From: josie1one on
The content is essentially identical to a working Contact Form but obviously
I have an error somewhere. Could somebody please take a look?

http://lerosmarina.gr/contact.php

calls jomail.php - code, comments removed:

<?php
$locationroot = "Location: http://www.lerosmarina.gr/";
$toAddress = "enquiries(a)lerosmarina.gr";
$fromAddress = "From: webform(a)lerosmarina.gr";


if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
}
}
else {
if (preg_match($pattern, $val)) {
$suspect = true;
}
}
}


if (!isset($_REQUEST['email']))
{
header( $locationroot."contact_us.php" );
}
elseif (empty($surname) || empty($firstname) || empty($company)
||empty($phone) || empty($email))
{

header( $locationroot."missing.php" );
}
else
{

$suspect = false;

$pattern = '/Content-Type:|Bcc:|Cc:/i';

isSuspect($_POST, $pattern, $suspect);

if (!empty($_POST['email'])) {

$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
if (!preg_match($checkEmail, $_POST['email'])) {
$suspect = true;
}
}

if (!$suspect) {
$subject = "Feedback from ".$originating_site." Web Site about
".$mailsubject;
$mailcontent = "Originating Site: ".$originating_site."\n";
$mailcontent .= "Mail Subject: ".$mailsubject."\n";
$mailcontent .= "Customer First Name: ".$firstname."\n";
$mailcontent .= "Customer Surname: ".$surname."\n";
$mailcontent .= "Customer EMail Address: ".$email."\n";
$mailcontent .= "Customer Telephone Number: ".$phone."\n";
$mailcontent .= "Customer Comments: ".$msgbody."\n";
$mailcontent .= "Customer referer: ".getenv('HTTP_REFERER')."\n";
$mailcontent .= "Customer address: ".getenv('REMOTE_ADDR')."\n";
$mailcontent .= "Customer host: ".getenv('REMOTE_HOST')."\n";
mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddress));

header( $locationroot."thankyou.php" );
}
else
{
$subject = "Mail Injection Hack Attempted at ".$originating_site;
$mailcontent = "Originating Site: ".$originating_site."\n";
$mailcontent .= "Customer referer: ".getenv('HTTP_REFERER')."\n";
$mailcontent .= "Customer address: ".getenv('REMOTE_ADDR')."\n";
$mailcontent .= "Customer host: ".getenv('REMOTE_HOST')."\n";
mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddress));
header( $locationroot."thankyou.php" );
}

}
?><?php
$locationroot = "Location: http://www.lerosmarina.gr/";
if (!isset($_REQUEST['email']))
{

header( $locationroot."contact.php" );
}
elseif (empty($surname) || empty($firstname) || empty($company)
||empty($phone) || empty($email))
{
header( $locationroot."missing.php" );
}
else
{

$toAddress = "enquiries(a)lerosmarina.gr";
$fromAddress = "From: webform(a)lerosmarina.gr";
$subject = "Feedback from ".$originating_site." Web Site about
".$mailsubject;
$mailcontent = "Originating Site: ".$originating_site."\n";
$mailcontent .= "Mail Subject: ".$mailsubject."\n";
$mailcontent .= "Customer First Name: ".$firstname."\n";
$mailcontent .= "Customer Surname: ".$surname."\n";
$mailcontent .= "Customer EMail Address: ".$email."\n";
$mailcontent .= "Customer Telephone Number: ".$phone."\n";
$mailcontent .= "Customer Comments: ".$msgbody."\n";
$mailcontent .= "Customer referer: ".getenv('HTTP_REFERER')."\n";
$mailcontent .= "Customer address: ".getenv('REMOTE_ADDR')."\n";
$mailcontent .= "Customer host: ".getenv('REMOTE_HOST')."\n";
mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddress));


header( $locationroot."thankyou.php" );
}


$suspect = false;

$pattern = '/Content-Type:|Bcc:|Cc:/i';

function isSuspect($val, $pattern, &$suspect) {
if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
}
}
else {
if (preg_match($pattern, $val)) {
$suspect = true;
}
}
}

isSuspect($_POST, $pattern, $suspect);

if (!empty($_POST['email'])) {

$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';

if (!preg_match($checkEmail, $_POST['email'])) {
$suspect = true;
}
}

if (!$suspect) {
}


if (!$suspect) {

}
else {
}




?>