My Email Form

"); function clean($data) { $data = trim(stripslashes(strip_tags($data))); return $data; } // lets check a few things - not enough to trigger an error on their own, but worth assigning a spam score.. // score quickly adds up therefore allowing genuine users with 'accidental' score through but cutting out real spam :) $points = (int)0; $badwords = array("adult", "beastial", "bestial", "blowjob", "clit", "cum", "cunilingus", "cunillingus", "cunnilingus", "cunt", "ejaculate", "fag", "felatio", "fellatio", "fuck", "fuk", "fuks", "gangbang", "gangbanged", "gangbangs", "hotsex", "hardcode", "jism", "jiz", "orgasim", "orgasims", "orgasm", "orgasms", "phonesex", "phuk", "phuq", "porn", "pussies", "pussy", "spunk", "xxx", "viagra", "phentermine", "tramadol", "adipex", "advai", "alprazolam", "ambien", "ambian", "amoxicillin", "antivert", "blackjack", "backgammon", "texas", "holdem", "poker", "carisoprodol", "ciara", "ciprofloxacin", "debt", "dating", "porn", "link=", "voyeur"); $exploits = array("content-type", "bcc:", "cc:", "document.cookie", "onclick", "onload", "javascript"); foreach ($badwords as $word) if (strpos($_POST['comments'], $word) !== false) $points += 2; foreach ($exploits as $exploit) if (strpos($_POST['comments'], $exploit) !== false) $points += 2; if (strpos($_POST['comments'], "http://") === true || strpos($_POST['comments'], "www.") === true) $points += 2; if (isset($_POST['nojs'])) $points += 1; if (preg_match("/(<.*>)/i", $_POST['comments'])) $points += 2; if (strlen($_POST['name']) < 3) $points += 1; if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500)) $points += 2; // end score assignments if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comments'])) { $error_msg .= "Name, e-mail and comments are required fields. \n"; } elseif (strlen($_POST['name']) > 15) { $error_msg .= "The name field is limited at 15 characters. Your first name or nickname will do! \n"; } elseif (!ereg("^[A-Za-z' -]*$", $_POST['name'])) { $error_msg .= "The name field must not contain special characters. \n"; } elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($_POST['email']))) { $error_msg .= "That is not a valid e-mail address. \n"; } elseif (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url'])) $error_msg .= "Invalid website url."; if ($error_msg == NULL && $points <= $maxPoints) { $subject = "Automatic Form Email"; $message = "You received this e-mail message through your website: \n\n"; foreach ($_POST as $key => $val) { $message .= ucwords($key) . ": $val \r\n"; } $message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n"; $message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n"; $message .= 'Points: '.$points; if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { $headers = "From: $yourEmail \r\n"; $headers .= "Reply-To: {$_POST['email']}"; } else { $headers = "From: $yourWebsite <$yourEmail> \r\n"; $headers .= "Reply-To: {$_POST['email']}"; } if (mail($yourEmail,$subject,$message,$headers)) { echo '

Your mail was successfully sent.

'; } else { echo '

Your mail could not be sent this time.

'; } } } function get_data($var) { if (isset($_POST[$var])) echo htmlspecialchars($_POST[$var]); } if ($error_msg != NULL) { echo '

ERROR:
'; echo nl2br($error_msg) . "

"; } ?>