X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/d30a679aaebd16d4bef1f883f0ab63fbf1c2ecb2..bc2ea2dfb8f833e8fc510f1cb617a6c7be62e279:/form-email/mailer.php?ds=inline diff --git a/form-email/mailer.php b/form-email/mailer.php index 9ff120d..76fc648 100644 --- a/form-email/mailer.php +++ b/form-email/mailer.php @@ -1,44 +1,44 @@ -# Letzte Aenderung: 24.2.2011 +# Letzte Aenderung: 09.01.2012 # -# Copyright (C) 2002-2011 Patrick Canterino +# Copyright (C) 2002-2012 Patrick Canterino # -# Diese Datei kann unter den Bedingungen der "Artistic License 1.0" +# Diese Datei kann unter den Bedingungen der "Artistic License 2.0" # weitergegeben und / oder veraendert werden. # Siehe: -# http://www.opensource.org/licenses/artistic-license-1.0.php +# http://www.opensource.org/licenses/artistic-license-2.0 # # =========== # Hauptteil # =========== +$VERSION = '3.5-dev'; + require('config.php'); require('functions.php'); require('class.Template.php'); -if($only_post && $_SERVER['REQUEST_METHOD'] != 'POST') show_fatal($err_only_post); +if($_SERVER['REQUEST_METHOD'] != 'POST') show_fatal($err_only_post); # Wenn Captchas aktiviert sind, Session starten -if($captcha_enable) -{ - session_start(); +if($captcha_enable) { + session_start(); - # Pruefen, ob die zulaessige Zahl der Falscheingaben bei Captchas ueberschritten wurde + # Pruefen, ob die zulaessige Zahl der Falscheingaben bei Captchas ueberschritten wurde - if($captcha_max && isset($_SESSION['captcha_failed']) && $_SESSION['captcha_failed'] >= $captcha_max) - { - show_fatal($err_captcha_max); - } + if($captcha_max && isset($_SESSION['captcha_failed']) && $_SESSION['captcha_failed'] >= $captcha_max) { + show_fatal($err_captcha_max); + } } # Bestimmte Werte in Integers umwandeln @@ -84,72 +84,154 @@ if($subject_max && strlen($subject) > $subject_max) show_user_error($err_subject if($text_max && strlen($text) > $text_max) show_user_error($err_text_long); # Pruefen, ob eingegebene E-Mail-Adresse gueltig ist -# Danke an "ich" aus dem SELFHTML Forum fuer die Muehe -$mail_regexp = ($no_tld) - ? '/^([a-z0-9]+([\.]?|[-]?|[_]?)?)*([a-z0-9]+([\.]?[_]?)?)@([a-z0-9]+([\.]?|[-]?)?)*[a-z0-9]$/i' - : '/^([a-z0-9]+([\.]?|[-]?|[_]?)?)*([a-z0-9]+([\.]?[_]?)?)@([a-z0-9]+([\.]?|[-]?)?)*[a-z0-9]+\.{1}[a-z]{2,6}$/i'; +if(!filter_var($email,FILTER_VALIDATE_EMAIL)) show_user_error($err_invalid_email); + +# Individuelle Felder einlesen + +$prepared_user_fields = array(); + +while(list($user_field,$user_field_data) = each($user_fields)) { + $user_field_content = formdata($user_field); + + # Pruefung, ob es ein Pflichtfeld ist + + if(!$user_field_content) { + if(isset($user_field_data['required']) && $user_field_data['required']) { + if(isset($user_field_data['errors']['not_set'])) { + show_user_error($user_field_data['errors']['not_set']); + } + else { + show_fatal($err_indiv_errmsg_miss,array('ERRMSG' => 'not_set', 'INDIVIDUAL' => $user_field)); + } + } + else { + # Wenn das Feld optional ist und nicht gesetzt wurde, brechen wir hier ab + # und machen mit dem naechsten Feld weiter + + $prepared_user_fields[$user_field_data['tpl_var']] = ''; + continue; + } + } + + # Laengen-Pruefung + + if(isset($user_field_data['min']) && $user_field_data['min']) { + if(strlen($user_field_content) < $user_field_data['min']) { + if(isset($user_field_data['errors']['too_short'])) { + show_user_error($user_field_data['errors']['too_short']); + } + else { + show_fatal($err_indiv_errmsg_miss,array('ERRMSG' => 'too_short', 'INDIVIDUAL' => $user_field)); + } + } + } + + if(isset($user_field_data['min']) && $user_field_data['max']) { + if(strlen($user_field_content) > $user_field_data['max']) { + if(isset($user_field_data['errors']['too_long'])) { + show_user_error($user_field_data['errors']['too_long']); + } + else { + show_fatal($err_indiv_errmsg_miss,array('ERRMSG' => 'too_long', 'INDIVIDUAL' => $user_field)); + } + } + } + + # Pruefung gegen