<?php // Variables $name = trim($_POST['name']); $email = trim($_POST['email']); $phone = trim($_POST['phone']); $phone = trim($_POST['ticket']); // Email address validation - works with php 5.2+ function is_email_valid($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } if (isset($name) && isset($email) && isset($ticket) && isset($phone) && is_email_valid($email)) { // Avoid Email Injection and Mail Form Script Hijacking $pattern = "/(content-type|bcc:|cc:|to:)/i"; if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $ticket) || preg_match($pattern, $phone)) { exit; } // Email will be send $to = "*****@*****.**"; // Change with your email address $subject = "New Event Subscription from GetLeads"; // If you want a default subject // HTML Elements for Email Body $body = <<<EOD \t<strong>Name:</strong> {$name} <br> \t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br> \t<strong>Phone:</strong> {$phone} <br> \t<strong>Ticket:</strong> {$ticket} <br> EOD; //Must end on first column
<?php // Variables $name = trim($_POST['name']); $email = trim($_POST['email']); $phone = trim($_POST['phone']); $date = trim($_POST['date']); $message = trim($_POST['message']); // Email address validation - works with php 5.2+ function is_email_valid($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } if (isset($name) && isset($email) && isset($phone) && isset($date) && isset($message) && is_email_valid($email)) { // Avoid Email Injection and Mail Form Script Hijacking $pattern = "/(content-type|bcc:|cc:|to:)/i"; if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $phone) || preg_match($pattern, $date) || preg_match($pattern, $message)) { exit; } // Email will be send $to = "*****@*****.**"; // Change with your email address $subject = "New appointment request from GetLeads"; // If you want a default subject // HTML Elements for Email Body $body = <<<EOD \t<strong>Name:</strong> {$name} <br> \t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br> \t<strong>Phone:</strong> {$phone} <br> \t<strong>Booking Date:</strong> {$date} <br> \t<strong>Message:</strong> {$message} <br>
function update_info($username, $email, $gender, $student_no, $campus, $qq, $phone, $hide_phone) { if (is_name_valid($username) != '') { return '用户不存在'; } if (is_email_valid($email) != '') { return '邮箱格式不正确'; } if ($gender == 1) { $gender = 'm'; } else { if ($gender == 2) { $gender = 'f'; } else { if ($gender == 3) { $gender = 'u'; } else { return '性别为必填项'; } } } if (strlen($student_no) != 8 || !is_numeric($student_no)) { return '无法识别的学号'; } if (!(is_numeric($campus) && $campus > 0 && $campus < 7)) { return '无效的校区'; } if (strlen($qq) != 0 && (!is_numeric($qq) || strlen($qq) < 5)) { return 'QQ格式不正确,只支持纯数字'; } if (strlen($phone) != 0 && (!is_numeric($phone) || strlen($phone) != 11)) { return '手机号码格式不正确,请输入11位手机号'; } if ($hide_phone != 'true') { $hide_phone = 'n'; } else { $hide_phone = 'y'; } $profile = get_user_information($username); if ($profile == null) { return '用户不存在'; } if ($profile['verified'] == 'y') { $student_no = $profile['student_no']; } if ($profile['email_verified'] == 'y') { $email = $profile['email']; } if ($profile['phone_verified'] == 'y') { $phone = $profile['phone']; } $sql = "UPDATE `ewu_account` SET `email` = ?, `gender` = ?, `student_no` = ?,`campus` = ?, `qq` = ?, `phone` = ?, `hide_phone` = ? WHERE `username` = ? LIMIT 1"; $a_params = array($email, $gender, $student_no, $campus, $qq, $phone, $hide_phone, $username); $count = (new MysqlPDO())->execute($sql, $a_params); if ($count == 1) { return '1'; } else { return '服务器繁忙,更新失败'; } }
<?php // Variables $email = trim($_POST['email']); // Email address validation - works with php 5.2+ function is_email_valid($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } if (isset($email) & is_email_valid($email)) { // Avoid Email Injection and Mail Form Script Hijacking $pattern = "/(content-type|bcc:|cc:|to:)/i"; if (preg_match($pattern, $email)) { exit; } // Email will be send $to = "*****@*****.**"; // Change with your email address $subject = "New email contact from GetLeads"; // If you want a default subject // HTML Elements for Email Body $body = <<<EOD \t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br> EOD; //Must end on first column $headers = "From: <{$email}>\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // PHP email sender mail($to, $subject, $body, $headers); }
