$GLOBALS['pg-name'] = 'E-mail';
define('FORM_NAME', 'Email');
define('PAGE_TITLE', 'E-mail');
// put in head code to hide the form from robots
define('HIDE_FROM_ROBOTS',1);
define('OWNER_EMAIL','info@beyondthenorthwind.co.uk');
define('OWNER_NAME','Beyond the North Wind');
//define('MESSAGE_FOOTER',"\n\n\n".'Sent via '.$_SERVER['SERVER_NAME'].'/'.$_SERVER['PHP_SELF'];
define('MESSAGE_FOOTER','');
include_once($_SERVER['DOCUMENT_ROOT'].'/ireru/tmpl.php');
/*
the maximum size of the value
'maxsize' => '100',
The input type of this form field
'type' => 'text',
The label for this form field
'name'=>'name',
it is mandatory to enter a value for this field.
'mandatory'=>1,
this will be prefaced by 'Please enter...' to create an error message in the event that this field is empty
'err_msg' => 'your name'
*/
$tbl_email = array(
'fields' => array(
'name' => array('maxsize' => '100', 'type' => 'text', 'name'=>'your name', 'mandatory'=>1, 'filter_for_injection_attack' => 1),
'email' =>array('maxsize' => '100', 'type' => 'text', 'name'=>'your e-mail address', 'mandatory'=>1, 'is_email' => 1, 'filter_for_injection_attack' => 1),
'subject' =>array('maxsize' => '255', 'type' => 'text', 'name'=>'subject', 'mandatory'=>1, 'err_msg' => 'a subject', 'filter_for_injection_attack' => 1),
'message' =>array('type' => 'textarea', 'name'=>'message', 'mandatory'=>1, 'err_msg' => 'a message'),
)
);
class nw_mailform {
/* create a simple form from an array representing one or more db tables vers.1.0 */
var $maintbl;
// the field names
var $mainfieldnames;
//a single db row
var $record;
// an array of error messages
var $err_msg;
// the form
var $form;
// the name of the form, used to create a unique name for the js validator
var $form_name;
function nw_mailform (&$tbl, $form_name='') {
$this->maintbl = &$tbl;
$this->form_name = $form_name;
$this->mainfieldnames = array_keys ($tbl['fields']);
}
function get_mainfieldnames() {
return ($this->mainfieldnames);
}
function build_form($vars=array()) {
if (is_array($vars['data'])) {$data = $vars['data'];}
else {$data = $this->record;}
//print_r($vars);
/*
* $data: array of values to fill form with same keys as table
* $vars: array of additional info
*/
foreach ($this->maintbl['fields'] AS $key => $field) {
if ($field['type'] != 'hidden') {
$this->form .= ($vars['wrap_elements']?'<'.$vars['wrap_elements'].'>':'');
if ($field['type'] == 'text')
{
// div, p or nothing around each element?
$this->form .=
ucwords($field['name']).'
';
}
else if ($field['type'] == 'textarea')
{$this->form .=
ucwords($field['name']).'
';
}
}
else if ($field['type'] == 'hidden')
{$this->form .= '';
}
$this->form .= ($vars['wrap_elements']?''.$vars['wrap_elements'].'>':'');
}
if($vars['a']) {$this->form .= '';}
}
function get_form($vars='') {
//print_r($vars);
if (!$vars['action']) {$vars['action']=$_SERVER['PHP_SELF'];}
if ($vars['js_valid']) {$js = ' onsubmit="return submit'.$this->form_name.'(this)" ';}
return ('
');
}
function set_record($data) {
$this->record = $data;
}
function get_record() {
return($this->record);
}
function checkvalid() {
if (!$this->record) {
$this->err_msg['all'] = 'Please fill in the form before pressing submit';
return;
}
foreach ($this->record as $key=>$val) {
// prevent foreach iterating only over associative keys
// to use just the numeric keys, change != to ==
if(strval(intval($key))!=$key) {
// check if they are valid.
