";
}else{
if (!$error) {
// welcome intro is printed here unless message is sent
echo $welcome_intro;
}
echo "\n";
echo "\n\n";
echo '
';
}
function echo_if_error($this_error){
global $error;
if ($error) {
if (!empty($this_error)) {
return 'ERROR: ' . $this_error . ''."\n";
}
}
}
// functions for protecting and validating form input vars
function ctf_clean_input($string) {
if (is_string($string)) {
return trim(ctf_sanitize_string(strip_tags(ctf_stripslashes($string))));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = ctf_clean_input($value);
}
return $string;
} else {
return $string;
}
}
function ctf_sanitize_string($string) {
$string = ereg_replace(' +', ' ', trim($string));
return preg_replace("/[<>]/", '_', $string);
}
function ctf_stripslashes($string) {
if (get_magic_quotes_gpc()) {
return stripslashes($string);
} else {
return $string;
}
}
function ctf_output_string($string) {
return str_replace('"', '"', $string);
}
// A function knowing about name case (i.e. caps on McDonald etc)
// $name = name_case($name);
function ctf_name_case($name) {
if ($name == '') return '';
$break = 0;
$newname = strtoupper($name[0]);
for ($i=1; $i < strlen($name); $i++) {
$subed = substr($name, $i, 1);
if (((ord($subed) > 64) && (ord($subed) < 123)) ||
((ord($subed) > 48) && (ord($subed) < 58))) {
$word_check = substr($name, $i - 2, 2);
if (!strcasecmp($word_check, 'Mc') || !strcasecmp($word_check, "O'")) {
$newname .= strtoupper($subed);
}else if ($break){
$newname .= strtoupper($subed);
}else{
$newname .= strtolower($subed);
}
$break = 0;
}else{
// not a letter - a boundary
$newname .= $subed;
$break = 1;
}
}
return $newname;
}
function ctf_validate_email($email) {
// Create the syntactical validation regular expression
$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";
// Presume that the email is invalid
$valid = 0;
//check for all the non-printable codes in the standard ASCII set,
//including null bytes and newlines, and exit immediately if any are found.
if (preg_match("/[\\000-\\037]/",$email)) {
return 0;
}
// Validate the syntax
if (eregi($regexp, $email)) {
list($username,$domaintld) = split("@",$email);
// Validate the domain
if ( function_exists("getmxrr") ) {
if (getmxrr($domaintld,$mxrecords) ) {
$valid = 1;
}
} else {
$valid = 1;
}
} else {
$valid = 0;
}
return $valid;
}
function ctf_forbidifnewlines($input) {
if (eregi("\r", $input) ||
eregi("\n", $input) ||
eregi("%0a", $input) ||
eregi("%0d", $input)) {
echo "Input Forbidden";
exit;
}
}
function ctf_spamcheckpost() {
global $domain, $domain_protect;
if(!isset($_SERVER['HTTP_USER_AGENT'])){
return 1;
}
// Make sure the form was indeed POST'ed:
// (requires your html form to use: action="post")
if(!$_SERVER['REQUEST_METHOD'] == "POST"){
return 2;
}
// Make sure the form was posted from an approved host name.
if ($domain_protect) {
// Host names from where the form is authorized to be posted from:
if (is_array($domain)) {
$domain = array_map(strtolower, $domain);
$authHosts = $domain;
} else {
$domain = strtolower($domain);
$authHosts = array("$domain");
}
// Where have we been posted from?
if( isset($_SERVER['HTTP_REFERER']) and trim($_SERVER['HTTP_REFERER']) != '' ) {
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));
// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos($fromArray['host'], "www.");
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){
return 3;
}
}
} // end if domain protect
// check posted input for email injection attempts
// Check for these common exploits
// if you edit any of these do not break the syntax of the regex
$input_expl = "/(content-type|mime-version|content-transfer-encoding|to:|bcc:|cc:|document.cookie|document.write|onmouse|onkey|onclick|onload)/i";
// Loop through each POST'ed value and test if it contains one of the exploits fromn $input_expl:
foreach($_POST as $k => $v){
$v = strtolower($v);
if( preg_match($input_expl, $v) ){
return 4;
}
}
return 0;
}
?>
|