alert('Error: You Need To Submit the Form!')"; //redirect //echo ""; } $query_vars = $_POST; reset($query_vars); $spblk = $query_vars['Spblk']; $firstname = $query_vars['FirstName']; $lastname = $query_vars['LastName']; $streetaddress = $query_vars['StreetAddress']; $city = $query_vars['City']; $state = $query_vars['State']; $zip = $query_vars['Zip']; $country = $query_vars['Country']; $email = $query_vars['Email']; $phonenumber = $query_vars['PhoneNumber']; $fundraising = $query_vars['Fundraising']; $studentorganizing = $query_vars['StudentOrganizing']; $legaladvice = $query_vars['LegalAdvice']; $accounting = $query_vars['Accounting']; $webcoordinator = $query_vars['WebCoordinator']; $elections = $query_vars['Elections']; $training = $query_vars['Training']; $marketing = $query_vars['marketing']; $recruiting = $query_vars['Recruiting']; $other = $query_vars['Other']; $comments = $query_vars['Comments']; $redirect = $query_vars['Redirect']; $isspam = "No"; $message = "First Name: $firstname\n Last Name: $lastname\n Street Address: $streetaddress\n City: $city\n State: $state\n Zip: $zip\n Country: $country\n Email: $email\n Phone Number: $phonenumber\n\n I am interested to volunteer for:\n $fundraising\n $studentorganizing\n $legaladvice\n $accounting\n $webcoordinator\n $elections\n $training\n $marketing\n $recruiting\n $other\n\n Comments: $comments\n\n"; // check first for spam - is it human or spam //SPAM filter #1 if ($spblk != "") { $redirect = "volunteer_thankyoub.html"; //this is spam $isspam = "Yes"; //done (fools spam into thinking everything is ok). redirect to thank-you page. } //SPAM filter #2 if ($firstname == $lastname) { $redirect = "volunteer_thankyoub.html"; //this is spam - automated bot often enters the same value for both names $isspam = "Yes"; //done (fools spam into thinking everything is ok). redirect to thank-you page. } //Validate first - do validation in client code instead //if(empty($firstname)) //if(!isset($fname)) //if ($firstname == "Peter") //{ //echo "First Name is a required field!"; // echo ""; // exit; //} if(IsInjected($myemail)) { //echo "Bad email value!"; //echo ""; //exit; $redirect = "volunteer_thankyoub.html"; //this is injection //done (fools injection into thinking everything is ok) - mail not sent; redirect to thank-you page. $isspam = "Yes"; } $email_from = 'info@zimbabwedevelopmentleaders.org';//<== update the email address $email_subject = "New Volunteer Form Submission"; $email_body = "You have received a new message from the user $firstname $lastname.\n". "Here is the message:\n\n $message". $to = "volunteer@zimbabwedevelopmentleaders.org";//<== update the email address to info $headers = "From: $email \r\n"; $headers .= "Reply-To: $email \r\n"; //send only if not spam if ($isspam == "No") { mail($to,$email_subject,$email_body,$headers); } //header('Location: Volunteer_ThankYou.html'); //echo ""; // Function to validate against any email injection attempts function IsInjected($str) { $injections = array('(\n+)', '(\r+)', '(\t+)', '(%0A+)', '(%0D+)', '(%08+)', '(%09+)' ); $inject = join('|', $injections); $inject = "/$inject/i"; if(preg_match($inject,$str)) { return true; } else { return false; } } ?>