Confused about the from address with php form processor
I'm using a php form processor that has you designate a from address (in the code below, looks for $form['email'] = 'forms@mydomain.com';
Can this script simply use the email address that they enter as the from address? I don't understand why you must designate an email address. I've seen this with several form processors. If this particular script isn't easily modified, can you recommend one that will accomplish this?
function fake_in_array($needle, $haystack)
{
$found = false;
while (list($key,$val) = each ($haystack)) {
if ($needle == $val)
$found = true;
}
return $found;
}
function check_referer($referers)
{
global $errors;
if (count($referers)) {
if (getenv('HTTP_REFERER')) {
$temp = explode('/', getenv('HTTP_REFERER'));
$found = false;
while (list(,$stored_referer) = each($referers)) {
if (eregi('^' . $stored_referer . '$', $temp[2]))
$found = true;
}
if (!$found) {
$errors[] = '1|You are coming from an unauthorized domain. Please read the manual section titled "<a href="' . MANUAL . '#setting_up" target="_blank">Setting Up the PHPFormMail Script</a>".';
error_log('[PHPFormMail] Illegal Referer. (' . getenv('HTTP_REFERER') . ')', 0);
}
return $found;
} else {
$errors[] = '0|Sorry, but I cannot figure out who sent you here. Your browser is not sending an HTTP_REFERER. If you are using Norton Firewall (any version), please see the <a href="http://service1.symantec.com/SUPPORT/nip.nsf/5a5e9c8a8ac2ec3c882568f60060f23a/0181a150098795a285256910005e6f0d?OpenDocument" target="_blank">Norton support site</a>.';
error_log('[PHPFormMail] HTTP_REFERER not defined. Browser: ' . getenv('HTTP_USER_AGENT') . '; Client IP: ' . getenv('REMOTE_ADDR') . '; Request Method: ' . getenv('REQUEST_METHOD') . ';', 0);
return false;
}
} else {
$errors[] = '1|There are no referers defined. All submissions will be denied. Please read the manual section titled "<a href="' . MANUAL . '#setting_up" target="_blank">Setting Up the PHPFormMail Script</a>".';
error_log('[PHPFormMail] You have no referers defined. All submissions will be denied.', 0);
return false;
}
}
function check_recipients($valid_recipients, $recipient_list)
{
global $errors;
$recipients_ok = true;
$recipient_list = explode(',', $recipient_list);
while (list(,$recipient) = each($recipient_list)) {
$recipient_domain = false;
$recipient = trim($recipient);
reset($valid_recipients);
while ((list(,$stored_domain) = each($valid_recipients)) && ($recipient_domain == false)) {
if (eregi('^[_\.a-z0-9-]*@' . $stored_domain . '$', $recipient))
$recipient_domain = true;
}
if ($recipient_domain == false) {
$recipients_ok = false;
error_log('[PHPFormMail] Illegal Recipient: ' . $recipient . ' from ' . getenv('HTTP_REFERER'), 0);
}
}
if (!$recipients_ok)
$errors[] = '1|You are trying to send mail to a domain that is not in the allowed recipients list. Please read the manual section titled "<a href="' . MANUAL . '#setting_up" target="_blank">Setting Up the PHPFormMail Script</a>".';
return $recipients_ok;
}
function decode_vars()
{
if (isset($_REQUEST))
$request = '_' . getenv('REQUEST_METHOD');
else
$request = 'HTTP_' . getenv('REQUEST_METHOD') . '_VARS';
global $$request;
if (count($$request) > 0) {
while (list($key, $val) = each($$request)) {
if (is_array($val))
$val = implode(', ',$val);
$output[$key] = stripslashes($val);
}
return $output;
} else
return array();
}
function error()
{
global $form, $natural_form, $errors;
if (isset($form['missing_fields_redirect'])) {
if (isset($form['redirect_values']))
header('Location: ' . $form['missing_fields_redirect'] . '?' . getenv('QUERY_STRING') . "\r\n");
else
header('Location: ' . $form['missing_fields_redirect'] . "\r\n");
} else {
if(!isset($form['title']))
$form['title'] = 'PHPFormMail - Error';
$output = "<div class=\"title\">The following errors were found:</div>\n<ul>\n";
$crit_error = 0;
while (list(,$val) = each ($errors)) {
list($crit,$message) = explode('|',$val);
$output .= ' <li>' . $message . "</li>\n";
if ($crit == 1)
$crit_error = 1;
}
$output .= "</ul>\n";
if ($crit_error == 1)
$output .= "<div class=\"crit\">PHPFormMail has experienced errors that must be fixed by the webmaster. Mail will NOT be sent until these issues are resolved. Once these issues are resolved, you will have to resubmit your form to PHPFormMail for the mail to be sent.</div><div class=\"returnlink\">Please use the <a href=\"javascript: history.back();\">back</a> button to return to the site.</div>\n";
else
$output .= "<div class=\"returnlink\">Please use the <a href=\"javascript: history.back();\">back</a> button to correct these errors.</div>\n";
output_html($output);
}
}
function check_required()
{
global $form, $errors, $invis_array, $fieldname_lookup;
$problem = true;
