// You also need to load the JS file used by the date chooser, if you choose to use this field:
//
// If you are using the stand-alone mode, these will be added automatically
// LANGUAGE SETTING
// The relative path to the language file you want to use.
$language = 'lang/English.php';
// FULL URL TO SCRIPT
// The full URL to dd-formmailer.php (or whatever you have renamed it to)
$script_path = 'http://imaginoz.com/imaginoz-comments.html';
// FULL URL TO CONTACT PAGE
// If you are running this script in standalone mode, leave this blank. Otherwise,
// enter the full URL to the page that is displaying the form
$path_contact_page = '';
// RECIPIENT DATA
// If you are just sending email to a single address, enter it here. For more advanced
// usage such as multiple recipients, CC, BCC, etc.. please see the web page for instructions
$recipients = 'mike@imaginoz.com';
// FORM STRUCTURE
// This is used to generate the form. Each form element must be on its own line.
// Detailed usage instructions can be found on the web page
$form_struct = '
type=text|class=fmtext|label=Name|fieldname=fm_name|max=100|req=true
type=text|class=fmtext|label=Email|fieldname=fm_email|max=100|req=true|ver=email
type=text|class=fmtext|label=Subject|fieldname=fm_subject|max=100|req=true
type=verify|class=fmverify|label=Verify
type=textarea|class=fmtextarea|label=Message|fieldname=fm_message|max=1000|rows=6|req=true
';
// MANUAL FORM CODE
// Advanced users only! please read documentation first
$manual_form_code = '';
// WRAP MESSAGES
// If enabled, this wraps messages to 70 chars per line (for RFC compliance)
$wrap_messages = TRUE;
// SAVE ATTACHMENTS
// If enabled, attachments will be saved to a directory instead of emailed
$attach_save = FALSE;
// SAVE ATTACHMENT PATH
// Where files will be saved, if attach_save is enabled
// ** Full path on server. Ex: /home/user/public_html/upload/
// ** Make sure directory has write permission
// ** include trailing slash
$attach_path = '';
// SHOW REQUIRED
// If enabled, required fields are marked with an asterisk
$show_required = TRUE;
// SHOW URL
// If enabled, the URL the script is running from will be added to the message
$show_url = FALSE;
// SHOW IP AND HOSTNAME
// If enabled, the visitor's IP and hostname are added to the message
$show_ip_hostname = TRUE;
// SPECIAL FIELDS
// These options help generate the email headers. Simply enter a field name,
// and the user input from that field will be used. You can also combine fields.
// For example, if you have a fm_firstname and fm_lastname field, you could
// set $sender_name to 'fm_lastname, fm_firstname'
$sender_name = 'fm_name';
$sender_email = 'fm_email';
$email_subject = 'Contact: fm_subject';
// MAX UPLOAD SIZE
// If you are using file uploads in your form, this specifies the max file size.
// (This does not override any server settings you might have in PHP.ini)
$max_file_size = 1000000; // in bytes
// MESSAGE STRUCTURE
// This is an optional setting that allows you to define your own custom message
// template. More information can be found on the web page. If left blank, the script
// will generate the message itself, which is generally suitable for most purposes.
// You use field names in this - they will be replaced with the user input from those fields.
$message_structure = '';
// SUCCESS MESSAGE
// This is the text shown after the visitor has successfully submitted the form.
// You use field names in this - they will be replaced with the user input from those fields.
$sent_message = '
Thank you - your message has been sent.
';
// AUTO REPLY OPTION
// This optional feature allows you to automatically send a pre-defined auto reply email.
// To use it, simply specify the name and email address you want the message to be 'from',
// as well as a subject and message. To disable, just leave $auto_reply_message blank.
// You use field names in the message - they will be replaced with the user input from those fields.
