tilboerner · April 3, 2017 10:54 · Quantme · Dec 21, 2015
diff --git a/mail.php b/mail.php
 <?php
 //
 // A validated PHP contact form
 // http://blog.surmodernite.de/2013/12/a-validated-php-contact-form
 //
 // The MIT License (MIT)

 // Copyright (c) 2013 [email protected]

 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
 // in the Software without restriction, including without limitation the rights
 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 // copies of the Software, and to permit persons to whom the Software is
 // furnished to do so, subject to the following conditions:

 // The above copyright notice and this permission notice shall be included in
 // all copies or substantial portions of the Software.

 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.

 // uses PHPMailer (https://github.com/PHPMailer/PHPMailer), licensed under
 // LGPL 2.1 (http://www.gnu.org/licenses/lgpl-2.1.html)

 function getItem($array, $key, $default = "") {
  return isset($array[$key]) ? $array[$key] : $default;
 }

 function okLength($str, $maxlen) {
 	$len = strlen($str);
 	return ($len > 0) and ($len <= $maxlen);
 }

 function sanitize_and_validate($data) {
 	$name = getItem($data, 'name');
 	$email = getItem($data, 'email');
 	$message = getItem($data, 'message');

 	if (! okLength($name, 100)) {
 		return False;
 	}
 	if (! okLength($email, 100)) {
 		return False;
 	}
 	if (! okLength($message, 2048)) {
 		return False;
 	}

 	$name = trim($name);
 	$name = filter_var($name, FILTER_SANITIZE_STRING);
 	if (empty($name)) {
 		return False;
 	}

 	$email = trim($email);
 	$email = filter_var($email, FILTER_SANITIZE_EMAIL);
 	if (! filter_var($email, FILTER_VALIDATE_EMAIL)) {
 		return False;
 	}

 	$message = trim($message);
 	$message = filter_var($message, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 	if (empty($message)) {
 		return False;
 	}

 	$message = $name . " (" . $email . ") writes:\n\n" . $message;

 	$cc = (bool) getItem($data, 'cc');
 	$seems_robot = (bool) trim(getItem($data, 'subject'));

 	$data = array(
 		'name' => $name,
 		'email' => $email,
 		'message' => $message,
 		'cc' => $cc,
 		'seems_robot' => $seems_robot,
 	);
 	return $data;
 }

 function print_form($data) {
 	$name = getItem($data, 'name');
 	$email = getItem($data, 'email');
 	$message = getItem($data, 'message');
 	$subject = getItem($data, 'subject');
 	$cc_checked = getItem($data, 'cc') ? 'checked="checked"' : '';

 	$form = <<<ENDFORM
 <form id="form2" action="" method="post">
  <fieldset>
    <legend>Contact form</legend>
    <p class="first">
      <label for="name">Name</label>
      <input type="text" name="name" id="name" size="30" maxlength="50" value="$name" required />
    </p>
    <p>
      <label for="email">Email</label>
      <input type="email" name="email" id="email" size="30"  maxlength="50" value="$email" required />
      <label for="cc">
      	<input type="checkbox" name="cc" id="cc" $cc_checked />
      	Send me a copy
      </label>
    </p>
    <p>
      <label for="message">Message</label>
      <textarea name="message" id="message" cols="30" rows="10" maxlength="1024" required>{$message}</textarea>
    </p>
 	<p class="special">
 	  <label for="subject">Robot Catcher: Do not write into this field</label>
 	  <input type="text" name="subject" id="subject" size="30"  maxlength="50" value="$subject"/>
 	  This last field is used to catch robots. If anything is written in here,
 	  the message will <strong>not</strong> be sent.
 	</p>
    <p class="submit"><button type="submit">Send</button></p>
  </fieldset>
 </form>
 <script>
 	$("#form2").validate();
 </script>
 ENDFORM;
 	echo $form;
 }

 function send_mail($data) {
 	if ($data['seems_robot']) {
 		echo <<<ENDERROR
 		<div class="error">
 		<h3>
 			Message not sent.
 		</h3><p>
 			Because the &quot;Robot Catcher&quot field contains text, it
 			looks like a bot filled out the form.
 		</p><p>
 			If you're not a bot, we apologize! Please go back to the form
 			to try again, and make sure the &quot;Robot Catcher&quot field
 			is empty.
 		</p>
 		</div>
 ENDERROR;
 		return True;
 	}

 	//Enable SMTP debugging
 	// 0 = off (for production use)
 	// 1 = client messages
 	// 2 = client and server messages
 	$DEBUG = 0;

        $HOST = 'YOUR_OUTGOING_MAILSERVER';
        $PORT = 587;
 	$USER = "EMAIL_USERNAME";
 	$PASSWORD = "EMAIL_PASSWORD";
 	$RECIPIENT_ADDR = "EMAIL_RECIPIENT";
 	$SUBJECT = 'EMAIL_SUBJECT';

