<?php
$valid_ref = "";
$send_name = "";
$send_email = "";
$subject = "";
//clean input in case of header injection attempts!
function clean_it($value, $check_all_patterns = true) {
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns) {
$patterns[4] = '/\r/';
$patterns[5] = '/\n/';
$patterns[6] = '/%0a/';
$patterns[7] = '/%0d/';
}
return preg_replace($patterns, "", $value);
}
$first_name = clean_it($_POST['first_name']);
$last_name = clean_it($_POST['last_name']);
$address = clean_it($_POST['address']);
$city = clean_it($_POST['city']);
$state = clean_it($_POST['state']);
$zip = clean_it($_POST['zip']);
$email = clean_it($_POST["email"]);
$extra = clean_it($_POST["extra"]);
$error_msg = 'Note: Message not sent. Please try again.';
$success_sent_msg = '<p align="center"><strong> </strong></p>
<p align="center"><strong>Your message has been successfully sent. <a href="info.html">Continue ⇥</a></p>';
// email variable not set - load $valid_ref page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"><!--\n ";
echo "top.location.href = \"$valid_ref\"; \n// --></script>";
exit;
}
$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"><!--\n alert(\"$error_msg\");\n";
echo "top.location.href = \"$valid_ref\"; \n// --></script>";
exit;
}
$themessage = <<<EOT
<!-- insert form letter here -->
$extra
Sincerely yours,
$first_name $last_name
$address
$city, $state $zip
$email
EOT;
mail("$send_name <$send_email>",
"$subject",
"$themessage",
"From: $first_name $last_name <$email>\nReply-To: $first_name $last_name <$email>");
echo $success_sent_msg;
?>