| Linux hosting5.siteguarding.com 3.10.0-962.3.2.lve1.5.88.el7.x86_64 #1 SMP Fri Sep 26 14:06:42 UTC 2025 x86_64 Path : /home/devsafetybis/verd.dev.safetybis.com/securemailer/ |
| Current File : /home/devsafetybis/verd.dev.safetybis.com/securemailer/securemailer.php |
<?php
//----------------------------------------------+
// Secure Mailer :.: Version 1.08.7 |
// Last updated 17 August 2007 |
//----------------------------------------------+
// Copyright (C) 2007 Alec Baker |
//----------------------------------------------+
// Author: Alec Baker (alecbaker@gmail.com) |
// Author: Paul Dancey |
//----------------------------------------------+
// This source code file is subject to the End |
// User License Agreement (EULA) that should be |
// supplied with the script. If you do not have |
// this please visit our website. |
//----------------------------------------------+
// ADDITIONAL CONTRIBUTIONS |
// Marc Jannetta |
// |
// CREDITS |
// The File attachments routine based on an |
// article on sitepoint.com |
//----------------------------------------------+
//---------------------------------------------------------------------+
// Please see installation.txt in the documentation folder for a full |
// explanation of the required file structure for Secure Mailer. |
// |
// IF YOU USE THE RECOMENDED FILE STRUCTURE FOR SECURE MAILER, |
// THERE IS NOTHING TO SET BELOW THIS LINE |
//---------------------------------------------------------------------+
// Version Info
define("VERSION", "1.08.7");
// Clear variables
$session_name = "";
$My_script = "";
$action = "";
// Definition required for valid inclusion
define('IN_SECURE__MAILER', true);
// Include all required files
include_once("admin/config_dir.php");
//----------------------------------------------+
// Start Session |
//----------------------------------------------+
session_cache_limiter('private, must-revalidate');
session_set_cookie_params(0,'/','','');
session_name($session_name);
session_start();
//-------------------------------------------------+
// Check for Header Injections in $_GET variables |
//-------------------------------------------------+
foreach($_GET as $k => $v){
$v = strtolower($v);
foreach($CONF['header_injections'] as $v2){
$v2 = strtolower($v2);
if(strpos($v, $v2) !== false){
$PROCESSING_ERROR = "1";
$messages[] = "Header injection";
}
}
}
// Unset variables to free up memory
unset($k, $v, $v2);
//-------------------------------------------------+
// Check for Header Injections in Posted Variables |
//-------------------------------------------------+
foreach($_POST as $k => $v){
$v = strtolower(trim(strip_tags(stripslashes($v))));
foreach($CONF['header_injections'] as $v2){
$v2 = strtolower($v2);
if(strpos($v, $v2) !== false){
$PROCESSING_ERROR = "1";
$messages[] = "Header injection";
}
}
}
// Unset variables to free up memory
unset($k, $v, $v2);
//----------------------------------------------+
// Set some common variables |
//----------------------------------------------+
// Sanatize and set action variable
if(isset($_GET["action"])) {
$action = $_GET["action"];
}
elseif(isset($_POST["action"])) {
$action = $_POST["action"];
}
$action = trim(strip_tags(stripslashes($action)));
if(!(($action == "") || ($action == "dada")|| ($action == "view_email"))) {
die("Error: An error has occurred and the script has been halted!");
}
// Sanatize and set full script URL
$My_script = "http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
$My_script = trim(strip_tags(stripslashes($My_script)));
//----------------------------------------------+
// |
// Mailer and Dada data processing checks |
// |
//----------------------------------------------+
// Check data was sent through a browser
if(!isset($_SERVER['HTTP_USER_AGENT'])) {
$PROCESSING_ERROR = "1";
$messages[] = "Data must be posted via a browser";
}
// Check to see if the IP address is blocked in conf file
if(in_array($_SERVER['REMOTE_ADDR'], $CONF['banned_ips'])) {
$PROCESSING_ERROR = "1";
$messages[] = "Your IP address (".$realip.") is blocked";
}
//-------------------------------------------------------+
// |
// Dada Mail Integration - confirm subscription routine |
// |
//-------------------------------------------------------+
if(($CONF['integrate_with_DADA'] == "TRUE") && ($CONF['dada_list_type'] == "sub_confirm_list") && ($action == "dada")) {
// Display error messages if template or template folder does not exist
if(!file_exists($CONF['template_path']."/".$CONF['dada_message_tpl'])) {
if($debug == "TRUE") {
die('Error: Template directory or dada_message_tpl does not exist');
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// Check for Dada processing errors and exit
if($PROCESSING_ERROR) {
foreach($messages as $message) {
$DADA_MESSAGE .= "$message<br />";
}
$DADA_MESSAGE = "<h2 style=\"margin-top:0px\">Mailing List Subscription Processing Error</h2>".$DADA_MESSAGE;
include_once($CONF['template_path']."/".$CONF['dada_message_tpl']);
exit();
}
// clear variables
$dadadbname = "";
$dadatablename = "";
$link_id = "";
$pin_id = "";
$var1 = "";
$var2 = "";
$query = "";
$result = "";
$list_type = "";
// Set and sanatize variables
$pin_id = trim(strip_tags(stripslashes($_GET['pin_id'])));
// convert to simple pin
$pin_id = ($pin_id-17359)/3;
$var1 = trim(strip_tags(stripslashes($_GET['email'])));
$var2 = trim(strip_tags(stripslashes($_GET['list'])));
// Connect to Dada database
$link_id = mysql_connect($CONF['dadahost'], $CONF['dadausername'], $CONF['dadapassword']);
$dbname = mysql_select_db($CONF['dadadbname']);
if((!$link_id) || (!$dbname)) {
// Display error messages if can't connect to database
if($debug == "TRUE") {
