- Impact
- 328
Had some time on my hands, so, wrote this little script. Rather simple, and should be relatively straightforward... All you need to do is save as tellafriend.php, functions.php and upload. Then link to it, like so:
EDIT: Updated to v1.0.1 on June 7, 2006
For some reason, using HTTP_REFERER wouldn't work :s No idea atm, but the above ^^ is a little work-around
tellafriend.php
functions.php
-Eric
PHP:
<a href="./tellafriend.php?ref=<?php echo $_SERVER['SCRIPT_NAME']; ?>">Tell a friend</a>EDIT: Updated to v1.0.1 on June 7, 2006
For some reason, using HTTP_REFERER wouldn't work :s No idea atm, but the above ^^ is a little work-around
tellafriend.php
PHP:
<?php
/****************************************************************************
*
* Author : Eric Sizemore ( www.secondversion.com )
* Package : SV's Tell-a-friend
* Version : 1.0.1
* Copyright: (C) 2005-2006 Eric Sizemore
* Site : www.secondversion.com
* Email : [email protected]
* File : tellafriend.php
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
****************************************************************************/
// ####################### Define Important Constants #######################
// You'll need to change SITE_NAME, SUBJECT and optionally MSG_WORD_WRAP
define('IN_TAF', true);
define('SITE_NAME', 'YourSite.com');
define('SUBJECT', 'Hello friend! Thought you might be interested in ' . SITE_NAME);
define('MSG_WORD_WRAP', 75);
// ############################### Functions ################################
require_once('functions.php');
$ref = (!empty($_GET['ref'])) ? clean(sanitize($_GET['ref'], 'default')) : '';
// ################################## HTML ##################################
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Tell-A-Friend</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>
<body>
<p align="center"><b>Please tell your friends about us.</b></p>
<table cellpadding="2" cellspacing="0" style="border-collapse: collapse; border: 1px solid #111111;">
<form method="post" action="tellafriend.php?ref=<?php echo $ref; ?>" style="display: inline;">
<tr>
<td>Your Name:</td>
<td><input type="text" name="name" size="20"></td>
</tr>
<tr>
<td>Your Email address:</td>
<td><input type ="text" name="email" size="20"></td>
</tr>
<tr>
<td>Friend Email address:</td>
<td><input type ="text" name="femail" size="20"></td>
</tr>
<tr>
<td valign="top">Message:</td>
<td><textarea name="message" rows="5" cols="20"></textarea></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</form>
</table>
<?php
// ############################ Main Script Start ###########################
if (isset($_POST['submit']) AND $_POST['submit'] != '')
{
$name = clean(sanitize($_POST['name'], 'default'));
$email = clean(sanitize($_POST['email'], 'default'));
$femail = clean(sanitize($_POST['femail'], 'default'));
$message = clean(wordwrap(sanitize($_POST['message'], 'light'), MSG_WORD_WRAP));
$message = str_replace("\n", '<br>', $message);
if (!is_valid_email($email) OR is_email_injection($email) OR !is_valid_email($femail) OR is_email_injection($femail))
{
echo '<br />Your email (or your friends) is either invalid or left blank. Please try again.';
}
else
{
$e = $email;
if (empty($name) OR empty($message) OR is_email_injection($name))
{
echo '<br />One or more required fields left blank. Please try again.';
}
else
{
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'Content-Transfer-Encoding: 8bit' . "\r\n";
$headers .= 'From: ' . $name . ' <' . $e . '>' . "\r\n";
$headers .= 'X-Priority: 1' . "\r\n";
$headers .= 'X-Mailer: SVs Tell-a-friend v1.0.1' . "\r\n";
$send = mail($femail, SUBJECT, "
<html>
<head>
<title>Email from $name</title>
</head>
<body>
<p>Hello! $name is sending you this message because they think you'll enjoy our website: " . SITE_NAME . ". <br>Their message is included below.</p>
<p>$message" . ((!empty($ref)) ? '<br><br><a href="http://' . $_SERVER['HTTP_HOST'] . $ref . '">' . SITE_NAME . '</a>' : '') . "</p>
</body>
</html>", $headers);
if ($send)
{
echo '<br />Thank you, ' . $name . ', for telling your friend about us.';
}
else
{
echo '<br />Seems to have been a problem sending the email. Please try again.';
}
}
}
}
// That's all folks!
?>
<p>Powered by <a href="http://www.secondversion.com">SVs Tell-a-friend v1.0.1</a></p>
</body>
</html>
PHP:
<?php
/****************************************************************************
*
* Author : Eric Sizemore ( www.secondversion.com )
* Package : SV's Tell-a-friend
* Version : 1.0.1
* Copyright: (C) 2005-2006 Eric Sizemore
* Site : www.secondversion.com
* Email : [email protected]
* File : functions.php
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
****************************************************************************/
if (!defined('IN_TAF'))
{
die();
}
/*
Strip any unsafe tags/chars/attributes from input data
@param string Data to be cleaned
@param string Level or 'strength' of cleaning - default or light
pretty much the same, but one will remove new lines, and CRLF
@return string
*/
function sanitize($data, $strength)
{
switch ($strength)
{
case '':
case 'default':
$search = array('@<script[^>]*?>.*?</script>@si',
'@<applet[^>]*?>.*?</applet>@si',
'@<object[^>]*?>.*?</object>@si',
'@<iframe[^>]*?>.*?</iframe>@si',
'@<style[^>]*?>.*?</style>@si',
'@<form[^>]*?>.*?</form>@si',
'@<[\/\!]*?[^<>]*?>@si',
'@([\r\n])[\s]+@',
'@&(lt|#60);@i',
'@&(gt|#62);@i'
);
break;
case 'light':
$search = array('@<script[^>]*?>.*?</script>@si',
'@<applet[^>]*?>.*?</applet>@si',
'@<object[^>]*?>.*?</object>@si',
'@<iframe[^>]*?>.*?</iframe>@si',
'@<style[^>]*?>.*?</style>@si',
'@<form[^>]*?>.*?</form>@si',
'@<[\/\!]*?[^<>]*?>@si',
'@&(amp|#38);@i',
'@&(lt|#60);@i',
'@&(gt|#62);@i'
);
break;
}
return preg_replace($search, '', strip_tags($data));
}
/*
Trim and strip slashes from data
@param string Data to be cleaned
@return string
*/
function clean($data)
{
return trim(stripslashes($data));
}
/*
Tests for a valid email address
@param string Email address
@return boolean
*/
function is_valid_email($email)
{
$pattern = '/^[a-z0-9&\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]{2,6}+$/is';
return (preg_match($pattern, $email)) ? true : false;
}
/*
Tests input data from the contact form for email injection - very basic
@param string Data to check
@return boolean
*/
function is_email_injection($data)
{
return (eregi("(To:|Bcc:|Cc:|Content-type:|\\r\\n)", urldecode($data))) ? true : false;
}
?>-Eric
Last edited:
