At the top of www.havasu-fun.com/havasu-events.html -
0) { $upload_DstName[$i] = $prefix . "_" . str_replace(" ", "_", $_FILES[$key]['name']); $upload_SrcName[$i] = $_FILES[$key]['name']; $upload_Size[$i] = ($_FILES[$key]['size']); $upload_Temp[$i] = ($_FILES[$key]['tmp_name']); $upload_Type[$i] = ($_FILES[$key]['type']); $uploadlink[$i] = "$upload_folder/$upload_DstName[$i]"; $upload_fieldname[$i] = $key; $upload_fieldname_final[$i] = ucwords(str_replace("_", " ", $key)); $fieldvalue[$i] = $uploadlink[$i]; $i++; } if ($upload_Size[$i] >= $max_filesize) { $error .= "The size of $key (file: $upload_SrcName[$i]) is bigger than the allowed " . $max_filesize/1024 . " Kbytes!\n"; } } $crack[0] = '\n'; $crack[1] = '\r'; $crack[2] = "%0a"; $crack[3] = "%0d"; $crack[4] = "content-type:"; $crack[5] = "to:"; $crack[6] = "cc:"; $crack[7] = "bcc:"; $crack[8] = "mime-version:"; $crack[9] = "x0a"; $crack[10] = "x0d"; foreach ($_POST as $key => $value) { for ($k = 0; $k < count($crack); $k++) { if (substr_count(strtolower($value), $crack[$k])) { $error .= "The field $key contained e-mail headers ($crack[$k]) in the value submitted. This seems to be a cracking attempt and the message has not been sent.!
"; } } } if ($error) { $errorcode = file_get_contents($error_url); $replace = "##error##"; $errorcode = str_replace($replace, $error, $errorcode); echo $errorcode; exit; } $uploadfolder = basename($upload_folder); for ($i = 0; $i < count($upload_DstName); $i++) { $uploadFile = $uploadfolder . "/" . $upload_DstName[$i]; if (!is_dir(dirname($uploadFile))) { @RecursiveMkdir(dirname($uploadFile)); } else { @chmod(dirname($uploadFile), 0777); } @move_uploaded_file($upload_Temp[$i] , $uploadFile); chmod($uploadFile, 0644); } $internalfields = array ("submit", "reset", "filesize", "upload_folder", "send", "captcha_code"); $message .= "\n"; foreach ($_POST as $key => $value) { if (!in_array(strtolower($key), $internalfields)) { if (!is_array($value)) { $message .= ucwords(str_replace("_", " ", $key)) . " : " . $value . "\n"; } else { $message .= ucwords(str_replace("_", " ", $key)) . " : " . implode(",", $value) . "\n"; } } } if (count($upload_SrcName) > 0) { $message .= "\nThe following file have been uploaded:\n"; for ($i = 0; $i < count($upload_SrcName); $i++) { $message .= $upload_SrcName[$i] . " Link: " . $uploadlink[$i] . "\n"; } } mail($mailto, $subject, stripslashes($message), $header); header('Location: '.$success_url); exit; } ?>
0) { $upload_DstName[$i] = $prefix . "_" . str_replace(" ", "_", $_FILES[$key]['name']); $upload_SrcName[$i] = $_FILES[$key]['name']; $upload_Size[$i] = ($_FILES[$key]['size']); $upload_Temp[$i] = ($_FILES[$key]['tmp_name']); $upload_Type[$i] = ($_FILES[$key]['type']); $uploadlink[$i] = "$upload_folder/$upload_DstName[$i]"; $upload_fieldname[$i] = $key; $upload_fieldname_final[$i] = ucwords(str_replace("_", " ", $key)); $fieldvalue[$i] = $uploadlink[$i]; $i++; } if ($upload_Size[$i] >= $max_filesize) { $error .= "The size of $key (file: $upload_SrcName[$i]) is bigger than the allowed " . $max_filesize/1024 . " Kbytes!\n"; } } $crack[0] = '\n'; $crack[1] = '\r'; $crack[2] = "%0a"; $crack[3] = "%0d"; $crack[4] = "content-type:"; $crack[5] = "to:"; $crack[6] = "cc:"; $crack[7] = "bcc:"; $crack[8] = "mime-version:"; $crack[9] = "x0a"; $crack[10] = "x0d"; foreach ($_POST as $key => $value) { for ($k = 0; $k < count($crack); $k++) { if (substr_count(strtolower($value), $crack[$k])) { $error .= "The field $key contained e-mail headers ($crack[$k]) in the value submitted. This seems to be a cracking attempt and the message has not been sent.!
"; } } } if ($error) { $errorcode = file_get_contents($error_url); $replace = "##error##"; $errorcode = str_replace($replace, $error, $errorcode); echo $errorcode; exit; } $uploadfolder = basename($upload_folder); for ($i = 0; $i < count($upload_DstName); $i++) { $uploadFile = $uploadfolder . "/" . $upload_DstName[$i]; if (!is_dir(dirname($uploadFile))) { @RecursiveMkdir(dirname($uploadFile)); } else { @chmod(dirname($uploadFile), 0777); } @move_uploaded_file($upload_Temp[$i] , $uploadFile); chmod($uploadFile, 0644); } $internalfields = array ("submit", "reset", "filesize", "upload_folder", "send", "captcha_code"); $message .= "\n"; foreach ($_POST as $key => $value) { if (!in_array(strtolower($key), $internalfields)) { if (!is_array($value)) { $message .= ucwords(str_replace("_", " ", $key)) . " : " . $value . "\n"; } else { $message .= ucwords(str_replace("_", " ", $key)) . " : " . implode(",", $value) . "\n"; } } } if (count($upload_SrcName) > 0) { $message .= "\nThe following file have been uploaded:\n"; for ($i = 0; $i < count($upload_SrcName); $i++) { $message .= $upload_SrcName[$i] . " Link: " . $uploadlink[$i] . "\n"; } } mail($mailto, $subject, stripslashes($message), $header); header('Location: '.$success_url); exit; } ?>
Comment