public function form_to_db($post, $add_defaults = false, $is_panic = true) { $this->is_panic = $is_panic; $db = array(); foreach ($this->fields as $field => $rules) { if (!isset($post[$field])) { if ($add_defaults) { if (isset($rules['default'])) { $post[$field] = $rules['default']; } else { throw new Exception("No default value for field '{$field}'"); } } else { if (isset($rules['required'])) { $this->panic($field, 'required'); continue; } else { continue; } } } $value = $post[$field]; if (isset($rules['enum'])) { if (!isset($rules['enum'][$value])) { $this->panic($field, 'enum'); continue; } } if (isset($rules['limit'])) { $value = (int) $value; if (isset($rules['limit']['min']) && $value < $rules['limit']['min']) { $this->panic($field, 'limit_min'); continue; } else { if (isset($rules['limit']['max']) && $value > $rules['limit']['max']) { $this->panic($field, 'limit_max'); continue; } } } if (isset($rules['length'])) { $len = mb_strlen($value, 'utf-8'); if (isset($rules['length']['min']) && $len < $rules['length']['min']) { $this->panic($field, 'length_min'); continue; } else { if (isset($rules['length']['max']) && $len > $rules['length']['max']) { $this->panic($field, 'length_max'); continue; } } } if (isset($rules['regexp'])) { if (!preg_match($rules['regexp'], $value)) { $this->panic($field, 'regexp'); continue; } } if (isset($rules['id'])) { //todo? $value = (int) $value; if ($value <= 0) { $this->panic($field, 'id'); continue; } } if (isset($rules['url'])) { if (!is_url_valid($value)) { $this->panic($field, 'url'); continue; } } if (isset($rules['email'])) { if (!is_email_valid($value)) { $this->panic($field, 'email'); continue; } } if (isset($rules['required'])) { if (!$value) { $this->panic($field, 'required'); continue; } } if (isset($rules['checkbox'])) { if (!in_array($value, array('y', 'n'))) { $this->panic($field, 'checkbox'); continue; } } $db[$field] = $value; } return $db; }
// FROM NOW ON, WE USE THIS $cName = ''; $cEmail = ''; $cSubject = ''; $cContent = ''; $cDate = ''; $cBody = ''; // REGISTRATION SENT if (!empty($_POST['submitContact'])) { if (!empty($_POST['cName'])) { $cName = trim($_POST['cName']); } else { $error['cName'] = 'A name is needed to send this contact form.'; } // email if (!empty($_POST['cEmail']) && is_email_valid($_POST['cEmail'])) { $cEmail = $_POST['cEmail']; } else { $error['cEmail'] = 'A valid email address is needed.'; } // subject if (!empty($_POST['cSubject'])) { $cSubject = trim($_POST['cSubject']); } else { $error['cSubject'] = 'Subject is needed.'; } // body if (!empty($_POST['cBody'])) { $cBody = trim($_POST['cBody']); } else { $error['cBody'] = 'No message, no contact. Please, write something if you want to contact.';
<?php // Variables $name = trim($_POST['name']); $email = trim($_POST['email']); // Email address validation - works with php 5.2+ function is_email_valid($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } if (isset($name) && isset($email) && is_email_valid($email)) { // Avoid Email Injection and Mail Form Script Hijacking $pattern = "/(content-type|bcc:|cc:|to:)/i"; if (preg_match($pattern, $name) || preg_match($pattern, $email)) { exit; } // Email will be send $to = "*****@*****.**"; // Change with your email address $subject = "New contact from GetLeads"; // If you want a default subject // HTML Elements for Email Body $body = <<<EOD \t<strong>Name:</strong> {$name} <br> \t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br> EOD; //Must end on first column $headers = "From: {$name} <{$email}>\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // PHP email sender
<?php // Variables $name = trim($_POST['name']); $email = trim($_POST['email']); $subject = trim($_POST['subject']); $message = trim($_POST['message']); // Email address validation - works with php 5.2+ function is_email_valid($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } if (isset($name) && isset($email) && isset($message) && isset($subject) && is_email_valid($email)) { // Avoid Email Injection and Mail Form Script Hijacking $pattern = "/(content-type|bcc:|cc:|to:)/i"; if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $message) || preg_match($pattern, $subject)) { exit; } // Email will be send $to = "*****@*****.**"; // Change with your email address // HTML Elements for Email Body $body = <<<EOD \t<strong>Name:</strong> {$name} <br> \t<strong>Email:</strong> <a href="mailto:{$email}?subject=feedback" "email me">{$email}</a> <br> <br> \t<strong>Message:</strong> {$message} <br> EOD; //Must end on first column $headers = "From: {$name} <{$email}>\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
