function sendEmail() { if (isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "*****@*****.**"; $email_subject = "Website Inquiry : "; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error . "<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die; } // validation expected data exists if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['subject']) || !isset($_POST['message'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $name = $_POST['name']; // required $email = $_POST['email']; // required $subject = $_POST['subject']; // required $message = $_POST['message']; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+\$/"; if (!preg_match($string_exp, $name)) { $error_message .= 'The Name you entered does not appear to be valid.<br />'; } if (strlen($message) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "Name: " . clean_string($name) . "\n"; $email_message .= "Email: " . clean_string($email) . "\n"; $email_message .= "Subject: " . clean_string($subject) . "\n"; $email_message .= "Message: " . clean_string($message) . "\n"; // create email headers $headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); } }
<?php if (isset($_POST['emailphp'])) { if (!isset($_POST['nombrephp']) || !isset($_POST['asuntophp']) || !isset($_POST['mensajephp'])) { died('Asegurese de haber llenado todos los campos.'); } $name = json_decode($_POST['nombrephp']); $email = json_decode($_POST['emailphp']); $asunto = json_decode($_POST['asuntophp']); $mensaje = json_decode($_POST['mensajephp']); $email_to = "*****@*****.**"; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email)) { died('La dirección de correo proporcionada no es válida.'); } $mensaje_final = "Mensaje enviado de: " . $name . PHP_EOL . PHP_EOL . $mensaje; $headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $asunto, $mensaje_final, $headers); echo "Su mensaje fue recibido con exito. Nos pondremos en contacto con usted a la brevedad posible"; } function died($error) { echo "Lo sentimos, hubo un error en sus datos y el formulario no puede ser enviado en este momento. "; echo "Detalle de los errores." . PHP_EOL . PHP_EOL; echo $error . PHP_EOL . PHP_EOL; echo "Porfavor corrija estos errores e inténtelo de nuevo." . PHP_EOL . PHP_EOL; die; }
if (isset($_POST['email'])) { $email_to = "*****@*****.**"; $email_subject = "Website Contact"; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error . "<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die; } // validation expected data exists if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['message'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "Name: " . clean_string($name) . "\n"; $email_message .= "Email: " . clean_string($email) . "\n"; $email_message .= "Message: " . clean_string($message) . "\n"; // create email headers $headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
must be given in your project. It should not be used to sell or make money out of it, for selling licence contact authur Copyright 2016 - All Rights Reserved - Prateek Mathapati */ /*Getting User Input from form and assigning it to variable*/ $uname = $_POST['uname']; $uemail = $_POST['uemail']; $uphone = $_POST['uphone']; $umessage = $_POST['umessage']; $email_to = "<*****@*****.**>"; //Your Mail Id $email_subject = "Customer Contact Details"; /*Validation Function for Empty Fields*/ if (empty($_POST["uname"]) || empty($_POST["uemail"]) || empty($_POST["uphone"]) || empty($_POST["umessage"])) { died('please fill the form before submitting'); exit; } $email2 = "<*****@*****.**>"; /*Clean String for appending the text to body*/ function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } /*Adding text which we got from user form to mail body*/ $email_message = "Customer Contact Details.<br><br>"; $email_message .= "Name: " . clean_string($uname) . "<br><br>"; $email_message .= "Email: " . clean_string($uemail) . "<br><br>"; $email_message .= "Phone No: " . clean_string($uphone) . "<br><br>"; $email_message .= "Message: " . clean_string($umessage) . "<br><br>";
$comments = $_POST['comments']; // required $error_messages = array(); $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email_from)) { array_push($error_messages, 'invalid email address'); } $string_exp = "/^[A-Za-z .'-]+\$/"; if (!preg_match($string_exp, $name)) { array_push($error_messages, 'invalid name'); } if (strlen($comments) < 2) { array_push($error_messages, 'invalid comments'); } if (count($error_messages) > 0) { died($error_messages); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "Name: " . clean_string($name) . "\n"; $email_message .= "Email: " . clean_string($email_from) . "\n"; $email_message .= "Telephone: " . clean_string($telephone) . "\n"; $email_message .= "Comments: " . clean_string($comments) . "\n"; // create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); ?>