frei definierbare Pruef-Funktion + + if(isset($user_field_data['check']) && $user_field_data['check'] != '') { + if(function_exists($user_field_data['check']) && call_user_func($user_field_data['check'],$user_field_content) === false) { + if(isset($user_field_data['errors']['check_fail'])) { + show_user_error($user_field_data['errors']['check_fail']); + } + else { + show_fatal($err_indiv_errmsg_miss,array('ERRMSG' => 'check_fail', 'INDIVIDUAL' => $user_field)); + } + } + } + + # Pruefung gegen frei definierbaren regulaeren Ausdruck + + if(isset($user_field_data['regex']) && $user_field_data['regex'] != '') { + if(!preg_match($user_field_data['regex'],$user_field_content)) { + if(isset($user_field_data['errors']['match_fail'])) { + show_user_error($user_field_data['errors']['match_fail']); + } + else { + show_fatal($err_indiv_errmsg_miss,array('ERRMSG' => 'match_fail', 'INDIVIDUAL' => $user_field)); + } + } + } + + # Formularfeld durch frei definierbare Funktion bearbeiten + + if(isset($user_field_data['prepare']) && $user_field_data['prepare'] != '') { + if(function_exists($user_field_data['check'])) { + $user_field_content = call_user_func($user_field_data['prepare'],$user_field_content); + } + } + + # Name der Template-Variable ermitteln -if(!preg_match($mail_regexp,$email)) show_user_error($err_invalid_email); + if(isset($user_field_data['tpl_var']) && $user_field_data['tpl_var'] != '') { + $tpl_var = $user_field_data['tpl_var']; + } + else { + $tpl_var = 'USER_'.$user_field; + } + + # Fertige Formulardaten wegkopieren und fuer spaeter zur Verfuegung stellen + + $prepared_user_fields[$tpl_var] = $user_field_content; +} # Captcha ueberpruefen -if($captcha_enable) -{ - $captcha_input = formdata('captcha'); - $captcha_incorrect = false; - - if(isset($_SESSION) && isset($_SESSION['captcha'])) - { - if($captcha_case) - { - if(!$captcha_input || empty($captcha_input) || $captcha_input != $_SESSION['captcha']) $captcha_incorrect = true; - } - else - { - if(!$captcha_input || empty($captcha_input) || strtolower($captcha_input) != strtolower($_SESSION['captcha'])) $captcha_incorrect = true; - } - - if($captcha_incorrect) - { - if($captcha_max) - { - if(isset($_SESSION['captcha_failed']) && $_SESSION['captcha_failed']) - { - $_SESSION['captcha_failed']++; +if($captcha_enable) { + $captcha_input = formdata('captcha'); + $captcha_incorrect = false; + + if(isset($_SESSION) && isset($_SESSION['captcha'])) { + if($captcha_case) { + if(!$captcha_input || empty($captcha_input) || $captcha_input != $_SESSION['captcha']) $captcha_incorrect = true; + } + else { + if(!$captcha_input || empty($captcha_input) || strtolower($captcha_input) != strtolower($_SESSION['captcha'])) $captcha_incorrect = true; + } + + if($captcha_incorrect) { + if($captcha_max) { + if(isset($_SESSION['captcha_failed']) && $_SESSION['captcha_failed']) { + $_SESSION['captcha_failed']++; + } + else { + $_SESSION['captcha_failed'] = 1; + } + } + + if($captcha_max && isset($_SESSION['captcha_failed']) && $_SESSION['captcha_failed'] >= $captcha_max) { + show_fatal($err_captcha_max); + } + else { + show_user_error($err_captcha_incorrect); + } + } } - else - { - $_SESSION['captcha_failed'] = 1; + else { + show_fatal($err_captcha_session_failure); } - } - - if($captcha_max && isset($_SESSION['captcha_failed']) && $_SESSION['captcha_failed'] >= $captcha_max) - { - show_fatal($err_captcha_max); - } - else - { - show_user_error($err_captcha_incorrect); - } - } - } - else - { - show_fatal($err_captcha_session_failure); - } } # Referer ueberpruefen -if($check_referer) -{ - $referer_ok = semicolon_split($referer_ok); +if($check_referer) { + $referer_ok = semicolon_split($referer_ok); - $referer_parts = parse_url($_SERVER['HTTP_REFERER']); - $referer_host = $referer_parts['host']; + $referer_parts = parse_url($_SERVER['HTTP_REFERER']); + $referer_host = $referer_parts['host']; - if(in_array($referer_host,$referer_ok) === false) show_fatal($err_referer_not_ok); + if(in_array($referer_host,$referer_ok) === false) show_fatal($err_referer_not_ok); } # Zeilenumbrueche in Namen und Betreff durch Leerzeichen ersetzen @@ -159,49 +241,46 @@ $subject = preg_replace("/\015\012|\012|\015/",' ',$subject); # Uhrzeit formatieren +$timestamp = time(); + date_default_timezone_set($timezone); -$time = strftime($timeformat); +$time = strftime($timeformat,$timestamp); # Header der Mail $header = ''; -if($friendly_sender) -{ - if($friendly_sender == 2) - { - if(preg_match("/[\200-\377]/",$name)) - { - # Absendernamen mit Base64 codieren - - $encoded_name = base64_encode($name); - $encoded_name = wordwrap($encoded_name,56,"\015\012",1); - $encoded_name = "=?$charset?B?$encoded_name?="; - $encoded_name = str_replace("\015\012","?=\015\012 =?$charset?B?",$encoded_name); - } - else - { - # Bestimmte Zeichen im Absendernamen codieren - - $encoded_name = str_replace('"','\"',$name); - $encoded_name = str_replace('(','\\(',$encoded_name); - $encoded_name = str_replace(')','\\)',$encoded_name); - $encoded_name = '"'.$encoded_name.'"'; - } - - $header = "From: $encoded_name <$email>\n"; - } - else $header = "From: $email\n"; +if($friendly_sender) { + if($friendly_sender == 2) { + if(preg_match("/[\200-\377]/",$name)) { + # Absendernamen mit Base64 codieren + + $encoded_name = base64_encode($name); + $encoded_name = wordwrap($encoded_name,56,"\015\012",1); + $encoded_name = "=?$charset?B?$encoded_name?="; + $encoded_name = str_replace("\015\012","?=\015\012 =?$charset?B?",$encoded_name); + } + else { + # Bestimmte Zeichen im Absendernamen codieren + + $encoded_name = str_replace('"','\"',$name); + $encoded_name = str_replace('(','\\(',$encoded_name); + $encoded_name = str_replace(')','\\)',$encoded_name); + $encoded_name = '"'.$encoded_name.'"'; + } + + $header = "From: $encoded_name <$email>\n"; + } + else $header = "From: $email\n"; } -if($add_header) -{ - if(!$friendly_sender) $header .= "Reply-To: $email\n"; - $header .= 'Content-Type: text/plain; charset="'.$charset.'"'."\n"; - $header .= 'Content-Transfer-Encoding: 8bit'."\n"; - $header .= 'MIME-Version: 1.0'."\n"; - $header .= 'X-Mailer: Form E-Mail 3.4.1'."\n"; - $header .= 'X-Sender-IP: ['.$_SERVER['REMOTE_ADDR'].']'; +if($add_header) { + if(!$friendly_sender) $header .= "Reply-To: $email\n"; + $header .= 'Content-Type: text/plain; charset="'.$charset.'"'."\n"; + $header .= 'Content-Transfer-Encoding: 8bit'."\n"; + $header .= 'MIME-Version: 1.0'."\n"; + $header .= 'X-Mailer: Form E-Mail '.$VERSION."\n"; + $header .= 'X-Sender-IP: ['.$_SERVER['REMOTE_ADDR'].']'; } else $header .= "Reply-To: $email"; @@ -210,12 +289,11 @@ $header = preg_replace("/\015\012|\012|\015/","\n",$header); # Betreff mit Base64 codieren, wenn er Zeichen enthaelt, # die nicht aus dem ASCII-Zeichensatz stammen -if(preg_match("/[\200-\377]/",$subject)) -{ - $encoded_subject = base64_encode($subject); - $encoded_subject = wordwrap($encoded_subject,56,"\015\012",1); - $encoded_subject = "=?$charset?B?$encoded_subject?="; - $encoded_subject = str_replace("\015\012","?=\015\012 =?$charset?B?",$encoded_subject); +if(preg_match("/[\200-\377]/",$subject)) { + $encoded_subject = base64_encode($subject); + $encoded_subject = wordwrap($encoded_subject,56,"\015\012",1); + $encoded_subject = "=?$charset?B?$encoded_subject?="; + $encoded_subject = str_replace("\015\012","?=\015\012 =?$charset?B?",$encoded_subject); } else $encoded_subject = $subject; @@ -229,21 +307,23 @@ $mtpl->set_var('NAME', $name); $mtpl->set_var('SUBJECT',$subject); $mtpl->set_var('TIME', $time); -# ... Umgebungsvariablen einfuegen - -if(isset($allowed_envs) && is_array($allowed_envs)) -{ - foreach($allowed_envs as $allowed_env) - { - if(isset($_SERVER[$allowed_env])) - { - $mtpl->set_var('ENV_'.$allowed_env,$_SERVER[$allowed_env]); - } - else - { - $mtpl->set_var('ENV_'.