$auto_reply_name = '';
$auto_reply_email = '';
$auto_reply_subject = '';
$auto_reply_message = '';
// IMAGE VERIFICATION
// You can disable image verification, use the simple built-in method, or use ReCaptcha
// If you use ReCaptcha, sign up for a free account at http://recaptcha.net and enter the codes below
$verify_method = 'basic'; // 'off', 'basic', or 'recaptcha'
// BASIC IMAGE VERIFICATION OPTIONS
$verify_background = 'F0F0F0'; // hex code for background color
$verify_text = '005ABE'; // hex code for text color
$force_type = ''; // problems showing the code? try forcing to 'gif', 'jpeg' or 'png'
// RECAPTCHA IMAGE VERIFICATION OPTIONS
// Public and private keys - you get these when you sign up an account at http://recaptcha.net
$re_public_key = '';
$re_private_key = '';
// SAVE DATA TO FILE
// If set to TRUE, the form input will be saved in a delimited file
$save_to_file = FALSE;
// STILL SEND EMAIL
// If saving the data to a file, still have the script send the email?
$save_email = TRUE;
// DATA PATH
// The file that will be written to - make sure it has write access
$save_path = 'data.txt';
// DELIMITER
// Fields will be separated by this character. If this character is found in
// the actual data, it will be removed.
$save_delimiter = '|';
// NEWLINES
// Newlines in the data will be replaced by this
$save_newlines = " ";
// TIMESTAMP
// Add date/time to the beginning of each line
// Uses the PHP date format: http://us.php.net/date
// Leave blank to disable this feature
$save_timestamp = "m-d-Y h:i:s A";
/*
** END OF OPTIONS
*/
if (!defined('PHP_EOL')) define ('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");
if (trim($path_contact_page) == '') {
$path_contact_page = $script_path;
}
$verify_method = strtolower($verify_method);
/* Convert hex color code to R, G, B */
function ddfm_hex_to_rgb($h) {
$h = trim($h, "#");
$color = array();
if (strlen($h) == 6) {
$color[] = (int)hexdec(substr($h, 0, 2));
$color[] = (int)hexdec(substr($h, 2, 2));
$color[] = (int)hexdec(substr($h, 4, 2));
} else if (strlen($h) == 3) {
$color[] = (int)hexdec(substr($h, 0, 1) . substr($h, 0, 1));
$color[] = (int)hexdec(substr($h, 1, 1) . substr($h, 1, 1));
$color[] = (int)hexdec(substr($h, 2, 1) . substr($h, 2, 1));
}
return $color;
}
/* Handle requests for verification code */
if (isset($_GET['v'])) {
if ($_GET['v'] == '1') {
$this_domain = preg_replace("/^www\./", "", $_SERVER['HTTP_HOST']);
// Choose image type
$type = '';
if (function_exists("imagegif")) {
$type = 'gif';
} else if (function_exists("imagejpeg")) {
$type = 'jpeg';
} else if (function_exists("imagepng")) {
$type = 'png';
}
if (trim($force_type) != '') {
$type = $force_type;
}
// Generate verification code
srand((double)microtime()*1000000);
$ddfmcode = substr(strtoupper(md5(rand(0, 999999999))), 2, 5);
$ddfmcode = str_replace("O", "A", $ddfmcode); // for clarity
$ddfmcode = str_replace("0", "B", $ddfmcode);
setcookie("ddfmcode", md5($ddfmcode), time()+3600, '/', '.' . $this_domain);
// Generate image
header("Content-type: image/" . $type);
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Expires: Mon, 1 Jan 2000 01:00:00 GMT"); // Date in the past
$image = imagecreate(60, 24);
list($br, $bg, $bb) = ddfm_hex_to_rgb($verify_background);
list($rr, $rg, $rb) = ddfm_hex_to_rgb($verify_text);
$background_color = imagecolorallocate($image, $br, $bg, $bb);
$text_color = imagecolorallocate($image, $rr, $rg, $rb);
imagestring($image, 5, 8, 4, $ddfmcode, $text_color);
switch ($type) {
case 'gif': imagegif($image); break;
case 'png': imagepng($image); break;
case 'jpeg': imagejpeg($image, NULL, 100); break;
}
