*/ // ==== Configuration start ==== // Accepted referers // Some users/browsers do not send the referer-field, so you might want to comment // the next line out. $arrReferers = array('www.yourdomain.com', 'yourdomain.com'); // ID's with accepted mailaddresses, starts with 1, next is 2 etc // This number is what you specifiy as recipient in your form. // Several addresses can be specified, separated by comma // All entries except the last one, must have its line ended by a comma. $arrToMails = array( 1 => 'you@yourdomain.com', 2 => 'me@yourdomain.com', 3 => 'one@yourdomain.com,two@yourdomain' ); // ==== Configuration stop ==== // ==== Functions - Do not edit ==== // Function to verify referer function correctReferer($strRefererUrl) { global $arrReferers; $arrUrlComponents = parse_url($strRefererUrl); if (in_array($arrUrlComponents['host'], $arrReferers)) { return TRUE; } else { return FALSE; } } // Validates an email-address // Source: http://iamcal.com/publish/articles/php/parsing_email function validateEmail($strEmail) { $qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]'; $dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]'; $atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'. '\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+'; $quoted_pair = '\\x5c[\\x00-\\x7f]'; $domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d"; $quoted_string = "\\x22($qtext|$quoted_pair)*\\x22"; $domain_ref = $atom; $sub_domain = "($domain_ref|$domain_literal)"; $word = "($atom|$quoted_string)"; $domain = "$sub_domain(\\x2e$sub_domain)*"; $local_part = "$word(\\x2e$word)*"; $addr_spec = "$local_part\\x40$domain"; if (preg_match("!^$addr_spec$!", $strEmail)) { return TRUE; } else { return FALSE; } } // =================================================================================== // As long as the following string is empty, everything is ok. $strErrorMessages = ''; // Validates and sets various special-meaning variables from the form.. // The recipient must be set, be a numerical value, and exist in the array $arrToMails if (isset($_POST['recipient']) && is_numeric($_POST['recipient']) && array_key_exists($_POST['recipient'], $arrToMails)) { // Save the int-value of recipient $intRecipient = intval($_POST['recipient']); } else { // Invalid recipient $strErrorMessages .= 'Error: Invalid recipient
'; } // Validate the sender-email if (isset($_POST['sender']) && validateEmail($_POST['sender']) == TRUE) { $strSender = $_POST['sender']; } else { // Invalid sender $strErrorMessages .= 'Error: Invalid sender
'; } // Validate the referer, if there's any hosts in the array $arrReferers if (isset($arrReferers) && count($arrReferers) >= 1) { if (correctReferer($_SERVER['HTTP_REFERER']) == FALSE) { // Referer-check failed $strErrorMessages .= 'Error: Permission denied
'; } } // Save subject and redirect for later use, as we'll soon remove them from the $_POST-array $strSubject = $_POST['subject']; $strRedirectPage = $_POST['redirect']; // ..and then delete them (along with the useless 'submit'-field) from the array of // posted elements, to avoid them being part of the mailbody. unset($_POST['recipient']); unset($_POST['sender']); unset($_POST['subject']); unset($_POST['redirect']); unset($_POST['submit']); // Check to see if given recipientID is an integer if ($strErrorMessages == '') { // No errors occured during our validation, send the mail // This variable will contain all the fields in the form. $strMailBody = ''; // Make sure the pointer is on the first key/element reset($_POST); // Build the body of the mail from the remaining entries in $_POST while (list($field, $value) = each ($_POST)) { $strMailBody .= "$field: $value\n"; } // Do the actual mailsending mail($arrToMails[$intRecipient], $strSubject, $strMailBody, 'From: ' . $strSender . "\nReturn-Path: <" . $strSender . '>'); // Sends user to the redirect-page header("Location: " . $strRedirectPage); } else { echo $strErrorMessages; } ?>