' . "\n"; $form .= "Please upload an image to submit to our gallery.
Limits: filesize no larger than 500KB, JPG or GIF images only.

" . "\n"; $form .= '

' . "\n"; $form .= 'Your Name:' . "\n"; $form .= '' . "\n"; $form .= '

' . "\n"; $form .= '

' . "\n\n"; $form .= '

' . "\n"; $form .= 'Your eMail:' . "\n"; $form .= '' . "\n"; $form .= '

' . "\n"; $form .= '

' . "\n\n"; $form .= '

' . "\n"; $form .= 'Your image:' . "\n"; $form .= '' . "\n"; $form .= '

' . "\n"; $form .= '

' . "\n\n"; $form .= '

' . "\n"; $form .= 'Please enter a description for your image.' . "\n"; $form .= '' . "\n"; $form .= '

' . "\n\n"; $form .= '

' . "\n"; $form .= '' . "\n"; $form .= '' . "\n"; $form .= '' . "\n"; $form .= '' . "\n"; $form .= '

' . "\n"; $form .= '' . "\n\n"; // get the Page URL $pageURL = "http://" . $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; // thank you message $thanks .= "

Thanks! Your submission has been recieved.

"; $thanks .= "

"; $thanks .= "We really appreciate the time you took out of your day to share your success with us. We'll review your submission, and if it meets our guidelines, we'll have it posted in our gallery for all to see.

Have a great day!"; $thanks .= "

"; // start the script foreach($_POST as $k => $v); $_POST[$k] = htmlentities($v); isset($_POST['action']) ? $action = $_POST['action'] : $action = ''; isset($_POST['fromname']) ? $fromname = $_POST['fromname'] : $fromname = ''; isset($_POST['fromname_error']) ? $fromname_error = $_POST['fromname_error'] : $fromname_error = ''; isset($_POST['fromemail']) ? $fromemail = $_POST['fromemail'] : $fromemail = ''; isset($_POST['fromemail_error']) ? $fromemail_error = $_POST['fromemail_error'] : $fromemail_error = ''; isset($_POST['file']) ? $file = $_POST['file'] : $file = ''; isset($_POST['file_error']) ? $file_error = $_POST['file_error'] : $file_error = ''; isset($_POST['comments']) ? $comments = $_POST['comments'] : $comments = ''; isset($_POST['comments_error']) ? $comments_error = $_POST['comments_error'] : $comments_error = ''; isset($_POST['surprise']) ? $surprise = $_POST['surprise'] : $surprise = ''; isset($_POST['surprise_error']) ? $surprise_error = $_POST['surprise_error'] : $surprise_error = ''; isset($_POST['error']) ? $error = $_POST['error'] : $error = ''; isset($_POST['injection_error']) ? $injection_error = $_POST['injection_error'] : $injection_error = ''; isset($_POST['send']) ? $send = $_POST['send'] : $send = ''; if ($action != "sendmail") { echo $form; } if ($action == "sendmail") { if ($fromname == "") { echo "You didn't enter your name." . "\n"; $send == "no"; } if (!ereg('^[-!#$%&\'*+\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\./0-9=?A-Z^_`a-z{|}~]+$', $fromemail) || ereg("'", $fromemail)) { echo "You didn't enter your email address, or it was in the wrong format." . "\n"; $send = "no"; } if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 500000)) { if ($_FILES["file"]["error"] > 0) { echo "I'm sorry - there was an error with your upload. " . $_FILES["file"]["error"] . "" . "\n"; $send = "no"; } } else { echo "I'm sorry - this is an ivalid file format, or the filesize was too large." . "\n"; $send = "no"; } if ($comments == "") { echo "You didn't leave a message (that's kind of the point, isn't it?)" . "\n"; $send = "no"; } if ($surprise != "") { echo "Spammy activity was detected. If you feel this is in error, please leave a comment on one of the posts - I'll see it and attend to the issue." . "\n"; $send = "no"; } if ($send == "no") { echo $form; return; } $find = array("/\r/", "/\n/", "/bcc\:/i", "/Content\-Type\:/i", "/cc\:/i", "/to\:/i", "/http\:/i", "/\[url/"); $test_fromname = preg_replace($find, "", $fromname); $test_toname = preg_replace($find, "", $toname); $find2 = array("/bcc\:/i", "/Content\-Type\:/i", "/cc\:/i", "/to\:/i", "/http\:/i", "/\[url/"); $test_comments = preg_replace($find2, "", $comments); if ( ($fromname != $test_fromname) || ($toname != $test_toname) || ($comments != $test_comments) ) { echo "Sorry, but one - or more - of your entries is using spam-related content. This form detects such activity - including injection attempts of several forms. Sad to say, \"normal\" people wouldn't use such characters in normal message-sending formats, so I'm going to have to assume you're an evil, bad person.

Go away.

Of course, if I'm incorrect, then please leave a comment on one of my posts, and I'll try and fix the issue, and you have my apologies." . "\n"; echo $form; return; } else { if (file_exists("./gallery_uploads/" . $_FILES["file"]["name"])) { echo "\"" . $_FILES["file"]["name"] . "\" already exists. Please try a different file, or renaming this one before uploading. Click the \"Back\" button in your browser window to try again."; return; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "./gallery_uploads/" . $_FILES["file"]["name"]); $message = nl2br(" From: $fromname ($fromemail) You've had a submission to the image gallery on your site. Image Description: $comments "); $message = stripSlashes($message); $mailheader = "From: $fromname <$fromemail>\nContent-Type: text/html"; mail("NAME ", "$subject", "$message", "$mailheader"); } } { echo $thanks; return; } } // end "action = sendmail" section } // end contact form ?>