die('Could not connect: ' . mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// set and sanatize variables
$dadatablename = $CONF['dadatablename'];
$pin_id = mysql_real_escape_string($pin_id);
$var1 = mysql_real_escape_string($var1);
$var2 = mysql_real_escape_string($var2);
// check if this subscriber is in the Dada database
$query = "SELECT email_id, email, list, list_type FROM $dadatablename WHERE email_id = '$pin_id' AND email = '$var1' AND list = '$var2'";
$result = mysql_query($query);
if(!$result) {
mysql_free_result($result);
if($debug == "TRUE") {
die(mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// check if link used is valid
if(mysql_num_rows($result) <= 0) {
mysql_free_result($result);
$DADA_MESSAGE = "<h2 style=\"margin-top:0px\">Subscription confirmation has failed</h2>That was not a valid subscription confirmation link.<br />The confirmation process for $var1 has therefore failed.";
include_once($CONF['template_path']."/".$CONF['dada_message_tpl']);
exit();
}
while($query_data = mysql_fetch_array($result)) {
$list_type = strip_tags(trim($query_data['list_type']));
$i++;
}
mysql_free_result($result);
// Check list_type
if($list_type == "list") {
$DADA_MESSAGE = "<h2 style=\"margin-top:0px\">Duplicate subscription confirmation</h2>You have already subscribed to our mailing list using $var1.<br />Further subscription requests are therefore unnecessary.";
include_once($CONF['template_path']."/".$CONF['dada_message_tpl']);
exit();
}
elseif($list_type == "sub_confirm_list") {
$query = "UPDATE $dadatablename SET list_type ='list' WHERE email_id = '$pin_id' AND email = '$var1' AND list = '$var2'";
$result = mysql_query($query);
if(!$result) {
if($debug == "TRUE") {
die(mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
else {
$DADA_MESSAGE = "<h2 style=\"margin-top:0px\">Subscription confirmation was successful</h2>You have successfully completed the double opt-in subscription process for $var1. Thank you for subscribing to our mailing list.";
include_once($CONF['template_path']."/".$CONF['dada_message_tpl']);
exit();
}
}
// Shouldn't really be needed
mysql_close($link_id);
// Unset variables to free memory |
unset($k, $v, $v2, $dadadbname, $dadatablename, $link_id, $pin_id, $var1, $var2, $list_type, $query, $result, $DADA_MESSAGE);
die;
}
//----------------------------------------------+
// |
// Mailer data processing checks |
// |
//----------------------------------------------+
// Check for a valid referer
if($CONF['ignore_query_string'] == "TRUE") {
$split_referer = explode("?", strtolower($_SERVER['HTTP_REFERER']));
$referer = $split_referer[0];
}
else {
$referer = strtolower($_SERVER['HTTP_REFERER']);
}
// Form a new lower case array from $CONF['valid_referers']
foreach($CONF['valid_referers'] as $valid_referer) {
$valid_referer = trim(strtolower($valid_referer));
$valid_referers[] = $valid_referer;
}
if(!in_array($referer, $valid_referers)) {
$PROCESSING_ERROR = "1";
$messages[] = "Unauthorized referer";
}
unset($valid_referers, $valid_referer);
// Check form data was POSTED
if($_SERVER['REQUEST_METHOD'] !== "POST") {
$PROCESSING_ERROR = "1";
$messages[] = "Form has not been posted";
}
// Check POSTED field is included in the $CONF['fields'] array
foreach($_POST as $key => $val) {
$key = trim(strip_tags(stripslashes($key)));
if((!in_array($key, $CONF['fields'])) && $key !== $CONF['image_code']) {
$PROCESSING_ERROR = "1";
$messages[] = "Field <span style=\"font-weight:bold\">$key</span> is not permitted.";
}
}
// Check for required fields
foreach($CONF['required_fields'] as $field) {
list($field_name, $name) = explode("|", $field);
if(trim(strip_tags(stripslashes($_POST["$field_name"]))) == "") {
$PROCESSING_ERROR = "1";
$messages[] = "Field <span style=\"font-weight:bold\">$name</span> must be filled in.";
}
}
// Check for valid email addresses
foreach($CONF['validate_email'] as $email) {
list($email_address, $name) = explode("|", $email);
// check syntax
if(!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$" , trim(strip_tags(stripslashes($_POST["$email_address"]))))) {
$PROCESSING_ERROR = "1";
$messages[] = "Field <span style=\"font-weight:bold\">$name</span> is an invalid e-mail address (Syntax).";
}
//check host part of email address has associated IP address or MX record
elseif($CONF['validate_email_host'] == "TRUE") {
list($username,$domaintld) = split("@",trim(strip_tags(stripslashes($_POST["$email_address"]))));
if((gethostbyname($domaintld) !== TRUE)&&(gethostbyname($domaintld) == $domaintld)) {
if(checkdnsrr($domaintld.'.','MX') !== TRUE) {
$PROCESSING_ERROR = "1";
$messages[] = "Field <span style=\"font-weight:bold\">$name</span> is an invalid e-mail address. (Host)";
}
}
}
}
// Check for field length
foreach($CONF['field_length'] as $field) {
list($field_name, $name, $min, $max) = explode("|", $field);
// Check min length
if(!empty($min) && strlen(trim(strip_tags(stripslashes($_POST["$field_name"])))) < $min) {
$PROCESSING_ERROR = "1";
$messages[] = "Field <span style=\"font-weight:bold\">$name</span> is too short. Must be at least $min characters.";
}
// Check max length
if(!empty($max) && strlen(trim(strip_tags(stripslashes($_POST["$field_name"])))) > $max) {
$PROCESSING_ERROR = "1";
$messages[] = "Field <span style=\"font-weight:bold\">$name</span> is too long. Must be a maximum of $max characters.";
}
}
//----------------------------------------------+
// |
// Image Verification |
// |
//----------------------------------------------+
if($CONF['image'] == "TRUE") {
if(($_SESSION['image_random_value'] != md5(trim(strip_tags(stripslashes($_POST[$CONF['image_code']]))))) || (trim(strip_tags(stripslashes($_POST[$CONF['image_code']]))) == "")) {
$PROCESSING_ERROR = "1";
