www.gusucode.com > weenCompany闻名企业网站系统 4.0.0 繁体中英文 UTF8源码程序 > modules/m6_contactform/contactform.php
<?php // +---------------------------------------------+ // | Copyright@2003-2005 weenCompany | // | http://www.weentech.com | // | This file may not be redistributed. | // +---------------------------------------------+ if(!defined('IN_WEENCOMPANY')) die('File not found!'); // ################################ SEND EMAIL ################################# function m6_SendEmail($language, $allowattachments) { global $DB, $userinfo, $sdlanguage, $mainsettings, $rootpath; // Strip \r\n to prevent injection attacks $_POST['m6_useremail'] = preg_replace("/\r/", "", $_POST['m6_useremail']); $_POST['m6_useremail'] = preg_replace("/\n/", "", $_POST['m6_useremail']); $_POST['m6_fullname'] = preg_replace("/\r/", "", $_POST['m6_fullname']); $_POST['m6_fullname'] = preg_replace("/\n/", "", $_POST['m6_fullname']); if(empty($_POST['m6_fullname']) OR empty($_POST['m6_useremail']) OR empty($_POST['m6_subject']) OR empty($_POST['m6_message'])) { $errors[] = $language['empty_fields']; } if(!ereg("^([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$", $_POST['m6_useremail'])) { $errors[] = $language['invalid_email']; } // Check Visual Verify Code if set $vvc = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 6 AND title = '驗證碼'"); if($vvc[0] == 1) { $vvcid = $_POST['m6_vvcid']; $code = $_POST['m6_verifycode']; if(!ValidVisualVerifyCode($vvcid, $code)) { $errors[] = $sdlanguage['incorrect_vvc_code']; } } if(!empty($_FILES['m6_file']['tmp_name']) AND $allowattachments) { $attachment = true; $boundary = uniqid(""); // figure our the MIME type of the file, defaulting to 'unknown' $MIMEType = $_FILES['m6_file']['type'] ? $_FILES['m6_file']['type'] : 'application/unknown'; if(filesize($_FILES['m6_file']['tmp_name']) == 0) { $errors[] = $language['email_not_sent']; } else { // Open the uploaded file $fp = @fopen($_FILES['m6_file']['tmp_name'], "r"); // Read the entire file into a variable $read = @fread($fp, filesize($_FILES['m6_file']['tmp_name'])); // Base64 encode the file so it can be read by mail programs $read = base64_encode($read); // Split the long Base64 string to lots of small chunks $read = chunk_split($read); } $filename = $_FILES['m6_file']['name']; $message = stripslashes($_POST['m6_message']); // Create the mail body $msgbody = "--$boundary" . EMAIL_CRLF; $msgbody .= "Content-type: text/plain; charset=utf-8" . EMAIL_CRLF; $msgbody .= "Content-transfer-encoding: 8bit" . EMAIL_CRLF; $msgbody .= EMAIL_CRLF; $msgbody .= "$message" . EMAIL_CRLF; $msgbody .= "--$boundary" . EMAIL_CRLF; $msgbody .= "Content-type: $MIMEType; name=$filename" . EMAIL_CRLF; $msgbody .= "Content-disposition: attachment; filename=$filename" . EMAIL_CRLF; $msgbody .= "Content-transfer-encoding: base64" . EMAIL_CRLF; $msgbody .= EMAIL_CRLF; $msgbody .= "$read" . EMAIL_CRLF; $msgbody .= EMAIL_CRLF; $msgbody .= "--$boundary--" . EMAIL_CRLF; } if(!isset($errors)) { // get emails $settings = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 6 AND title = '收件箱'"); $email = $settings['value']; $fullname = unhtmlspecialchars($_POST['m6_fullname']); $useremail = unhtmlspecialchars($_POST['m6_useremail']); $fullname = '=?utf-8?B?'.base64_encode(str_replace("\r", '', str_replace("\n", '', $fullname))).'?='; if(!empty($_FILES['m6_file']['tmp_name']) && $attachment) { // Send the attachment form of the email rather than the normal text form $headers = "MIME-Version: 1.0" . EMAIL_CRLF; $headers .= "From: \"$fullname\" <$useremail>" . EMAIL_CRLF; $headers .= "Reply-To: \"$fullname\" <$useremail>" . EMAIL_CRLF; $headers .= "Content-type: multipart/mixed; boundary=\"$boundary\"" . EMAIL_CRLF; } else { // No file to send, so just send a normal text email $headers = "MIME-Version: 1.0" . EMAIL_CRLF; $headers .= "From: \"$fullname\" <$useremail>" . EMAIL_CRLF; $headers .= "Reply-To: \"$fullname\" <$useremail>" . EMAIL_CRLF; $headers .= "Content-type: text/plain; charset=utf-8" . EMAIL_CRLF; $msgbody = $_POST['m6_message']; } // obtain emails $getemails = str_replace(',', ' ', $email); // get rid of commas $getemails = eregi_replace("[[:space:]]+", " ", $getemails); // get rid of extra spaces $getemails = trim($getemails); // then trim $emails = explode(" ", $getemails); $emailsent = 0; $email_subject = '=?utf-8?B?'.base64_encode(str_replace("\r", '', str_replace("\n", '', $_POST['m6_subject']))).'?