Page 1 of 1

Bellmailer

Posted: Mon Apr 02, 2007 7:23 pm
by racerxfactor
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi, where do I begin? I'm working with a form script called Bellmailer; maybe some of you have heard of it and have worked with it.. 

http://www.bellonline.co.uk/web-service ... er-script/

I'm trying to add one field to it for people to put their phone numbers in it. I'm not extensive in PHP so I don't know exactly what I'm doing. 

http://racerxfactor.com/bell/demo.php

There's two files that have to be modified and here is the code. What am I putting wrong? 
Thanks in advanced.

config.php

Code: Select all

<?php
/* 
	BELLonline PHP MAILER SCRIPT v1.4
	Copyright 2006 Gavin Bell 
	http://www.bellonline.co.uk 
	gavin@bellonline.co.uk

	Set up an email form on your website within minutes.
	Very simple to install and use, and fully customisable.

	All you need to edit to get the script working is $sendto_email
	but there are other options so that you can further customise the script.
*/

// Edit the following with the email address that you want the form to send to

$sendto_email = "info@racerxfactor.com";


// The settings below should be fine but you can edit them anyway

// Disable email addresses from the same domain as your email from being sent? 
// This will often reduce spam but will not allow antone to send from anything@yourdomain. 
$checkdomain = "yes";
// Language variables
$lang_title = "Send an email";
$lang_notice = "Fill in the form to contact us by email. All fields are required";
$lang_name = "Your name";
$lang_youremail = "Your email";
$lang_yourphone = "Your Phone Number";
$lang_subject = "Subject";
$lang_message = "Message";
$lang_confirmation = "Enter validation code";
$lang_submit = "Send email";
// Error messages
$lang_error = "Your email has not been sent, the following errors were found:";
$lang_noname = "You did not enter your name";
$lang_noemail = "You did not enter your email address";
$lang_nophone = "You did not enter your Phone Number";
$lang_nosubject = "You did not enter a subject";
$lang_nomessage = "You did not enter a message";
$lang_nocode = "You did not the validation code";
$lang_wrongcode = "You entered the validation code incorrectly. Please note that it is case sensitive";
$lang_invalidemail = "The email address that you entered appears to be invalid";
// Success
$lang_sent = "Your email has been sent. The following message was submitted:";
// Width of form inputs. Must include unites, e.g px 
$input_width = "300px";
// How do you want the title aligned?
$title_align = "left"; // Can be left, center or right
// To format the title text. If you are not confident with css then probably best left as it is
$title_css = "font-weight: bold; font-size: 120%;";
// Colour of error message
$error_colour = "red"; // Must use HTML compatible colour
// You can choose whether to display Powered by BELLonline PHP mailer script at the bottom of the mail form
// I understand that some peopme might not want to show our link, but we would appreciate it if you could 
// Possible options are yes or no
$showlink = "yes";
// Thanks for using the PHP mailer script, I hope you find it useful!
?>
BELLmailer.php

Code: Select all

<?php
/* 
	BELLonline PHP MAILER SCRIPT v1.4
	Copyright 2006 Gavin Bell 
	http://www.bellonline.co.uk 
	gavin@bellonline.co.uk

	Set up an email form on your website within minutes - see readme.txt for installation.
*/

extract($_POST);

if (!file_exists("config.php")) 
	{
$host = $_SERVER[HTTP_HOST ];
$path = pathinfo($_SERVER['PHP_SELF']);
$file_path = $path['dirname'];
print "<h1>BELLonline PHP mailer script</h1>
	<h2>There is a problem with your PHP mailer script installation</h2>
	<p>The config.php file seems to be missing!</p>
	<p>For this script to work, you need to upload the config.php file that came with the download of the BELLonline <a href=\"http://www.bellonline.co.uk/web-services/free/scripts/php-mailer-script/\">PHP mailer script</a>.</p>
	<p>The file must be in the following directory of your website:</p>
	<p>$host<span style=\"font-weight: bold; font-size: 150%;\">$file_path/</span></p>
	<p>If you need help installing the script, then feel free to email me at <a href=\"&#x6d;&#x61;ilt&#x6f;:&#x67;&#x61;v&#x69;n@b&#x65;&#x6c;&#x6c;&#x6f;n&#x6c;ine.&#x63;o.&#x75;&#x6b;\">&#x67;&#x61;v&#x69;n@b&#x65;&#x6c;&#x6c;&#x6f;n&#x6c;ine.&#x63;o.&#x75;&#x6b;</a></p>";
exit;
	}
include "config.php";


