0) //{ //$count = 0; $files = array(); $fdata = $_FILES['attachment']; if(is_array($fdata['name'])) { for($i = 0; $i < count($fdata['name']); ++$i) { // $files[] = array( $name_of_file = $_FILES['attachment']['name'][$i]; $file_name = $guid."-".$name_of_file; $temp_name = $_FILES['attachment']['tmp_name'][$i]; $file_type = $_FILES['attachment']['type'][$i]; $file_size = $_FILES['attachment']['size'][$i]; // ); } } else $files[] = $fdata; foreach ($files as $f) { // } // foreach ($_FILES['attachment']['tmp_name'] as $key => $tmp_name) // { // $name_of_file = $_FILES['attachment']['name'][$key]; //[$count]; // $file_name = $guid."-".$name_of_file; // $temp_name = $_FILES['attachment']['tmp_name'][$key]; //[$count]; // $file_type = $_FILES['attachment']['type'][$key]; //[$count]; // $file_size = $_FILES['attachment']['size'][$key]; //[$count]; //$count++; // } if ($file_size > 2048000) { header ("refresh: 5; url=attach.php"); include ("header.php"); echo "File size is to big. Size must be no bigger than 2Mb. Please go back"; include ("footer.php"); exit; } else { $pics = array(".bmp", ".gif", ".jpg", "jpeg", ".png"); //5 $docs = array(".doc", "docx", ".odt", ".pdf", ".ppt", "pptx", ".rtf", ".txt", ".xls", "xlsx"); //10 $misc = array(".csv", ".htm", "html", ".php", ".pkt", ".rar", ".sql", ".xpi", ".zip"); //9 $base = basename($file_name); $extension = substr($base, strlen($base)-4, strlen($base)); $extension = strtolower($extension); if (in_array($extension,$pics)) { $target = "".FILES."/".FUP_PICS."/"; } if (in_array($extension,$docs)) { $target = "".FILES."/".FUP_DOCS."/"; } if (in_array($extension,$misc)) { $target = "".FILES."/".FUP_MISC."/"; } $target = $target.$base; $allowed_extensions = array(".bmp", ".csv", ".doc", "docx", ".gif", ".htm", "html", ".jpg", ".JPG", "jpeg", "JPEG", ".odt", ".pdf", ".php", ".pkt", ".png", ".ppt", "pptx", ".rtf", ".sql", ".txt", ".xls", "xlsx", ".zip" ); if(in_array($extension,$allowed_extensions)) { $from = ($_POST['from']); $emailfrom = "bad-mailbox@chriswilcox.me.uk"; $emailto = "bad-mailbox@chriswilcox.me.uk"; $bcc = ($_POST['bcc']); $subject = htmlspecialchars($_POST['subject']); $sig = ($_POST['sig']); $message = htmlspecialchars($_POST['message'], ENT_NOQUOTES); $message1 = htmlspecialchars_decode($_POST['message'], ENT_QUOTES); if ($sendhash == 'Y') { $message1 .= "\n\nThe following is your unique message ID: "; $message1 .= $guid; $message1 .= "\n\nAttachment has been scanned for viruses and is virus free."; $message1 .= "\n\nPlease make sure the first part of the file name matches the unique message ID. If it does not, please DO NOT open the file"; $message1 .= "\n\nTo verify the validity of the message, click the link below or copy and paste it into your browser:"; $message1 .= "\n\n "; $message1 .= HTTP_PATH; $message1 .= "verify.php?uid="; $message1 .= urlencode($guid); $message1 .= "\n\nPlease note, verification link expires on "; $message1 .= $expirydate; } else { } if ($signature == 'Y') { if ($sig == "") { $message1.= "\n\n--\n Sent from Chris' Address Book"; } else { $message1 .= "\n\n--\n".$sig; } } else { } $file = $temp_name; $content = chunk_split(base64_encode(file_get_contents($file))); $uid = md5(uniqid(time())); if ($from == 'other') { $header = "From: ".$emailfrom."\r\n"; $header .= "Reply-To: ".$emailfrom."\r\n"; $from = $emailfrom; } else { $header = "From: ".$from."\r\n"; $header .= "Reply-To: ".$from."\r\n"; } $header .= "Bcc: ".$bcc."\r\n"; $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n"; $header .= "This is a multi-part message in MIME format. \r\n"; $header .= "--".$uid."\r\n"; $header .