$crackyemail=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$_POST['yemail']);
$crackyname=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$_POST['yname']);
$crackfemail=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$_POST['femail']);
$crackfname=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$_POST['fname']);
$crackmessage=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$_POST['message']);
$cracksendurl=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$_POST['sendurl']);
if($crackyemail || $crackyname || $crackfemail || $crackfname || $crackmessage || $cracksendurl) { exit("unauthorized use"); }
include "includes/dbconnect.php";
if ($_POST["submit"]=='Send to a friend'){
if(isset($_POST['dynamiccode'])) {
if(strtoupper($_POST['dynamiccode'])==strtoupper($_SESSION["secret_s"]))
$sendit="TRUE";
else
$sendit="FALSE";
}
$yemail=$_POST['yemail'];
$yname=$_POST['yname'];
$femail=$_POST['femail'];
$fname=$_POST['fname'];
$message=$_POST['message'];
$sendurl=$_POST['sendurl'];
$msubject="Caribbean Property";
$mmessage1="Hello ".$fname.",
Your friend has send you the following link with message:
".$sendurl."
Message: ".$message."
Thanks & Regards
CLP Team";
if($sendit=='TRUE') { // dynamic code check
if (mail($femail,$msubject,$mmessage1,"From:$yname<".$yemail.">\nReturn-Path:".$yemail."\nContent-Type: text/html; charset=iso-8859-1"))
$msuccess="Yes";
else
$msuccess="No";
} else { $badcode=1; } // end dynamic code check
} else {
$sendurl=$_SERVER['HTTP_REFERER'];
}
$sqlpage="select * from property, countries where countries.countryid=property.countryid and property.id=\"".$_SERVER['QUERY_STRING']."\"";
$qrypage=mysql_query($sqlpage) or die("Error : ".mysql_error());
if (mysql_num_rows($qrypage)==0)
header("Location:index.php");
$rowpage=mysql_fetch_array($qrypage);
include "includes/keywords.php";
if($msuccess == "Yes") { mail("web@caribbeanlandandproperty.com",$msubject,$mmessage1,"From:$yname<".$yemail.">\nReturn-Path:".$yemail."\nContent-Type: text/html; charset=iso-8859-1"); }
?>
include "includes/toptext.php"; ?> |
include "includes/header.php"; ?> |
include "includes/country.php"; ?> |
include "includes/nosearch.php"; ?> |
include "includes/left.php"; ?> |
|
| Back | about the | comparisons | |
|
if ($msuccess=="Yes"){ ?>
Mail Successfully send to . |
|
} ?>
if ($msuccess=="No"){ ?>
Error sending mail. |
|
} ?>
if ($badcode=="1"){ ?>
Incorrect Security Code, Please Try Again |
|
} ?>
Complete the information below and send this listing to a friend. |
|
|
|
|
include "includes/footer.php"; ?> |