if ($sendto_email == "changeme@example.com")
	{
print "<h1>BELLonline PHP mailer script</h1>
	<h2>Installation nearly complete!</h2>
	<p>Thank you for downloading the <a href=\"http://www.bellonline.co.uk/web-services/free/scripts/php-mailer-script/\" title=\"free PHP mailer script\">free PHP mailer script</a> from <a href=\"http://www.bellonline.co.uk\">BELLonline web services</a>. </p>
	<p>To start using the script, open config.php in a text editor and change the <b>$sendto_email</b> variable to your email address.</p>
	<p>If you did not get a config.php file with this script, then go to the <a href=\"http://www.bellonline.co.uk/web-services/free/scripts/php-mailer-script/\">PHP mailer script page</a> and download the full script.</p>
	<p>If you need help installing the script, then feel free to email me at <a href=\"&#x6d;&#x61;ilt&#x6f;:&#x67;&#x61;v&#x69;n@b&#x65;&#x6c;&#x6c;&#x6f;n&#x6c;ine.&#x63;o.&#x75;&#x6b;\">&#x67;&#x61;v&#x69;n@b&#x65;&#x6c;&#x6c;&#x6f;n&#x6c;ine.&#x63;o.&#x75;&#x6b;</a></p>";
exit;
	} 
if (empty ($senders_name)) 
	{
	$error = "1";
	$info_error .= $lang_noname . "<br>"; 
	}
if (empty ($senders_email)) 
	{
	$error = "1";
	$info_error .= $lang_noemail . "<br>";  
	}
if (empty ($senders_phone)) 
	{
	$error = "1";
	$info_error .= $lang_nophone . "<br>";  
	}
if (empty ($mail_subject)) 
	{
	$error = "1";
	$info_error .= $lang_nosubject . "<br>";  
	}
if (empty ($mail_message))  
	{
	$error = "1";
	$info_error .= $lang_nomessage . "<br>";  
	}
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $senders_email))
	{
	$error = "1";
	$info_error .= $lang_invalidemail . "<br>"; 
	}
if (ereg("^[0-9]{3}-[0-9]{3}-[0-9]{4}$", $senders_phone))
	{
	$error = "1";
	$info_error .= $lang_nophone . "<br>"; 
	}
if (empty ($security_code))  
	{
	$error = "1";
	$info_error .= $lang_nocode . "<br>";  
	}
elseif ($security_code != $randomness)  
	{
	$error = "1";
	$info_error .= $lang_wrongcode . "<br>";  
	}
if ($showlink != "no")
	{
	$link = "";
	}
if ($error == "1") 
	{
	$info_notice = "<span style=\"color: " . $error_colour . "; font-weight: bold;\">" . $lang_error . "</span><br>"; 
	
	if (empty ($submit)) 
		{
		$info_error = "";
		$info_notice = $lang_notice;
		}	

	function Random() 
		{
		$chars = "ABCDEFGHJKLMNPQRSTUVWZYZ23456789";
		srand((double)microtime()*1000000);
		$i = 0;
		$pass = '' ;
		while ($i <= 4) 
			{
			$num = rand() % 32;
			$tmp = substr($chars, $num, 1);
			$pass = $pass . $tmp;
			$i++; 
			} 
		return $pass; 
		}
	$random_code = Random();
	$mail_message = stripslashes($mail_message);

	print "<form name=\"BELLonline_email\" method=\"post\" style=\"margin: 0;\" action=\"\">
  <table  border=\"0\" cellspacing=\"2\" cellpadding=\"2\">
    <tr align=\"$title_align\" valign=\"top\">
      <td colspan=\"2\"><span style=\"$title_css\">$lang_title</span></td>
    </tr>
    <tr align=\"left\" valign=\"top\">
      <td colspan=\"2\">$info_notice$info_error</td>
    </tr>
    <tr valign=\"top\">
      <td align=\"right\">$lang_name</td>
      <td align=\"left\"><input name=\"senders_name\" type=\"text\" class=\"mailform_input\" id=\"senders_name\" style=\"width: $input_width;\" value=\"$senders_name\" maxlength=\"32\"></td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_youremail</td>
      <td align=\"left\"><input name=\"senders_email\" type=\"text\" class=\"mailform_input\" id=\"senders_email\" style=\"width: $input_width;\" value=\"$senders_email\" maxlength=\"64\"></td>
    </tr>
	    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_yourphone</td>
      <td align=\"left\"><input name=\"senders_phone\" type=\"text\" class=\"mailform_input\" id=\"senders_phone\" style=\"width: $input_width;\" value=\"$senders_phone\" maxlength=\"64\"></td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_subject</td>
      <td align=\"left\"><input name=\"mail_subject\" type=\"text\" class=\"mailform_input\" id=\"mail_subject\" style=\"width: $input_width;\" value=\"$mail_subject\" maxlength=\"64\"></td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_message</td>
      <td align=\"left\"><textarea name=\"mail_message\" cols=\"36\" rows=\"5\" style=\"width: $input_width;\" class=\"mailform_input\">$mail_message</textarea></td>
    </tr>
    <tr align=\"left\" valign=\"top\">
      <td width=\"100\">$lang_confirmation</td>
      <td><input name=\"security_code\" type=\"text\" id=\"security_code\" size=\"5\"> 
        &nbsp;&nbsp;&nbsp;&nbsp;<b>$random_code</b></td>
    </tr>
    <tr valign=\"top\">
      <td colspan=\"2\" align=\"right\"><input name=\"randomness\" type=\"hidden\" id=\"randomness\" value=\"$random_code\">
      <input name=\"submit\" type=\"submit\" id=\"submit\" value=\"$lang_submit\" class=\"mailform_button\"></td>
    </tr>
  </table>
</form>";
	}
else
	{
	
