$filtered_email = filter_var($email_str, FILTER_VALIDATE_EMAIL);
if ($filtered_email) {
return true;
} else {
return false;
}
}
$message = '';
# if change requested
if (isset($_POST['contactedit'])) {
$message = "Invalid Submission. Please Retry.";
if (isset($_POST['contactname']) && isset($_POST['contactemail']) && isset($_POST['url'])) {
$contact_name = trim(htmlspecialchars($_POST['contactname']));
$survey_url = trim(htmlspecialchars($_POST['url']));
$emailEdit = trim(htmlspecialchars($_POST['contactemail']));
if (isFiltered($emailEdit) && !isInjected($emailEdit)) {
$contact_email = $emailEdit;
$message = "Information Successfully Changed.";
$contactInfo = array($contact_name, $contact_email, $survey_url);
file_put_contents('contact.txt', implode("\n", $contactInfo));
} else {
$message = "Change Unsuccessful.\nInvalid Email.";
}
}
}
# Retrieves contact information.
$infoParts = file('contact.txt', FILE_IGNORE_NEW_LINES);
$contact_name = $infoParts[0];
$contact_email = $infoParts[1];
$survey_url = $infoParts[2];
?>
<?php
// This function checks for email injection. Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
function isInjected($str)
{
$injections = array('(\\n+)', '(\\r+)', '(\\t+)', '(%0A+)', '(%0D+)', '(%08+)', '(%09+)');
$inject = join('|', $injections);
$inject = "/{$inject}/i";
if (preg_match($inject, $str)) {
return true;
} else {
return false;
}
}
// Load form field data into variables.
$email_address = $_REQUEST['email_address'];
$message = $_REQUEST['message'];
// If the user tries to access this script directly, redirect them to feedback form,
if (!isset($_REQUEST['email_address'])) {
header("Location: contact.html");
} elseif (empty($email_address) || empty($message)) {
header("Location: error_message.html");
} elseif (isInjected($email_address)) {
header("Location: error_message.html");
} else {
mail("*****@*****.**", "Invest Capital website contact form", $message, "From: {$email_address}");
header("Location: contact_sent.html");
}
touch($filename);
chmod($filename, 0746);
$outFile = fopen($filename, 'a');
$namelist = explode('+', $tutor[0]);
$ed = $tutor[2];
$hrs = $tutor[3];
$entry = array($namelist[0] . $namelist[1] . $hrs . $ed . '.csv');
fputcsv($outFile, $entry);
fclose($outFile);
# Email
$emailadd = $tutor[1];
$subject = "Availability Survey";
$content = "\n <html>\n <head>\n <title>Availability Survey</title>\n </head>\n <body>\n <p>\n {$namelist['0']} {$namelist['1']}, <br /><br />\n You are currently listed as a tutor for the upcoming \n semester. <br />\n Please take a few minutes and fill out this survey regarding\n your schedule and times you are available for tutoring. <br />\n You must be on the campus network to access the survey. <br />\n Also, from personal experience, the survey works best when\n completed using Google Chrome.\n </p>\n <br />\n <p>\n <a href={$survey_url}>Tutoring Survey</a>\n </p>\n <br />\n <p>\n {$contact_name}\n </p>\n </body>\n </html>\n ";
$headers = "From: {$contact_name} <{$contact_email}>" . "\r\n";
$headers .= "Content-type: text/html; charset=utf-8" . "\r\n";
if (isFiltered($emailadd) && !isInjected($emailadd)) {
mail($emailadd, $subject, $content, $headers);
} else {
$subj = "Availability Survey: Email Issue";
$alt_content = "There was an issue with {$namelist['0']} {$namelist['1']}'s\n email.";
$alt_headers = "From: Scheduling System <{$contact_email}>";
mail($contact_email, $subj, $alt_content, $alt_headers);
}
}
# Put number of tutors into text file
$tutorcount = count($tutorinfo);
// count of tutors in db
$filename = 'counts/' . $title . 'tutorcount.txt';
touch($filename);
chmod($filename, 0606);
file_put_contents($filename, $tutorcount);
