| 1 | <?php |
| 2 | |
| 3 | // Set the e-mail address that submission should be sent to. |
| 4 | $address = 'danix@danix.xyz'; |
| 5 | |
| 6 | // Set the e-mail subject prefix. |
| 7 | $prefix = 'Website feedback'; |
| 8 | |
| 9 | // DO NOT EDIT ANYTHING BELOW UNLESS YOU KNOW WHAT YOU ARE DOING. |
| 10 | |
| 11 | $error = false; |
| 12 | $success = false; |
| 13 | |
| 14 | // Check that the submission address is valid. |
| 15 | if ((bool) filter_var(trim($address), FILTER_VALIDATE_EMAIL)) { |
| 16 | // Also set sender/return path header to this address to avoid SPF errors. |
| 17 | $to = $sender = trim($address); |
| 18 | } |
| 19 | else { |
| 20 | $error = true; |
| 21 | } |
| 22 | |
| 23 | // Check that referer is local server. |
| 24 | if (!isset($_SERVER['HTTP_REFERER']) || (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $_SERVER['SERVER_NAME'])) { |
| 25 | exit('Direct access not permitted'); |
| 26 | } |
| 27 | |
| 28 | // Check that this is a post request. |
| 29 | if ($_SERVER['REQUEST_METHOD'] != 'POST' || empty($_POST)) { |
| 30 | $error = true; |
| 31 | } |
| 32 | |
| 33 | // Check if fake url field is filled in, i.e. spam bot. |
| 34 | if (!empty($_POST['url'])) { |
| 35 | $error = true; |
| 36 | } |
| 37 | |
| 38 | // Check that e-mail address is valid. |
| 39 | if ((bool) filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL)) { |
| 40 | $email = trim($_POST['email']); |
| 41 | } |
| 42 | else { |
| 43 | $error = true; |
| 44 | } |
| 45 | |
| 46 | if (!$error) { |
| 47 | // Construct the mail with headers. |
| 48 | $name = _contact_clean_str($_POST['name'], ENT_QUOTES, true, true); |
| 49 | $prefix = _contact_clean_str($prefix, ENT_NOQUOTES, true, true); |
| 50 | $subject = _contact_clean_str($_POST['subject'], ENT_NOQUOTES, true, true); |
| 51 | $subject = "[$prefix] $subject"; |
| 52 | $message = _contact_clean_str($_POST['message'], ENT_NOQUOTES); |
| 53 | $lines = explode("\n", $message); |
| 54 | array_walk($lines, '_contact_ff_wrap'); |
| 55 | $message = implode("\n", $lines); |
| 56 | $headers = [ |
| 57 | 'From' => "$name <$email>", |
| 58 | 'Sender' => $sender, |
| 59 | 'Return-Path' => $sender, |
| 60 | 'MIME-Version' => '1.0', |
| 61 | 'Content-Type' => 'text/plain; charset=UTF-8; format=flowed; delsp=yes', |
| 62 | 'Content-Transfer-Encoding' => '8Bit', |
| 63 | 'X-Mailer' => 'Hugo - Zen', |
| 64 | ]; |
| 65 | $mime_headers = []; |
| 66 | foreach ($headers as $key => $value) { |
| 67 | $mime_headers[] = "$key: $value"; |
| 68 | } |
| 69 | $mail_headers = join("\n", $mime_headers); |
| 70 | |
| 71 | // Send the mail, suppressing errors and setting Return-Path with the "-f" option. |
| 72 | $success = @mail($to, $subject, $message, $mail_headers, '-f' . $sender); |
| 73 | } |
| 74 | |
| 75 | $status = $success ? 'submitted' : 'error'; |
| 76 | $contact_form_url = strtok($_SERVER['HTTP_REFERER'], '?'); |
| 77 | |
| 78 | // Redirect back to contact form with status. |
| 79 | header('Location: ' . $contact_form_url . '?' . $status, TRUE, 302); |
| 80 | exit; |
| 81 | |
| 82 | function _contact_ff_wrap(&$line) { |
| 83 | $line = wordwrap($line, 72, " \n"); |
| 84 | } |
| 85 | |
| 86 | function _contact_clean_str($str, $quotes, $strip = false, $encode = false) { |
| 87 | if ($strip) { |
| 88 | $str = strip_tags($str); |
| 89 | } |
| 90 | |
| 91 | $str = htmlspecialchars(trim($str), $quotes, 'UTF-8'); |
| 92 | |
| 93 | if ($encode && preg_match('/[^\x20-\x7E]/', $str)) { |
| 94 | $str = '=?UTF-8?B?' . base64_encode($str) . '?='; |
| 95 | } |
| 96 | |
| 97 | return $str; |
| 98 | } |