PDA

View Full Version : Tekstvakjes blokkeren bij mailscript PHP


redder_in_nood
31 March 2005, 21:28
Ik heb op een site een mailfunctie gezet, en daarbij kan je de ontvanger invullen, en van wie het komt.
Daarvoor heb ik 2 bestandjes:

mail.htm en mailer.php

mail. htm ziet er zo uit:
<HTML>
<HEAD>
<TITLE></TITLE>
<BODY>
<FORM action=mailer.php method=post enctype="multipart/form-data"><INPUT type=hidden value=http://www.wyger.nl/usr/Florian/12345qwerty.htm name=redirect>
<TABLE id=AutoNumber1 style="BORDER-COLLAPSE: collapse" borderColor=#111111
height=175 cellSpacing=0 cellPadding=0 width="863" border=0>
<TBODY>
<TR>
<TD width="86" height=22></TD>
<TD width="777" height=22>
</TD></TR>
<TR>
<TD width="86" height=22>Ontvanger:</TD>
<TD width="777" height=22>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<INPUT
name=ontvanger size="20"></P></TD></TR>
<TR>
<TD height=22>

E-mail adres:</p></TD>
<TD height=22>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<INPUT
name=email size="20">
</P></TD>
</TR>
<TR>
<TD width="86" height=22>

BCC:</p> </TD>
<TD width="777" height=22>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<INPUT
name=bccmail id="bccmail" size="20"></P></TD></TR>
<TR>
<TD height=22 width="86">
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">Onderwerp:</P></TD>
<TD height=22 width="777">
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<INPUT
name=subject size="20"></P></TD>
</TR>

<TR>
<TD height=22 width="86">
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">Bijlage 1:</P></TD>
<TD height=22 width="777">
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<input type="file" name="bestand1" size="20"></P></TD>
</TR>
<TR>
<TD width="86" height=22>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">Bijlage 2:</P></TD>
<TD width="777" height=22>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<input type="file" name="bestand2" size="20"></P></TD></TR>
<TR>
<TD width="86" height=21>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">Tekst:</P></TD>
<TD width="777" height=21>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">
<TEXTAREA name=text rows=9 cols=91></TEXTAREA></P></TD></TR></TBODY></TABLE>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px"><INPUT type=submit value=Verzend name=submit>

</P></FORM>
</BODY></HTML>




*******************mailer.php zo: **********************

<?

$recipient = "$ontvanger";

// bcc emails (separate multiples with commas (,))
$bcc = "";

$referers = array ($_SERVER["HTTP_HOST"]);

$banlist = array ('');

define("SEPARATOR", ($separator)?$separator:": ");

define("NEWLINE", ($newline)?$newline:"\n");

define("VERSION", "5.0");


function print_error($reason,$type = 0) {
build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet);
if ($type == "missing") {
if ($missing_field_redirect) {
header("Location: $missing_field_redirect?error=$reason");
exit;
} else {
?>
Het formulier is niet verzonden om de volgende redenen:


<ul><?
echo $reason."\n";
?>[/list]
Gebruik de terug-knop in je browser om terug te gaan.<?
}
} else { // every other error
?>
Het formulier is niet verzonden om de volgende redenen:


<?
}
echo "

\n";
exit;
}


function check_banlist($banlist, $email) {
if (count($banlist)) {
$allow = true;
foreach($banlist as $banned) {
$temp = explode("@", $banned);
if ($temp[0] == "*") {
$temp2 = explode("@", $email);
if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1])))
$allow = false;
} else {
if (trim(strtolower($email)) == trim(strtolower($banned)))
$allow = false;
}
}
}
if (!$allow) {
print_error("Je gebruikt een geblokkeerd e-mail adres... Probeer een andere.");
}
}

function check_referer($referers) {
if (count($referers)) {
$found = false;