 	$name = $data['name'];
 	$email = $data['email'];
 	$message = $data['message'];
 	$cc_self = $data['cc'];

 	date_default_timezone_set('Etc/UTC');
 	require 'PHPMailer/PHPMailerAutoload.php';

 	//Create a new PHPMailer instance
 	$mail = new PHPMailer();
 	//Tell PHPMailer to use SMTP
 	$mail->isSMTP();
 	//Enable SMTP debugging
 	$mail->SMTPDebug = $DEBUG;
 	//Ask for HTML-friendly debug output
 	$mail->Debugoutput = 'html';
 	//Set the hostname of the mail server
 	$mail->Host = $HOST;
 	//Set the SMTP port number - 587 for authenticated TLS, a.k.a. RFC4409 SMTP submission
 	$mail->Port = $PORT;
 	//Set the encryption system to use - ssl (deprecated) or tls
 	$mail->SMTPSecure = 'tls';
 	//Whether to use SMTP authentication
 	$mail->SMTPAuth = true;
 	//Username to use for SMTP authentication - use full email address for gmail
 	$mail->Username = $USER;
 	//Password to use for SMTP authentication
 	$mail->Password = $PASSWORD;
 	//Set who the message is to be sent from
 	// $mail->setFrom($email, $name);
 	$mail->setFrom($USER);
 	//Set an alternative reply-to address
 	// $mail->addReplyTo('[email protected]');
 	//Set who the message is to be sent to
 	$mail->addAddress($RECIPIENT_ADDR);
 	$mail->addReplyTo($email, $name);
 	if ($cc_self) {
 		$mail->addCC($email);
 	}
 	//Set the subject line
 	$mail->Subject = $SUBJECT;
 	$mail->isHTML(true);
 	$mail->Body    = nl2br(filter_var($message, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES | FILTER_FLAG_ENCODE_HIGH));
 	//Replace the plain text body with one created manually
 	$mail->AltBody = $message;

 	//send the message, check for errors
 	if (!$mail->send()) {
 	    echo "Mailer Error: " . $mail->ErrorInfo;
 	    return False;
 	} else {
 	    echo "<p>Message sent.</p><p>Thank you! I will get back to you as soon as possible.</p>";
 	    return True;
 	}
 }

 $data = sanitize_and_validate($_POST);
 if (!($data and send_mail($data))) {
 	print_form($_POST);
 }

 ?>
	<?php
	//
	// A validated PHP contact form
	// http://blog.surmodernite.de/2013/12/a-validated-php-contact-form
	//
	// The MIT License (MIT)

	// Copyright (c) 2013 [email protected]

	// Permission is hereby granted, free of charge, to any person obtaining a copy
	// of this software and associated documentation files (the "Software"), to deal
	// in the Software without restriction, including without limitation the rights
	// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	// copies of the Software, and to permit persons to whom the Software is
	// furnished to do so, subject to the following conditions:

	// The above copyright notice and this permission notice shall be included in
	// all copies or substantial portions of the Software.

	// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	// THE SOFTWARE.

	// uses PHPMailer (https://github.com/PHPMailer/PHPMailer), licensed under
	// LGPL 2.1 (http://www.gnu.org/licenses/lgpl-2.1.html)

	function getItem($array, $key, $default = "") {
	return isset($array[$key]) ? $array[$key] : $default;
	}

	function okLength($str, $maxlen) {
	$len = strlen($str);
	return ($len > 0) and ($len <= $maxlen);
	}

	function sanitize_and_validate($data) {
	$name = getItem($data, 'name');
	$email = getItem($data, 'email');
	$message = getItem($data, 'message');

	if (! okLength($name, 100)) {
	return False;
	}
	if (! okLength($email, 100)) {
	return False;
	}
	if (! okLength($message, 2048)) {
	return False;
	}

	$name = trim($name);
	$name = filter_var($name, FILTER_SANITIZE_STRING);
	if (empty($name)) {
	return False;
	}

	$email = trim($email);
	$email = filter_var($email, FILTER_SANITIZE_EMAIL);
	if (! filter_var($email, FILTER_VALIDATE_EMAIL)) {
	return False;
	}

	$message = trim($message);
	$message = filter_var($message, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
	if (empty($message)) {
	return False;
	}

	$message = $name . " (" . $email . ") writes:\n\n" . $message;

	$cc = (bool) getItem($data, 'cc');
	$seems_robot = (bool) trim(getItem($data, 'subject'));