$messages[] = "Verification code mismatch";
}
}
//----------------------------------------------+
// |
// File upload through form routine |
// |
//----------------------------------------------+
if($CONF['file_attach'] == "TRUE") {
// clear file variable
$fileatt = "";
// set upload variables
$fileatt = $_FILES["fileatt"];
$fileatt_name = $_FILES['fileatt']['name'];
$fileatt = $_FILES['fileatt']['tmp_name'];
$fileatt_type = $_FILES['fileatt']['type'];
$fileatt_error = $_FILES['fileatt']['error'];
if(is_uploaded_file($fileatt)) {
// switch off magic quotes
set_magic_quotes_runtime(0);
// Open file (set binary) supresss error messages if $debug == FALSE
if($debug == "TRUE") {
$file = fopen($fileatt,'rb');
}
if($debug == "FALSE") {
$file = @fopen($fileatt,'rb');
}
if($file===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
// Read file & supresss error messages if $debug == FALSE
if($debug == "TRUE") {
$data = fread($file,filesize($fileatt));
}
if($debug == "FALSE") {
$data = @fread($file,filesize($fileatt));
}
// check for errors reading file
if($data ===false) {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "The uploaded file is empty, or can not be read";
}
fclose($file);
// Check if uploaded file is too large
if($CONF['file_max_size'] !== "") {
if(filesize($fileatt) > $CONF['file_max_size']) {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "The uploaded file is too large";
}
}
// Check if uploaded file is a banned file types
if($CONF['file_types_banned'] !== "") {
if(in_array($fileatt_type, $CONF['file_types_banned'])) {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "That file type can not be uploaded";
}
}
// Check if uploaded file is an allowed file type
foreach($CONF['file_types_allowed'] as $filesallowed) {
$contents .= $filesallowed;
}
if($contents !== "") {
if(!in_array($fileatt_type, $CONF['file_types_allowed'])) {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "That file type can not be uploaded";
}
}
// Base64 encode the file data
$data = rtrim(chunk_split(base64_encode($data)));
// reset magic quotes
set_magic_quotes_runtime(get_magic_quotes_gpc());
}
//if not uploaded check error message in fileatt array
elseif($fileatt_name !== "") {
if($fileatt_error == "1") {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "Upload Error: The file size exceeds the limit set by the server";
}
elseif($fileatt_error == "2") {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "Upload Error: The file size exceeds the limit set by the form";
}
elseif($fileatt_error == "3") {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "Upload Error: The file was only partially uploaded";
}
elseif($fileatt_error == "4") {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "Upload Error: The file could not be uploaded";
}
else {
$PROCESSING_ERROR = "1";
$_SESSION['fileatt_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "Upload Error: The file could not be uploaded";
}
}
// Unset file variables
unset($fileatt, $file);
}
//----------------------------------------------+
// |
// User email file attachment routine |
// |
//----------------------------------------------+
if($CONF['user_file_attach'] == "TRUE") {
if(in_array("receive_att", $CONF['fields']) && (trim(strip_tags(stripslashes($_POST[receive_att]))) == "") && ($CONF['user_file_select'] == "FALSE")) {
$PROCESSING_ERROR = "1";
$_SESSION['receive_att_error']= "style=\"background-color:".$CONF['error_bgcolor']."\"";
$messages[] = "Form Error: \"".$CONF['user_file_select_text']."\" must be selected";
}
// clear file variable
$fileatt = "";
// set file variables
$fileatt = $CONF['user_file_path']."/".$CONF['user_file_name'];
$fileatt_type1 = $CONF['user_file_type'];
$fileatt_name1 = trim($CONF['user_file_name']);
if(file_exists($fileatt)) {
// switch off magic quotes
set_magic_quotes_runtime(0);
// Open file (set binary) supresss error messages if $debug == FALSE
if($debug == "TRUE") {
$file = fopen($fileatt,'rb');
}
if($debug == "FALSE") {
$file = @fopen($fileatt,'rb');
}
if($file===false) {
// die to stop possible runaway process
die("Error: An error has occurred and the script has been halted!");
}
// Read file & supresss error messages if $debug == FALSE
if($debug == "TRUE") {
$data1 = fread($file,filesize($fileatt));
}
if($debug == "FALSE") {
$data1 = @fread($file,filesize($fileatt));
}
// check for errors reading file
if($data1 ===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
fclose($file);
// Base64 encode the file data
$data1 = rtrim(chunk_split(base64_encode($data1)));
// reset magic quotes
set_magic_quotes_runtime(get_magic_quotes_gpc());
}
else {
if($debug == "TRUE") {
// die to stop possible runaway process
die('Error: File for attachment does not exist!');
}
if($debug == "FALSE") {
$CONF['user_file_attach'] = "FALSE";
}
}
// Unset file variables
unset($fileatt, $file);
}
//-------------------------------------------------------------------+
// |
// If mailer processing errors have been set, display them and exit |
// |
//-------------------------------------------------------------------+
if($PROCESSING_ERROR) {
foreach($messages as $message) {
$HTML_ERRORS .= "$message<br />";
}
include_once($CONF['template_path']."/".$CONF['error_tpl']);
exit();
}
//----------------------------------------------+
// |
// Log to mysql database |
// |
//----------------------------------------------+
if($CONF['log_to_db'] == "TRUE") {
// Clear variables
$dbname = "";
$tablename = "";
$link_id = "";
$value1 = "";
$value2 = "";
$query = "";
$result = "";
// Connect to database
$link_id = mysql_connect($CONF['dbhost'], $CONF['dbusername'], $CONF['dbuserpassword']);
$dbname = mysql_select_db($CONF['dbname']);
if((!$link_id) || (!$dbname)) {