	
	
	if ($checkdomain == "yes") 
		{
		$sender_domain = substr($senders_email, (strpos($senders_email, '@')) +1);
		$recipient_domain = substr($sendto_email, (strpos($sendto_email, '@')) +1);
		if ($sender_domain == $recipient_domain)
			{
			print "Sorry, you cannot send messages from this domain ($sender_domain)";
			exit;
			}		
		}
		
		
	$info_notice = $lang_sent;
	$mail_message = stripslashes($mail_message);
	$senders_email = preg_replace("/[^a-zA-Z0-9s.@-]/", " ", $senders_email);
	$senders_phone = preg_replace("/[^0-9]+/", " ", $senders_phone);
	$senders_name = preg_replace("/[^a-zA-Z0-9s]/", " ", $senders_name);
	$headers = "From: $senders_name <$senders_email> \r\n";
	$headers .= "X-Mailer: BELLonline.co.uk PHP mailer \r\n";
	mail($sendto_email, $mail_subject, $senders_phone, $mail_message, $headers);
	print "<table  border=\"0\" cellspacing=\"2\" cellpadding=\"2\">
    <tr align=\"$title_align\" valign=\"top\">
      <td colspan=\"2\"><span style=\"$title_css\">$lang_title</span></td>
    </tr>
    <tr align=\"$title_align\" valign=\"top\">
      <td colspan=\"2\">$info_notice</td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_name</td>
      <td align=\"left\"><b>$senders_name</b></td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_youremail</td>
      <td align=\"left\"><b>$senders_email</b></td>
    </tr>
	    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_yourphone</td>
      <td align=\"left\"><b>$senders_phone</b></td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_subject</td>
      <td align=\"left\"><b>$mail_subject</b></td>
    </tr>
    <tr valign=\"top\">
      <td width=\"100\" align=\"right\">$lang_message</td>
      <td align=\"left\"><b>$mail_message</b></td>
    </tr>
  </table>";
	}
print $link;
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Apr 03, 2007 12:27 am
by Benjamin
If the message is just going to you or a client, it might just be easier for you to create your own small mailer. For instance you could create your own table with the fields in it, and then use something like the following to create the message...

Code: Select all

// predefine the $message variable..
$message = null;

// loop through all posted fields and append them to the message..
foreach ($_POST as $k => $v) $message .= "$k: $v\n";
Then it's just a matter of using the PHP mail function to send the message to a specified email address. You can research this function on the php.net web site.

Of course this will not validate anything, but I'd much rather help you with validation and security than modifying a script such as that one.

Posted: Tue Apr 03, 2007 1:34 am
by Chris Corbyn
I agree with ~astions. That mailer looks pretty horrific 8O

Posted: Tue Apr 03, 2007 2:20 am
by Kieran Huggins
I hear http://swiftmailer.org is good... some weirdo with a number in his name makes it I think...

Posted: Tue Apr 03, 2007 4:58 am
by Chris Corbyn
Kieran Huggins wrote:I hear http://swiftmailer.org is good... some weirdo with a number in his name makes it I think...
<accent="cornish">
Some say he can almost crush an ant with just one finger. Some say he reads poetry to his socks. Some say he...
</accent>

But seriously, I was referring pretty much to the legacy code in that mailer above. It's full of register_globals requirements and is a bit of a procedural mess if you're going to use it as part of an exisiting app. It's also wide open to header-injection attacks. Where on earth did you find it? ;)

Posted: Tue Apr 03, 2007 12:30 pm
by racerxfactor
unfortunately i'm doing this for a client which specifically asked for me to modify bellmailer. i'll see if he's up for changing to another form... that'll mean changing a whole lot of sites then..

Posted: Tue Apr 03, 2007 12:48 pm
by Luke
Well maybe you should explain that the script is insecure. If he wants to use a blatantly insecure script... :roll: