sandbox/frjo/feedback.module

<?php

//$Id: feedback.module,v 1.2 2006/02/25 05:52:41 frjo Exp $

/**
 * @file
 * Copyright 2004-2005 Khalid Baheyeldin http://2bits.com
 * Modified by Fredrik Jonsson fredrik at combonet dot se
 * More information at http://xdeb.org/drupaldev
 */

/**
 * Implementation of hook_help().
 */
function feedback_help($section = 'admin/help#feedback') {

  $args = array("%permissions" => url("admin/access"), "%feedback" => url("feedback"));

  switch($section) {
    case 'admin/help#feedback':
      $output = t("
      <p>Users with the correct <a href=\"%permissions\">permissions</a> can send feedback
       to the site admin via email from a form on the site.</p>
      <p>To enable its use, a user needs the \"access feedback\" permission.</p>
      <p>The site admin specifies the email address that the users send to, as well as other
       parameters, such as what fields to show the user to fill (name, address, email), whether
       the user address is to be validated, and whether to log all attempts to use this form.</p>
      <p>The email address is never visible to the users, and therefore cannot be used by SPAM
       harvesters.</p>", $args);
      break;
    case 'admin/modules#description':
      $output = t('Enables visitors to your site to provide feedback from a web form.');
      break;
    case 'admin/settings/feedback':
      $output = t("
      Here you can configure the feedback page.<br />
      The user needs the correct <a href=\"%permissions\">permissions</a> to see the
      <a href=\"%feedback\">feedback page</a>", $args);
      break;
  }

  return $output;
}

/**
 * Implementation of hook_perm().
 */
function feedback_perm() {
  return array('can send feedback');
}

/**
 * Implementation of hook_menu().
 */
function feedback_menu($may_cache) {
  $items = array();

  if (!$may_cache) {
    $items[] = array(
      'path'     => 'feedback',
      'callback' => 'feedback_page',
      'title'    => variable_get('feedback_nav_link', 'feedback'),
      'access'   => user_access('can send feedback'),
      'type'     => MENU_SUGGESTED_ITEM
    );
  }

  return $items;
}


function feedback_link($type, $node = 0, $main = 0) {
  global $user;

  $links = array();

  if ($type == 'page' && user_access('can send feedback')) {
    $links[] = l(t('feedback'), 'feedback');
  }

  return $links;
}

/**
 * Implementation of hook_settings()
 */
function feedback_settings() {
  $output = form_textfield(t('Default Email Address'), 'feedback_email',
    _feedback_get_to_email(), 80, 300,
    t('The email address which should receive all form submissions'));

  $output .= form_textfield(t('Navigation link text'), 'feedback_nav_link',
    variable_get('feedback_nav_link', 'feedback'), 80, 300,
    t('The text that will be shown in the navigation link'));

  $output .= form_textfield(t('Feedback Page Header'), 'feedback_pageheader',
   variable_get('feedback_pageheader', 'Use this form to send us feedback'), 80, 300,
   t('The page header text that will be shown at the top of the feedback page'));

  $output .= form_textfield(t('Subject Prefix'), 'feedback_subject_prefix',
    variable_get('feedback_subject_prefix', 'Feedback: '), 80, 80, 
    t('The prefix that should be added before the subject on each email'));

  $output .= form_textarea(t('Instructions'), 'feedback_instructions',
    variable_get('feedback_instructions', 'Enter your message below: '), 60, 10, 
    t('The instructions that will be displayed for the user on how to fill the form'));

  $group = form_textfield(t('Result Message - Success'), 'feedback_rmsg_success',
    variable_get('feedback_rmsg_success', 'Thank you for your message.'), 80, 80, 
    t('The message that will be printed upon successfully completing the feedback request'));
  $group .= form_textfield(t('Result Message - Failure'), 'feedback_rmsg_failure',
    variable_get('feedback_rmsg_failure', 'There are errors in your form.'), 80, 80, 
    t('The message that will be printed upon encountering an error in the feedback request'));
  $output .= form_group(t('Result Messages settings'), $group);

  $group = form_checkbox(t('Sender Email Address'), 'feedback_field_email', 1, variable_get('feedback_field_email', '1'));
  $group .= form_checkbox(t('Sender Name'), 'feedback_field_name', 1, variable_get('feedback_field_name', '1'));
  $group .= form_checkbox(t('Postal Address'), 'feedback_field_postal', 1, variable_get('feedback_field_postal', '0'));
  $group .= form_checkbox(t('Phone Number'), 'feedback_field_phone', 1, variable_get('feedback_field_phone', '0'));
  $group .= form_checkbox(t('Message Subject'), 'feedback_field_subject', 1, variable_get('feedback_field_subject', '1'));
  $group .= form_checkbox(t('Message Body'), 'feedback_field_body', 1, variable_get('feedback_field_body', '1'));
  $output .= form_group(t('Fields to include on the form'), $group);

  $group = form_checkbox(t('Validate Sender\'s Email Address'),
    'feedback_validate_sender_address', 1, variable_get('feedback_validate_sender_address', '0'));
  $group .= form_checkbox(t('Log all feedback attempts to watchdog'), 'feedback_logging', 1,
    variable_get('feedback_logging', '1'));
  $output .= form_group(t('Miscellaneous Settings'), $group);

  return $output;
}

/**
 * The feedback page
 */
function feedback_page() {
  $edit = $_POST['edit'];

  // Set breadcrumbs
  $breadcrumb = array(array('path' => 'feedback'));
  menu_set_location($breadcrumb);

  if ($edit) {
    feedback_validate_data();

    if (form_get_errors()) {
      print theme('page', feedback_display_form());
    }
    else {
      feedback_send_email();
      if (variable_get('feedback_logging', '1')) {
        feedback_watchdog_log();
      }
      drupal_set_message(variable_get('feedback_rmsg_success', 'Thank you for your message.'));
      print theme('page', '');
    }
  }
  else {
    print theme('page', feedback_display_form());
  }
}

function feedback_send_email() {
  $edit = $_POST['edit'];

  $subject_prefix = variable_get('feedback_subject_prefix', '');

  $subject = $subject_prefix .' '. $edit['form_field_subject'];

  $from_email = $edit['form_field_email'] ? $edit['form_field_email'] : _feedback_get_to_email();

  $to = _feedback_get_to_email();

  $body = feedback_format_body($edit['form_field_body']) ."\n\n". feedback_custom_footers();

  $headers = feedback_custom_headers();

  if ($to) {
    user_mail($to, $subject, $body, $headers);
    $rc = true;
  }
  else {
    $rc = false;
  }

  return $rc;
}

function _feedback_get_to_email() {
  return variable_get('feedback_email', variable_get('site_mail', ini_get('sendmail_from')));
}

function feedback_display_form() {
  global $user;

  $edit = $_POST['edit'];

  // Assign default values to some form fields while making sure the field
  // content is preserved after errors
  if (!$edit['form_field_name'] && $user->name) {
    $edit['form_field_name'] = $user->name;
  }
  if (!$edit['form_field_email'] && $user->mail) {
    $edit['form_field_email'] = $user->mail;
  }

  if (variable_get('feedback_pageheader', '')) {
    $title = variable_get('feedback_pageheader', '');
  }

  if (variable_get('feedback_field_name', '')) {
    $form .= form_textfield(t('Your Full Name'), 'form_field_name',
      $edit['form_field_name'], 60, 64, NULL, NULL, TRUE);
  }

  if (variable_get('feedback_field_email', '')) {
    $form .= form_textfield(t('Your E-Mail Address'), 'form_field_email',
      $edit['form_field_email'], 60, 64, NULL, NULL, TRUE);
  }

  if (variable_get('feedback_field_postal', '')) {
    $form .= form_textarea(t('Your Postal Address'), 'form_field_postal',
      $edit['form_field_postal'], 50, 4, NULL, NULL, TRUE);
  }

  if (variable_get('feedback_field_phone', '')) {
    $form .= form_textfield(t('Your Phone Number'), 'form_field_phone',
      $edit['form_field_phone'], 60, 64, NULL, NULL, TRUE);
  }

  if (variable_get('feedback_field_subject', '')) {
    $form .= form_textfield(t('Subject'), 'form_field_subject',
      $edit['form_field_subject'], 60, 64, NULL, NULL, TRUE);
  }

  if (variable_get('feedback_field_body', '')) {
    $form .= form_textarea (t('Message'), 'form_field_body',
      $edit['form_field_body'], 60, 15, NULL, NULL, TRUE);
  }

  $form .= form_hidden('form_field_referer', $_SERVER[HTTP_REFERER]);

  $form .= form_submit(t('Send Message'), 'op', $edit['op']);

  $output .= variable_get('feedback_instructions', '') . form($form, 'post');

  if ($title) {
    $output = theme('box', $title, $output);
  }

  return $output;
}

function feedback_watchdog_log() {
  $edit = $_POST['edit'];

  $name    = $edit['form_field_name'];
  $email   = $edit['form_field_email'];
  $subject = $edit['form_field_subject'];

  $message = "feedback: $name <$email> subject: $subject";

  watchdog('user', check_plain($message));
}

function feedback_validate_data() {
  global $user;
  $edit = $_POST['edit'];

  $name    = $edit['form_field_name'];
  $email   = $edit['form_field_email'];
  $subject = $edit['form_field_subject'];
  $body    = $edit['form_field_body'];
  $postal  = $edit['form_field_postal'];
  $phone   = $edit['form_field_phone'];
  $referer = $edit['form_field_referer'] ; 

  if (!strlen(trim($email)) && variable_get('feedback_field_email', '')) {
    form_set_error('form_field_email', t('Error: Please enter your e-mail address'));
  }
  else {
    $smtp_err = feedback_validate_email($email);
    if ($smtp_err) {
      form_set_error('form_field_email', t('Error: E-Mail address error ') . $smtp_err);
    }
    elseif (feedback_check_exploit($email)) {
      form_set_error('form_field_email', t('Invalid data in e-mail address'));
    }
  }

  if (!strlen(trim($name)) && variable_get('feedback_field_name', '')) {
    form_set_error('form_field_name', t('Error: Please enter your full name'));
  }
  elseif (feedback_check_exploit($name)) {
    form_set_error('form_field_name', t('Invalid data in name'));
  }

  // Note: The body does not need to be checked for exploits because it is
  // treated as text (RFC 822).
  if (!strlen(trim($body)) && variable_get('feedback_field_body', '')) {
    form_set_error('form_field_body', t('Error: Please enter your message'));
  }

  if (!strlen(trim($subject)) && variable_get('feedback_field_subject', '')) {
    form_set_error('form_field_subject', t('Error: Please enter a subject'));
  }
  elseif (feedback_check_exploit($subject)) {
    form_set_error('form_field_subject', t('Invalid data in subject'));
  }

  if (!strlen(trim($postal)) && variable_get('feedback_field_postal', '')) {
    form_set_error('form_field_postal', t('Error: Please enter your postal address'));
  }
  elseif (feedback_check_exploit($postal)) {
    form_set_error('form_field_postal', t('Invalid data in postal address'));
  }

  if (!strlen(trim($phone)) && variable_get('feedback_field_phone', '')) {
    form_set_error('form_field_phone', t('Error: Please enter your phone number'));
  }
  elseif (feedback_check_exploit($phone)) {
    form_set_error('form_field_phone', t('Invalid data in phone number'));
  }

  if (feedback_check_exploit($referer)) {
    form_set_error('form_field_referer', t('Invalid data in referer'));
  }
}

function feedback_check_exploit($data) {
  $bad_strings = array (
    'To:',
    'Cc:',
    'Bcc:',
    'Content-Type:',
    'MIME-Version:',
    'Content-Transfer-Encoding:');

  foreach($bad_strings as $str) {
    if (stristr($data, $str)) {
      watchdog ('user', t('Attempt to relay spam using %str. Field is %data',
        array('str'=>$str, 'data'=>$data)));
      return true;
    }
  }
  return false;
}

function feedback_validate_email($email) {

  if (valid_email_address($email)) {
    // It looks like a valid email address
    if (variable_get('feedback_validate_sender_address', '')) {
      $rc = feedback_try_to_feedback_address($email);
    }
    else {
      $rc = '';
    }
  }
  else {
    $rc = t('Invalid E-mail address structure');
  }

 return $rc;
}

function feedback_try_to_feedback_address($email) {

  // This function is based on one that was written by
  // Jon S. Stevens jon AT clearink.com
  // Copyright 1998 Jon S. Stevens, Clear Ink
  // This code has all the normal disclaimers.
  // It is free for any use, just keep the credits intact.

  $server_name = $_SERVER['SERVER_NAME'];

  $rc = 'Undefined error';

  list($user, $domain) = split('@', $email, 2);
  $arr = explode('.', $domain);
  $count = count($arr);
  $tld = $arr[$count - 2] .'.'. $arr[$count - 1];

  if (!$tld) {
    $rc = 'Error: Invalid domain part in e-mail';
    return $rc;
  }

  if (checkdnsrr($tld, 'MX')) {
    if (getmxrr($tld, $mxhosts, $weight)) {
      for ($i = 0; $i < count($mxhosts); $i++) {
        $fp = fsockopen($mxhosts[$i], 25);
        if ($fp) {
          $s = 0;
          $c = 0;
          $out = '';
          set_socket_blocking($fp, false);
          do {
            $out = fgets($fp, 2500);
            if (ereg("^220", $out)) {
              $s = 0;
              $out = '';
              $c++;
            }
            else
            if (($c > 0) && ($out == '')) {
              break;
            }
            else {
              $s++;
            }
            if ($s == 9999) {
              break;
            }
          } while ($out == '');

          set_socket_blocking($fp, true);

          fputs($fp, "HELO $server_name\n");
          $output = fgets($fp, 2000);
          fputs($fp, "MAIL FROM: <info@". $tld .">\n");
          $output = fgets($fp, 2000);
          fputs($fp, "RCPT TO: <$email>\n");
          $output = fgets($fp, 2000);
          if (ereg("^250", $output)) {
            $rc = '';
          }
          else {
            $rc = $output;
          }

          fputs($fp, "QUIT\n");
          fclose($fp);

          if ($rc == '') {
            break;
          }
        }
      }
    }
  }

  return $rc;
}

function feedback_custom_footers() {
  global $user;

  $edit = $_POST['edit'];
  $site_name = variable_get('site_name', '');

  $footer .= "\n----------------------------------";
  if ($site_name) {
    $footer .= "\nSite Name       : ". variable_get('site_name', '');
  }
  if ($user->name) {
    $footer .= "\nRegistered name : ". $user->name;
  }
  if (isset($edit['form_field_name'])) {
    $footer .= "\nFull Name       : ". $edit['form_field_name'];
  }
  if (isset($edit['form_field_email'])) {
    $footer .= "\nE-mail address  : ". $edit['form_field_email'];
  }
  if (isset($edit['form_field_postal'])) {
    $footer .= "\nPostal address  : ". $edit['form_field_postal'];
  }
  if (isset($edit['form_field_phone'])) {
    $footer .= "\nPhone Number    : ". $edit['form_field_phone'];
  }
  if (isset($edit['form_field_referer'])) {
    $footer .= "\nReferring page  : ". $edit['form_field_referer'];
  }
  if (isset($_SERVER['REMOTE_ADDR'])) {
    $footer .= "\nIP Address      : ". 'http://whois.sc/' . $_SERVER['REMOTE_ADDR'];
  }
  if (isset($_SERVER['REMOTE_HOST'])) {
    $footer .= "\nMachine name    : ". $_SERVER['REMOTE_HOST'];
  }
  if (isset($_SERVER['HTTP_USER_AGENT'])) {
    $footer .= "\nBrowser info    : ". $_SERVER['HTTP_USER_AGENT'];
  }

  return $footer;
}

function feedback_custom_headers() {
  $edit = $_POST['edit'];

  $headers = '';

  $name = $edit['form_field_name'];

  $headers .= "From: $name <". $edit['form_field_email'] .">\n";
  $headers .= "Reply-To: ". $edit['form_field_email'] ."\n";
  $headers .= "Return-Path: ". $edit['form_field_email'] ."\n";
  $headers .= "Errors-To: ". $edit['form_field_email'] ."\n";
  $headers .= "X-Mailer: Drupal\n";

  return $headers;
}

function feedback_format_body($body) {

  $trans = get_html_translation_table(HTML_ENTITIES);
  $trans = array_flip($trans);

  $output = t("-- The following message was sent using the feedback page --\n\n");
  $output .= wordwrap(strip_tags($body), 72);

  $output = strtr(wordwrap(strip_tags($output), 72), $trans);

  return $output;
}

?>
1	<?php
2
3	//$Id: feedback.module,v 1.2 2006/02/25 05:52:41 frjo Exp $
4
5	/**
6	* @file
7	* Copyright 2004-2005 Khalid Baheyeldin http://2bits.com
8	* Modified by Fredrik Jonsson fredrik at combonet dot se
9	* More information at http://xdeb.org/drupaldev
10	*/
11
12	/**
13	* Implementation of hook_help().
14	*/
15	function feedback_help($section = 'admin/help#feedback') {
16
17	$args = array("%permissions" => url("admin/access"), "%feedback" => url("feedback"));
18
19	switch($section) {
20	case 'admin/help#feedback':
21	$output = t("
22	<p>Users with the correct <a href=\"%permissions\">permissions</a> can send feedback
23	to the site admin via email from a form on the site.</p>
24	<p>To enable its use, a user needs the \"access feedback\" permission.</p>
25	<p>The site admin specifies the email address that the users send to, as well as other
26	parameters, such as what fields to show the user to fill (name, address, email), whether
27	the user address is to be validated, and whether to log all attempts to use this form.</p>
28	<p>The email address is never visible to the users, and therefore cannot be used by SPAM
29	harvesters.</p>", $args);
30	break;
31	case 'admin/modules#description':
32	$output = t('Enables visitors to your site to provide feedback from a web form.');
33	break;
34	case 'admin/settings/feedback':
35	$output = t("
36	Here you can configure the feedback page.<br />
37	The user needs the correct <a href=\"%permissions\">permissions</a> to see the
38	<a href=\"%feedback\">feedback page</a>", $args);
39	break;
40	}
41
42	return $output;
43	}
44
45	/**
46	* Implementation of hook_perm().
47	*/
48	function feedback_perm() {
49	return array('can send feedback');
50	}
51
52	/**
53	* Implementation of hook_menu().
54	*/
55	function feedback_menu($may_cache) {
56	$items = array();
57
58	if (!$may_cache) {
59	$items[] = array(
60	'path' => 'feedback',
61	'callback' => 'feedback_page',
62	'title' => variable_get('feedback_nav_link', 'feedback'),
63	'access' => user_access('can send feedback'),
64	'type' => MENU_SUGGESTED_ITEM
65	);
66	}
67
68	return $items;
69	}
70
71
72	function feedback_link($type, $node = 0, $main = 0) {
73	global $user;
74
75	$links = array();
76
77	if ($type == 'page' && user_access('can send feedback')) {
78	$links[] = l(t('feedback'), 'feedback');
79	}
80
81	return $links;
82	}
83
84	/**
85	* Implementation of hook_settings()
86	*/
87	function feedback_settings() {
88	$output = form_textfield(t('Default Email Address'), 'feedback_email',
89	_feedback_get_to_email(), 80, 300,
90	t('The email address which should receive all form submissions'));
91
92	$output .= form_textfield(t('Navigation link text'), 'feedback_nav_link',
93	variable_get('feedback_nav_link', 'feedback'), 80, 300,
94	t('The text that will be shown in the navigation link'));
95
96	$output .= form_textfield(t('Feedback Page Header'), 'feedback_pageheader',
97	variable_get('feedback_pageheader', 'Use this form to send us feedback'), 80, 300,
98	t('The page header text that will be shown at the top of the feedback page'));
99
100	$output .= form_textfield(t('Subject Prefix'), 'feedback_subject_prefix',
101	variable_get('feedback_subject_prefix', 'Feedback: '), 80, 80,
102	t('The prefix that should be added before the subject on each email'));
103
104	$output .= form_textarea(t('Instructions'), 'feedback_instructions',
105	variable_get('feedback_instructions', 'Enter your message below: '), 60, 10,
106	t('The instructions that will be displayed for the user on how to fill the form'));
107
108	$group = form_textfield(t('Result Message - Success'), 'feedback_rmsg_success',
109	variable_get('feedback_rmsg_success', 'Thank you for your message.'), 80, 80,
110	t('The message that will be printed upon successfully completing the feedback request'));
111	$group .= form_textfield(t('Result Message - Failure'), 'feedback_rmsg_failure',
112	variable_get('feedback_rmsg_failure', 'There are errors in your form.'), 80, 80,
113	t('The message that will be printed upon encountering an error in the feedback request'));
114	$output .= form_group(t('Result Messages settings'), $group);
115
116	$group = form_checkbox(t('Sender Email Address'), 'feedback_field_email', 1, variable_get('feedback_field_email', '1'));
117	$group .= form_checkbox(t('Sender Name'), 'feedback_field_name', 1, variable_get('feedback_field_name', '1'));
118	$group .= form_checkbox(t('Postal Address'), 'feedback_field_postal', 1, variable_get('feedback_field_postal', '0'));
119	$group .= form_checkbox(t('Phone Number'), 'feedback_field_phone', 1, variable_get('feedback_field_phone', '0'));
120	$group .= form_checkbox(t('Message Subject'), 'feedback_field_subject', 1, variable_get('feedback_field_subject', '1'));
121	$group .= form_checkbox(t('Message Body'), 'feedback_field_body', 1, variable_get('feedback_field_body', '1'));
122	$output .= form_group(t('Fields to include on the form'), $group);
123
124	$group = form_checkbox(t('Validate Sender\'s Email Address'),
125	'feedback_validate_sender_address', 1, variable_get('feedback_validate_sender_address', '0'));
126	$group .= form_checkbox(t('Log all feedback attempts to watchdog'), 'feedback_logging', 1,
127	variable_get('feedback_logging', '1'));
128	$output .= form_group(t('Miscellaneous Settings'), $group);
129
130	return $output;
131	}
132
133	/**
134	* The feedback page
135	*/
136	function feedback_page() {
137	$edit = $_POST['edit'];
138
139	// Set breadcrumbs
140	$breadcrumb = array(array('path' => 'feedback'));
141	menu_set_location($breadcrumb);
142
143	if ($edit) {
144	feedback_validate_data();
145
146	if (form_get_errors()) {
147	print theme('page', feedback_display_form());
148	}
149	else {
150	feedback_send_email();
151	if (variable_get('feedback_logging', '1')) {
152	feedback_watchdog_log();
153	}
154	drupal_set_message(variable_get('feedback_rmsg_success', 'Thank you for your message.'));
155	print theme('page', '');
156	}
157	}
158	else {
159	print theme('page', feedback_display_form());
160	}
161	}
162
163	function feedback_send_email() {
164	$edit = $_POST['edit'];
165
166	$subject_prefix = variable_get('feedback_subject_prefix', '');
167
168	$subject = $subject_prefix .' '. $edit['form_field_subject'];
169
170	$from_email = $edit['form_field_email'] ? $edit['form_field_email'] : _feedback_get_to_email();
171
172	$to = _feedback_get_to_email();
173
174	$body = feedback_format_body($edit['form_field_body']) ."\n\n". feedback_custom_footers();
175
176	$headers = feedback_custom_headers();
177
178	if ($to) {
179	user_mail($to, $subject, $body, $headers);
180	$rc = true;
181	}
182	else {
183	$rc = false;
184	}
185
186	return $rc;
187	}
188
189	function _feedback_get_to_email() {
190	return variable_get('feedback_email', variable_get('site_mail', ini_get('sendmail_from')));
191	}
192
193	function feedback_display_form() {
194	global $user;
195
196	$edit = $_POST['edit'];
197
198	// Assign default values to some form fields while making sure the field
199	// content is preserved after errors
200	if (!$edit['form_field_name'] && $user->name) {
201	$edit['form_field_name'] = $user->name;
202	}
203	if (!$edit['form_field_email'] && $user->mail) {
204	$edit['form_field_email'] = $user->mail;
205	}
206
207	if (variable_get('feedback_pageheader', '')) {
208	$title = variable_get('feedback_pageheader', '');
209	}
210
211	if (variable_get('feedback_field_name', '')) {
212	$form .= form_textfield(t('Your Full Name'), 'form_field_name',
213	$edit['form_field_name'], 60, 64, NULL, NULL, TRUE);
214	}
215
216	if (variable_get('feedback_field_email', '')) {
217	$form .= form_textfield(t('Your E-Mail Address'), 'form_field_email',
218	$edit['form_field_email'], 60, 64, NULL, NULL, TRUE);
219	}
220
221	if (variable_get('feedback_field_postal', '')) {
222	$form .= form_textarea(t('Your Postal Address'), 'form_field_postal',
223	$edit['form_field_postal'], 50, 4, NULL, NULL, TRUE);
224	}
225
226	if (variable_get('feedback_field_phone', '')) {
227	$form .= form_textfield(t('Your Phone Number'), 'form_field_phone',
228	$edit['form_field_phone'], 60, 64, NULL, NULL, TRUE);
229	}
230
231	if (variable_get('feedback_field_subject', '')) {
232	$form .= form_textfield(t('Subject'), 'form_field_subject',
233	$edit['form_field_subject'], 60, 64, NULL, NULL, TRUE);
234	}
235
236	if (variable_get('feedback_field_body', '')) {
237	$form .= form_textarea (t('Message'), 'form_field_body',
238	$edit['form_field_body'], 60, 15, NULL, NULL, TRUE);
239	}
240
241	$form .= form_hidden('form_field_referer', $_SERVER[HTTP_REFERER]);
242
243	$form .= form_submit(t('Send Message'), 'op', $edit['op']);
244
245	$output .= variable_get('feedback_instructions', '') . form($form, 'post');
246
247	if ($title) {
248	$output = theme('box', $title, $output);
249	}
250
251	return $output;
252	}
253
254	function feedback_watchdog_log() {
255	$edit = $_POST['edit'];
256
257	$name = $edit['form_field_name'];
258	$email = $edit['form_field_email'];
259	$subject = $edit['form_field_subject'];
260
261	$message = "feedback: $name <$email> subject: $subject";
262
263	watchdog('user', check_plain($message));
264	}
265
266	function feedback_validate_data() {
267	global $user;
268	$edit = $_POST['edit'];
269
270	$name = $edit['form_field_name'];
271	$email = $edit['form_field_email'];
272	$subject = $edit['form_field_subject'];
273	$body = $edit['form_field_body'];
274	$postal = $edit['form_field_postal'];
275	$phone = $edit['form_field_phone'];
276	$referer = $edit['form_field_referer'] ;
277
278	if (!strlen(trim($email)) && variable_get('feedback_field_email', '')) {
279	form_set_error('form_field_email', t('Error: Please enter your e-mail address'));
280	}
281	else {
282	$smtp_err = feedback_validate_email($email);
283	if ($smtp_err) {
284	form_set_error('form_field_email', t('Error: E-Mail address error ') . $smtp_err);
285	}
286	elseif (feedback_check_exploit($email)) {
287	form_set_error('form_field_email', t('Invalid data in e-mail address'));
288	}
289	}
290
291	if (!strlen(trim($name)) && variable_get('feedback_field_name', '')) {
292	form_set_error('form_field_name', t('Error: Please enter your full name'));
293	}
294	elseif (feedback_check_exploit($name)) {
295	form_set_error('form_field_name', t('Invalid data in name'));
296	}
297
298	// Note: The body does not need to be checked for exploits because it is
299	// treated as text (RFC 822).
300	if (!strlen(trim($body)) && variable_get('feedback_field_body', '')) {
301	form_set_error('form_field_body', t('Error: Please enter your message'));
302	}
303
304	if (!strlen(trim($subject)) && variable_get('feedback_field_subject', '')) {
305	form_set_error('form_field_subject', t('Error: Please enter a subject'));
306	}
307	elseif (feedback_check_exploit($subject)) {
308	form_set_error('form_field_subject', t('Invalid data in subject'));
309	}
310
311	if (!strlen(trim($postal)) && variable_get('feedback_field_postal', '')) {
312	form_set_error('form_field_postal', t('Error: Please enter your postal address'));
313	}
314	elseif (feedback_check_exploit($postal)) {
315	form_set_error('form_field_postal', t('Invalid data in postal address'));
316	}
317
318	if (!strlen(trim($phone)) && variable_get('feedback_field_phone', '')) {
319	form_set_error('form_field_phone', t('Error: Please enter your phone number'));
320	}
321	elseif (feedback_check_exploit($phone)) {
322	form_set_error('form_field_phone', t('Invalid data in phone number'));
323	}
324
325	if (feedback_check_exploit($referer)) {
326	form_set_error('form_field_referer', t('Invalid data in referer'));
327	}
328	}
329
330	function feedback_check_exploit($data) {
331	$bad_strings = array (
332	'To:',
333	'Cc:',
334	'Bcc:',
335	'Content-Type:',
336	'MIME-Version:',
337	'Content-Transfer-Encoding:');
338
339	foreach($bad_strings as $str) {
340	if (stristr($data, $str)) {
341	watchdog ('user', t('Attempt to relay spam using %str. Field is %data',
342	array('str'=>$str, 'data'=>$data)));
343	return true;
344	}
345	}
346	return false;
347	}
348
349	function feedback_validate_email($email) {
350
351	if (valid_email_address($email)) {
352	// It looks like a valid email address
353	if (variable_get('feedback_validate_sender_address', '')) {