imagedestroy($image);
exit();
}
}
// Load language settings
@include_once($language);
/* Check for GD support */
function ddfm_check_gd_support() {
if (extension_loaded("gd") && (function_exists("imagegif") || function_exists("imagepng") || function_exists("imagejpeg"))) {
return TRUE;
} else {
return FALSE;
}
}
/* Safe str_replace */
function ddfm_str_replace($search, $replace, $subject) {
if (isset($search)) {
return str_replace($search, $replace, $subject);
} else {
return $subject;
}
}
/* Check for valid URL */
function ddfm_is_valid_url($link) {
if (strpos($link, "http://") === FALSE) {
$link = "http://" . $link;
}
$url_parts = @parse_url($link);
if (empty($url_parts["host"]))
return( false );
if (!empty($url_parts["path"])) {
$documentpath = $url_parts["path"];
} else {
$documentpath = "/";
}
if (!empty($url_parts["query"])) {
$documentpath .= "?" . $url_parts["query"];
}
$host = $url_parts["host"];
$port = $url_parts["port"];
if (empty($port))
$port = "80";
$socket = @fsockopen( $host, $port, $errno, $errstr, 30 );
if (!$socket) {
return(false);
} else {
fwrite ($socket, "HEAD ".$documentpath." HTTP/1.0\r\nHost: $host\r\nUser-Agent: DDFMVerify\r\n\r\n");
$http_response = fgets( $socket, 22 );
if (ereg("200 OK", $http_response, $regs)) {
return(true);
fclose($socket);
} else {
return(false);
}
}
}
/* Check for valid email address */
function dd_is_valid_email($email) {
$validator = new EmailAddressValidator;
if ($validator->check_email_address($email)) {
return TRUE;
} else {
return FALSE;
}
}
/*
EmailAddressValidator Class
http://code.google.com/p/php-email-address-validation/
Released under New BSD license
http://www.opensource.org/licenses/bsd-license.php
*/
class EmailAddressValidator {
/**
* Check email address validity
* @param strEmailAddress Email address to be checked
* @return True if email is valid, false if not
*/
function check_email_address($strEmailAddress) {
// If magic quotes is "on", email addresses with quote marks will
// fail validation because of added escape characters. Uncommenting
// the next three lines will allow for this issue.
//if (get_magic_quotes_gpc()) {
// $strEmailAddress = stripslashes($strEmailAddress);
//}
// Control characters are not allowed
if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $strEmailAddress)) {
return false;
}
// Split it into sections using last instance of "@"
$intAtSymbol = strrpos($strEmailAddress, '@');
if ($intAtSymbol === false) {
// No "@" symbol in email.
return false;
}
$arrEmailAddress[0] = substr($strEmailAddress, 0, $intAtSymbol);
$arrEmailAddress[1] = substr($strEmailAddress, $intAtSymbol + 1);
// Count the "@" symbols. Only one is allowed, except where
// contained in quote marks in the local part. Quickest way to
// check this is to remove anything in quotes.
$arrTempAddress[0] = preg_replace('/"[^"]+"/'
,''
,$arrEmailAddress[0]);
$arrTempAddress[1] = $arrEmailAddress[1];
$strTempAddress = $arrTempAddress[0] . $arrTempAddress[1];
// Then check - should be no "@" symbols.
if (strrpos($strTempAddress, '@') !== false) {
// "@" symbol found
return false;
}
// Check local portion
if (!$this->check_local_portion($arrEmailAddress[0])) {
return false;
}
// Check domain portion
if (!$this->check_domain_portion($arrEmailAddress[1])) {
return false;
}
// If we're still here, all checks above passed. Email is valid.
return true;
}
/**
* Checks email section before "@" symbol for validity
* @param strLocalPortion Text to be checked
* @return True if local portion is valid, false if not
*/
function check_local_portion($strLocalPortion) {
// Local portion can only be from 1 to 64 characters, inclusive.