= "Content-Transfer-Encoding: 7bit\r\n\r\n"; $header .= $message1."\r\n"; $header .= "--".$uid."\r\n"; $header .= "Content-Type: ".$file_type."; name=\"".$file_name."\"\r\n"; $header .= "Content-Transfer-Encoding: base64\r\n"; $header .= "Content-Disposition: attachment; filename=\"".$file_name."\"\r\n\r\n"; $header .= $content."\r\n"; if ($_POST['emailto'] == '') { try { $esql = $conn->prepare("SELECT * FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$bcc' OR email2 = '$bcc'"); $esql->execute(); $esql->bindColumn('adbkid', $aid); $esql->bindColumn('pid', $pid); $esqlc = $conn->prepare("SELECT COUNT(*) FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$bcc' OR email2 = '$bcc'"); $esqlc->execute(); $num = $esqlc->fetchColumn(); } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } } else { try { $esql = $conn->prepare("SELECT * FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$emailto' OR email2 = '$emailto'"); $esql->execute(); $esql->bindColumn('adbkid', $aid); $esql->bindColumn('pid', $pid); $esqlc = $conn->prepare("SELECT COUNT(*) FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$emailto' OR email2 = '$emailto'"); $esqlc->execute(); $num = $esqlc->fetchColumn(); } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } } while ($esql->fetch(PDO::FETCH_BOUND)) { // $esql->bindColumn('adbkid', $aid); // $esql->bindColumn('pid', $pid); if ($num == 0) { $selfid = "EMAILSA"; } else { $selfid = $aid; } } if (mail($emailto, $subject, "", $header)) { if ($sendhash == 'Y') { try { // $sql=mysql_query("INSERT INTO ".EMAILS." (emailfrom, emailto, bcc, subject, message, getthedate, gettime, randhash, fileatt, fileext, showinsearch, expireit, showinverify, wasviewed, personID) VALUES ('$from', '$emailto', '$bcc', '$subject', '$message', '$getthedate', '$gettime', '$guid', '$file_name', '$extension', '$showinsearch', '$expireit', '$siv', '$wv', '$selfid')"); $hsql = $conn->prepare("INSERT INTO ".EMAILS." (emailfrom, emailto, bcc, subject, message, getthedate, gettime, randhash, fileatt, fileext, showinsearch, expireit, showinverify, wasviewed, personID) VALUES (:from, :et, :bcc, :sub, :msg, :gd, :gt, :guid, :fn, :fe, :sis, :ex, :siv, :wv, :aid)"); $hsql->bindValue(':from', $from); $hsql->bindValue(':et', $emailto); $hsql->bindValue(':bcc', $bcc); $hsql->bindValue(':sub', $subject); $hsql->bindValue(':msg', $message); $hsql->bindValue(':gd', $getthedate); $hsql->bindValue(':gt', $gettime); $hsql->bindValue(':guid', $guid); $hsql->bindValue(':fn', $file_name); $hsql->bindValue(':fe', $extension); $hsql->bindValue(':sis', $showinsearch); $hsql->bindValue(':ex', $expireit); $hsql->bindValue(':siv', $siv); $hsql->bindValue(':wv', $wv); $hsql->bindValue(':aid', $selfid); $hsql->execute(); $lastid = $conn->lastInsertId(); $sqlrh = $conn->prepare("INSERT INTO ".HASH." (randhash) VALUES (:guid)"); $sqlrh->bindValue(':guid', $guid); $sqlrh->execute(); } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } } else { $hsql = $conn->prepare("INSERT INTO ".EMAILS." (emailfrom, emailto, bcc, subject, message, getthedate, gettime, fileatt, fileext, showinsearch, expireit, showinverify, wasviewed, personID) VALUES (:from, :et, :bcc, :sub, :msg, :gd, :gt, :fn, :fe, :sis, :ex, :siv, :wv, :aid)"); $hsql->bindValue(':from', $from); $hsql->bindValue(':et', $emailto); $hsql->bindValue(':bcc', $bcc); $hsql->bindValue(':sub', $subject); $hsql->bindValue(':msg', $message); $hsql->bindValue(':gd', $getthedate); $hsql->bindValue(':gt', $gettime); $hsql->bindValue(':fn', $file_name); $hsql->bindValue(':fe', $extension); $hsql->bindValue(':sis', $showinsearch); $hsql->bindValue(':ex', $expireit); $hsql->bindValue(':siv', $siv); $hsql->bindValue(':wv', $wv); $hsql->bindValue(':aid', $selfid); $hsql->execute(); $lastid = $conn->lastInsertId(); } try { $fsql = $conn->prepare("INSERT INTO ".SENTFILES." (filename, filetype, fileext, filesize, filetempname, dateadded, timeadded, fileguid, sentmailid) VALUES (:fn, :ft, :fe, :fs, :tn, :gd, :gt, :guid, :li)"); $fsql->bindValue(':fn', $file_name); $fsql->bindValue(':ft', $file_type); $fsql->bindValue(':fe', $extension); $fsql->bindValue(':fs', $file_size); $fsql->bindValue(':tn', $temp_name); $fsql->bindValue(':gd', $getthedate); $fsql->bindValue(':gt', $gettime); $fsql->bindValue(':guid', $guid); $fsql->bindValue(':li', $lastid); $fsql->execute(); $expire = $conn->prepare("UPDATE ".EMAILS." SET showinverify = 0 WHERE expireit < CURDATE()"); $expire->execute(); // if (!mysql_query($sqlone,$conn)) // { // die("Error: " . mysql_error()."."); // } } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } //header ("refresh: 5; url=$url"); include ("header.php"); $ful = (move_uploaded_file($temp_name, $target)) ? "".$file_name." was uploaded to ".$target."" : "".$file_name.", was not uploaded. Please try a manual upload."; echo "Success sending email"; echo "Your message has been successfully sent.

Message details have been added to the database.

$ful"; echo "

"; print_r($_FILES); include ("footer.php"); } else { //header ("refresh: 5; url=$url"); include ("header.php"); echo "Error sending email"; echo "There seems to be an error sending your email."; include ("footer.php"); } exit; } else { //header ("refresh: 5; url=attach.php"); include ("header.php"); echo "File type is not allowed. Please go back"; echo"

"; print_r($_FILES); include ("footer.php"); exit; } } } //} } else { $from = ($_POST['from']); $emailfrom = "bad-mailbox@chriswilcox.me.uk"; $emailto = "bad-mailbox@chriswilcox.me.uk"; $bcc = ($_POST['bcc']); $subject = htmlspecialchars($_POST['subject']); $sig = ($_POST['sig']); $message = htmlspecialchars($_POST['message'], ENT_NOQUOTES); $message1 = htmlspecialchars_decode($_POST['message'], ENT_QUOTES); if ($sendhash == 'Y') { $message1 .= "\n\nThe following is your unique message ID: "; $message1 .= $guid; $message1 .= "\n\nTo verify the validity of the message, click the link below or copy and paste it into your browser:"; $message1 .= "\n\n "; $message1 .= HTTP_PATH; $message1 .= "verify.php?uid="; $message1 .= urlencode($guid); $message1 .= "\n\nPlease note, verification link expires on "; $message1 .= $expirydate; } else { } if ($signature == 'Y') { if ($sig == "") { $message1.= "\n\n--\n Sent from Chris' Address Book"; } else { $message1 .= "\n\n--\n".$sig; } } else { } $file_name = 'No Attachment'; $extension = '...'; if ($from == 'other') { $header = "From: ".$emailfrom."\r\n"; $header .= "Reply-To: ".$emailfrom."\r\n"; $from = $emailfrom; } else { $header = "From: ".$from."\r\n"; $header .= "Reply-To: ".$from."\r\n"; } $header .= "Bcc: ".$bcc."\r\n"; $header .= "MIME-Version: 1.0\r\n"; if ($_POST['mailtype'] == 'P') { $header .= "Content-Type: text/plain; charset=iso-8859-1\r\n"; } else { $header .= "Content-Type: multipart/mixed; \r\n\r\n"; } $header .= $message1."