//address using FILTER_VALIDATE_EMAIL if (filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if ($_POST['spamCheck'] != "cold") { echo "NO bots"; } elseif (empty($_POST['name']) || empty($_POST['email']) || $_POST['subject'] == "x" || empty($_POST['spamCheck']) || empty($_POST['message'])) { echo '<p>Please fill in all required fields.</p><p>Please use your browsers back button to complete the form.</p>'; } else { if (isset($_POST['email'])) { //if "email" and fields is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_POST['email']); if ($mailcheck == FALSE) { echo "Email is not correctly formatted or is invalid."; } else { //send email $name = $_POST['name']; $email = $_POST['email']; $subject = $_POST['subject']; $message = $_POST['message']; $logs = $_POST['logs']; $message = $message; $full = wordwrap($message, 70); mail("*****@*****.**", $subject, $full, "From: {$name} <{$email}>"); header("Location: thanks.html"); } } else {
</div> </div> </div> <div class="small-12 medium-3 columns"> </div> </div> </form> <?php } else { // the user has submitted the form // Check if the "from" input field is filled out if (isset($_POST["from"])) { // Check if "from" email address is valid $mailcheck = spamcheck($_POST["from"]); if ($mailcheck == FALSE) { echo "Invalid input"; } else { $fName = strip_tags($_POST["first"]); $lName = strip_tags($_POST["last"]); $from = strip_tags($_POST['from']); // sender $to = strip_tags($_POST["to"]); // reicipient $subject = "Remember to renew your ASCE membership"; $message = '<html><body>'; $message .= '<p>Hi,</p><p>' . $fName . ' ' . $lName . ' reminded you to renew your ASCE membership.<br>The Section with the highest percentage of renewed members by December 12, 2014 will win a cash prize of $1,000!</p> <p>Go to <a href="http://www.asce.org/ymfinishline/">www.asce.org/finishline</a> today.</p>'; $message .= '</body></html>'; // message lines should not exceed 70 characters (PHP rule), so wrap it $message = wordwrap($message, 70);
function spamcheck($field) { // The FILTER_SANITIZE_EMAIL filter removes all forbidden e-mail characters from the inserted string. $field = filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail address that is inserted. // The FILTER_VALIDATE_EMAIL filter validates the value of the text inserted as an e-mail address if (filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_POST['contact_email'])) { //this is a simple check that makes sure the email field not empty //this is the check that uses the validation function to ensure the email address is valid $mailcheck = spamcheck($_POST['contact_email']); if ($mailcheck == FALSE) { echo "You have inserted an incorrect email address or have left some of the fields empty"; die; } else { $to = "*****@*****.**"; $name = $_POST['contact_name']; $email = $_POST['contact_email']; $subject = $_POST['contact_subject']; $message = nl2br($_POST['contact_message']); mail($to, $subject, $message, "Reply-To:{$email}\r\nFrom: \"{$name}\" <{$email}>"); } } header('location:' . $_SERVER['HTTP_REFERER']); exit; ?>
<form id="contact_block" method="post" action="<?php echo $_SERVER["PHP_SELF"]; ?> "> <name>name</name><input type="text" name="name" required placeholder="John Smith"><br> <name>email</name><input type="email" name="email" required placeholder="*****@*****.**"><br> <name>message</name><textarea required name="message" placeholder="I would like to talk to you!"></textarea><br> <input class="button" type="submit" value="send" /> </form> <?php } else { // the user has submitted the form // Check if the "from" input field is filled out if (isset($_POST["email"])) { // Check if "from" email address is valid $mailcheck = spamcheck($_POST["email"]); if ($mailcheck == FALSE) { echo "Invalid input"; } else { $name = $_POST["name"]; $from = $_POST["email"]; // sender $message = "Message From: " . $name . "\n\n"; $message = $message . $_POST["message"]; // message lines should not exceed 70 characters (PHP rule), so wrap it $message = wordwrap($message, 70); // send mail mail("*****@*****.**", "Contact Form Message", $message, "From: {$from}\n"); echo "<br><br><br>Thank you, I'll get to your comment as soon as I can!"; } }