// Can't connect to database error messages
if($debug == "TRUE") {
die('Could not connect: ' . mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// Put all form field names into a bracketed comma separated array
foreach($CONF['fields'] as $var ) {
$value1 .= ", " . $var ;
}
// add mailer_id (auto incremented in database) and submitted (date submitted)
$value1 = "(mailer_id" . $value1 . ", submitted)";
// if set, remove MAX_FILE_SIZE from field names array
$value1 = str_replace(", MAX_FILE_SIZE","",$value1);
// if set, remove fileatt from field names array
$value1 = str_replace(", fileatt","",$value1);
// if set, remove receive_att from field names array
$value1 = str_replace(", receive_att","",$value1);
// if set, remove dada_mail from field names array
$value1 = str_replace(", dada_mail","",$value1);
// set test variables
$test1 = $CONF['image_code'];
// if set, remove image code from field names array
$value1 = str_replace(", $test1","",$value1);
// sanatize and single quote all POSTED form variables
// and put into a bracketed comma separated array
foreach($_POST as $key => $val) {
$value2 .= ", '".mysql_real_escape_string(trim(strip_tags(stripslashes($val)))) . "'";
}
// set submission id value to NULL and set submission date as current date
$value2 = "(NULL" . $value2 . ", CURDATE())";
// Remove POST value for image verification code if present
if($CONF['image']== "TRUE") {
$value2 = str_replace(", '".trim($_POST[$CONF['image_code']])."'","",$value2);
}
// Remove POST value for MAX_FILE_SIZE if present
if(isset($_POST['MAX_FILE_SIZE'])) {
$value2 = str_replace(", '".trim(strip_tags(stripslashes($_POST['MAX_FILE_SIZE'])))."'","",$value2);
}
// Remove POST value for receive_att if present
if(isset($_POST['receive_att'])) {
$value2 = str_replace(", '".trim($_POST['receive_att'])."'","",$value2);
}
// Remove POST value for dada_mail if present
if(isset($_POST['dada_mail'])) {
$value2 = str_replace(", '".trim($_POST['dada_mail'])."'","",$value2);
}
// Remove POST value for SMAILER if present
//(sometimes session information is added to the form as a post field)
if(isset($_POST['SMAILER'])) {
$value2 = str_replace(", '".trim($_POST['SMAILER'])."'","",$value2);
}
$tablename= $CONF['tablename'];
// insert into database
$query = "INSERT INTO $tablename $value1 VALUES$value2";
$result = mysql_query($query);
// Debug error message
if($debug == "TRUE") {
if(!$result) {
die("$value1 Could not insert data $value2:" . mysql_error());
}
}
// error message to user if insert fails
if(!$result) {
echo "Error: An error has occurred and the script has been halted!";
die;
}
// Shouldn't really be needed, but better safe than sorry
mysql_close($link_id);
// Unset variables to free memory |
unset($dbname, $link_id, $var, $value1, $key, $value2, $tablename, $result, $query);
}
//-------------------------------------------------------------+
// |
// Dada Mail Integration - add new subscriber to dada database |
// |
//-------------------------------------------------------------+
if(($CONF['integrate_with_DADA'] == "TRUE") && (trim(strip_tags(stripslashes($_POST['dada_mail']))) == "DADATRUE")) {
// clear variables
$dadadbname = "";
$dadatablename = "";
$link_id = "";
$var1 = "";
$var2 = "";
$var3 = "";
$var4 = "";
$query = "";
$result = "";
// Connect to Dada database
$link_id = mysql_connect($CONF['dadahost'], $CONF['dadausername'], $CONF['dadapassword']);
$dbname = mysql_select_db($CONF['dadadbname']);
if((!$link_id) || (!$dbname)) {
// Display error messages if can't connect to database
if($debug == "TRUE") {
die('Could not connect: ' . mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// set and sanatize variables
$dadatablename = $CONF['dadatablename'];
$var1 = mysql_real_escape_string(trim(strip_tags(stripslashes($_POST[$CONF['field_email']]))));
$var2 = mysql_real_escape_string(stripslashes($CONF['dada_list']));
$var3 = mysql_real_escape_string(stripslashes($CONF['dada_list_type']));
$var4 = mysql_real_escape_string(stripslashes($CONF['dada_list_status']));
// check if email address posted through form is already in the Dada database
$query = "SELECT * FROM $dadatablename WHERE email = '$var1' AND list = '$var2'";
$result = mysql_query($query);
// Display error messages if can't select data
if(!$result) {
mysql_free_result($result);
if($debug == "TRUE") {
die(mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// add email address if it can not be found in the Dada database
if(mysql_num_rows($result) <= 0) {
mysql_free_result($result);
$query = "INSERT INTO $dadatablename (email_id, email, list, list_type, list_status) VALUES (NULL, '$var1', '$var2', '$var3', '$var4')";
$result = mysql_query($query);
// Display error messages if can't insert data
if(!$result) {
if($debug == "TRUE") {
die(mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
if($CONF['dada_list_type'] == "sub_confirm_list") {
// obtain variables from Dada database
$query = "SELECT email_id, email, list FROM $dadatablename WHERE email = '$var1' AND list = '$var2'";
$result = mysql_query($query);
// Display error messages if can't select data
if(!$result) {
mysql_free_result($result);
if($debug == "TRUE") {
die(mysql_error());
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
while($query_data = mysql_fetch_array($result)) {
$pin_id = strip_tags(trim($query_data["email_id"]));
$var1 = strip_tags(trim($query_data["email"]));
$var2 = strip_tags(trim($query_data["list"]));
$i++;
}
mysql_free_result($result);
// Convert pin (not that secure but it may help)
$pin_id = ($pin_id*3)+17359;
}
}
// else if email addresss already exists in Dada database
else {
mysql_free_result($result);
unset($var1, $var2);
}
// Shouldn't really be needed
