Feedback.php

Malicious code content detected.
Your IP Number of “.getenv(“REMOTE_ADDR”).” has been logged.

“; $mailto = “enquiries@pateldore.com.au” ; //enquiries@pateldore.com.au; // $subject – set to the Subject line of the email, eg //$subject = “Feedback Form” ; $subject = “Enquiry from Patel Dore website” ; // the pages to be displayed, eg //$formurl = “http://www.example.com/feedback.html” ; //$errorurl = “http://www.example.com/error.html” ; //$thankyouurl = “http://www.example.com/thankyou.html” ; $formurl = “http://www.pateldore.com.au/contact.php” ; $errorurl = “http://www.pateldore.com.au/error.html” ; $thankyouurl = “http://www.pateldore.com.au/thanks.html” ; $uself = 1; // ——————– END OF CONFIGURABLE SECTION ————— $headersep = (!isset( $uself ) || ($uself == 0)) ? “\r\n” : “\n” ; $name = $_POST[‘name’] ; $email = $_POST[’email’]; $phone = $_POST[‘phone’] ; $comments = $_POST[‘comments’]; $street = $_POST[‘street’]; $suburb = $_POST[‘suburb’] ; $enquiry = $_POST[‘enquiry’]; $residential = $_POST[‘residential’] ; $commercial = $_POST[‘commercial’] ; $purpose = $_POST[‘purpose’] ; $value = $_POST[‘value’] ; $http_referrer = getenv( “HTTP_REFERER” ); if (!isset($_POST[’email’])) { header( “Location: $formurl” ); exit ; } if (empty($name) || empty($email) || empty($phone)) { header( “Location: $errorurl” ) ; exit ; } if ( ereg( “[\r\n]”, $name ) || ereg( “[\r\n]”, $email ) ) { header( “Location: $errorurl” ) ; exit ; } if (get_magic_quotes_gpc()) { $comments = stripslashes( $comments ) ; } //begin spam code // the below may not need to be here $headers = “From: $email\n”; $headers . “MIME-Version: 1.0\n” . “Content-Transfer-Encoding: 7bit\n” . “Content-type: text/html; charset = \”iso-8859-1\”;\n\n”; //the above may not need to be here if ($SpamCheck == “Y”) { // Check for Website URL’s in the form input boxes as if we block website URLs from the form, // then this will stop the spammers wasting time sending emails if (preg_match(“/http/i”, “$name”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$email”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$phone”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$comments”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$street”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$suburb”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$enquiry”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$residential”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$commercial”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$purpose”)) {echo “$SpamErrorMessage”; exit();} if (preg_match(“/http/i”, “$value”)) {echo “$SpamErrorMessage”; exit();} // Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer $pattern = ‘/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string $name = preg_replace($pattern, "", $name); $email = preg_replace($pattern, "", $email); $phone = preg_replace($pattern, "", $phone); $comments = preg_replace($pattern, "", $comments); $street = preg_replace($pattern, "", $street); $suburb = preg_replace($pattern, "", $suburb); $enquiry = preg_replace($pattern, "", $enquiry); $residential = preg_replace($pattern, "", $residential); $commercial = preg_replace($pattern, "", $commercial); $purpose = preg_replace($pattern, "", $purpose); $value = preg_replace($pattern, "", $value); // Check for the injected headers from the spammer attempt // This will replace the injection attempt text with the string you have set in the above config section $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i"); $name = preg_replace($find, "$SpamReplaceText", $name); $email = preg_replace($find, "$SpamReplaceText", $email); $phone = preg_replace($find, "$SpamReplaceText", $phone); $comments = preg_replace($find, "$SpamReplaceText", $comments); $street = preg_replace($find, "$SpamReplaceText", $street); $suburb = preg_replace($find, "$SpamReplaceText", $suburb); $enquiry = preg_replace($find, "$SpamReplaceText", $enquiry); $residential = preg_replace($find, "$SpamReplaceText", $residential); $commercial = preg_replace($find, "$SpamReplaceText", $commercial); $purpose = preg_replace($find, "$SpamReplaceText", $purpose); $value = preg_replace($find, "$SpamReplaceText", $value); // Check to see if the fields contain any content we want to ban if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($email, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($phone, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($comments, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($street, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($suburb, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($enquiry, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($residential, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($commercial, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($purpose, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($value, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} // Do a check on the send email and subject text if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();} } $messageproper = "This message was sent from:\n" . "$http_referrer\n" . "------------------------------------------------------------\n" . "Name: $name\n". "Email: $email\n". "Phone: $phone\n". "Comments Option: $comments\n". "Street: $street\n". "Suburb: $suburb\n". "Enquiry Option: $enquiry\n". "Residential Option: $residential\n". "Commercial Option: $commercial\n". "Purpose Option: $purpose\n". "Value Option: $value\n". "------------------------- COMMENTS -------------------------\n\n" . $comments. "\n\n------------------------------------------------------------\n" ; mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>” . $headersep . “Reply-To: \”$name\” <$email>” . $headersep . “X-Mailer: chfeedback.php 2.07” ); header( “Location: $thankyouurl” ); exit ; ?>