$allowed_env,''); - } - } +# ... Umgebungsvariablen einfuegen... + +if(isset($allowed_envs) && is_array($allowed_envs)) { + foreach($allowed_envs as $allowed_env) { + if(isset($_SERVER[$allowed_env])) { + $mtpl->set_var('ENV_'.$allowed_env,$_SERVER[$allowed_env]); + } + else { + $mtpl->set_var('ENV_'.$allowed_env,''); + } + } +} + +# ... eigene Felder einfuegen + +while(list($tpl_var,$user_field_content) = each($prepared_user_fields)) { + $mtpl->set_var($tpl_var,$user_field_content); } $mtpl->set_var('TEXT',$text); @@ -258,85 +338,148 @@ $mailtext = preg_replace("/\015\012|\012|\015/","\n",$mailtext); # ... und die Mail abschicken (bei einem Fehler erscheint eine Meldung) -if($recipient && is_array($aliases) && $aliases[$recipient]) -{ - # Empfaenger mit Alias-Namen +if($recipient && is_array($aliases) && $aliases[$recipient]) { + # Empfaenger mit Alias-Namen - $mailto = $aliases[$recipient]; + $mailto = $aliases[$recipient]; } $mailto = semicolon_split($mailto); -for($x=0;$x 0) { + $dp = opendir($store_mails_dir); + + while($stored_mail_file = readdir($dp)) { + if($stored_mail_file != '.' && $stored_mail_file != '..' && substr($stored_mail_file,0,strlen($store_mails_prefix)) == $store_mails_prefix) { + $stored_mail_files[$store_mails_dir.'/'.$stored_mail_file] = filemtime($store_mails_dir.'/'.$stored_mail_file); + } + } + + closedir($dp); + + arsort($stored_mail_files); + + $x = 0; + + foreach(array_keys($stored_mail_files) as $stored_mail_filename) { + $x++; + + if($x > $store_mails_max) { + unlink($stored_mail_filename); + } + } + } } -else -{ - # Mit Template formatierte Seite anzeigen - $stpl = new Template; - $stpl->read_file($tpl_sent); +if($captcha_enable) session_destroy(); + +# Mail wurde erfolgreich versendet, also wird die Dankesseite angezeigt - $stpl->set_var('EMAIL', plain($email)); - $stpl->set_var('MAIL', plain($mailtext)); - $stpl->set_var('NAME', plain($name)); - $stpl->set_var('SUBJECT',plain($subject)); - $stpl->set_var('TEXT', plain($text)); - $stpl->set_var('TIME', plain($time)); +if($return_url) { + # Per Redirect auf Seite umleiten + + if(strpos($return_url,'://') === false) { + # URL vervollstaendigen + + $http_host = ($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; + $protocol = ''; + $port = ''; + $path = ''; + + if(isset($_SERVER['HTTPS'])) { + # SSL-verschluesseltes HTTP + + $protocol = 'https://'; + if($_SERVER['SERVER_PORT'] != 443) $port = ':'.$_SERVER['SERVER_PORT']; + } + else { + # Normales HTTP + + $protocol = 'http://'; + if($_SERVER['SERVER_PORT'] != 80) $port = ':'.$_SERVER['SERVER_PORT']; + } + + if(substr($return_url,0,1) == '/') { + $return_url = $protocol.$http_host.$port.$return_url; + } + else { + if(substr($_SERVER['SCRIPT_NAME'],-1,1) == '/') { + $path = substr($_SERVER['SCRIPT_NAME'],0,-1); + } + else { + $path = $_SERVER['SCRIPT_NAME']; + } + + $path = substr($path,0,strrpos($path,'/')+1); + if(substr($path,0,1) != '/') $path = '/'.$path; + + $return_url = $protocol.$http_host.$port.$path.$return_url; + } + } + + header('Status: 303 See Other'); + header('Location: '.$return_url); +} +else { + # Mit Template formatierte Seite anzeigen + + $stpl = new Template; + $stpl->read_file($tpl_sent); + + $stpl->set_var('EMAIL', plain($email)); + $stpl->set_var('MAIL', plain($mailtext)); + $stpl->set_var('NAME', plain($name)); + $stpl->set_var('SUBJECT',plain($subject)); + $stpl->set_var('TEXT', plain($text)); + $stpl->set_var('TIME', plain($time)); + + reset($user_fields); + + while(list($user_field,$user_field_data) = each($user_fields)) { + if(isset($user_field_data['tpl_var']) && $user_field_data['tpl_var'] != '') { + $tpl_var = $user_field_data['tpl_var']; + } + else { + $tpl_var = 'USER_'.$user_field; + } + + $stpl->set_var($tpl_var,htmlspecialchars(formdata($user_field))); + } - $stpl->parse(); + $stpl->parse(); - print $stpl->get_template(); + print $stpl->get_template(); } #