a8d04f9e |
1 | <?php |
2 | |
3 | // Set the e-mail address that submission should be sent to. |
4 | $address = 'danix@danix.xyz'; |
5 | |
6 | // Set the e-mail subject prefix. |
7 | $prefix = 'Website feedback'; |
8 | |
9 | // DO NOT EDIT ANYTHING BELOW UNLESS YOU KNOW WHAT YOU ARE DOING. |
10 | |
11 | $error = false; |
12 | $success = false; |
13 | |
14 | // Check that the submission address is valid. |
15 | if ((bool) filter_var(trim($address), FILTER_VALIDATE_EMAIL)) { |
16 | // Also set sender/return path header to this address to avoid SPF errors. |
17 | $to = $sender = trim($address); |
18 | } |
19 | else { |
20 | $error = true; |
21 | } |
22 | |
23 | // Check that referer is local server. |
24 | if (!isset($_SERVER['HTTP_REFERER']) || (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $_SERVER['SERVER_NAME'])) { |
25 | exit('Direct access not permitted'); |
26 | } |
27 | |
28 | // Check that this is a post request. |
29 | if ($_SERVER['REQUEST_METHOD'] != 'POST' || empty($_POST)) { |
30 | $error = true; |
31 | } |
32 | |
33 | // Check if fake url field is filled in, i.e. spam bot. |
34 | if (!empty($_POST['url'])) { |
35 | $error = true; |
36 | } |
37 | |
38 | // Check that e-mail address is valid. |
39 | if ((bool) filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL)) { |
40 | $email = trim($_POST['email']); |
41 | } |
42 | else { |
43 | $error = true; |
44 | } |
45 | |
46 | if (!$error) { |
47 | // Construct the mail with headers. |
48 | $name = _contact_clean_str($_POST['name'], ENT_QUOTES, true, true); |
49 | $prefix = _contact_clean_str($prefix, ENT_NOQUOTES, true, true); |
50 | $subject = _contact_clean_str($_POST['subject'], ENT_NOQUOTES, true, true); |
51 | $subject = "[$prefix] $subject"; |
52 | $message = _contact_clean_str($_POST['message'], ENT_NOQUOTES); |
53 | $lines = explode("\n", $message); |
54 | array_walk($lines, '_contact_ff_wrap'); |
55 | $message = implode("\n", $lines); |
56 | $headers = [ |
57 | 'From' => "$name <$email>", |
58 | 'Sender' => $sender, |
59 | 'Return-Path' => $sender, |
60 | 'MIME-Version' => '1.0', |
61 | 'Content-Type' => 'text/plain; charset=UTF-8; format=flowed; delsp=yes', |
62 | 'Content-Transfer-Encoding' => '8Bit', |
63 | 'X-Mailer' => 'Hugo - Zen', |
64 | ]; |
65 | $mime_headers = []; |
66 | foreach ($headers as $key => $value) { |
67 | $mime_headers[] = "$key: $value"; |
68 | } |
69 | $mail_headers = join("\n", $mime_headers); |
70 | |
71 | // Send the mail, suppressing errors and setting Return-Path with the "-f" option. |
72 | $success = @mail($to, $subject, $message, $mail_headers, '-f' . $sender); |
73 | } |
74 | |
75 | $status = $success ? 'submitted' : 'error'; |
76 | $contact_form_url = strtok($_SERVER['HTTP_REFERER'], '?'); |
77 | |
78 | // Redirect back to contact form with status. |
79 | header('Location: ' . $contact_form_url . '?' . $status, TRUE, 302); |
80 | exit; |
81 | |
82 | function _contact_ff_wrap(&$line) { |
83 | $line = wordwrap($line, 72, " \n"); |
84 | } |
85 | |
86 | function _contact_clean_str($str, $quotes, $strip = false, $encode = false) { |
87 | if ($strip) { |
88 | $str = strip_tags($str); |
89 | } |
90 | |
91 | $str = htmlspecialchars(trim($str), $quotes, 'UTF-8'); |
92 | |
93 | if ($encode && preg_match('/[^\x20-\x7E]/', $str)) { |
94 | $str = '=?UTF-8?B?' . base64_encode($str) . '?='; |
95 | } |
96 | |
97 | return $str; |
98 | } |