\r\n"; if ($_POST['emailto'] == '') { try { $esql = $conn->prepare("SELECT * FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$bcc' OR email2 = '$bcc'"); $esql->execute(); $esql->bindColumn('adbkid', $aid); $esql->bindColumn('pid', $pid); $esqlc = $conn->prepare("SELECT COUNT(*) FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$bcc' OR email2 = '$bcc'"); $esqlc->execute(); $num = $esqlc->fetchColumn(); } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } } else { try { $esql = $conn->prepare("SELECT * FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$emailto' OR email2 = '$emailto'"); $esql->execute(); $esql->bindColumn('adbkid', $aid); $esql->bindColumn('pid', $pid); $esqlc = $conn->prepare("SELECT COUNT(*) FROM ".PERSON." JOIN contact ON contact.personID = person.adbkid WHERE email1 = '$emailto' OR email2 = '$emailto'"); $esqlc->execute(); $num = $esqlc->fetchColumn(); } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } } while ($esql->fetch(PDO::FETCH_BOUND)) { // $esql->bindColumn('adbkid', $aid); // $esql->bindColumn('pid', $pid); if ($num == 0) { $selfid = "EMAILSA"; } else { $selfid = $aid; } } if (mail($emailto, $subject, "", $header)) { //header ("refresh: 5; url=$url"); include ("header.php"); echo "Success sending email"; echo "Your message has been successfully sent. Message details have been added to the database."; include ("footer.php"); if ($sendhash == 'Y') { try { // $sql=mysql_query("INSERT INTO ".EMAILS." (emailfrom, emailto, bcc, subject, message, getthedate, gettime, randhash, fileatt, fileext, showinsearch, expireit, showinverify, wasviewed, personID) VALUES ('$from', '$emailto', '$bcc', '$subject', '$message', '$getthedate', '$gettime', '$guid', '$file_name', '$extension', '$showinsearch', '$expireit', '$siv', '$wv', '$selfid')"); $hsql = $conn->prepare("INSERT INTO ".EMAILS." (emailfrom, emailto, bcc, subject, message, getthedate, gettime, randhash, fileatt, fileext, showinsearch, expireit, showinverify, wasviewed, personID) VALUES (:from, :et, :bcc, :sub, :msg, :gd, :gt, :guid, :fn, :fe, :sis, :ex, :siv, :wv, :aid)"); $hsql->bindValue(':from', $from); $hsql->bindValue(':et', $emailto); $hsql->bindValue(':bcc', $bcc); $hsql->bindValue(':sub', $subject); $hsql->bindValue(':msg', $message); $hsql->bindValue(':gd', $getthedate); $hsql->bindValue(':gt', $gettime); $hsql->bindValue(':guid', $guid); $hsql->bindValue(':fn', $file_name); $hsql->bindValue(':fe', $extension); $hsql->bindValue(':sis', $showinsearch); $hsql->bindValue(':ex', $expireit); $hsql->bindValue(':siv', $siv); $hsql->bindValue(':wv', $wv); $hsql->bindValue(':aid', $selfid); $hsql->execute(); $lastid = $conn->lastInsertId(); $sqlrh = $conn->prepare("INSERT INTO ".HASH." (randhash) VALUES (:guid)"); $sqlrh->bindValue(':guid', $guid); $sqlrh->execute(); } catch (PDOException $e) { print '
'.$e->getMessage().'
'; } } else { $hsql = $conn->prepare("INSERT INTO ".EMAILS." (emailfrom, emailto, bcc, subject, message, getthedate, gettime, fileatt, fileext, showinsearch, expireit, showinverify, wasviewed, personID) VALUES (:from, :et, :bcc, :sub, :msg, :gd, :gt, :fn, :fe, :sis, :ex, :siv, :wv, :aid)"); $hsql->bindValue(':from', $from); $hsql->bindValue(':et', $emailto); $hsql->bindValue(':bcc', $bcc); $hsql->bindValue(':sub', $subject); $hsql->bindValue(':msg', $message); $hsql->bindValue(':gd', $getthedate); $hsql->bindValue(':gt', $gettime); $hsql->bindValue(':fn', $file_name); $hsql->bindValue(':fe', $extension); $hsql->bindValue(':sis', $showinsearch); $hsql->bindValue(':ex', $expireit); $hsql->bindValue(':siv', $siv); $hsql->bindValue(':wv', $wv); $hsql->bindValue(':aid', $selfid); $hsql->execute(); $lastid = $conn->lastInsertId(); } } else { //header ("refresh: 5; url=$url"); include ("header.php"); echo "Error sending email"; echo "There seems to be an error sending your email."; include ("footer.php"); } exit; } } ?> Emailing <?php echo"$email1"; ?>

Email

DEMONSTRATION ONLY!
Emails cannot be sent to a real mailbox. This is to avoid abuse of the feature.
From
Other Email
To " class="mail">
BCC
Subject
Attachment
Message
Signature