-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontact.php
95 lines (70 loc) · 2.72 KB
/
contact.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
define("TITLE", "Contact US" );
include('includes/header.php');
?>
<div id="contact">
<hr>
<h1>Get in touch with us!</h1>
<?php
//Check for header injections
function has_header_injection($str){
return preg_match("/[\r\n]/", $str);
}
if(isset($_POST["contact_submit"])){
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$msg = $_POST["message"];
if(has_header_injection($name) || has_header_injection($email)){
die();
}
if( !$name || !$email || !$msg ){
echo '<h4 class="error">All fields required.</h4><a href="contact.php" class="button block">
Go back and try again</a>';
exit;
}
//Add recipient to variable
$to = "[email protected]";
//Create a subject
$subject = "$name sent you a message via your contact form";
//Construct the message
$message = "Name: $name\r\n";
$message .= "Email: $email\r\n";
$message .= "Message:\r\n$msg";
// If subsrcibe chkbox was checked
if(isset($_POST['subscribe']) && $_POST['subscribe'] == 'Subscribe'){
$message .= "\r\n\r\nPlease add $email to the mailing list.\r\n";
}
$message = wordwrap($message, 72);
//Set mail headers into the variable
// Set the mail headers into a variable
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: " . $name . " <" . $email . ">\r\n";
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: High\r\n\r\n";
// Send the email!
mail($to, $subject, $message, $headers);
?>
<!-- Show success message after email has sent -->
<h5>Thanks for contacting Franklin's!</h5>
<p>Please allow 24 hours for a response.</p>
<p><a href="index.php" class="button block">« Go to Home Page</a></p>
<?php } else { ?>
<form method="POST" action="contact.php" id="contact-form">
<label for="name">Your name</label>
<input type="text" id="name" name="name">
<label for="email">Your email</label>
<input type="email" id="email" name="email">
<label for="message">and your message</label>
<textarea id="message" name="message"></textarea>
<input type="checkbox" id="subscribe" value="Subscribe" name="subscribe"> <label for="subscribe">Subscribe to newsletter</label>
<input type="submit" class="button next" name="contact_submit" value="Send Message">
</form>
<?php
}
?>
<hr>
</div> <!--contact-->
<?php
include('includes/footer.php');
?>