echo "<form action=javascript:window.opener.location.href='classified.php?" . sidstr() . "status=7';window.close(); METHOD=POST><input type=submit value={$close}></form>\n"; } else { echo "<form action=javascript:window.opener.location.reload();window.close(); METHOD=POST><input type=submit value={$close}></form>\n"; } echo "</div>\n"; } else { died("FATAL Error !!!"); } } elseif ($adid) { // Ask for sure $result = mysql_query("SELECT * FROM " . $prefix . "ads WHERE id={$adid}"); $db = mysql_fetch_array($result); if ($db[userid] == $_SESSION[suserid] || $_SESSION[susermod]) { echo "<div class=\"mainheader\">{$admydel_head}</div>\n"; echo "<br>\n"; echo "<form action=\"classified_my_del.php\" METHOD=\"POST\">\n"; echo "<div class=\"smsubmit\">{$admydel_msg}<br><br>{$db['header']}\n"; echo "<input type=\"hidden\" name=\"adid\" value=\"{$adid}\">\n"; echo "<input type=\"hidden\" name=\"confirm\" value=\"true\">\n"; echo "<br><br><input type=submit value={$admydel_submit}>\n"; echo "</div></form>\n"; } else { died("FATAL Error !!!"); } } else { // Error died("FATAL Error !!!"); } } // window_footer();
function _exists($path) { needsLoggedIn(); $path = formatPath($path); died(file_exists($path) ? 'true' : 'false'); }
die; } // If any fields were filled out inproperly this this function (above) will work // as a kill switch and return the errors that need to be fixed $errorMessage = ""; // empty string where all the error messages will be concated. if ($firstName == "") { $errorMessage .= "Please fill out \" First: \" field.<br>"; } if ($lastName == "") { $errorMessage .= "Please fill out \" Last: \" field.<br>"; } if ($email == "") { $errorMessage .= "Please fill out \" Email: \" field.<br>"; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errorMessage .= "Invalid email format"; } if ($message == "") { $errorMessage .= "Please write a message.<br>"; } if (strlen($errorMessage) > 0) { died($errorMessage); } else { mail($mailTo, $subject, $message, $phpformsite); echo "Youre message has been sent.<br>"; echo "Thankyou for contacting up<br>"; } ?>
function inquiry_send() { $email_address = $_POST['email_address']; if ($email_address) { $your_name = $_POST['your_name']; $inquiry_parts = $_POST['inquiry_parts']; $product_inquiry = $_POST['product_inquiry']; $email_to = '*****@*****.**'; $email_subject = "Contact from automobile inquiry"; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error . "<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die; } // validation expected data exists if (!isset($your_name) || !isset($product_inquiry) || !isset($email_address)) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $first_name = $your_name; // required $email_from = $email_address; // required $inquiry_parts = $inquiry_parts; // not required $comments = $product_inquiry; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+\$/"; if (!preg_match($string_exp, $your_name)) { $error_message .= 'The First Name you entered does not appear to be valid.<br />'; } if (strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "<p>Name: " . clean_string($your_name) . "</p>"; $email_message .= "<p>Email: " . clean_string($email_from) . "</p>"; $email_message .= "<p>Inquiry parts: " . clean_string($inquiry_parts) . "</p>"; $email_message .= "<p>Comments: " . clean_string($comments) . "</p>"; // create email headers $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: "' . $your_name . '"' . "\r\n"; $headers .= 'Reply-To: ' . $email_from . "\r\n"; $mail_send = wp_mail($email_to, $email_subject, $email_message, $headers); if ($mail_send) { $results = array('success' => true, 'mess' => 'Email successfully sent.'); } else { $results = array('success' => false, 'mess' => 'Email not send, there are some error to send email.'); } echo json_encode($results); } die; }