$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];

if ($referer=="") {$referer = $_SERVER['HTTP_REFERER'];
list($remove,$stuff)=split('//',$referer,2);
list($home,$stuff)=split('/',$stuff,2);
$referer = $home;
}

for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if ($referer =="")
$found = false;
if (!$found){
print_error("Je komt van een verkeerde site.");
error_log("[FormMail.php] Illegale kopie. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true;
}
}
if ($referers)
check_referer($referers);

if ($banlist)
check_banlist($banlist, $email);

function parse_form($array, $sort = "") {
// build reserved keyword array
$reserved_keys[] = "MAX_FILE_SIZE";
$reserved_keys[] = "required";
$reserved_keys[] = "redirect";
$reserved_keys[] = "require";
$reserved_keys[] = "path_to_file";
$reserved_keys[] = "recipient";
$reserved_keys[] = "subject";
$reserved_keys[] = "sort";
$reserved_keys[] = "style_sheet";
$reserved_keys[] = "bgcolor";
$reserved_keys[] = "text_color";
$reserved_keys[] = "link_color";
$reserved_keys[] = "vlink_color";
$reserved_keys[] = "alink_color";
$reserved_keys[] = "title";
$reserved_keys[] = "missing_fields_redirect";
$reserved_keys[] = "env_report";
$reserved_keys[] = "submit";
if (count($array)) {
if (is_array($sort)) {
foreach ($sort as $field) {
$reserved_violation = 0;
for ($ri=0; $ri<count($reserved_keys); $ri++)
if ($array[$field] == $reserved_keys[$ri]) $reserved_violation = 1;

if ($reserved_violation != 1) {
if (is_array($array[$field])) {
for ($z=0;$z<count($array[$field]);$z++)
$content .= $field.SEPARATOR.$array[$field][$z].NEWLINE;
} else
$content .= $field.SEPARATOR.$array[$field].NEWLINE;
}
}
}
while (list($key, $val) = each($array)) {
$reserved_violation = 0;
for ($ri=0; $ri<count($reserved_keys); $ri++)
if ($key == $reserved_keys[$ri]) $reserved_violation = 1;

for ($ri=0; $ri<count($sort); $ri++)
if ($key == $sort[$ri]) $reserved_violation = 1;

// prepare content
if ($reserved_violation != 1) {
if (is_array($val)) {
for ($z=0;$z<count($val);$z++)
$content .= $key.SEPARATOR.$val[$z].NEWLINE;
} else
$content .= $key.SEPARATOR.$val.NEWLINE;
}
}
}
return $content;
}

function mail_it($content, $subject, $email, $recipient) {
global $bcc;

$headers .= "From:" . $email . "\n";
if ($bcc) $headers .= "Bcc: ".$bcc."\n";
$headers .= "X-Mailer: PHP\n"; // mailer
$headers .= "Return-Path:" . $email . "\n";

mail($recipient, $subject, $content, $headers);
}

function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet) {
if ($style_sheet)
echo "<LINK rel=STYLESHEET href=\"$style_sheet\" Type=\"text/css\">\n";
if ($title)
echo "<title>$title</title>\n";
if (!$bgcolor)
$bgcolor = "#FFFFFF";
if (!$text_color)
$text_color = "#000000";
if (!$link_color)
$link_color = "#0000FF";
if (!$vlink_color)
$vlink_color = "#FF0000";
if (!$alink_color)
$alink_color = "#000088";
if ($background)
$background = "background=\"$background\"";
echo "<body bgcolor=\"$bgcolor\" text=\"$text_color\" link=\"$link_color\" vlink=\"$vlink_color\" alink=\"$alink_color\" $background>\n\n";
}


$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
$recipient_to_test = trim($recipient_in[$i]);
if (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}$", $recipient_to_test)) {
print_error("FOUT E-MAIL ADRES!($recipient_to_test)");
}
}


if ($required)
$require = $required;
if ($require) {
$require = ereg_replace( " +", "", $require);
$required = split(",",$require);
for ($i=0;$i<count($required);$i++) {
$string = trim($required[$i]);
if((!(${$string})) || (!(${$string}))) {
if ($missing_fields_redirect) {
header ("Locatie: $missing_fields_redirect");
exit;
}
$require;
$missing_field_list .= "Ik mis: $required[$i]
\n";
}
}
if ($missing_field_list)
print_error($missing_field_list,"missing");
}

if (($email) || ($EMAIL)) {
$email = trim($email);
if ($EMAIL) $email = trim($EMAIL);
if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$", $email))
print_error("Je email address is ongeldig");
$EMAIL = $email;
}

