include("includes/header.php");
include("includes/captcha/functions.php");
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//~~~~ Template object
include("includes/template/class.template.php");
$tplObj = new tplSys("./");
$filename="contact-us.php";
if (@$_POST['fullname']){
$skip=false;
$_SESSION['fullname']=@$_POST['fullname'];
$_SESSION['telephone']=@$_POST['telephone'];
$_SESSION['email']=@$_POST['email'];
$_SESSION['company_name']=@$_POST['company_name'];
$_SESSION['query']=@$_POST['query'];
/* if (chk_crypt($_POST['code'])) {
$skip=false;
}else{
$skip=true;
header("location: contact-us.php?ERR");
exit;
}
*/
// Make sure the form was indeed POST'ed:
// (requires your html form to use: action="post")
if(!$HTTP_SERVER_VARS['REQUEST_METHOD'] == "POST"){
die("Forbidden - You are not authorized to view this page"); exit; }
// Host names from where the form is authorized
// to be posted from:
$authHosts = $AUTHORISED_HOSTS;
// Where have we been posted from?
$fromArray = parse_url(strtolower($HTTP_SERVER_VARS['HTTP_REFERER']));
// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos($fromArray['host'], "www.");
// Make sure the form was posted from an approved host name.
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){
header("HTTP/1.0 403 Forbidden");
$skip=true;
exit;
}
// Attempt to defend against header injections:
$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:");
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($HTTP_POST_VARS as $k => $v){
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
header("HTTP/1.0 403 Forbidden");
$skip=true;
exit;
}
}
}
// Made it past spammer test, free up some memory
// and continue rest of script:
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
// Set email parameters
$Recipient = EMAIL_TO;
$From = EMAIL_FROM;
$Subject = "EvolveIT.ie - ".date("H:i:s j/m/Y");
$Message = "";
$Message .= " Fullname :\t". $_POST['fullname']."
";
$Message .= " Telephone :\t". $_POST['telephone']."
";
$Message .= " Company Name :\t". $_POST['company_name']."
";
$Message .= " Email Address:". $_POST['email']."
";
$Message .= " Query :" .nl2br($_POST['query'])."
";
$Message .= " ";
$ExtraHeaders = "MIME-Version: 1.0\n".
"Content-type: text/html; charset=iso-8859-1\n".
"From: $From\n" .
"Reply-To: $Recipient\n";
// Send email to admin
if (!$skip) {
mail($Recipient, $Subject, $Message, $ExtraHeaders) or die ('Error sending the email');
}
$filename="contact-us-thanks.php";
}
if (@$QUERY_STRING=="ERR"){
$message="Please make sure to enter code as it is shown in the image.
Redraw the image if it isn't clear enough";
if ($contact){
$fullname=$_SESSION['fullname'];
$telephone=$_SESSION['telephone'];
$email=$_SESSION['email'];
$company_name=$_SESSION['company_name'];
$query=$_SESSION['query'];
}
}
$tplObj->getFile( array(
'main' => $filename.'.html')
);
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// place data in template
$tplObj->varRef( "main", array(
"self" => $self,
"message" => @$message,
"SID" => SID,
"crypt_graph" => dsp_crypt(0,1),
"fullname" => @$fullname,
"telephone" => @$telephone,
"email" => @$email,
"company_name" => @$company_name,
"query" => @$query,
)
);
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Display data in page
echo $tplObj->parseDynamic("main");
include("includes/footer.php");
?>