{ //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field = filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if (filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['EmailAddress'])) { //if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['EmailAddress']); $code = $_REQUEST['Code']; if ($mailcheck == FALSE || $code == "Code") { echo "Invalid input"; } elseif ($code == "Code") { echo "Please input a valid code."; } else { //send email // echo "Getting data . . . "; $firstName = $_REQUEST['FirstName']; $lastName = $_REQUEST['LastName']; $address = $_REQUEST['PostalAddress']; $city = $_REQUEST['City']; $province = $_REQUEST['Province']; $postalCode = $_REQUEST['PostalCode']; $phoneNumber = $_REQUEST['PhoneNumber'];
} else { echo '<body>'; } echo '<div id="main" style="padding: 5px; width: 215px; height: 170px; margin-top: 10px;">'; if (login_checklogin()) { if ($_GET['action'] == 'reply') { draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_GET['answereid']); } elseif ($_GET['action'] == 'send_reply') { if (userblock_check($_GET['userid'], $_SESSION['login']['id']) == 1) { jscript_alert('Den användare som du har angivit som mottagare har blockerat dig, och ditt meddelande kan därför inte skickas!'); echo '<script language="javascript">history.go(-1);</script>'; die; } /* if(644314 == $_SESSION['login']['id']) log_to_file('henrik', LOGLEVEL_DEBUG, __FILE__, __LINE__, $_POST['message']); */ $spamval = spamcheck($_SESSION['login']['id'], $_POST['message']); if ($spamval == 1) { echo '<script language="javascript">setTimeout(\'window.close();\',500);</script>'; new_entry($_GET['userid'], $_SESSION['login']['id'], $_POST['message'], $_POST['is_private'], $_GET['answereid']); echo '<h1>Inlägget skickat!</h1>'; } else { echo '<script language="javascript">alert("' . $spamval . '");</script>'; draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_POST['message']); } } } else { die('Du tycks ha loggats ut :('); } echo '</div></body></html>';
for ($i = 0; $i < count($addresses); $i++) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $addresses[$i] = filter_var($addresses[$i], FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if (!filter_var($addresses[$i], FILTER_VALIDATE_EMAIL)) { return FALSE; } } return TRUE; } if (isset($_REQUEST['to'])) { //if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['to']); if ($mailcheck == FALSE) { echo "One or more of the email addresses you entered was malformed. Please input valid email addresses separated by commas or semi-colons.<br>"; echo "<a href=mailform.php>Back</a>"; } else { //send email $to = $_REQUEST['to']; $from = $_REQUEST['from']; $subject = $_REQUEST['subject']; $message = $_REQUEST['message']; $htmlmail = $_REQUEST['htmlmail']; $headers = 'From: ' . $from . "\r\n"; $headers .= 'Bcc: spencerbartz@gmail.com' . "\r\n"; if (isset($_REQUEST['attach'])) { $file = $_REQUEST['attach']; $filename = "server/uploads/" . $_REQUEST['attach'];
//address using FILTER_VALIDATE_EMAIL if (filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } $message = ""; if (isset($_POST['submit'])) { $email = $_POST['email']; $query = "SELECT * FROM BandsOfTheYearVotersPublic WHERE EmailHash = PASSWORD('{$email}')"; $result = mysql_query($query); if (mysql_num_rows($result) > 0) { $message = "That email address has already signed up to vote!"; } else { if (!spamcheck($email)) { $message = "Invalid Email Address"; } else { $query = "INSERT INTO BandsOfTheYearVotersPublic (EmailHash, Voted) VALUES (PASSWORD('{$email}'), 0)"; mysql_query($query); //Send Email $subject = "Bands of the Year Public Vote"; $from = "*****@*****.**"; $body = "Thank you for chosing to vote in ILMarching.com's Bands of the Year Public Vote\n\n"; $body .= "The entire public vote will count for 1 ballot in the real Bands of the Year vote.\n\n"; $body .= "To cast your vote, go to the following website:\n"; $body .= "http://ilmarching.com/botyBallotPublic.php\n\n"; $body .= "Your username is: {$email} \n"; $body .= "Your password is: " . substr(sha1($email), 0, 6); $body .= "\n\nThis password is Case Sensitive. Type it in exactly as you see here.\n\n"; $body .= "Cast your ballot as you see fit, remembering that Number 1. is the best band in the division, and so on down the line.\n\n";