	$data = array(
	'name' => $name,
	'email' => $email,
	'message' => $message,
	'cc' => $cc,
	'seems_robot' => $seems_robot,
	);
	return $data;
	}

	function print_form($data) {
	$name = getItem($data, 'name');
	$email = getItem($data, 'email');
	$message = getItem($data, 'message');
	$subject = getItem($data, 'subject');
	$cc_checked = getItem($data, 'cc') ? 'checked="checked"' : '';

	$form = <<<ENDFORM
	<form id="form2" action="" method="post">
	<fieldset>
	<legend>Contact form</legend>
	<p class="first">
	<label for="name">Name</label>
	<input type="text" name="name" id="name" size="30" maxlength="50" value="$name" required />
	</p>
	<p>
	<label for="email">Email</label>
	<input type="email" name="email" id="email" size="30" maxlength="50" value="$email" required />
	<label for="cc">
	<input type="checkbox" name="cc" id="cc" $cc_checked />
	Send me a copy
	</label>
	</p>
	<p>
	<label for="message">Message</label>
	<textarea name="message" id="message" cols="30" rows="10" maxlength="1024" required>{$message}</textarea>
	</p>
	<p class="special">
	<label for="subject">Robot Catcher: Do not write into this field</label>
	<input type="text" name="subject" id="subject" size="30" maxlength="50" value="$subject"/>
	This last field is used to catch robots. If anything is written in here,
	the message will <strong>not</strong> be sent.
	</p>
	<p class="submit"><button type="submit">Send</button></p>
	</fieldset>
	</form>
	<script>
	$("#form2").validate();
	</script>
	ENDFORM;
	echo $form;
	}

	function send_mail($data) {
	if ($data['seems_robot']) {
	echo <<<ENDERROR
	<div class="error">
	<h3>
	Message not sent.
	</h3><p>
	Because the "Robot Catcher&quot field contains text, it
	looks like a bot filled out the form.
	</p><p>
	If you're not a bot, we apologize! Please go back to the form
	to try again, and make sure the "Robot Catcher&quot field
	is empty.
	</p>
	</div>
	ENDERROR;
	return True;
	}

	//Enable SMTP debugging
	// 0 = off (for production use)
	// 1 = client messages
	// 2 = client and server messages
	$DEBUG = 0;

	$HOST = 'YOUR_OUTGOING_MAILSERVER';
	$PORT = 587;
	$USER = "EMAIL_USERNAME";
	$PASSWORD = "EMAIL_PASSWORD";
	$RECIPIENT_ADDR = "EMAIL_RECIPIENT";
	$SUBJECT = 'EMAIL_SUBJECT';

	$name = $data['name'];
	$email = $data['email'];
	$message = $data['message'];
	$cc_self = $data['cc'];

	date_default_timezone_set('Etc/UTC');
	require 'PHPMailer/PHPMailerAutoload.php';

	//Create a new PHPMailer instance
	$mail = new PHPMailer();
	//Tell PHPMailer to use SMTP
	$mail->isSMTP();
	//Enable SMTP debugging
	$mail->SMTPDebug = $DEBUG;
	//Ask for HTML-friendly debug output
	$mail->Debugoutput = 'html';
	//Set the hostname of the mail server
	$mail->Host = $HOST;
	//Set the SMTP port number - 587 for authenticated TLS, a.k.a. RFC4409 SMTP submission
	$mail->Port = $PORT;
	//Set the encryption system to use - ssl (deprecated) or tls
	$mail->SMTPSecure = 'tls';
	//Whether to use SMTP authentication
	$mail->SMTPAuth = true;
	//Username to use for SMTP authentication - use full email address for gmail
	$mail->Username = $USER;
	//Password to use for SMTP authentication
	$mail->Password = $PASSWORD;
	//Set who the message is to be sent from
	// $mail->setFrom($email, $name);
	$mail->setFrom($USER);
	//Set an alternative reply-to address
	// $mail->addReplyTo('[email protected]');
	//Set who the message is to be sent to
	$mail->addAddress($RECIPIENT_ADDR);
	$mail->addReplyTo($email, $name);
	if ($cc_self) {
	$mail->addCC($email);
	}
	//Set the subject line
	$mail->Subject = $SUBJECT;
	$mail->isHTML(true);
	$mail->Body = nl2br(filter_var($message, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES \| FILTER_FLAG_ENCODE_HIGH));
	//Replace the plain text body with one created manually
	$mail->AltBody = $message;

	//send the message, check for errors
	if (!$mail->send()) {
	echo "Mailer Error: " . $mail->ErrorInfo;
	return False;
	} else {
	echo "<p>Message sent.</p><p>Thank you! I will get back to you as soon as possible.</p>";
	return True;
	}
	}

	$data = sanitize_and_validate($_POST);
	if (!($data and send_mail($data))) {
	print_form($_POST);
	}

	?>