home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
boe.pres.k12.wv.us
/
boe.pres.k12.wv.us.zip
/
boe.pres.k12.wv.us
/
Utilities
/
More Files
/
form-to-email_comppre.php
< prev
next >
Wrap
PHP Script
|
2013-07-17
|
2KB
|
87 lines
<?php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
$copy_email = $_POST['CopyEmail'];
$school = $_POST['School'];
$room_number = $_POST['RoomNumber'];
$equipment = $_POST['Equipment'];
$idnumber = $_POST['IDNumber'];
$manufacturer = $_POST['Manufacturer'];
$model = $_POST['Model'];
$serial_no = $_POST['SerialNo'];
$problem = $_POST['Problem'];
$contact = $_POST['Contact'];
$date = date("F j, Y, g:i a");
//Validate first
if(empty($contact)||empty($copy_email))
{
echo "Name and email are mandatory!";
exit;
}
if(IsInjected($copy_email))
{
echo "Bad email value!";
exit;
}
$email_subject = "Technology Work Order - $school";
$email_body = "The following work order was entered on $date \r\n
SCHOOL: $school
ROOM NUMBER: $room_number
EQUIPMENT: $equipment
ID NUMBER: $idnumber
MANUFACTURER: $manufacturer
MODEL: $model
SERIAL NO: $serial_no
CONTACT: $contact
PROBLEM: $problem \r\n";
$email_to = "psines@access.k12.wv.us,brrmarti@access.k12.wv.us,acorbitt@access.k12.wv.us";
$headers = "From: $copy_email\r\n";
$headers .= "CC: $copy_email\r\n";
//Send the email!
if (mail($email_to,$email_subject,$email_body,$headers)){
//done. redirect to thank-you page.
header('Location: thank-youworkpre.html');
}
else{
header('Location: problem.html');
}
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
