mysql_error());
$count = mysql_num_rows($check);
if ($count > 0) {
echo "<font id='error'>You've already sent this feedback!</font>";
} else {
// Create Listing
$new_feedback = mysql_query("INSERT INTO feedback (msg, email, datestamp) VALUES ('{$msg}','{$email}',now())") or die(mysql_error());
</dt>
<dd class="o-FormField__Input">
<input id="recipient-email-label" required="" type="email" name="to" placeholder="ex: yoursectionfriend@example.com">
</dd>
<dt class="o-FormField__Label"></dt>
<dd class="o-FormField__Input">
<input type="submit" name="submit" class="button small secondary">
</dd>
</dl>
</form><?php
} else {
// the user has submitted the form
// Check if the "from" input field is filled out
if (isset($_POST['from'])) {
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST['from']);
if ($mailcheck == FALSE) {
echo 'Invalid input';
} else {
$fName = strip_tags($_POST['first']);
$lName = strip_tags($_POST['last']);
$from = strip_tags($_POST['from']);
// sender
$to = strip_tags($_POST['to']);
// reicipient
$subject = 'Remember to renew your ASCE membership';
$message = '<html><body>';
$message .= '<p>Hi,</p><p>' . $fName . ' ' . $lName . ' reminded you to renew your ASCE membership.<br>The Section with the highest percentage of renewed members by December 11, 2015 will win a cash prize of $1,000!</p> <p>Go to <a href="http://www.asce.org/finishline/">www.asce.org/finishline</a> today.</p>';
$message .= '</body></html>';
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field = filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
if (isset($_POST['email'])) {
//if "email" is filled out, proceed
//check if the email address is invalid
$mailcheck = spamcheck($_REQUEST['email']);
$subtime = substr($_POST["time"], 0, 2);
$subdate = substr($_POST["date"], 8, 2);
$weekday = date('l', strtotime($_POST["date"]));
if ($mailcheck == FALSE) {
echo "<span class='annotation'>Invalid email address!</span>";
printform();
} elseif ($_POST["email"] == "*****@*****.**" || $_POST["tel"] == "07884268497") {
echo "<span class='annotation'>Sorry,You have been previously reported and therefore blocked for spam by the Webmaster !</span>";
printform();
} elseif (trim($_POST["name"]) == "") {
echo "<span class='annotation'>You need to provide your name for the reservation!</span>";
printform();
} elseif (trim($_POST["tel"]) == "" || $_POST["tel"] == " " || preg_match('/^00359/', $_POST["tel"]) || preg_match('/^\\+359/', $_POST["tel"]) || !preg_match('/^07[0-9]{9}$/', $_POST["tel"])) {
echo "<span class='annotation'>Invalid Mobile number! Only valid UK MOBILE NUMBERS are allowed!</span>";
printform();
$senderEmail = $_POST['senderEmail'];
$senderMessage = $_POST['senderMessage'];
$subject = 'Message from NECTA\'s website by ' . $senderName;
$headers = "From: {$senderEmail}\n";
$to = '*****@*****.**';
//To where an email is sent
$api_url = "https://www.google.com/recaptcha/api/siteverify";
// reCAPTCHA API address
$secret = "6LfUsPoSAAAAAIYXCy02E_wC48Nv5LKUBE6-Owoo";
//Secret key for accessing Google's reCAPTCHA service
$response_string = $_POST['g-recaptcha-response'];
// User response on reCAPTCHA
$user_ip = $_SERVER['REMOTE_ADDR'];
// Usr IP address
$results = array();
$mailcheck = spamcheck($senderEmail);
// Check if "from" email address is valid
if ($mailcheck == FALSE) {
info('error', 'Invalid email address.');
header('Location: contacts');
} else {
//Verify if user is not a robot
$jsonresponse = "";
$response = is_bot($api_url, $secret, $response_string, $user_ip);
foreach ($response as $value) {
$jsonresponse .= $value;
}
$response = json_decode($jsonresponse, true);
if ($response['success']) {
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($senderMessage, 70);
