boe.pres.k12.wv.us

home *** CD-ROM | disk | FTP | other *** search

/ boe.pres.k12.wv.us / boe.pres.k12.wv.us.zip / boe.pres.k12.wv.us / New webpages / form-to-email_user.php < prev next >

Wrap

PHP Script | 2013-07-17 | 2KB | 83 lines

<?php if(!isset($_POST['submit'])) { //This page should not be accessed directly. Need to submit the form. echo "error; you need to submit the form!"; } $copy_email = $_POST['CopyEmail']; $school = $_POST['School']; $reason = $_POST['Reason']; $person = $_POST['Person']; $class = $_POST['Class']; $wveis = $_POST['WVEIS']; $newpassword = $_POST['Newpassword']; $contact = $_POST['Contact']; $date = date("F j, Y, g:i a"); //Validate first if(empty($contact)||empty($copy_email)) { echo "Name and email are mandatory!"; exit; } if(IsInjected($copy_email)) { echo "Bad email value!"; exit; } $email_subject = "Username requested - $school"; $email_body = "The following user request was entered on $date \r\n SCHOOL: $school REASON: $reason NAME: $person GRADE: $class WVEIS NO: $wveis NEW PASSWORD: $newpassword CONTACT: $contact\r\n"; $email_to = "psines@access.k12.wv.us,brrmarti@access.k12.wv.us"; $headers = "From: $copy_email\r\n"; $headers .= "CC: $copy_email\r\n"; //Send the email! if (mail($email_to,$email_subject,$email_body,$headers)){ //done. redirect to thank-you page. header('Location: thank-youuser.html'); } else{ header('Location: problem.html'); } // Function to validate against any email injection attempts function IsInjected($str) { $injections = array('(\n+)', '(\r+)', '(\t+)', '(%0A+)', '(%0D+)', '(%08+)', '(%09+)' ); $inject = join('|', $injections); $inject = "/$inject/i"; if(preg_match($inject,$str)) { return true; } else { return false; } } ?>