|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/folderwave/requests/ |
Upload File : |
<?php
function contains_bad_str($str_to_test) {
$bad_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"Content-Transfer-Encoding:"
,"bcc:"
,"cc:"
,"to:"
);
foreach($bad_strings as $bad_string) {
if(strstr(strtolower($str_to_test), $bad_string)) {
return("$bad_string found. Suspected injection attempt - mail not being sent.");
}
}
}
function contains_newlines($str_to_test) {
if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
return("newline found in $str_to_test. Suspected injection attempt - mail not being sent.");
}
}
ini_set("memory_limit","64M");
$limit_size=5000000; // Bytes
// Read POST request params into global vars
$toAdmin = "Product Manager<[email protected]>";
$toCust = $_POST['email'];
$from = "Web Form <[email protected]>";
$subject = $_POST['subject']; // "Client Request Submission Web Form";
$message = $_POST['EmailText'];
// Make sure any requests come through post
if($_SERVER['REQUEST_METHOD'] != "POST"){
echo("Unauthorized attempt to access page.");
exit;
}
// Make sure they are not trying to exploit the mail server
$ErrMsg = "";
$ErrMsg = contains_bad_str($message);
if ($ErrMsg == "") {
$ErrMsg = contains_bad_str($subject);
}
if ($ErrMsg == "") {
$ErrMsg = contains_bad_str($message);
}
if ($_POST["secCode"] != $_POST["secCode"]) {
$ErrMsg = "This form must be sent from our web site";
}
$_SESSION["secCode"]=NULL;
// Obtain file upload vars
$fileatt = $_FILES['attach']['tmp_name'];
$fileatt_type = $_FILES['attach']['type'];
$fileatt_name = $_FILES['attach']['name'];
$filesize = $_FILES['attach']['size'];
$headers = "From: $from";
if (is_uploaded_file($fileatt)) {
if($filesize >= $limit_size){
$ErrMsg = "Your file size is over limit<BR>";
$ErrMsg .= "Your file size = ".$filesize;
$ErrMsg .= " Bytes";
$ErrMsg .= "<BR>File size limit =".$limit_size;
$ErrMsg .= " Bytes";
}
else {
// Read the file to be attached ('rb' = read binary)
$file = fopen($fileatt,'rb');
$data = fread($file, $filesize); //filesize($fileatt));
fclose($file);
// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" .
"Content-Type: multipart/mixed;\n" .
" boundary=\"{$mime_boundary}\"";
// Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
// Base64 encode the file data
$data = chunk_split(base64_encode($data));
// Add file attachment to the message
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$fileatt_type};\n" .
" name=\"{$fileatt_name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" .
"--{$mime_boundary}--\n";
}
}
// Send the message
if ($ErrMsg == "") {
$bMailSuccess = @mail($toAdmin, $subject, $message, $headers);
if ($bMailSuccess) {
// Copy the customer
$bMailSuccess = @mail($toCust, $subject, $message, $headers);
if ($bMailSuccess) {
header("Location: http://www.folderwave.com/requests/request_thankyou.asp");
} else {
$ErrMsg = "<p>There was a processing error and your data could not be sent. Please fill in the form and try again. We are sorry for any inconvenience this has caused.</p>";
}
} else {
$ErrMsg = "<p>There was a processing error and your data could not be sent. Please fill in the form and try again. We are sorry for any inconvenience this has caused.</p>";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" dir="ltr"><!-- InstanceBegin template="/Templates/fw-main.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="meta" -->
<title>FolderWave - Higher Ed and K12 enrollment and admissions workflow solutions.</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="keywords" content=" ">
<META NAME="description" CONTENT="Application processing, admissions and enrollment management and Financial Aid processing solutions for Higher Ed.">
<!-- InstanceEndEditable -->
<META NAME ="COPYRIGHT" CONTENT ="FolderWave, Inc.">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache" >
<meta name="expires" content="0" >
<META NAME ="classification" CONTENT="Application processing, Enrollment and Financial Aid Software for Higher Ed">
<META NAME ="revisit-after" content="5 days">
<META NAME ="robots" content="All">
<link rel="stylesheet" type="text/css" href="../css/styles.css" media="screen" />
<!--[if IE ]><link rel="stylesheet" type="text/css" href="css/ie.css" media="screen" /><![endif]-->
<script type='text/javascript' src='../js/date.js'></script>
<script type='text/javascript' src='../js/jquery.1.5.1.js'></script>
<script type="text/javascript" src="../js/easing.js"></script>
<script type="text/javascript" src="../js/nivo.slider.packed.js"></script>
<script type="text/javascript" src="../js/jquery.cycle.min.js"></script>
<script type="text/javascript" src="../js/cufon.packed.js"></script>
<script type="text/javascript" src="../js/fonts/Merge.js"></script>
<script type="text/javascript" src="../js/pixastic.packed.js"></script>
<script type="text/javascript" src="../js/jquery.colorbox-min.js"></script>
<script type="text/javascript" src="../js/scripts.js"></script>
<script type="text/javascript" src="../js/contact.js"></script>
</head>
<body>
<!-- START HEADER and MENU--><!--#include file="../common/header.inc" --><!-- END HEADER and MENU-->
<!-- InstanceBeginEditable name="breadcrumb" -->
<div id="header_under_two_col">
<div id="header_inner">
<h2>MAIL FORWARDING ERROR</h2>
<!-- /breadcrumb -->
<div id="breadcrumb"><a title="Clients" href="#">Clients</a> > <a href="../clients/login.asp">Client Login</a> > Issue Submission</div>
</div>
<!-- /header_inner -->
</div>
<!-- /header_under_two_col -->
<!-- InstanceEndEditable -->
<div id="main_content_two_col">
<div class="two_col_inner">
<div class="content_wrapper">
<!-- InstanceBeginEditable name="sidenav" -->
<!-- Sidebar Nav -->
<div id="sidebar">
<ul class="xoxo">
<li class="widget">
<h3 class="widgettitle">Clients</h3>
<div class="menu-sidebar-menu-container">
<ul id="menu-sidebar-menu" class="menu">
<li><a href="../clients/list.asp">Client List</a></li>
<li class="current_page_item"><a href="../clients/login.asp">Client Login</a></li>
</ul>
</div>
</li>
</ul>
</div>
<!-- /SIDEBAR -->
<!-- InstanceEndEditable -->
<!-- InstanceBeginEditable name="body" -->
<!-- BODY CONTENT -->
<div id="left_col" class="content">
<form method=post action="../clients/login.asp">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="top" style="padding-top:20px;">
<p class="copy">There was an error forwarding your request to FolderWave
and the information you provided was lost. </p>
<p class="copy">If you wish to request the information/a FolderWave
representative to contact you, please <a href="request.asp" class="golddark">fill
in the form </a>again. <br />
Error was :
<?php echo $ErrMsg; ?>
</p>
<p> </p>
<p> </p></td>
</tr>
<tr>
<td align="left" valign="top" height="10"></td>
</tr>
<tr>
<td align="left" valign="top">
<center>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
</center>
</td>
</tr>
<tr>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td align="left" valign="top"> </td>
</tr>
</table>
</form>
</div>
<!-- /BODY CONTENT-->
<!-- InstanceEndEditable -->
<br class="clear" />
</div>
<!-- /content_wrapper -->
</div>
<!-- /two_col_inner -->
</div>
<!-- /main_content_two_col -->
<!-- FOOTER INCLUDE -->
<!--#include file="../common/footer.inc" -->
<!-- InstanceBeginEditable name="script" -->
<!-- InstanceEndEditable -->
</body>
<!-- InstanceEnd --></html>