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]; ?> "> Suggest a map [URL]: <input type="text" name="url"> Your email [optional]: <input type="text" name="from_user"> <input type="submit" name="submit" value="Send"> </form> </small></h5> <?php } else { // the user has submitted the form // Check if the "from" input field is filled out if (isset($_POST["from_user"])) { // Check if "from" email address is valid $mailcheck = spamcheck($_POST["from_user"]); if ($mailcheck == FALSE) { echo "Invalid input"; } else { $from_add = "EMAIL"; $to_add = "EMAIL"; $message = "{$_POST["url"]}\n{$_POST["from_user"]}"; $subject = "Novo mapa sugerido"; $headers = "From: {$from_add} \r\n"; $headers .= "Reply-To: {$from_add} \r\n"; $headers .= "Return-Path: {$from_add}\r\n"; $headers .= "X-Mailer: PHP \r\n"; // send mail mail($to_add, $subject, $message, $headers); echo "Obrigado pela sugestão. Caso tenha providenciado um email, entraremos em contato em breve!"; }
$insert_prep->bindParam(':intercom', $intercom); $insert_prep->bindParam(':pager', $pager); //execute query $insert_prep->execute(); //close cursor to free resources for next query $insert_prep->closeCursor(); } } catch (PDOException $exception) { //show error messgae is an exception is thrown echo $exception->getMessage(); } } //Update if (isset($_POST['saveUpdate'])) { try { $email = spamcheck($_POST['up_email']); //run email through spam check function defined above if ($email == TRUE) { //if the email passes function //post data from the web form and save in variables $fname = $_POST['up_fname']; // $lname = $_POST['up_lname']; $dept = $_POST['up_department']; $job_role = $_POST['up_job_role']; //these form inputs are not required form fields and thus must be validated $ophone = $_POST['up_ophone']; if ($ophone == '502-___-____') { $ophone = NULL; } $mphone = $_POST['up_mphone'];
<input type="password" name="pass2" /><br> <input type="hidden" name="hash" value="<?php echo $_SESSION['formhash']; ?> " /> <input type="submit" name="submit" value="Register" /> <p><br> </form> <?php //variables retrieved from a session and form, to check if your using a verified form $formhash = $_POST['hash']; $randomstring = $_SESSION['randomstring']; // if your form is verified by this script, you are able to continue if (password_verify($randomstring, $formhash)) { //checks if nick name is set and email is real/not used for spamming if (isset($_POST['nick']) && spamcheck($_POST['email']) == TRUE) { //checks if you didnt make a mistake in your password if ($_POST['pass'] == $_POST['pass2']) { //encrypt password $pass = password_hash($_POST['pass'], PASSWORD_BCRYPT); //stops possible sql injection attacks $nick = $_POST['nick']; $email = $_POST['email']; //creates part of verification url $length = 10; //generates random string $verificationurl = generateRandomString($length); //executes query from sqlfunctions class $query = $sqldata->reg_sql($nick, $pass, $email, $verificationurl); //checks if everything goes right if ($query['querychecker'] == false || $query['querychecker'] == NULL) {
function myMailFunction($mailto, $subject, $message, $headers, $defaultMessageClose, $adminEmail, $notice) { $message = $message . "\n\n" . $defaultMessageClose; // Check for suspected spam content if (!spamcheck(array($mailto, $subject, $headers))) { die('no spam please'); } if (@mail($mailto, $subject, $message, $headers)) { echo '<p style="align:center">Your message was successfully sent to ' . $mailto . '</p>'; if ($notice == 1) { $message = "From email " . $headers . "\n\n" . "To email " . "\n\n" . $mailto . "\n\n" . $message; @mail($adminEmail, "Referal notice", $message); } } else { // This echo's the error message if the email did not send. // You could change the text in between the <p> tags. echo '<p>Mail could not be sent to ' . $mailto . ' Please use your back button to try them again.</p>'; } }
} else { if (isset($_SESSION['captcha']) && $_SESSION['captcha'] == $_POST['captcha'] && spamcheck($_POST['from']) && strlen($_POST['subject']) != 0 && strlen($_POST['message']) != 0) { $from = $_POST["from"]; // sender $subject = $_POST["subject"]; $message = $_POST["message"]; mail('*****@*****.**', $subject, $message, "From: {$from}\n"); echo 'Επιτυχής Αποστολή'; } else { $captcha = $_POST['captcha']; if ($_SESSION['captcha'] != $captcha && strlen($captcha) != 0) { $wrongCaptcha = true; } else { $wrongCaptcha = false; } if (!spamcheck($_POST['from'])) { $wrongFrom = true; } else { $wrongFrom = false; } ?> <h2>Αποστολή email</h2> <form method="post"> <label class="newsletterLabel">Από:</label> <input id="from" class="textBox" type="text" name="from" value="<?php echo $_POST['from']; ?> "><label style="color:red;width:200px;" class="newsletterLabel"><?php if ($wrongFrom) { echo 'Η διεύθυνση δεν είναι έγκυρη'; }