mysql_close($link_id);
// Unset variables - $pin_id, $var1 & $var2 are used in user email routine
unset($dadadbname, $dadatablename, $link_id, $var3, $var4, $query, $result);
}
//----------------------------------------------+
// |
// Email Message to Staff (ADMIN) |
// |
//----------------------------------------------+
// Display error messages if template or template folder does not exist
if(!file_exists($CONF['template_path']."/".$CONF['text_default_tpl'])) {
if($debug == "TRUE") {
die('Error: Template directory or text_default_tpl does not exist');
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
if(!file_exists($CONF['template_path']."/".$CONF['html_default_tpl'])) {
if($debug == "TRUE") {
die('Error: Template directory or html_default_tpl does not exist');
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// Set end of line character if PHP_EOL is not defined (<php5)
if(!defined('PHP_EOL')) {
// Windows
if(strtoupper(substr(PHP_OS,0,3) == 'WIN')) {
$My_lbr = "\r\n";
}
// MAC
elseif(strtoupper(substr(PHP_OS,0,3) == 'DAR')) {
$My_lbr = "\r";
}
// Unix
else {
$My_lbr = "\n";
}
}
else {
$My_lbr = PHP_EOL;
}
// Create unique random variable for message id
$now = mktime().".".md5(rand(1000,9999));
// Set character-set variable
$char_st = $CONF['char_st'];
// Generate suitable boundary strings
$semi_rand = md5(time());
$main_boundary = "=_secmail1_x{$semi_rand}x";
$part_boundary = "=_secmail2_x{$semi_rand}x";
$section_boundary = "=_secmail3_x{$semi_rand}x";
// Set To: variable
// send to recipients selected from select_recipients_to array
if($CONF['select_recipients'] == "TRUE") {
foreach($CONF['select_recipients_to'] as $recipients_field) {
list($department_to, $department_name) = explode("|", $recipients_field);
if(trim(strip_tags(stripslashes($_POST['department']))) == $department_name) {
$to = trim($department_to);
}
}
}
// send to all recipients in email_recipients_to array
else {
foreach($CONF['email_recipients_to'] as $recipient) {
$to .= $recipient.",";
}
$to = trim(substr($to, 0, -1));
}
// Remove new line characters
$to = trim(str_replace( "\r", '', $to));
$to = trim(str_replace( "\n", '', $to));
// Set From: variable
if($CONF['admin_from']) {
$from = trim($CONF['admin_from']);
}
else {
$from = trim(strip_tags(stripslashes($_POST[$CONF['admin_from_var']])));
}
// Remove new line characters
$from = trim(str_replace( "\r", '', $from));
$from = trim(str_replace( "\n", '', $from));
// Set subject variable
if($CONF['admin_subject']) {
$subject = trim($CONF['admin_subject']);
}
elseif($CONF['admin_subject_prefix'] && $CONF['admin_subject_var']) {
$subject = trim($CONF['admin_subject_prefix']) . " " . trim(strip_tags(stripslashes($_POST[$CONF['admin_subject_var']])));
}
// Remove new line characters
$subject = trim(str_replace( "\r", '', $subject));
$subject = trim(str_replace( "\n", '', $subject));
// Set Cc: variable
foreach($CONF['email_recipients_cc'] as $recipient) {
$cc .= $recipient.",";
}
$cc = trim(substr($cc, 0, -1));
// Remove any new line characters
$cc = trim(str_replace( "\r", '', $cc));
$cc = trim(str_replace( "\n", '', $cc));
// Set Bcc: variable
foreach($CONF['email_recipients_bcc'] as $recipient) {
$bcc .= $recipient.",";
}
$bcc = trim(substr($bcc, 0, -1));
// Remove any new line characters
$bcc = trim(str_replace( "\r", '', $bcc));
$bcc = trim(str_replace( "\n", '', $bcc));
// Set common headers
$headers = "From: $from $My_lbr";
// Do not send empty cc: and bcc: headers
if($cc !=="") {
$headers .= "Cc: $cc $My_lbr";
}
if($bcc !== "") {
$headers .= "Bcc: $bcc $My_lbr";
}
$headers .= "Return-path: $from $My_lbr";
$headers .= "Reply-To: $from $My_lbr";
// Add Message ID (replaces server default id)
$headers .= "Message-ID: <".$now."@".trim(strip_tags(stripslashes($_SERVER['SERVER_NAME'])))."> $My_lbr";
// Add date stamp (replaces server date stamp)
$headers .= "Date: ".date("r")." $My_lbr";
// If this is a multipart email
if(($CONF['html_admin_emails'] == "TRUE") || ($CONF['file_attach'] == "TRUE")) {
// Set multipart email headers
$headers .= "MIME-Version: 1.0 $My_lbr";
if($CONF['file_attach'] == "TRUE") {
$headers .= "Content-Type: multipart/mixed; $My_lbr";
}
else {
$headers .= "Content-Type: multipart/alternative; $My_lbr";
}
$headers .= " boundary=\"{$main_boundary}\" $My_lbr";
// X-Mailer header
$headers .= "X-Mailer: SecureMailer ".VERSION." $My_lbr";
// Message for email clients that can't handle multipart emails
$message = "This is a multi-part message in MIME format $My_lbr";
$message .= "Your email client doesn't support this format $My_lbr";
$message .= "Some or all of this email may therefore not be readable $My_lbr$My_lbr";
$message .= "--{$main_boundary}$My_lbr";
if($CONF['html_admin_emails']== "TRUE") {
if($CONF['file_attach'] == "TRUE") {
// Alternative part structure for plain and html with attachments
$message .= "Content-Type: multipart/related; $My_lbr";
$message .= " boundary=\"{$part_boundary}\" $My_lbr$My_lbr";
$message .= "--{$part_boundary}$My_lbr";
$message .= "Content-Type: multipart/alternative; $My_lbr";
$message .= " boundary=\"{$section_boundary}\" $My_lbr$My_lbr";
$message .= "--{$section_boundary}$My_lbr";
}
$message .= "Content-Type: text/plain; charset=\"$char_st\"; $My_lbr";
$message .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
}
// Alternative part structure plain only with attachment
elseif($CONF['html_admin_emails']== "FALSE") {
$message .= "Content-Type: text/plain; charset=\"$char_st\"; $My_lbr";
$message .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
}
}
else{
// X-Mailer header
$headers .= "X-Mailer: SecureMailer ".VERSION." $My_lbr";
// Insert plain text non multi-part email headers