function register_account($email, $email_confirmation, $civility, $firstname, $lastname, $adress, $country, $postal_code, $city, $phone_fixe, $phone_mobile, $password, $password_confirmation) { if (!is_email_valid($email) || check_if_email_already_taken($email) || !do_passwords_match($email, $email_confirmation) || $civility != 'M' && $civility != 'Mlle' && $civility != 'Mme' || !is_name_valid($firstname) || !is_name_valid($lastname) || !is_adress_valid($adress) || !is_postal_code_valid($postal_code) || !is_city_valid($city) || !is_phone_number_valid($phone_fixe) || !is_phone_number_valid($phone_mobile) || !is_password_valid($password) || !do_passwords_match($password, $password_confirmation)) { redirect('register.php'); } else { insert_account_in_db($email, $civility, $firstname, $lastname, $adress, $country, $postal_code, $city, $phone_fixe, $phone_mobile, $password); $_SESSION['email'] = $email; redirect('../index.php'); } }
$password = $password . $valid[rand(0, strlen($valid) - 1)]; } for ($i = 0; $i < 8; $i++) { $salt = $salt . $valid[rand(0, strlen($valid) - 1)]; } $crypt = $salt . md5($salt . $password); $doconf = 0; if (LOCK_PWCHG_LEVEL > 0 || CONFIRM_STAR_PWRESET && is_email_valid(CONFIRM_STAR_PWRESET_MAIL)) { $ra = pg_safe_exec("SELECT access FROM levels WHERE channel_id=1 AND user_id='" . $user->id . "'"); if ($oa = @pg_fetch_object($ra, 0)) { if (LOCK_PWCHG_LEVEL > 0 && LOCK_PWCHG_LEVEL <= $oa->access) { // lock prevails... echo "<h1>Error</h1><h3><br>\nFor security reasons, this option has been disabled for you.</h3>\n"; echo "</body></html>\n\n"; die; } elseif (CONFIRM_STAR_PWRESET && is_email_valid(CONFIRM_STAR_PWRESET_MAIL) && $oa->access > 0) { $rp = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE user_id='" . $user->id . "'"); if ($op = @pg_fetch_object($rp, 0)) { echo "<h1>Error</h1><h3><br>\nA pending password change is already in progress for you.</h3>\n"; echo "</body></html>\n\n"; die; } else { $Xcrc = md5($user->id . "modFP" . CRC_SALT_0015 . $crypt); pg_safe_exec("INSERT INTO pending_passwordchanges VALUES ('" . post2db($Xcrc) . "','" . $user->id . "','" . $user->password . "','" . $crypt . "','" . post2db($password) . "',now()::abstime::int4)"); if (LOCK_ON_PWCHG) { $crypt = "*"; } else { $crypt = $user->password; } $ss = "[Forgotten Password] Confirmation request for '" . $user->username . "'"; $mm = "";
echo "<input type=hidden name=username value=\"" . post2input($_POST["username"]) . "\">\n"; echo "<input type=hidden name=username_crc value=\"" . md5(CRC_SALT_0008 . $_POST["username"] . "UCHECK") . "\">\n"; echo "Please enter your primary email address. Use your ISP email address where possible. Your email address will never be used "; echo "to send you unsolicited email. It will be used to send you information on how to obtain your "; echo "password.<br><br>\n"; echo "<label>Email Address: <input type=text name=email maxlength=128>\n"; $jsf .= "\tif (f.email.value == '') { all_ok = false; }\n"; $jsf .= "\tvar msg = 'Please type in your e-mail address !';\n"; } break; case 4: if (md5(CRC_SALT_0008 . $_POST["username"] . "UCHECK") != $_POST["username_crc"]) { $err .= "<li> <b>Attempt to hack page content !</b> (username)\n"; $hackpc = 1; } if (!is_email_valid($_POST["email"])) { $err .= "<li> Your e-mail address is invalid.\n"; } if (is_email_locked($LOCK_USERNAME, $_POST["email"])) { $err .= "<li> You are not allowed to create an account using this email address (" . $_POST["email"] . ")\n"; } $email_nreg = pg_safe_exec("SELECT * FROM noreg WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "' and user_name='*'"); if (pg_numrows($email_nreg) > 0) { $err .= "<li> This email account (" . $_POST["email"] . ") is in NOREG, you can't use it for username registration.\n"; } $email_dbh = pg_safe_exec("SELECT user_name FROM users WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "'"); if (pg_numrows($email_dbh) > 0) { $err .= "<li> There is already an account registered with that email address.<br>You can only have one account per person. If you have lost your password and require a new one to be resent <a href=\"forgotten_pass.php\">click here</a>.\n"; } if ($err != "") { err_newuser($err);