# This function will SAFELY send e-mail (ie you can pass parameters to it
# that you got from a form and not worry about header injection.) Weird
# characters are stripped from the $subject and from the real names, but e-mail
-# addresses are not modified at all. If an e-mail address is invalid this
-# function will return non-zero.
+# addresses are not modified at all.
+
+# RETURN values:
+# 0: e-mail successfully accepted for delivery
+# 1: badly formatted "from" address
+# 2: badly formatted "to" address
+# 5: message rejected by mail() (reason unknown)
# You cannot pass more than one address to any parameter
# address fields (from, to, cc, bcc) can be in either of these formats:
if($to == '') { return 2; }
#FIXME should allow many more characters here
- $subject = ereg_replace("[^a-zA-Z _'-]", '_', $subject);
+ $subject = ereg_replace("[^a-zA-Z _'.-]", '_', $subject);
$headers = "From: $from";
if($cc) {
<title>~form_name~ entry</title>
<style type="text/css"><!--
td.caption { text-align: right; vertical-align: top; font-weight: bold; }
+td.errorcaption { text-align: right; vertical-align: top; font-weight: bold; color: red; }
+div.error { border: 2px solid red; padding: 13px; margin: 20px; background: #ffdddd; }
--></style>
</head>
<!--~~form start~~--><!--~form start~-->
<h2>~form_name~ entry form</h2>
+ <!--~error start~--><div class="error"><h3>~error_message.html~</h3></div><!--~end~-->
+
<form action="~form_name~.php~enctype_attr~" method="post"><!--~~editing start~~--><input type="hidden" name="~form_name~_edit_id" value="~~~form_name~_edit_id.attr~~" /><!--~~end~~--><!--~uploads start~--><input type="hidden" name="MAX_FILE_SIZE" value="~~upload_max_filesize~~" /><!--~end~-->
<table cellspacing="0" cellpadding="4" border="0" summary=""><!--~row start~-->
$message = tem_run('~form_name~.email.txt');
$cc = '';
$bcc = '';
- email($from, $to, $subject, $message, $cc, $bcc);
+ if(email($from, $to, $subject, $message, $cc, $bcc)) {
+ tem_set('error_message', 'Due to an internal error, your message could not be sent. Please try again later.');
+ tem_sub('error');
+ $error = true;
+ }
+ }
+ if($error !== true) {
+ tem_load('~form_name~.html');
+ tem_sub('thankyou');
+ tem_output();
+ exit();
}
- tem_load('~form_name~.html');
- tem_sub('thankyou');
- tem_output();
- exit();
}
# otherwise, we display the form again. ~form_name~_get_fields() has
# already put the posted values back into the template engine, so they will
# RewriteEngine on
# RewriteRule ^$ /foo/run.php
-# RewriteRule .*\.html$ /foo/run.php
+# RewriteRule ^/foo/[^/]*\.html$ /foo/run.php
require_once('code/wfpl/file_run.php');