$headers .= "Content-Type: text/plain; charset=\"$char_st\"; $My_lbr";
$headers .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
}
// Open templates and if necessary, select error message to display
if($debug == "TRUE") {
$fp = fopen($CONF['template_path']."/".$CONF['text_default_tpl'], "r");
}
if($debug == "FALSE") {
$fp = @fopen($CONF['template_path']."/".$CONF['text_default_tpl'], "r");
}
if($fp===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
while(!feof( $fp )) {
$message_text .= fgets( $fp, 1024);
}
foreach($CONF['fields'] as $var ) {
if(strip_tags(stripslashes($_POST["$var"])) !== ""){
$message_text = stripslashes(str_replace("<%$var%>", strip_tags(stripslashes($_POST["$var"])), $message_text));
}
else{
// Clean up line breaks when post variable is empty
$message_text = stripslashes(str_replace("<%$var%>\r\n\r\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\n\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\r\r", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\r\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\r", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>", "", $message_text));
}
}
fclose($fp);
$fp = "";
// Trim message line length option (to comply with rfc 2822)
if($CONF['word_wrap_message']== "TRUE") {
$message_text = wordwrap($message_text, $CONF['word_wrap_trigger']);
}
// Add message text to email
$message .= $message_text;
$message .= " $My_lbr$My_lbr";
unset($message_text);
if($CONF['html_admin_emails']== "TRUE") {
// Insert HTML Email message
if($CONF['file_attach'] == "TRUE") {
$message .= "--{$section_boundary}$My_lbr";
}
else{
$message .= "--{$main_boundary}$My_lbr";
}
$message .= "Content-Type: text/html; charset=\"$char_st\"; $My_lbr";
$message .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
// Load e-mail template and replace variables
if($debug == "TRUE") {
$fp = fopen($CONF['template_path']."/".$CONF['html_default_tpl'], "r");
}
if($debug == "FALSE") {
$fp = @fopen($CONF['template_path']."/".$CONF['html_default_tpl'], "r");
}
if($fp===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
while(!feof( $fp )) {
$message_text .= fgets( $fp, 1024);
}
// nl2br converts message line breaks into <br /> for html emails
foreach($CONF['fields'] as $var ) {
$message_text = stripslashes(str_replace("<%$var%>", nl2br(strip_tags(stripslashes($_POST["$var"]))), $message_text));
}
fclose($fp);
$fp = "";
// Trim message line length option (to comply with rfc 2822)
if($CONF['word_wrap_message']== "TRUE") {
$message_text = wordwrap($message_text, $CONF['word_wrap_trigger']);
}
// Add message text to email
$message .= $message_text;
$message .= " $My_lbr$My_lbr";
if($CONF['file_attach'] == "TRUE") {
$message .= "--{$section_boundary}--$My_lbr";
}
}
// If file attachment selected
if(($CONF['file_attach'] == "TRUE") && ($_FILES['fileatt']['name'] !== '') && ($_FILES)) {
if($CONF['html_admin_emails']== "TRUE") {
$message .= "--{$part_boundary}$My_lbr";
}
else {
$message .= "--{$main_boundary}$My_lbr";
}
// Add file attachment to the message
$message .= "Content-Type: {$fileatt_type}; $My_lbr";
$message .= " name=\"{$fileatt_name}\" $My_lbr";
$message .= "Content-Transfer-Encoding: base64 $My_lbr";
$message .= "Content-Disposition: attachment; $My_lbr";
$message .= " filename=\"{$fileatt_name}\" $My_lbr$My_lbr";
$message .= $data;
$message .= "$My_lbr$My_lbr";
}
// If this is multipart plain and html only
if(($CONF['html_admin_emails'] == "TRUE") && ($CONF['file_attach'] == "FALSE")) {
// Include final multi part boundary
$message .= "--{$main_boundary}--$My_lbr$My_lbr";
}
// If this is multipart plain with attachment
if(($CONF['html_admin_emails'] == "FALSE") && ($CONF['file_attach'] == "TRUE")) {
// Include final multi part boundary
$message .= "--{$main_boundary}--$My_lbr$My_lbr";
}
// If this is multipart plain and html with attachment
if(($CONF['html_admin_emails'] == "TRUE") && ($CONF['file_attach'] == "TRUE")) {
// Include final multi part boundary
$message .= "--{$part_boundary}--$My_lbr";
$message .= "--{$main_boundary}--$My_lbr$My_lbr";
}
// All staff emails
$headers = trim($headers);
// Over-ride default $from on Server (if set)
ini_set(sendmail_from,$from);
// Call to PHP mail function (to send email)
mail("$to", "$subject", "$message", "$headers", "-f $from");
// Reset default $from on server
ini_restore(sendmail_from);
// Unset variables to free memory
unset($referer, $field_name, $name, $field, $email_address, $name, $email, $username, $domaintld, $min, $max, $k, $v, $v2, $fileatt_type, $fileatt_name, $fileatt_error, $data, $filesallowed, $contents, $recipients_field, $department_name, $department_to, $now, $to, $from, $headers, $subject, $char_st, $semi_rand, $main_boundary, $part_boundary, $message, $message_text, $fp, $var, $My_lbr);
//----------------------------------------------+
// |
// Email Message to User |
// |
//----------------------------------------------+
if($CONF['email_to_user'] == "TRUE") {
// Check for email templates
if(!file_exists($CONF['template_path']."/".$CONF['text_confirm_tpl'])) {
if($debug == "TRUE") {
die('Error: Template directory or text_confirm_tpl does not exist');
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
if(!file_exists($CONF['template_path']."/".$CONF['html_confirm_tpl'])) {
if($debug == "TRUE") {
die('Error: Template directory or html_confirm_tpl does not exist');
}
if($debug == "FALSE") {
die('Error: An error has occurred and the script has been halted!');
}
}
// Set end of line character if PHP_EOL is not defined (<php5)
if(!defined('PHP_EOL')) {
// Windows
if(strtoupper(substr(PHP_OS,0,3) == 'WIN')) {
$My_lbr = "\r\n";
}
// MAC
elseif(strtoupper(substr(PHP_OS,0,3) == 'DAR')) {
$My_lbr = "\r";
}