if ((!isset($form['recipient'])) && (!isset($form['recipient_bcc']))) {
$problem = false;
$errors[] = '1|There is no recipient to send this mail to. Please read the manual section titled "<a href="' . MANUAL . '#recipient" target="_blank">Form Configuration - Recipient</a>".';
error_log('[PHPFormMail] There is no recipient defined from ' . getenv('HTTP_REFERER'), 0);
}
if (isset($form['required'])) {
$required = split(',', $form['required']);
while (list(,$val) = each($required)) {
$val = trim($val);
$regex_field_name = $val . '_regex';
if ((!isset($form[$val])) || (isset($form[$val]) && (strlen($form[$val]) < 1))) {
$problem = false;
if (isset($fieldname_lookup[$val]))
$field = $fieldname_lookup[$val];
else
$field = $val;
$errors[] = '0|Required value (<b>' . $field . '</b>) is missing.';
} else if (isset($form[$regex_field_name])) {
if (!eregi($form[$regex_field_name],$form[$val])) {
$problem = false;
$errors[] = '0|Required value (<b>' . $fieldname_lookup[$val] . '</b>) has an invalid format.';
}
$invis_array[] = $regex_field_name;
}
}
}
return $problem;
}
function sort_fields()
{
global $form;
switch ($form["sort"]) {
case 'alphabetic':
case 'alpha': ksort($form);
break;
case 'ralphabetic':
case 'ralpha': krsort($form);
break;
default: if ($col = strpos($form['sort'],':')) {
$form['sort'] = substr($form['sort'],($col + 1));
$temp_sort_arr = explode(',', $form['sort']);
for($x = 0; $x < count($temp_sort_arr); $x++) {
$out[$temp_sort_arr[$x]] = $form[$temp_sort_arr[$x]];
unset($form[$temp_sort_arr[$x]]);
}
$form = array_merge($out,$form);
}
}
return true;
}
function alias_fields()
{
global $form, $fieldname_lookup;
while (list($key,) = each($form)) {
$fieldname_lookup[$key] = $key;
}
reset($form);
if (isset($form['alias'])) {
$aliases = explode(',', $form['alias']);
while (list(,$val) = each($aliases)) {
$temp = explode('=', $val);
$fieldname_lookup[trim($temp[0])] = trim($temp[1]);
}
}
return true;
}
function send_mail()
{
global $form, $invis_array, $valid_env, $in_array_func, $errors;
switch ($form['mail_newline']) {
case 2: $mail_newline = "\r";
break;
case 3: $mail_newline = "\r\n";
break;
default: $mail_newline = "\n";
}
$mailbody = "Below is the result of your feedback form. It was submitted by" . $mail_newline;
if (isset($Name))
$mailbody.= $Name . ' (' . $form['email'] . ') on ' . $mail_date . $mail_newline . $mail_newline;
else
$mailbody.= $form['email'] . ' on ' . $mail_date . $mail_newline . $mail_newline;
$mail_status = mail($form['recipient'], $form['subject'], $mailbody, $mail_header);
if (!$mail_status) {
$errors[] = '1|Message could not be sent due to an error while trying to send the mail.';
error_log('[PHPFormMail] Mail could not be sent due to an error while trying to send the mail.');
}
return $mail_status;
}
alias_fields();
if(CHECK_REFERER == true)
check_referer($referers);
else
error_log('[PHPFormMail] HTTP_REFERER checking is turned off. Referer: ' . getenv('HTTP_REFERER') . '; Client IP: ' . getenv('REMOTE_ADDR') . ';', 0);
if (isset($form['recipient']))
check_recipients($recipients, $form['recipient']);
if (isset($form['recipient_cc']))
check_recipients($recipients, $form['recipient_cc']);
if (isset($form['recipient_bcc']))
check_recipients($recipients, $form['recipient_bcc']);
check_required();
if (!$errors) {
if (!isset($form['subject']))
$form['subject'] = 'Meeting Planners';
if (!isset($form['email']))
$form['email'] = 'forms@mydomain.com';
if (!isset($form['mail_newline']))
$form['mail_newline'] = 1;
if (send_mail()) {
if (isset($form['redirect'])) {
if (isset($form['redirect_values']))
header('Location: ' . $form['redirect'] . '?' . getenv('QUERY_STRING') . "\r\n");
else
header('Location: ' . $form['redirect'] . "\r\n");
} else {
if (!isset($form['title']))
$form['title'] = 'PHPFormMail - Form Results';
$output = "<div class=\"title\">The following information has been submitted:</div>\n";
reset($form);
while (list($key,$val) = each($form)) {
if ((!$in_array_func($key,$invis_array)) && ((isset($form['print_blank_fields'])) || ($val)))
if ((isset($form['hidden'])) && ($in_array_func($key,$form['hidden'])))
$output .= '<div class="field"><b>' . htmlspecialchars($fieldname_lookup[$key]) . ":</b> <i>(hidden)</i></div>\n";
else
$output .= '<div class="field"><b>' . htmlspecialchars($fieldname_lookup[$key]) . ':</b> ' . htmlspecialchars($val) . "</div>\n";
}
if (isset($form['return_link_url']) && isset($form['return_link_title']))
$output .= '<div class="returnlink"><a href="' . $form["return_link_url"] . '">'. $form["return_link_title"] . "</a></div>\n";
output_html($output);
}
}
}
} else {
$errors[] = '0|Nothing was sent by a form. (No data was sent by POST or GET method.) There is nothing to process here.';
error_log('[PHPFormMail] No data sent by POST or GET method. (' . getenv('HTTP_REFERER') . ')', 0);
}
Linear Mode