354	$rc = feedback_try_to_feedback_address($email);
355	}
356	else {
357	$rc = '';
358	}
359	}
360	else {
361	$rc = t('Invalid E-mail address structure');
362	}
363
364	return $rc;
365	}
366
367	function feedback_try_to_feedback_address($email) {
368
369	// This function is based on one that was written by
370	// Jon S. Stevens jon AT clearink.com
371	// Copyright 1998 Jon S. Stevens, Clear Ink
372	// This code has all the normal disclaimers.
373	// It is free for any use, just keep the credits intact.
374
375	$server_name = $_SERVER['SERVER_NAME'];
376
377	$rc = 'Undefined error';
378
379	list($user, $domain) = split('@', $email, 2);
380	$arr = explode('.', $domain);
381	$count = count($arr);
382	$tld = $arr[$count - 2] .'.'. $arr[$count - 1];
383
384	if (!$tld) {
385	$rc = 'Error: Invalid domain part in e-mail';
386	return $rc;
387	}
388
389	if (checkdnsrr($tld, 'MX')) {
390	if (getmxrr($tld, $mxhosts, $weight)) {
391	for ($i = 0; $i < count($mxhosts); $i++) {
392	$fp = fsockopen($mxhosts[$i], 25);
393	if ($fp) {
394	$s = 0;
395	$c = 0;
396	$out = '';
397	set_socket_blocking($fp, false);
398	do {
399	$out = fgets($fp, 2500);
400	if (ereg("^220", $out)) {
401	$s = 0;
402	$out = '';
403	$c++;
404	}
405	else
406	if (($c > 0) && ($out == '')) {
407	break;
408	}
409	else {
410	$s++;
411	}
412	if ($s == 9999) {
413	break;
414	}
415	} while ($out == '');
416
417	set_socket_blocking($fp, true);
418
419	fputs($fp, "HELO $server_name\n");
420	$output = fgets($fp, 2000);
421	fputs($fp, "MAIL FROM: <info@". $tld .">\n");
422	$output = fgets($fp, 2000);
423	fputs($fp, "RCPT TO: <$email>\n");
424	$output = fgets($fp, 2000);
425	if (ereg("^250", $output)) {
426	$rc = '';
427	}
428	else {
429	$rc = $output;
430	}
431
432	fputs($fp, "QUIT\n");
433	fclose($fp);
434
435	if ($rc == '') {
436	break;
437	}
438	}
439	}
440	}
441	}
442
443	return $rc;
444	}
445
446	function feedback_custom_footers() {
447	global $user;
448
449	$edit = $_POST['edit'];
450	$site_name = variable_get('site_name', '');
451
452	$footer .= "\n----------------------------------";
453	if ($site_name) {
454	$footer .= "\nSite Name : ". variable_get('site_name', '');
455	}
456	if ($user->name) {
457	$footer .= "\nRegistered name : ". $user->name;
458	}
459	if (isset($edit['form_field_name'])) {
460	$footer .= "\nFull Name : ". $edit['form_field_name'];
461	}
462	if (isset($edit['form_field_email'])) {
463	$footer .= "\nE-mail address : ". $edit['form_field_email'];
464	}
465	if (isset($edit['form_field_postal'])) {
466	$footer .= "\nPostal address : ". $edit['form_field_postal'];
467	}
468	if (isset($edit['form_field_phone'])) {
469	$footer .= "\nPhone Number : ". $edit['form_field_phone'];
470	}
471	if (isset($edit['form_field_referer'])) {
472	$footer .= "\nReferring page : ". $edit['form_field_referer'];
473	}
474	if (isset($_SERVER['REMOTE_ADDR'])) {
475	$footer .= "\nIP Address : ". 'http://whois.sc/' . $_SERVER['REMOTE_ADDR'];
476	}
477	if (isset($_SERVER['REMOTE_HOST'])) {
478	$footer .= "\nMachine name : ". $_SERVER['REMOTE_HOST'];
479	}
480	if (isset($_SERVER['HTTP_USER_AGENT'])) {
481	$footer .= "\nBrowser info : ". $_SERVER['HTTP_USER_AGENT'];
482	}
483
484	return $footer;
485	}
486
487	function feedback_custom_headers() {
488	$edit = $_POST['edit'];
489
490	$headers = '';
491
492	$name = $edit['form_field_name'];
493
494	$headers .= "From: $name <". $edit['form_field_email'] .">\n";
495	$headers .= "Reply-To: ". $edit['form_field_email'] ."\n";
496	$headers .= "Return-Path: ". $edit['form_field_email'] ."\n";
497	$headers .= "Errors-To: ". $edit['form_field_email'] ."\n";
498	$headers .= "X-Mailer: Drupal\n";
499
500	return $headers;
501	}
502
503	function feedback_format_body($body) {
504
505	$trans = get_html_translation_table(HTML_ENTITIES);
506	$trans = array_flip($trans);
507
508	$output = t("-- The following message was sent using the feedback page --\n\n");
509	$output .= wordwrap(strip_tags($body), 72);
510
511	$output = strtr(wordwrap(strip_tags($output), 72), $trans);
512
513	return $output;
514	}
515
516	?>