// Unix
else {
$My_lbr = "\n";
}
}
else {
$My_lbr = PHP_EOL;
}
// Create unique random variable for message id
$now = mktime().".".md5(rand(1000,9999));
// Set character-set variable
$char_st = $CONF['char_st'];
// Generate suitable boundary strings
$semi_rand = md5(time());
$main_boundary = "=_secmail1_x{$semi_rand}x";
$part_boundary = "=_secmail2_x{$semi_rand}x";
$section_boundary = "=_secmail3_x{$semi_rand}x";
// Set To: variable
$to = trim(strip_tags(stripslashes($_POST[$CONF['field_email']])));
// Remove new line characters
$to = trim(str_replace( "\r", '', $to));
$to = trim(str_replace( "\n", '', $to));
// Set From: variable
if($CONF['user_from']) {
$from = trim($CONF['user_from']);
}
else {
$from = trim(strip_tags(stripslashes($_POST[$CONF['admin_from_var']])));
}
// Remove new line characters
$from = trim(str_replace( "\r", '', $from));
$from = trim(str_replace( "\n", '', $from));
// Set Subject: variable
if($CONF['user_subject']) {
$subject = trim($CONF['user_subject']);
}
elseif($CONF['user_subject_prefix'] && $CONF['user_subject_var']) {
$subject = trim($CONF['user_subject_prefix']) . " " . trim(strip_tags(stripslashes($_POST[$CONF['user_subject_var']])));
}
// Remove new line characters
$subject = trim(str_replace( "\r", '', $subject));
$subject = trim(str_replace( "\n", '', $subject));
// Set common headers
$headers = "From: $from $My_lbr";
$headers .= "Return-path: $from $My_lbr";
$headers .= "Reply-To: $from $My_lbr";
// Add Message ID (replaces server default id)
$headers .= "Message-ID: <".$now."@".trim(strip_tags(stripslashes($_SERVER['SERVER_NAME'])))."> $My_lbr";
// Add date stamp (replaces server date stamp)
$headers .= "Date: ".date("r")." $My_lbr";
// If this is a multipart email
if(($CONF['html_user_emails'] == "TRUE") || ($CONF['user_file_attach'] == "TRUE")) {
// Set multipart email headers
$headers .= "MIME-Version: 1.0 $My_lbr";
if($CONF['user_file_attach'] == "TRUE") {
$headers .= "Content-Type: multipart/mixed; $My_lbr";
}
else {
$headers .= "Content-Type: multipart/alternative; $My_lbr";
}
$headers .= " boundary=\"{$main_boundary}\" $My_lbr";
// X-Mailer header
$headers .= "X-Mailer: SecureMailer ".VERSION." $My_lbr";
// Message for email clients that can't handle multipart emails
$message .= "This is a multi-part message in MIME format $My_lbr";
$message .= "Your email client doesn't support this format $My_lbr";
$message .= "Some or all of this email may therefore not be readable $My_lbr$My_lbr";
$message .= "--{$main_boundary}$My_lbr";
if($CONF['html_user_emails']== "TRUE") {
if($CONF['user_file_attach'] == "TRUE") {
// Alternative part structure for plain and html with attachments
$message .= "Content-Type: multipart/related; $My_lbr";
$message .= " boundary=\"{$part_boundary}\" $My_lbr$My_lbr";
$message .= "--{$part_boundary}$My_lbr";
$message .= "Content-Type: multipart/alternative; $My_lbr";
$message .= " boundary=\"{$section_boundary}\" $My_lbr$My_lbr";
$message .= "--{$section_boundary}$My_lbr";
}
$message .= "Content-Type: text/plain; charset=\"$char_st\"; $My_lbr";
$message .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
}
// Alternative part structure plain only with attachment
elseif($CONF['html_admin_emails']== "FALSE") {
$message .= "Content-Type: text/plain; charset=\"$char_st\"; $My_lbr";
$message .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
}
}
else{
// X-Mailer header
$headers .= "X-Mailer: SecureMailer ".VERSION." $My_lbr";
// Insert plain text non multi-part email headers
$headers .= "Content-Type: text/plain; charset=\"$char_st\"; $My_lbr";
$headers .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
}
// Load e-mail template and replace variables
if($debug == "TRUE") {
$fp = fopen($CONF['template_path']."/".$CONF['text_confirm_tpl'], "r");
}
if($debug == "FALSE") {
$fp = @fopen($CONF['template_path']."/".$CONF['text_confirm_tpl'], "r");
}
if($fp===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
while(!feof( $fp )) {
$message_text .= fgets( $fp, 1024);
}
foreach($CONF['fields'] as $var ) {
if(strip_tags(stripslashes($_POST["$var"])) !== ""){
$message_text = stripslashes(str_replace("<%$var%>", strip_tags(stripslashes($_POST["$var"])), $message_text));
}
else{
// Clean up line breaks when post variable is empty
$message_text = stripslashes(str_replace("<%$var%>\r\n\r\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\n\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\r\r", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\r\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\n", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>\r", "", $message_text));
$message_text = stripslashes(str_replace("<%$var%>", "", $message_text));
}
}
fclose($fp);
$fp = "";
// Dada Mail Integration Routine - add Dada Mail footer
if(($CONF['integrate_with_DADA'] == "TRUE") && (trim(strip_tags(stripslashes($_POST['dada_mail']))) == "DADATRUE") && ($CONF['dada_list_type'] == "sub_confirm_list") && (!empty($pin_id)) && (!empty($var1)) && (!empty($var2))) {
// Load Dada e-mail template footer and replace variables
if($debug == "TRUE") {
$fp = fopen($CONF['template_path']."/".$CONF['dada_email_footer_tpl'], "r");
}
if($debug == "FALSE") {
$fp = @fopen($CONF['template_path']."/".$CONF['dada_email_footer_tpl'], "r");
}
if($fp===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
while(!feof( $fp )) {
$dada_footer .= fgets( $fp, 1024);
}
$dada_footer = stripslashes(str_replace("<%dadamail_link%>", "$My_script?action=dada&pin_id=$pin_id&email=$var1&list=$var2", $dada_footer));
fclose($fp);
// Add Dada footer to confirmation email set previously
$message_text = stripslashes(str_replace("<%dadamail_text%>", $dada_footer, $message_text));