// Please note that servers are encouraged to accept longer local
// parts than 64 characters.
if (!$this->check_text_length($strLocalPortion, 1, 64)) {
return false;
}
// Local portion must be:
// 1) a dot-atom (strings separated by periods)
// 2) a quoted string
// 3) an obsolete format string (combination of the above)
$arrLocalPortion = explode('.', $strLocalPortion);
for ($i = 0, $max = sizeof($arrLocalPortion); $i < $max; $i++) {
if (!preg_match('.^('
. '([A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]'
. '[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]{0,63})'
.'|'
. '("[^\\\"]{0,62}")'
.')$.'
,$arrLocalPortion[$i])) {
return false;
}
}
return true;
}
/**
* Checks email section after "@" symbol for validity
* @param strDomainPortion Text to be checked
* @return True if domain portion is valid, false if not
*/
function check_domain_portion($strDomainPortion) {
// Total domain can only be from 1 to 255 characters, inclusive
if (!$this->check_text_length($strDomainPortion, 1, 255)) {
return false;
}
// Check if domain is IP, possibly enclosed in square brackets.
if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])'
.'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/'
,$strDomainPortion) ||
preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])'
.'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/'
,$strDomainPortion)) {
return true;
} else {
$arrDomainPortion = explode('.', $strDomainPortion);
if (sizeof($arrDomainPortion) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0, $max = sizeof($arrDomainPortion); $i < $max; $i++) {
// Each portion must be between 1 and 63 characters, inclusive
if (!$this->check_text_length($arrDomainPortion[$i], 1, 63)) {
return false;
}
if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|'
.'([A-Za-z0-9]+))$/', $arrDomainPortion[$i])) {
return false;
}
}
}
return true;
}
/**
* Check given text length is between defined bounds
* @param strText Text to be checked
* @param intMinimum Minimum acceptable length
* @param intMaximum Maximum acceptable length
* @return True if string is within bounds (inclusive), false if not
*/
function check_text_length($strText, $intMinimum, $intMaximum) {
// Minimum and maximum are both inclusive
$intTextLength = strlen($strText);
if (($intTextLength < $intMinimum) || ($intTextLength > $intMaximum)) {
return false;
} else {
return true;
}
}
}
/* Check for injection characters */
function ddfm_injection_chars($s) {
return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE;
}
/* Make output safe for the browser */
function ddfm_bsafe($input) {
return htmlspecialchars(stripslashes($input));
}
function ddfm_stripslashes($s) {
if (get_magic_quotes_gpc()) {
return stripslashes($s);
} else {
return $s;
}
}
function ddfm_injection_test($str) {
$tests = array("/bcc\:/i", "/Content\-Type\:/i", "/Mime\-Version\:/i", "/cc\:/i", "/from\:/i", "/to\:/i", "/Content\-Transfer\-Encoding\:/i");
return preg_replace($tests, "", $str);
}
function ddfm_send_mail($recipients, $sender_name, $sender_email, $email_subject, $email_msg, $attach_save, $attach_path, $attachments = false) {
$extra_recips = '';
// generate recipient data from list
if (strpos($recipients, '|')) {
$rdata = array();
$ri = 0;
$rtmp = explode('|', $recipients);
foreach ($rtmp as $rd) {
if (trim($rd) != "") {
list($m, $e) = (array)explode("=", trim($rd), 2);
$rdata[$ri]['m'] = trim(strtolower($m));
$rdata[$ri]['e'] = trim($e);