$this->record[$key] = $this->nw_clean($val, $this->maintbl['fields'] [$key]['maxsize']);
if (($this->maintbl ['fields'] [$key] ['mandatory']) && (!$val)){
$this->err_msg[$key] = 'Please enter '.($this-> maintbl ['fields'] [$key] ['err_msg']?$this-> maintbl ['fields'] [$key] ['err_msg']:$this-> maintbl ['fields'] [$key] ['name']);
}
if ($this->maintbl ['fields'] [$key] ['filter_for_injection_attack']) {
/* echo ' '.__LINE__.' ';
echo 'hello ';
echo $val.' '; */
if (eregi("\r",$val) || eregi("\n",$val)){
die('Why ?? :(');
}
}
if ($this->maintbl ['fields'] [$key] ['is_email']){
if (($val) && (!$this->valid_email($val))) {
$this->err_msg[$key] = 'The email address that you have entered does not appear to be valid.';
}
}
}
}
//print_r($err_msg);
if (!is_array($this->err_msg)) {return (1);}
}
function error_report() {
if (is_array($this->err_msg)) {
$report .= '
Please check your entry. We found '.((count($this->err_msg)==1)?'one item that requires':'some items that require').' amending.
';
foreach ($this->err_msg as $key=>$val) {$report .= '
'.$val.'
';}
$report .= '
';
return ($report);
}
}
function replace_MSWord_quotes($text)
{
$MSWord_chars=array(
chr(145), chr(146), chr(147), chr(148), chr(151), chr(63)
);
$valid_chars=array(
"'", "'", '"', '"', '-', '-'
);
return str_replace($MSWord_chars,$valid_chars,$text);
}
function nw_clean($input, $maxsize='', $leavehtmlentities=0)
{
$input = trim ($input);
if (!$leavehtmlentities) {
$input = $this->replace_MSWord_quotes($input);
$input = htmlentities($input, ENT_QUOTES);
$input = $this->myaddslashes($input);
}
if($maxsize) {
if (strlen($input)>$maxsize) {
$input = substr($input, 0, $maxsize);
}
$pos = strpos(substr($input,($maxsize-5),$maxsize), '&');
if (!($pos === false)) {
$input = substr($input,0,($maxsize+($pos-4)));
}
}
return ($input);
}
function myaddslashes($string)
{
if (get_magic_quotes_gpc()==1) {
return $string;
} else {
return addslashes($string);
}
}
function mystripslashes($string)
{
if (get_magic_quotes_gpc()==1) {
return stripslashes($string);
} else {
return $string;
}
}
function valid_email($email)
{
$regex = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";
// Validate the syntax
return (eregi($regex, $email)?1:0);
}
function send_mail($vars)
{
if(($vars['owner_email']) && ($vars['owner_name']) && ($this->record['email']) && ($this->record['subject']) && ($this->record['message'])) {
/*****************************************************************/
// newlines added 27 Sept 06
$this->record['subject'] = stripslashes($_POST['subject']);
$this->record['message'] = stripslashes($_POST['message']);
/*****************************************************************/
$this->record['message'].= MESSAGE_FOOTER;
$headers = 'From: '.$this->record['name'].' <'.$this->record['email'].'>';
$to = $vars['owner_name'].' <'.$vars['owner_email'].'>';
//echo '$to: '.$to.' ';
//echo '$headers: '.$headers.' ';
return(mail($to, $this->record['subject'], $this->record['message'], $headers));
}
else {
return(false);
}
}
}
$form = &new nw_mailform($tbl_email, FORM_NAME);
$a=$form->nw_clean($_POST['a'],3);
// remove the 'a' element from postvars so that it only contains the elements that correspond with the db table.
unset($_POST['a']);
if (!$a) {
$a=$form->nw_clean($_GET['a'],3);
}
//print_r($_POST);
if (!$a) {
// set the default public page
$a='neo';
}
//non-display options
if (substr($a,2) == 'i') {
switch ($a) {
case 'nei':
// give incoming form vars to form object
$form->set_record($_POST);
//check validity and clean the record
if ($form->checkvalid()) {
//echo ' valid ';
$t = $form->send_mail(array('owner_email' => OWNER_EMAIL, 'owner_name' => OWNER_NAME));
header('Location: '.$_SERVER['PHP_SELF'].'?a=mlr&t='.$t);
}
else {
// print the form again, filled with the data, with an error report at the start and error fields highlighted.
$a='neo';
}
//print_r($form->get_record());
break;
}
}
// results: display something
if ((substr($a,2) == 'o') || (substr($a,2) == 'r')){
//display options
tmpl1(PAGE_TITLE);
//echo '';
echo '';
echo '';
echo '';
tmpl2();
echo '
';
switch ($a) {
case 'neo':
if ($a=='neo') {
$new_a = 'nei';
}
/* echo '