$fp = "";
$dada_footer = "";
}
// Remove %dadamail_text% from template if it exists and is not required
else{
$message_text = stripslashes(str_replace("<%dadamail_text%>\r\n\r\n", "", $message_text));
$message_text = stripslashes(str_replace("<%dadamail_text%>\n\n", "", $message_text));
$message_text = stripslashes(str_replace("<%dadamail_text%>\r\r", "", $message_text));
$message_text = stripslashes(str_replace("<%dadamail_text%>\r\n", "", $message_text));
$message_text = stripslashes(str_replace("<%dadamail_text%>\n", "", $message_text));
$message_text = stripslashes(str_replace("<%dadamail_text%>\r", "", $message_text));
$message_text = stripslashes(str_replace("<%dadamail_text%>", "", $message_text));
}
// Trim message line length option (to comply with rfc 2822)
if($CONF['word_wrap_message']== "TRUE") {
$message_text = wordwrap($message_text, $CONF['word_wrap_trigger']);
}
// Add message text to email
$message .= $message_text;
$message .= " $My_lbr$My_lbr";
unset($message_text);
if($CONF['html_user_emails']== "TRUE") {
// Insert HTML Email message
if($CONF['user_file_attach'] == "TRUE") {
$message .= "--{$section_boundary}$My_lbr";
}
else{
$message .= "--{$main_boundary}$My_lbr";
}
$message .= "Content-Type: text/html; charset=\"$char_st\"; $My_lbr";
$message .= "Content-Transfer-Encoding: 7bit $My_lbr$My_lbr";
// Load e-mail template and replace variables
if($debug == "TRUE") {
$fp = fopen($CONF['template_path']."/".$CONF['html_confirm_tpl'], "r");
}
if($debug == "FALSE") {
$fp = @fopen($CONF['template_path']."/".$CONF['html_confirm_tpl'], "r");
}
if($fp===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
while(!feof( $fp )) {
$message_text .= fgets( $fp, 1024);
}
// nl2br converts message line breaks into <br /> for html emails
foreach($CONF['fields'] as $var ) {
$message_text = stripslashes(str_replace("<%$var%>", nl2br(strip_tags(stripslashes($_POST["$var"]))), $message_text));
}
fclose($fp);
$fp = "";
// Dada Mail Integration Routine - add Dada Mail footer
if(($CONF['integrate_with_DADA'] == "TRUE") && (trim(strip_tags(stripslashes($_POST['dada_mail']))) == "DADATRUE") && ($CONF['dada_list_type'] == "sub_confirm_list") && (!empty($pin_id)) && (!empty($var1)) && (!empty($var2))) {
// Load Dada e-mail template footer and replace variables
if($debug == "TRUE") {
$fp = fopen($CONF['template_path']."/".$CONF['dada_email_footer_tpl'], "r");
}
if($debug == "FALSE") {
$fp = @fopen($CONF['template_path']."/".$CONF['dada_email_footer_tpl'], "r");
}
if($fp===false) {
// die to stop possible runaway process
die('Error: An error has occurred and the script has been halted!');
}
while(!feof( $fp )) {
$dada_footer .= fgets( $fp, 1024);
}
$dada_footer = nl2br(stripslashes(str_replace("<%dadamail_link%>", "<a href=\"$My_script?action=dada&pin_id=$pin_id&email=$var1&list=$var2\">Confirm Subscription</a>", $dada_footer)));
fclose($fp);
$dada_footer = "<br /><br />".$dada_footer;
// Add Dada footer to confirmation email set previously
$message_text = str_replace("<%dadamail_text%>", $dada_footer, $message_text);
}
// Remove %dadamail_text% from template if it exists and is not required
else {
$message_text = stripslashes(str_replace("<%dadamail_text%>", "", $message_text));
}
// Trim message line length option (to comply with rfc 2822)
if($CONF['word_wrap_message']== "TRUE") {
$message_text = wordwrap($message_text, $CONF['word_wrap_trigger']);
}
// Add message text to email
$message .= $message_text;
$message .= " $My_lbr$My_lbr";
if($CONF['user_file_attach'] == "TRUE") {
$message .= "--{$section_boundary}--$My_lbr";
}
}
// If file attachment selected
if(($CONF['user_file_attach'] == "TRUE") && (($CONF['user_file_select']== "FALSE") || trim(strip_tags(stripslashes($_POST['receive_att'])))== "TRUE")) {
if($CONF['html_user_emails']== "TRUE") {
$message .= "--{$part_boundary}$My_lbr";
}
else {
$message .= "--{$main_boundary}$My_lbr";
}
// Add file attachment to the message
$message .= "Content-Type: {$fileatt_type1}; $My_lbr";
$message .= " name=\"{$fileatt_name1}\" $My_lbr";
$message .= "Content-Transfer-Encoding: base64 $My_lbr";
$message .= "Content-Disposition: attachment; $My_lbr";
$message .= " filename=\"{$fileatt_name1}\" $My_lbr$My_lbr";
$message .= $data1;
$message .= "$My_lbr$My_lbr";
}
// If this is multipart plain and html only
if(($CONF['html_user_emails'] == "TRUE") && ($CONF['user_file_attach'] == "FALSE")) {
// Include final multi part boundary
$message .= "--{$main_boundary}--$My_lbr$My_lbr";
}
// If this is multipart plain with attachment
if(($CONF['html_user_emails'] == "FALSE") && ($CONF['user_file_attach'] == "TRUE")) {
// Include final multi part boundary
$message .= "--{$main_boundary}--$My_lbr$My_lbr";
}
// If this is multipart plain and html with attachment
if(($CONF['html_user_emails'] == "TRUE") && ($CONF['user_file_attach'] == "TRUE")) {
// Include final multi part boundary
$message .= "--{$part_boundary}--$My_lbr";
$message .= "--{$main_boundary}--$My_lbr$My_lbr";
}
// All user emails
$headers = trim($headers);
// Over-ride default $from on Server (if set)
ini_set(sendmail_from,$from);
// Call to PHP mail function (send email)
mail("$to", "$subject", "$message", "$headers", "-f $from");
// Reset default $from on server
ini_restore(sendmail_from);
// Unset variables to free memory
unset($to, $from, $headers, $subject, $char_st, $semi_rand, $main_boundary, $part_boundary, $message, $message_text, $fp, $dada_footer, $var, $var1, $var2, $pin_id, $data1, $fileatt_type1, $fileatt_name1, $My_lbr, $now);
}
//----------------------------------------------+
// Redirect on success |
//----------------------------------------------+
header("Location: $CONF[success_location]");
?>