<?php # contact_me.php
// This script will be the base page to set up the user's profile
require ('includes/config.inc.php');
$page_title = 'Contact Me';
include ('includes/header.html');
require (MYSQL);
/*
// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['person_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
*/
// header
echo "<h1>$page_title</h1><br />";
// Check for form submission:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
/* The function takes one argument: a string.
* The function returns a clean version of the string.
* The clean version may be either an empty string or
* just the removal of all newline characters.
*/
function spam_scrubber($value) {
// List of very bad values:
$very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:');
// If any of the very bad strings are in
// the submitted value, return an empty string:
foreach ($very_bad as $v) {
if (stripos($value, $v) !== false) return '';
}
// Replace any newline characters with spaces:
$value = str_replace(array( "\r", "\n", "%0a", "%0d"), ' ', $value);
// Return the value:
return trim($value);
} // End of spam_scrubber() function.
// Clean the form data:
$scrubbed = array_map('spam_scrubber', $_POST);
// Minimal form validation:
if (!empty($scrubbed['name']) && !empty($scrubbed['email']) && !empty($scrubbed['comments']) ) {
if (isset($_SESSION['user_id'])) {
$sess_info = "\n\n\n\n\nREGISTERED USER'S SESSION INFO\n\n";
foreach($_SESSION as $x => $x_value) {
$sess_info .= "Key=".$x.", Value=".$x_value."\n";
}
} else {
$sess_info = '';
}
// Create the body:
$body = "Name: {$scrubbed['name']}\n\nComments: {$scrubbed['comments']} $sess_info";
// Make it no longer than 70 characters long:
$body = wordwrap($body, 70);
// Send the email:
mail('smith058@inbox.com', 'Slangin Stats - Contact Form', $body, "From: {$scrubbed['email']}");
// Print a message:
echo '<p class="error"><em>Thank you for contacting me. I will reply some day, if needed.</em></p>';
// Clear $scrubbed (so that the form's not sticky):
$scrubbed = array();
} else {
echo '<p style="font-weight: bold; color: #C00">Please fill out the form completely.</p>';
}
} // End of main isset() IF.
// Create the HTML form:
?>
<p>Please fill out this form to contact me.</p>
<form action="contact_me.php" method="post">
<p>Name: <br><input type="text" name="name" size="30" maxlength="60"
value="<?php echo (isset($scrubbed['name']) ? $scrubbed['name'] : (isset($_SESSION['screen_name']) ? $_SESSION['screen_name'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p>Email Address: <br><input type="text" name="email" size="30" maxlength="80"
value="<?php echo (isset($scrubbed['email']) ? $scrubbed['email'] : (isset($_SESSION['p_email']) ? $_SESSION['p_email'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p>Comments: <br><textarea name="comments" rows="5" cols="30"><!--?php if (<span class="hiddenSpellError" pre="" data-mce-bogus="1"-->isset($scrubbed['comments'])) echo $scrubbed['comments']; ?></span></pre>
<pre><span style="font-size: 10pt;">
<p><input type="submit" name="submit" value="Send!" /></p>
</form>
</body>
</html>