='; if( $mainsettings['email_use_smtp'] == "1" ) { require_once $rootpath . "/includes/mail/class.phpmailer.php"; for($i = 0; $i < count($emails); $i++) { $mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = $mainsettings['email_smtp_host']; $mail->Port = $mainsettings['email_smtp_port']; $mail->CharSet = "utf8"; $mail->Encoding = "base64"; if( $mainsettings['email_smtp_require_auth'] == "1" ) { $mail->SMTPAuth = true; $mail->Username = $mainsettings['email_smtp_user']; $mail->Password = $mainsettings['email_smtp_pass']; } $mail->From = $useremail; $mail->FromName = $fullname; $mail->AddAddress($emails[$i]); $mail->Subject = unhtmlspecialchars($_POST['m6_subject']); $mail->Body = unhtmlspecialchars($_POST['m6_message']); if($mail->Send()){$emailsent = 1;} } }else{ for($i = 0; $i < count($emails); $i++) { if(@mail($emails[$i], $email_subject, unhtmlspecialchars($msgbody), $headers)) { $emailsent = 1; } } } if($emailsent == 1) { echo $language['email_sent']; } else { echo $language['email_not_sent']; } } else { foreach($errors as $key=>$value) { echo $value . '<br /><br />'; } m6_DisplayEmailForm($language, $allowattachments, 1); // 1 = errors exist } } // ############################ DISPLAY EMAIL FORM ############################# function m6_DisplayEmailForm($language, $allowattachments, $errors = 0) { global $DB, $categoryid, $userinfo, $inputsize, $sdlanguage; $vvc = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 6 AND title = '驗證碼'"); if($errors) { $email = array('fullname' => $_POST['m6_fullname'], 'useremail' => $_POST['m6_useremail'], 'subject' => $_POST['m6_subject'], 'message' => $_POST['m6_message']); } else { $email = array('fullname' => '', 'useremail' => '', 'subject' => '', 'message' => ''); } echo '<form action="' . RewriteLink('index.php?categoryid=' . $categoryid . '&m6_action=sendemail') . '" method="post" enctype="multipart/form-data"> <table width="100%" border="0" cellspacing="0" cellpadding="0" align="center"> <tr> <td style="padding-bottom: 5px;" valign="top" width="100">' . $language['full_name'] . '</td> <td style="padding-bottom: 5px;"><input ' . CheckForEmptyField($email['fullname'], $errors) . ' type="text" name="m6_fullname" value="' . $email['fullname'] . '" size="' . $inputsize . '" /></td> </tr> <tr> <td style="padding-bottom: 5px;" valign="top" width="100">' . $language['your_email'] . '</td> <td style="padding-bottom: 5px;"><input ' . CheckForEmptyField($email['useremail'], $errors) . ' type="text" name="m6_useremail" value="' . $email['useremail'] . '" size="' . $inputsize . '" /></td> </tr> <tr> <td style="padding-bottom: 5px;" valign="top" width="100">' . $language['subject'] . '</td> <td style="padding-bottom: 5px;"><input ' . CheckForEmptyField($email['subject'], $errors) . ' type="text" name="m6_subject" value="' . $email['subject'] . '" size="' . $inputsize . '" /></td> </tr> <tr> <td style="padding-bottom: 5px;" valign="top" width="100">' . $language['message'] . '</td> <td style="padding-bottom: 5px;"><textarea ' . CheckForEmptyField($email['message'], $errors) . ' name="m6_message" rows="10" cols="' . $inputsize . '">' . $email['message'] . '</textarea></td> </tr>'; if($allowattachments) { echo '<tr> <td style="padding-bottom: 5px;" valign="top" width="100">' . $language['attachment'] . '</td> <td style="padding-bottom: 5px;"><input name="m6_file" type="file" size="'.$inputsize.'" /></td> </tr>'; } if($vvc[0]) { $vvcid = CreateVisualVerifyCode(); echo '<tr> <td style="padding-bottom: 5px;" valign="top" width="100"></td> <td style="padding-bottom: 5px;"><input type="hidden" name="m6_vvcid" value="' . $vvcid . '"/> <img src="includes/vvc.php?vvcid=' . $vvcid . '"/></td> </tr> <tr> <td style="padding-bottom: 5px;" valign="top" colspan="2">' . $sdlanguage['enter_verify_code'] . '</td> </tr> <tr> <td style="padding-bottom: 5px;" valign="top" width="100"></td> <td style="padding-bottom: 5px;"><input type="text" size="'.$inputsize.'" name="m6_verifycode"/></td> </tr>'; } echo '<tr> <td> </td> <td><input type="submit" name="m6_Submit" value="' . strip_tags($language['send_message']) . '" /> <input type="reset" value="' . strip_tags($language['reset']) . '" /></td> </tr> </table> </form>'; } // ########################### GET COMMON VARIABLES ############################ // basically both functions use a few common variables, and there's a chance that // both functions will be displayed if there are errors $m6_language = GetLanguage(6); $m6_allowattachments = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 6 AND title = '允許附件'"); // ############################## SELECT FUNCTION ############################## $m6_action = isset($_GET['m6_action']) ? $_GET['m6_action'] : 'displayemailform'; // display submit field if(@in_array(6, $userinfo['modulesubmitids'])) { if($m6_action == 'sendemail') { m6_SendEmail($m6_language, $m6_allowattachments['value']); } else { m6_DisplayEmailForm($m6_language, $m6_allowattachments['value']); } } else { echo $m6_language['no_post_access']; } unset($m6_language, $m6_allowattachments, $m6_action); ?>