echo "</div></td></tr>\n"; echo "</table>\n"; echo "<table align=\"center\" cellspacing=\"1\" cellpadding=\"3\" width=\"100%\" border=\"0\">\n"; while ($tempdb = mysql_fetch_array($result)) { if ($choice == "fav") { $query = mysql_query("SELECT * FROM " . $prefix . "ads WHERE id='{$tempdb['adid']}'") or died("Ads - Record NOT Found"); $db = mysql_fetch_array($query); } else { $db = $tempdb; } if ($db) { $result2 = mysql_query("SELECT * FROM " . $prefix . "userdata WHERE id='{$db['userid']}'") or died("Userdata - Record NOT Found" . mysql_error()); $dbu = mysql_fetch_array($result2); $result3 = mysql_query("SELECT * FROM " . $prefix . "adcat WHERE id='{$db['catid']}'") or died("Adcat - Record NOT Found"); $dbc = mysql_fetch_array($result3); $result4 = mysql_query("SELECT * FROM " . $prefix . "adsubcat WHERE id='{$db['subcatid']}'") or died("AdSubcat Record NOT Found"); $dbs = mysql_fetch_array($result4); if (!$db[location]) { $db[location] = $ad_noloc; } $iconstring = ""; for ($i = 10; $i > 0; $i--) { $iconfield = "icon" . $i; $iconalt = "icon" . $i . "alt"; if ($db[$iconfield] && adfield($db[catid], $iconfield)) { $iconstring .= "<img src=\"{$dbc[$iconfield]}\" alt=\"{$dbc[$iconalt]}\" align=\"right\" vspace=\"2\"\n onmouseover=\"window.status='{$dbc[$iconalt]}'; return true;\"\n onmouseout=\"window.status=''; return true;\">\n"; } } echo " <tr>\n"; echo " <td class=\"classcat5\">\n"; if ($db[_picture1] || $db[_picture2] || $db[_picture3] || $db[_picture4] || $db[_picture5]) {
function badwordsmail($msg) { global $prefix; $eachword = explode(" ", $msg); $result = mysql_query("SELECT * FROM " . $prefix . "badwords") or died("Query Error"); while ($db = mysql_fetch_array($result)) { for ($i = 0; $i < count($eachword); $i++) { if (is_int(strpos($eachword[$i], $db['badword']))) { $msg = eregi_replace($eachword[$i], str_repeats("*", strlen($eachword[$i])), $msg); // Badword } } } return stripslashes($msg); }
} else { echo " "; } echo " </td>\n"; echo " <td class=\"classcat2\">\n"; if ($db) { echo " <a href=\"classified.php?catid={$catid}&subcatid={$db['id']}\" onmouseover=\"window.status='{$db['description']}';\n return true;\" onmouseout=\"window.status=''; return true;\">{$db['name']}</a> ({$db['ads']})<br>\n"; } echo " <div class=\"smallleft\">\n"; echo " {$db['description']}<br>\n"; if ($catnotify && $db[id] && $_SESSION[suserid]) { echo " <a href=\"notify.php?addid={$db['id']}\"\n onClick='enterWindow=window.open(\"notify.php?" . sidstr() . "addid={$db['id']}\",\"Notify\",\"width=400,height=200,top=200,left=200\"); return false'\n onmouseover=\"window.status='{$notify_add}'; return true;\"\n onmouseout=\"window.status=''; return true;\">\n <img src=\"{$image_dir}/icons/mail.gif\" border=\"0\" alt=\"{$notify_add}\" align=\"right\" vspace=\"2\"></a>\n"; if ($dbc[passphrase]) { echo "<img src=\"{$image_dir}/icons/key.gif\" alt=\"{$cat_pass}\" align=\"right\" vspace=\"2\"\n onmouseover=\"window.status='{$cat_pass}'; return true;\"\n onmouseout=\"window.status=''; return true;\">"; } if ($show_newicon) { $query = mysql_query("SELECT id FROM " . $prefix . "ads WHERE subcatid='{$db['id']}' AND (TO_DAYS(addate)>TO_DAYS(now())-{$show_newicon})") or died(mysql_error()); if (mysql_num_rows($query)) { echo "<img src=\"{$image_dir}/icons/new.gif\" alt=\"{$cat_new}\" align=\"right\" vspace=\"2\"\n onmouseover=\"window.status='{$cat_new}'; return true;\"\n onmouseout=\"window.status=''; return true;\">"; } } } echo " </div>"; echo " </td>\n"; echo " </tr>\n"; } //End while } # End of Page reached ################################################################################################# echo "</table>\n";
$picsize = explode("x", $pic_lowres); if ($picinfo[0] > intval($picsize[0]) || $picinfo[1] > intval($picsize[1])) { $div[0] = $picinfo[0] / $picsize[0]; $div[1] = $picinfo[1] / $picsize[1]; if ($div[0] > $div[1]) { $sizestr = "width=" . intval($picinfo[0] / $div[0]) . " height=" . intval($picinfo[1] / $div[0]); } else { $sizestr = "width=" . intval($picinfo[0] / $div[1]) . " height=" . intval($picinfo[1] / $div[1]); } } else { $sizestr = $picinfo[3]; } echo " <a href=\"pictureviewer.php?pic={$pic_path}/{$picture}\" onClick='enterWindow=window.open(\"pictureviewer.php?" . sidstr() . "pic={$pic_path}/{$picture}\",\"Picture\",\"width={$pic_width},height={$pic_height},top=100,left=100,scrollbars=yes,resizable=yes\"); return false'>\n <img src=\"{$pic_path}/{$picture}\" {$sizestr} border=\"0\" alt=\"{$ad_enlarge}\"></a>\n"; } elseif ($picture) { // claculate thumbnail-size $result4 = mysql_query("SELECT * FROM " . $prefix . "pictures WHERE picture_name='{$picture}'") or died("Can NOT find the Picture"); $dbp = mysql_fetch_array($result4); $picsize = explode("x", $pic_lowres); if ($dbp[picture_width] > intval($picsize[0]) || $dbp[picture_height] > intval($picsize[1])) { $div[0] = $dbp[picture_width] / $picsize[0]; $div[1] = $dbp[picture_height] / $picsize[1]; if ($div[0] > $div[1]) { $sizestr = "width=" . intval($dbp[picture_width] / $div[0]) . " height=" . intval($dbp[picture_height] / $div[0]); } else { $sizestr = "width=" . intval($dbp[picture_width] / $div[1]) . " height=" . intval($dbp[picture_height] / $div[1]); } } else { $sizestr = "width={$dbp['picture_width']} height={$dbp['picture_height']}"; } echo " <a href=\"pictureviewer.php?id={$picture}\" onClick='enterWindow=window.open(\"pictureviewer.php?" . sidstr() . "id={$picture}\",\"Picture\",\"width={$pic_width},height={$pic_height},top=100,left=100,scrollbars=yes,resizable=yes\"); return false'>\n <img src=\"picturedisplay.php?id={$picture}\" {$sizestr} border=\"0\" alt=\"{$ad_enlarge}\"></a>\n"; }