/*============== Sanitizing Email Input for Spam Attack/Interception ===============*/ function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field = filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if (filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } // check if the email address is invalid $mailcheck = spamcheck($email); if ($mailcheck == FALSE) { echo "<font id='error'>That is not a valid email address!</font>"; } else { if ($msg == "") { // If name isn't blank die("Something went wrong!"); } else { // Check if the msg has been sent already $check = mysql_query("SELECT * FROM feedback WHERE msg='{$msg}'") or die(mysql_error()); $count = mysql_num_rows($check); if ($count > 0) { echo "<font id='error'>You've already sent this feedback!</font>"; } else { // Create Listing $new_feedback = mysql_query("INSERT INTO feedback (msg, email, datestamp) VALUES ('{$msg}','{$email}',now())") or die(mysql_error());
</dt> <dd class="o-FormField__Input"> <input id="recipient-email-label" required="" type="email" name="to" placeholder="ex: yoursectionfriend@example.com"> </dd> <dt class="o-FormField__Label"></dt> <dd class="o-FormField__Input"> <input type="submit" name="submit" class="button small secondary"> </dd> </dl> </form><?php } else { // the user has submitted the form // Check if the "from" input field is filled out if (isset($_POST['from'])) { // Check if "from" email address is valid $mailcheck = spamcheck($_POST['from']); if ($mailcheck == FALSE) { echo 'Invalid input'; } else { $fName = strip_tags($_POST['first']); $lName = strip_tags($_POST['last']); $from = strip_tags($_POST['from']); // sender $to = strip_tags($_POST['to']); // reicipient $subject = 'Remember to renew your ASCE membership'; $message = '<html><body>'; $message .= '<p>Hi,</p><p>' . $fName . ' ' . $lName . ' reminded you to renew your ASCE membership.<br>The Section with the highest percentage of renewed members by December 11, 2015 will win a cash prize of $1,000!</p> <p>Go to <a href="http://www.asce.org/finishline/">www.asce.org/finishline</a> today.</p>'; $message .= '</body></html>'; // message lines should not exceed 70 characters (PHP rule), so wrap it $message = wordwrap($message, 70);
{ //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field = filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if (filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_POST['email'])) { //if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); $subtime = substr($_POST["time"], 0, 2); $subdate = substr($_POST["date"], 8, 2); $weekday = date('l', strtotime($_POST["date"])); if ($mailcheck == FALSE) { echo "<span class='annotation'>Invalid email address!</span>"; printform(); } elseif ($_POST["email"] == "*****@*****.**" || $_POST["tel"] == "07884268497") { echo "<span class='annotation'>Sorry,You have been previously reported and therefore blocked for spam by the Webmaster !</span>"; printform(); } elseif (trim($_POST["name"]) == "") { echo "<span class='annotation'>You need to provide your name for the reservation!</span>"; printform(); } elseif (trim($_POST["tel"]) == "" || $_POST["tel"] == " " || preg_match('/^00359/', $_POST["tel"]) || preg_match('/^\\+359/', $_POST["tel"]) || !preg_match('/^07[0-9]{9}$/', $_POST["tel"])) { echo "<span class='annotation'>Invalid Mobile number! Only valid UK MOBILE NUMBERS are allowed!</span>"; printform();
$senderEmail = $_POST['senderEmail']; $senderMessage = $_POST['senderMessage']; $subject = 'Message from NECTA\'s website by ' . $senderName; $headers = "From: {$senderEmail}\n"; $to = '*****@*****.**'; //To where an email is sent $api_url = "https://www.google.com/recaptcha/api/siteverify"; // reCAPTCHA API address $secret = "6LfUsPoSAAAAAIYXCy02E_wC48Nv5LKUBE6-Owoo"; //Secret key for accessing Google's reCAPTCHA service $response_string = $_POST['g-recaptcha-response']; // User response on reCAPTCHA $user_ip = $_SERVER['REMOTE_ADDR']; // Usr IP address $results = array(); $mailcheck = spamcheck($senderEmail); // Check if "from" email address is valid if ($mailcheck == FALSE) { info('error', 'Invalid email address.'); header('Location: contacts'); } else { //Verify if user is not a robot $jsonresponse = ""; $response = is_bot($api_url, $secret, $response_string, $user_ip); foreach ($response as $value) { $jsonresponse .= $value; } $response = json_decode($jsonresponse, true); if ($response['success']) { // message lines should not exceed 70 characters (PHP rule), so wrap it $message = wordwrap($senderMessage, 70);