What else sticks out? How exactly would something like this be used to create files of all things? Send spam, I get..
Code: Select all
<?php
require_once('../config.php'); //just defines a couple of things.. not really used in this file.
$_title = 'Contact';
$_content = '<table><tr><td>';
$_msg = '<img src="../images/c_line.png" alt="Something to say? Questions? Drop me a line." />';
$_msg2 = '<img src="../images/c_sent.png" alt="Email sent. Expect reply within 2-4 business days." />';
$_name = 'my name';
$_email = 'myemail@mydomain.com';
$_subject = 'Subject Prefix';
function printform($e='') {
global $_msg,$_content;
$_content .= "<div style='padding: 40px 20px 20px 60px;'><p>{$_msg}</p><form method='post'><table id='contact'>";
if ($e) $_content .= "<tr><td colspan='2' style='padding-bottom: 14px;'><b style='color: #500;'>Error:</b> {$e}</td></tr>";
$_content .= "<tr><td><img src='../images/c_name.png' alt='Name:' /></td><td><input type='text' name='name' size='20' ".(isset($_POST['name'])?"value='".htmlentities($_POST['name'])."' ":'')." /></td></tr>
<tr><td><img src='../images/c_email.png' alt='Email:' /></td><td><input type='text' name='email' size='30' ".(isset($_POST['email'])?"value='".htmlentities($_POST['email'])."' ":'')." /></td></tr>
<tr><td><img src='../images/c_subject.png' alt='Subject:' /></td><td><input type='text' name='subject' size='40' ".(isset($_POST['subject'])?"value='".htmlentities($_POST['subject'])."' ":'')." /></td></tr>
<tr><td style='padding-right: 10px;'><img src='../images/c_message.png' alt='Message:' /></td><td><textarea cols='50' rows='8' name='message'>".(isset($_POST['message'])?htmlentities($_POST['message']):'')."</textarea></td></tr>
<tr><td></td><td><input type='submit' name='contactme' value='Send' /></td></tr>
</table></form></div>";
}
if (isset($_POST['contactme'])) {
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['subject']) || empty($_POST['message'])) {
printform("All fields must be filled.");
}
elseif (!preg_match('/^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$/',$_POST['email'])) {
printform('Email does not appear to be valid.');
}
else {
$injection = '/(subject:)|(to:)|(bcc:)|(cc:)|(content\s*-\s*disposition)|(content\s*-\s*transfer\s*-\s*encoding)|(mime\s*-\s*version)|(multipart\s*\/\s*mixed)|(multipart\s*\/\s*alternative)|(multipart\s*\/\s*related)|(reply\s*-\s*to)|(x\s*-\s*mailer)|(x\s*-\s*sender)|(x\s*-\s*uidl)|(content\s*-\s*type)/is';
if (preg_match($injection,$_POST['name']) || preg_match($injection,$_POST['email']) || preg_match($injection,$_POST['subject']) || preg_match($injection,$_POST['message'])) {
printform('Header injection detected.');
}
else {
$to = '"'.$_name.'" <'.$_email.'>';
$from = "\"{$_POST['name']}\" <{$_POST['email']}>";
$headers = "From: {$from}\r\nReply-To: {$from}";
if (mail($to, $_subject.' :: '.$_POST['subject'], $_POST['message'], $headers)) {
echo "<div style='padding: 40px 20px 20px 80px;'>'.$_msg2.'</div>";
}
else {
printform("Server error. Please try again.");
}
}
}
}
else printform();
require_once('../main.php'); //does little more than echo $_content
?>