if ($_SESSION[suserid] || $votefree) { if (!$vote) { header(headerstr($source . "?status=8")); } else { if (isbanned($_SESSION[suserid])) { // IP banned, Do nothing !!! $errormessage = rawurlencode($error[27]); $headerstr = "status=9&errormessage={$errormessage}"; } elseif ($vote && $_SESSION[suserlastvote] + $vote_cookie_time * 3600 > $timestamp && $vote_cookie_time) { // Cookie is set - Already voted, Do nothing !!! $errormessage = rawurlencode($error[25]); $headerstr = "status=9&errormessage={$errormessage}"; } elseif ($vote) { mysql_query("update " . $prefix . "votes set votes=votes+1 where id='{$vote}'") or died("Database Query Error"); if ($_SESSION[suserid]) { mysql_query("update " . $prefix . "userdata set votes=votes+1,lastvotedate=now(),lastvote='{$timestamp}' where id='{$_SESSION['suserid']}'") or died("Database Query Error"); } $_SESSION[suserlastvote] = $timestamp; logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "VOTE: voted", ""); $headerstr = "status=10"; } } } else { $errormessage = rawurlencode($error[28]); $headerstr = "status=9&errormessage={$errormessage}"; } if (strpos("{$source}", "errormessage")) { $source = substr("{$source}", 0, strpos("{$source}", "errormessage") - 1); } if (strpos("{$source}", "?")) { $source = $source . "&";
# purpose : My Profile Area # ################################################################################################# if (!strpos($_SERVER['PHP_SELF'], 'member.php') === false) { die("YOU MAY NOT ACCESS THIS FILE DIRECTLY"); } if ($change == "email") { include "{$language_dir}/member_chemail.inc"; } elseif ($change == "pass") { include "{$language_dir}/member_chpass.inc"; } elseif ($change == "delete") { include "{$language_dir}/member_delete.inc"; } elseif ($change == "sales" && $sales_option) { include "sales_member.php"; } else { $query = mysql_query("select * from " . $prefix . "userdata where id = '{$_SESSION['suserid']}'") or died(mysql_error()); list($id, $username, $password, $email, $sex, $newsletter, $level, $votes, $lastvotedate, $lastvote, $ads, $lastaddate, $lastad, $firstname, $lastname, $address, $zip, $city, $state, $country, $phone, $cellphone, $icq, $homepage, $hobbys, $field1, $field2, $field3, $field4, $field5, $field6, $field7, $field8, $field9, $field10, $picture, $_picture, $language, $registered, $lastlogin, $timezone, $dateformat) = mysql_fetch_row($query); if (!$homepage) { $homepage = "http://"; } if (strpos($client, "MSIE")) { // Internet Explorer Detection $field_size = "50"; $text_field_size = "31"; $input_field_size = "20"; } else { $field_size = "28"; $text_field_size = "20"; $input_field_size = "10"; } echo " <table align=\"center\">\n";
echo "<tr>\n"; echo "<td class=\"classadd1\"><div class=\"maininputleft\"> {$fieldstr} </div></td>\n"; echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"{$att_maxsize}\">\n"; echo "<td class=\"classadd2\"><input type=file name=\"" . $fieldname . "add\" size=\"{$input_field_size}\" maxlength=\"50\" value=\"\"><br>\n"; echo "</td>\n"; echo "</tr>\n"; } } } if ($acount) { echo "<tr>\n"; echo "<td> </td><td><div class=\"mainmenu\">[max. {$att_maxsize} Byte, {$adadd_attnos}]</div></td>\n"; echo "</tr>\n"; } unset($fieldname); } if ($editadid) { echo "<input type=\"hidden\" name=\"editadid\" value=\"{$editadid}\">\n"; } echo "<tr><td colspan=2><div class=\"smallcenter\"> </div></td></tr>\n"; echo "<tr><td align=right><em id=\"red\">** </em></td><td><em id=\"red\">{$require}</em></td></tr>"; echo "<tr>\n"; echo "<td class=\"classadd1\"></td>\n"; echo "<td class=\"classadd2\"><div class=\"mainmenu\"><br><input type=submit value={$adadd_submit}>\n"; echo " {$adadd_submitone}</div></td>\n"; echo "</tr>\n"; echo "</table>\n"; echo "</form>\n"; } else { died("Fatal ERROR"); }
# last modified by : # e-mail : support@phplogix.com # purpose : show ads of a member # ################################################################################################# if (!strpos($_SERVER['PHP_SELF'], 'members_ads.php') === false) { die("YOU MAY NOT ACCESS THIS FILE DIRECTLY"); } if (function_exists("sales_checkuser")) { $is_sales_user = sales_checkuser($userid); } if ($uid && $uname && $show_members_ads && !($sales_option && $sales_members && !$is_sales_user)) { echo "<table align=\"center\" cellspacing=\"0\" cellpadding=\"3\" width=\"100%\" border=\"0\">\n"; echo "<tr><td><div class=\"smallleft\">\n"; echo "{$admy_member}{$uname}\n"; echo "</div></td>\n"; echo "</tr></table>\n"; $result = mysql_query("SELECT * FROM " . $prefix . "ads WHERE userid={$uid} {$approval} ORDER by {$ad_sort}") or died(mysql_error()); echo "<table align=\"center\" cellspacing=\"1\" cellpadding=\"3\" width=\"100%\" border=\"0\">\n"; while ($db = mysql_fetch_array($result)) { $result2 = mysql_query("SELECT * FROM " . $prefix . "userdata WHERE id={$db['userid']}") or died("Record NOT Found"); $dbu = mysql_fetch_array($result2); $result3 = mysql_query("SELECT * FROM " . $prefix . "adcat WHERE id={$db['catid']}") or died("Record NOT Found"); $dbc = mysql_fetch_array($result3); include "classified_ads.inc.php"; } //End while echo "</table>\n"; } else { echo "{$memb_notenabled}"; }
# The Main-Section ################################################################################################# if (!$_SESSION[suserid] || !$adid && !$deladid) { include "{$language_dir}/nologin.inc"; } else { echo "<div class=\"mainheader\">{$favorits_header}</div>\n"; echo "<div class=\"maintext\"><br><center>\n"; if ($deladid) { $query = mysql_query("delete from " . $prefix . "favorits where adid='{$deladid}' AND userid='{$_SESSION['suserid']}'") or died("Database Query Error"); echo "{$favorits_del}<br>\n"; echo "<br><form action=javascript:window.opener.location.reload();window.close() METHOD=POST>\n"; echo "<input type=submit value={$close}></form>\n"; } elseif ($adid) { $query = mysql_query("SELECT * FROM " . $prefix . "favorits WHERE userid={$_SESSION['suserid']} AND adid={$adid}") or died("Database Error"); $result = mysql_num_rows($query); if ($result < 1) { $query = mysql_query("INSERT INTO " . $prefix . "favorits VALUES('{$_SESSION['suserid']}','{$adid}')") or died("Database Error"); echo "{$favorits_done}<br>\n"; } else { echo "{$favorits_exist}<br>\n"; } echo "<br><form action=javascript:window.close() METHOD=POST>\n"; echo "<input type=submit value={$close}></form>\n"; } else { echo "ERROR !!!\n"; } echo "</div>\n"; } # The Foot-Section ################################################################################################# window_footer();
$text = explode(",", $keywords); for ($i = 0; $i < count($text); $i++) { if ($text[$i]) { $sqlquerystr2 = " AND (header LIKE '%" . $text[$i] . "%' OR text LIKE '%" . $text[$i] . "%' OR sfield LIKE '%" . $text[$i] . "%' OR field1 LIKE '%" . $text[$i] . "%' OR field2 LIKE '%" . $text[$i] . "%' OR field3 LIKE '%" . $text[$i] . "%' OR field4 LIKE '%" . $text[$i] . "%' OR field5 LIKE '%" . $text[$i] . "%' OR field6 LIKE '%" . $text[$i] . "%' OR field7 LIKE '%" . $text[$i] . "%' OR field8 LIKE '%" . $text[$i] . "%' OR field9 LIKE '%" . $text[$i] . "%' OR field10 LIKE '%" . $text[$i] . "%' OR field11 LIKE '%" . $text[$i] . "%' OR field12 LIKE '%" . $text[$i] . "%' OR field13 LIKE '%" . $text[$i] . "%' OR field14 LIKE '%" . $text[$i] . "%' OR field15 LIKE '%" . $text[$i] . "%' OR field16 LIKE '%" . $text[$i] . "%' OR field17 LIKE '%" . $text[$i] . "%' OR field18 LIKE '%" . $text[$i] . "%' OR field19 LIKE '%" . $text[$i] . "%' OR field20 LIKE '%" . $text[$i] . "%')"; } } } if ($in[search_sort] && $in[search_sort2]) { $sqlquerystr3 = " ORDER BY {$in['search_sort']} {$in['search_sort2']}"; } else { $sqlquerystr3 = " ORDER BY {$search_sort}"; } $showresult = 0; $sqlquery = "SELECT * FROM " . $prefix . "ads" . $sqlquerystr . $sqlquerystr2 . $sqlquerystr3; $result = mysql_query($sqlquery); // or died(mysql_error()); $db = mysql_fetch_array($result); if ($db) { $sqlquerystr = rawurlencode($sqlquerystr); $sqlquerystr2 = rawurlencode($in[text]); $sqlquerystr3 = rawurlencode($sqlquerystr3); header(headerstr("classified.php?sqlquery={$sqlquerystr}&sqlquery2={$sqlquerystr2}&sqlquery3={$sqlquerystr3}")); exit; } } $error = rawurlencode($error[30]); header(headerstr("classified.php?choice=search&catid={$in['catid']}&subcatid={$in['subcatid']}&status=6&errormessage={$error}")); exit; } else { died("FATAL ERROR"); }
$subject = "{$mail_msg['0']}"; $message = "{$mail_msg['1']}{$username}\n\n{$mail_msg['2']}{$username}\n{$mail_msg['3']}{$password}\n{$mail_msg['4']}{$email}\n{$mail_msg['5']}{$gender[$sex]}\n\n{$mail_msg['7']}"; $from = "From: {$admin_email}\r\nReply-to: {$admin_email}\r\n"; #TODO: this is a huge hole for spammers.. @mail($mailto, $subject, $message, $from); if ($auto_login) { $login = login($username, $password); if ($login != "2") { $register = "{$error['15']}"; } else { $register = 3; } } } else { $hash = substr(md5($secret . $username), 0, 10); $is_success = mysql_query("insert into " . $prefix . "userdata (username, password, email, sex,\n newsletter, firstname, lastname, address, zip, city, state, country,\n phone, cellphone, icq, homepage, hobbys, field1, field2, field3,\n field4, field5, field6, field7, field8, field9, field10, registered, timezone, dateformat, language)\n values ('{$username}', '{$password}', '{$email}', '{$sex}',\n '{$newsletter}', '{$firstname}', '{$lastname}', '{$address}', '{$zip}', '{$city}', '{$state}', '{$country}',\n '{$phone}', '{$cellphone}', '{$icq}', '{$homepage}', '{$hobbys}', '{$field1}', '{$field2}', '{$field3}',\n '{$field4}', '{$field5}', '{$field6}', '{$field7}', '{$field8}', '{$field9}', '{$field10}', '{$timestamp}',\n '{$timezone}','{$_POST['dateformat']}','xc' )") or died(mysql_error()); if ($is_success) { $confirmurl = "{$url_to_start}" . "/confirm.php?hash=" . "{$hash}" . "&nick=" . "{$username}"; $aolconfirmurl = "AOL: <A HREF=\" {$url_to_start}" . "/confirm.php?hash=" . "{$hash}" . "&nick=" . "{$username} \">CLICK HERE</A>"; $mailto = "{$email}"; $subject = "{$mail_msg['0']}"; if (strstr($mailto, "aol")) { // For AOL-Users $message = "{$mail_msg['1']}{$username}\n\n{$mail_msg['2']}{$username}\n{$mail_msg['3']}{$password}\n{$mail_msg['4']}{$email}\n{$mail_msg['5']}{$gender[$sex]}\n\n{$mail_msg['6']}\n\n{$aolconfirmurl}\n\n{$mail_msg['7']}"; } else { $message = "{$mail_msg['1']}{$username}\n\n{$mail_msg['2']}{$username}\n{$mail_msg['3']}{$password}\n{$mail_msg['4']}{$email}\n{$mail_msg['5']}{$gender[$sex]}\n\n{$mail_msg['6']}\n\n{$confirmurl}\n\n{$mail_msg['7']}"; } $from = "From: {$admin_email}\r\nReply-to: {$admin_email}\r\n"; @mail($mailto, $subject, $message, $from); } }
$comments = $_POST['txtMessage']; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+\$/"; if (!preg_match($string_exp, $txtName)) { $error_message .= 'The Name you entered does not appear to be valid.<br />'; } if (strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { info('note2', died($error_message)); header('Location: contact.php'); die; } $email_message = "Message details.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "First Name: " . clean_string($txtName) . "\n"; $email_message .= "Email: " . clean_string($email_from) . "\n"; $email_message .= "Telephone: " . clean_string($telephone) . "\n"; $email_message .= "Comments: " . clean_string($comments) . "\n"; // create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion();
suppr("{$bazar_dir}/{$pic_path}/{$db[$_fieldname]}"); } elseif ($db[$_fieldname]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db[$_fieldname]}'") or died("Database Query Error"); } } // Delete Attachments if any ... for ($i = 1; $i <= 5; $i++) { $fieldname = "attachment" . $i; if ($db[$fieldname] && is_file("{$bazar_dir}/{$att_path}/{$db[$fieldname]}")) { suppr("{$bazar_dir}/{$att_path}/{$db[$fieldname]}"); } } // Delete Entry from favorits-DB mysql_query("delete from " . $prefix . "favorits where adid = '{$db['id']}'") or died("Database Query Error"); // Delete Entry from ads-DB mysql_query("delete from " . $prefix . "ads where id = '{$db['id']}'") or died("Database Query Error - ads"); } } if ($editadid && !$_SESSION[susermod]) { if ($adeditapproval) { $locvar = "choice=my&status=13&textmessage=" . rawurlencode($text_msg[1]); } else { # $locvar="choice=my&status=13&textmessage=".rawurlencode($text_msg[0]); $locvar = "choice=my&status=13"; } } else { if ($adapproval) { $locvar = "choice=my&status=13&textmessage=" . rawurlencode($text_msg[1]); } else { # $locvar="catid=$newcatid&subcatid=$newsubcatid&adid=$newadid&status=13&textmessage=".rawurlencode($text_msg[0]); $locvar = "catid={$newcatid}&subcatid={$newsubcatid}&adid={$newadid}&status=13";
$db = mysql_fetch_array($result); $amount = mysql_query("SELECT count(userid) FROM " . $prefix . "notify WHERE userid='{$_SESSION['suserid']}'") or died("Record NOT Found"); $amount_array = mysql_fetch_array($amount); if ($amount_array[0]) { echo "<table align=\"center\" cellspacing=\"0\" cellpadding=\"3\" width=\"100%\" border=\"0\">\n"; echo "<tr><td><div class=\"smallright\">\n"; echo "{$admy_member}{$db['username']}\n"; echo "</div></td>\n"; echo "</table>\n"; echo "<table align=\"center\" cellspacing=\"1\" cellpadding=\"3\" width=\"100%\" border=\"0\">\n"; $result = mysql_query("SELECT * FROM " . $prefix . "notify WHERE userid='{$_SESSION['suserid']}'") or died("Favorits - Record NOT Found"); while ($tempdb = mysql_fetch_array($result)) { $query = mysql_query("SELECT * FROM " . $prefix . "adsubcat WHERE id='{$tempdb['subcatid']}'") or died("Ads - Record NOT Found"); $db = mysql_fetch_array($query); if ($db) { $query2 = mysql_query("SELECT id,name FROM " . $prefix . "adcat WHERE id='{$db['catid']}'") or died("Ads - Record NOT Found"); $dbc = mysql_fetch_array($query2); echo " <tr>\n"; echo " <td class=\"classcat1\">\n"; if ($db[picture]) { echo "<img src=\"{$db['picture']} \">\n"; } else { echo " "; } echo " </td>\n"; echo " <td class=\"classcat2\">\n"; echo " <a href=\"classified.php?catid={$db['catid']}&subcatid={$db['id']}\" onmouseover=\"window.status='{$db['description']}';\n return true;\" onmouseout=\"window.status=''; return true;\">{$dbc['name']}/{$db['name']}</a> ({$db['ads']})<br>\n"; echo " <div class=\"smallleft\">\n"; echo " <a href=\"notify.php?delid={$db['id']}\"\n onClick='enterWindow=window.open(\"notify.php?" . sidstr() . "delid={$db['id']}\",\"Delete\",\"width=400,height=200,top=100,left=100\"); return false'\n onmouseover=\"window.status='{$adnot_delete}'; return true;\"\n onmouseout=\"window.status=''; return true;\">\n <img src=\"{$image_dir}/icons/trash.gif\" border=\"0\" alt=\"{$adnot_delete}\" align=\"right\" vspace=\"2\"></a>\n"; echo " {$db['description']}\n"; echo " </div>";
} elseif ($db[picture2]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['picture2']}'") or died(mysql_error()); } if (!$pic_database && $db[_picture2] && is_file("{$bazar_dir}/{$pic_path}/{$db['_picture2']}")) { suppr("{$bazar_dir}/{$pic_path}/{$db['_picture2']}"); } elseif ($db[_picture2]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['_picture2']}'") or died(mysql_error()); } if (!$pic_database && $db[picture3] && is_file("{$bazar_dir}/{$pic_path}/{$db['picture3']}")) { suppr("{$bazar_dir}/{$pic_path}/{$db['picture3']}"); } elseif ($db[picture3]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['picture3']}'") or died(mysql_error()); } if (!$pic_database && $db[_picture3] && is_file("{$bazar_dir}/{$pic_path}/{$db['_picture3']}")) { suppr("{$bazar_dir}/{$pic_path}/{$db['_picture3']}"); } elseif ($db[_picture3]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['_picture3']}'") or died(mysql_error()); } // Delete Entry from favorits-DB mysql_query("delete from " . $prefix . "favorits where adid = '{$db['id']}'") or died(mysql_error()); // Delete Entry from ads-DB mysql_query("delete from " . $prefix . "ads where id = '{$db['id']}'") or died(mysql_error()); } } else { // or only overwrite the password :-) better mysql_query("update " . $prefix . "ads set deleted='1' where userid = '{$_SESSION['suserid']}'") or died(mysql_error()); mysql_query("update " . $prefix . "userdata set password='******',language='xd' where id = '{$_SESSION['suserid']}'") or died(mysql_error()); } logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: deleted", ""); logout(); header(headerstr("main.php?status=7"));
</section> <!-- ********************************************** --> <?php if (isset($_POST['email'])) { $email_to = "*****@*****.**"; $email_subject = "Amazing Nicaragua Adventures has received a new message"; function died($error) { // Mensaje de error echo '<p style="text-align:center;color: red;font-weight: bold;"><BR>An error has occurred while send your message.</p>'; //echo $error."<br /><br />"; die; } // validacion de campos if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['telephone']) || !isset($_POST['message'])) { died('An error has occurred while send your message.'); } $name = $_POST['name']; // obligatorio $email = $_POST['email']; // obligatorio $telephone = $_POST['telephone']; // no obligatorio $message = $_POST['message']; // obligatorio $error_message = ""; $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string);
$email = $_POST['email']; } else { $email = ''; } //required, validation done here $error_message = ""; $error_script = '<script type="text/javascript">if (typeof $ != \'undefined\') {'; /* Email*/ $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (preg_match($email_exp, $email) == 0) { $error_message .= 'Invalid email.'; $error_script .= '$("#semail").addClass(".has-error"); '; } $error_script .= "}</script>"; if (strlen($error_message) > 0) { died($error_message, $error_script); } /* UPDATE DATABASE */ $user = MarketingUserIdWithEmail($email); //check if this user already exists in our database if ($user > 0) { if (UpdateMarketingUser($user, "{$fname} {$lname}", '', $company, $phone, 1)) { // echo 'Updated marketing user '.$user."...\n"; } else { // echo 'Failed to update marketing user '.$user."...\n"; } } else { if (AddMarketingUser("{$fname} {$lname}", '', $company, $email, $phone, 0, $app, 1)) { $user = MarketingUserIdWithEmail($email); // echo 'Added marketing user '.$user."...\n"; } else {
} suppr("{$bazar_dir}/{$pic_path}/{$_picture}"); } } } } if ($picture_del) { $picture = ""; $_picture = ""; } // Database Update $query = mysql_query("update " . $prefix . "userdata\n\t\t\t\t\t\t set sex = '{$_POST['sex']}',\n\t\t\t\t newsletter = '{$_POST['newsletter']}',\n\t\t\t\t\t\t firstname = '{$_POST['firstname']}',\n\t\t\t\t\t\t lastname = '{$_POST['lastname']}',\n\t\t\t\t\t\t address = '{$_POST['address']}',\n\t\t\t\t\t\t zip = '{$_POST['zip']}',\n\t\t\t\t\t\t city = '{$_POST['city']}',\n\t\t\t\t\t\t state = '{$_POST['state']}',\n\t\t\t\t\t\t country = '{$_POST['country']}',\n\t\t\t\t\t\t phone = '{$_POST['phone']}',\n\t\t\t\t\t\t cellphone = '{$_POST['cellphone']}',\n\t\t\t\t\t\t icq = '{$_POST['icq']}',\n\t\t\t\t\t\t homepage = '{$_POST['homepage']}',\n\t\t\t\t\t\t hobbys = '{$_POST['hobbys']}',\n picture= '{$picture}',\n _picture= '{$_picture}',\n\t\t\t\t\t\t field1 = '{$_POST['field1']}',\n\t\t\t\t\t\t field2 = '{$_POST['field2']}',\n\t\t\t\t\t\t field3 = '{$_POST['field3']}',\n\t\t\t\t\t\t field4 = '{$_POST['field4']}',\n\t\t\t\t\t\t field5 = '{$_POST['field5']}',\n\t\t\t\t\t\t field6 = '{$_POST['field6']}',\n\t\t\t\t\t\t field7 = '{$_POST['field7']}',\n\t\t\t\t\t\t field8 = '{$_POST['field8']}',\n\t\t\t\t\t\t field9 = '{$_POST['field9']}',\n\t\t\t\t\t\t field10 = '{$_POST['field10']}',\n\t\t\t\t\t\t timezone = '{$_POST['timezone']}',\n\t\t\t\t\t\t dateformat = '{$_POST['dateformat']}'\n\t\t\t where id = '{$_SESSION['suserid']}'") or died(mysql_error()); $_SESSION[susertimezone] = $_POST[timezone]; $_SESSION[suserdateformat] = $_POST[dateformat]; logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: updated data", ""); if (!$query) { $m_update = $error[20]; } else { $m_update = 2; } } if ($m_update != 2) { died($m_update); # $errormessage=rawurlencode($m_update); # header(headerstr("members.php?choice=myprofile&status=6&errormessage=$errormessage")); exit; } else { header(headerstr("members.php?choice=myprofile&status=5")); exit; } }
<?php // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "boute.alexis@free.fr, cindy0523@orange.fr"; $email_subject = "Réponse mariage"; function died($error) { // your error code can go here echo "Une erreur est survenu"; echo $error . "<br /><br />"; die; } // validation expected data exists if (!isset($_POST['nom']) || !isset($_POST['inlineRadioOptions'])) { died('Veuillez remplir au moins votre nom et la participation'); } $nom = $_POST['nom']; // required $participation = $_POST['inlineRadioOptions']; // required $adulte_vin = $_POST['adultevin']; // required $enfant_vin = $_POST['enfantvin']; // not required $adulte_repas = $_POST['adulterepas']; // required $enfant_repas = $_POST['enfantrepas']; // not required $comments = $_POST['comments']; // required function clean_string($string)
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+\$/"; if (!preg_match($string_exp, $first_name)) { $error_message .= 'The First Name you entered does not appear to be valid.<br />'; } if (!preg_match($string_exp, $last_name)) { $error_message .= 'The Last Name you entered does not appear to be valid.<br />'; } if (strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "First Name: " . clean_string($first_name) . "\n"; $email_message .= "Last Name: " . clean_string($last_name) . "\n"; $email_message .= "Email: " . clean_string($email_from) . "\n"; $email_message .= "Telephone: " . clean_string($telephone) . "\n"; $email_message .= "Comments: " . clean_string($comments) . "\n"; // create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers);
function AddAttachment($path, $name = "", $encoding = "", $type = "") { global $timestamp, $bazar_dir, $webmail_path; if (!@is_file($path)) { $this->error_handler(sprintf("Could not access [%s] file", $path)); return false; } $filename = basename($path); if ($name == "") { $name = $filename; } // Append to $attachment array $temp = explode(".", "{$name}"); $ext = "." . $temp[count($temp) - 1]; if ($ext != ".txt" && $ext != ".doc" && $ext != ".pdf" && $ext != ".gif" && $ext != ".jpg" && $ext != ".png" && $ext != ".zip" && $ext != ".gz") { $ext = ".txt"; } $cur = count($this->attachment); $picturename = $timestamp + $cur . $ext; $this->attachment[$cur] = $picturename; copy("{$path}", "{$bazar_dir}/{$webmail_path}/{$picturename}"); if (!is_file("{$bazar_dir}/{$webmail_path}/{$picturename}")) { died("{$bazar_dir}/{$webmail_path} is not a dir or not writeable!"); } return true; }