if (($ZIP_CODE) || ($zip_code)) {
$zip_code = trim($zip_code);
if ($ZIP_CODE) $zip_code = trim($ZIP_CODE);
if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code))))
print_error("Je postcode is ongeldig");
}

if (($PHONE_NO) || ($phone_no)) {
$phone_no = trim($phone_no);
if ($PHONE_NO) $phone_no = trim($PHONE_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no))
print_error("your phone number is invalid");
}

if (($FAX_NO) || ($fax_no)) {
$fax_no = trim($fax_no);
if ($FAX_NO) $fax_no = trim($FAX_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no))
print_error("your fax number is invalid");
}

if ($sort == "alphabetic") {
uksort($HTTP_POST_VARS, "strnatcasecmp");
} elseif ((ereg('^order:.*,.*', $sort)) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) {
$sort = $list;
}

$content = parse_form($HTTP_POST_VARS, $sort);

if ($attachment_name) {
if ($attachment_size > 0) {
if (!$attachment_type) $attachment_type = "application/unknown";
$content .= "Attached File: ".$bestand1."\n";
$fp = fopen($attachment, "r");
$attachment_chunk = fread($fp, filesize($attachment));
$attachment_chunk = base64_encode($attachment_chunk);
$attachment_chunk = chunk_split($attachment_chunk);
}
}

if ($file_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
if (file_exists($path_to_file.$file_name))
$location = $path_to_file.rand(1000,3000).".".$bestand1;
copy($file,$location);
unlink($file);
$content .= "Uploaded File: ".$location."\n";
}
}

if ($file2_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file2_name;
if (file_exists($path_to_file.$file2_name))
$location = $path_to_file.rand(1000,3000).".".$bestand2;
copy($file2,$location);
unlink($file2);
$content .= "Uploaded File: ".$location."\n";
}
}

if ($env_report) {
$env_report = ereg_replace( " +", "", $env_report);
$env_reports = split(",",$env_report);
$content .= "\n------ eviromental variables ------\n";
for ($i=0;$i<count($env_reports);$i++) {
$string = trim($env_reports[$i]);
if ($env_reports[$i] == "REMOTE_HOST")
$content .= "REMOTE HOST: ".$REMOTE_HOST."\n";
if ($env_reports[$i] == "REMOTE_USER")
$content .= "REMOTE USER: ". $REMOTE_USER."\n";
if ($env_reports[$i] == "REMOTE_ADDR")
$content .= "REMOTE ADDR: ". $REMOTE_ADDR."\n";
if ($env_reports[$i] == "HTTP_USER_AGENT")
$content .= "BROWSER: ". $HTTP_USER_AGENT."\n";
}
}

mail_it(stripslashes($content), ($subject)?stripslashes($subject):"HACKED", $email, $recipient);

// if the redirect option is set: redirect them
if ($redirect) {
header("Location: $redirect");
exit;
} else {
echo "Thank you for your submission\n";
echo "

\n";
exit;
}
?>


Als ik een mailtje ermee verstuur ziet dat er zo uit:

ontvanger: email@gmail.com
email: afzender@gmail.com
bccmail: email@hotmail.com
text: blablabla

nou zou ik willen dat je in het bericht alleen de tekst ziet, dus niet het gedeelte:
ontvanger: email@gmail.com
email: afzender@gmail.com
bccmail: email@hotmail.com

Kan dat? en zoja hoe???

Arjan
1 April 2005, 06:13
Misschien door onderstaande er uit te slopen?

function mail_it($content, $subject, $email, $recipient) {
global $bcc;

$headers .= "From:" . $email . "\n";
if ($bcc) $headers .= "Bcc: ".$bcc."\n";
$headers .= "X-Mailer: PHP\n"; // mailer
$headers .= "Return-Path:" . $email . "\n";

mail($recipient, $subject, $content, $headers);

Maar ik heb er absoluut geen ervaring mee en rommel meestal tot iets werkt zoals ik het wil!

redder_in_nood
1 April 2005, 07:17
Ik zal het proberen.
Dankjewel!