$ri++;
}
}
rsort($rdata);
$r_to = array();
$extra_recips = "";
foreach ($rdata as $r) {
if ($r['m'] == 'to') $r_to[] = $r['e'];
if ($r['m'] == 'cc') $extra_recips .= 'cc: ' . $r['e'] . PHP_EOL;
if ($r['m'] == 'bcc') $extra_recips .= 'bcc: ' . $r['e'] . PHP_EOL;
}
$send_to = implode(', ', $r_to);
} else {
$send_to = trim($recipients);
}
$sender_name = ddfm_injection_test($sender_name);
$sender_email = ddfm_injection_test($sender_email);
$email_subject = ddfm_injection_test($email_subject);
if (function_exists('mb_encode_mimeheader')) {
$email_subject = mb_encode_mimeheader($email_subject, 'UTF-8', 'Q', '');
$sender_name = mb_encode_mimeheader($sender_name, 'UTF-8', 'Q', '');
}
if (trim($sender_name) == "") {
$sender_name = 'Anonymous';
}
if (trim($sender_email) == "") {
$sender_email = 'user@domain.com';
}
if (trim($email_subject) == "") {
$email_subject = 'Contact Form';
}
$mime_boundary = md5(time());
$headers = '';
$msg = '';
$headers .= 'From: ' . $sender_name . ' <' . $sender_email . '>' . PHP_EOL;
$headers .= $extra_recips;
$headers .= 'Reply-To: ' . $sender_name . ' <' . $sender_email . '>' . PHP_EOL;
$headers .= 'Return-Path: ' . $sender_name . ' <' . $sender_email . '>' . PHP_EOL;
$headers .= "Message-ID: <" . time() . "ddfm@" . $_SERVER['SERVER_NAME'] . ">" . PHP_EOL;
$headers .= 'X-Sender-IP: ' . $_SERVER["REMOTE_ADDR"] . PHP_EOL;
$headers .= "X-Mailer: PHP v" . phpversion() . PHP_EOL;
$headers .= 'MIME-Version: 1.0' . PHP_EOL;
// $headers .= 'Content-Type: multipart/related; boundary="' . $mime_boundary . '"';
$headers .= 'Content-Type: multipart/mixed; boundary="' . $mime_boundary . '"';
$msg .= '--' . $mime_boundary . PHP_EOL;
$msg .= 'Content-Type: text/plain; charset="utf-8"' . PHP_EOL;
// $msg .= 'Content-Type: text/plain; charset="iso-8859-1"' . PHP_EOL;
$msg .= 'Content-Transfer-Encoding: 8bit' . PHP_EOL . PHP_EOL;
$msg .= $email_msg . PHP_EOL . PHP_EOL;
if (count($attachments) > 0) {
for ($i = 0; $i < count($attachments); $i++) {
if (is_file($attachments[$i]['tmpfile'])) {
if ($attach_save) {
if (!rename($attachments[$i]['tmpfile'], $attach_path . $attachments[$i]['file'])) {
echo 'Error saving file. Check your path and permissions. Stopping script.';
exit();
}
} else {
$handle = fopen($attachments[$i]['tmpfile'], 'rb');
$f_contents = fread($handle, filesize($attachments[$i]['tmpfile']));
$f_contents = chunk_split(base64_encode($f_contents));
fclose($handle);
$msg .= '--' . $mime_boundary . PHP_EOL;
$msg .= 'Content-Type: application/octet-stream; name="' . $attachments[$i]['file'] . '"' . PHP_EOL;
$msg .= 'Content-Transfer-Encoding: base64' . PHP_EOL;
$msg .= 'Content-Disposition: attachment; filename="' . $attachments[$i]['file'] . '"' . PHP_EOL . PHP_EOL;
$msg .= $f_contents . PHP_EOL . PHP_EOL;
}
}
}
}
$msg .= '--' . $mime_boundary . '--' . PHP_EOL . PHP_EOL;
@ini_set('sendmail_from', $sender_email);
$send_status = mail($send_to, $email_subject, $msg, $headers);
@ini_restore('sendmail_from');
return $send_status;
}
$form_input = array();
// START of functions to show form output
function ddfm_gen_html($item) {
// type=html|text=
$gen = $item['text'] . "\n";
return $gen;
}
function ddfm_gen_date($item) {
// type=date|class=|label=|fieldname=|req=(TRUEFALSE)
global $form_submitted, $form_input, $show_required;
$req_text = (($show_required) && ($item['req'] == 'true')) ? '' . DDFM_REQUIREDTAG . ' ' : '';
$gen = "";
$gen .= '
 . '/calendar.gif)
';
$gen .='