auto.php

<?php session_start();
    //ini_set('display_errors', 'On');
    //error_reporting(E_ALL);


    /* *********** FUNCTIONS ****************** */

    function checkit($insuredName) {
            return(str_replace(array("\r", "\n", "%OA", "%oa", "%OD", "%od", "Content-Type:","BCC:","bcc:"), "", $insuredName));
    }

    function cleanUp($data) {
       $data = trim(strip_tags(htmlspecialchars($data)));
       return $data;
    }

    $referer=$_SERVER['HTTP_REFERER'];
    #print($referer);
    $refsplit=explode("?",$referer);
    #if($refsplit[0]=='http://www.tracy-driscoll.com/landingpages/auto/quote2.html'){

    $errorFields = array();

    if (isset($_POST['submit'])) {
    echo "got to this stage<br />";
    $insuredName =cleanUp($_POST['insuredName']);
    $address=cleanUp($_POST['address']);
    $city=cleanUp($_POST['city']);
    $state=cleanUp($_POST['state']);
    $zip=cleanUp($_POST['zip']);
    $phone=cleanUp($_POST['phone']);
    $email=cleanUp($_POST['email']);
    $dobMonth=cleanUp($_POST['dobMonth']);
    $dobDay=cleanUp($_POST['dobDay']);
    $dobYear=cleanUp($_POST['dobYear']);
    $driversLicense=cleanUp($_POST['driversLicense']);
    $doYou=cleanUp($_POST['doYou']);
    $bodilyInjury=cleanUp($_POST['bodilyInjury']);
    $propertyDamage=cleanUp($_POST['propertyDamage']);
    $medicalPayments=cleanUp($_POST['medicalPayments']);
    $comprehensiveDeductible=cleanUp($_POST['comprehensiveDeductible']);
    $collisionDeductible=cleanUp($_POST['collisionDeductible']);
    $rentalReimbursement=cleanUp($_POST['rentalReimbursement']);
    $towing=cleanUp($_POST['towing']);
    $v1year=cleanUp($_POST['v1year']);
    $v1make=cleanUp($_POST['v1make']);
    $v1vin=cleanUp($_POST['v1vin']);
    $v2year=cleanUp($_POST['v2year']);
    $v2make=cleanUp($_POST['v2make']);
    $v2vin=cleanUp($_POST['v2vin']);
    $otherDrivers=cleanUp($_POST['otherDrivers']);
    $howMany=cleanUp($_POST['howMany']);
    $permission=cleanUp($_POST['permission']);
    $ssn=cleanUp($_POST['ssn']);

    if (!strlen($insuredName)) array_push($errorFields, 'insuredName');
    if (!strlen($email)) array_push($errorFields, 'email');
    if (!strlen($phone)) array_push($errorFields, 'phone');
            echo "got here step 2";

            #check for valid e-mail address
            if (!preg_match("^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*$^",$email)) {
                     array_push($errorFields, 'email');
                     die("Invalid Email Address.  Email will not be sent");
            }

    #die if there are line returns in the name or e-mail field
            //if (!preg_match("\r",$insuredName) || !preg_match("\n",$insuredName) || !preg_match("\r",$email) || !preg_match("\n",$email)){
                     //die("Why ?? :(");
            //}

            if (!count($errorFields)) {
                    echo "no errors";
                    #replace manual line returns in e-mail field
                    $email = preg_replace("([\r\n])", "", $email);

                    #prevent BCC
                    $find = "[content-type|Content-Type|bcc:|cc:|viagra|levitra|pariscialis|angelfire|freewebpages|xxx|gay|sluts|incest|hardcore|anal]";
                    #$find2 = "[http:]";
                    if (preg_match($find, $insuredName) || preg_match($find, $email) || preg_match($find, $phone) || preg_match($find, $city) || preg_match($find, $state) || preg_match($find, $zip)) {
                            print("<p>No meta/header injections, please.  E-mail will not be sent.</p>");
                       exit;
                    }

/* *********** First email to Don, Teresa and TD ****************** */

require_once('class.phpmailer.php');

$mail = new PHPMailer(); // the true param means it will throw exceptions on errors, which we need to catch

$mail->IsSMTP(); // telling the class to use SMTP

try{

$mail->Host       = "172.16.4.18, 25"; // SMTP server
$mail->Port       = 26;
$mail->SMTPDebug = 2; // enables SMTP debug information (for testing)

  $mail->AddReplyTo('webserver@tracy-driscoll.com');
  $mail->AddAddress('DPolletta@mbcinteractive.com' , 'Don Polletta');
  $mail->AddAddress('teresa.romano@nc.rr.com' , 'Teresa Romano');
  $mail->SetFrom('"' . stripslashes(checkit($_POST['insuredName'])) . '" <' . stripslashes(checkit($_POST['email'])) . '>');
  $mail->Subject = 'Auto Insurance Quote Request from the Tracy-Driscoll web site';
  $mail->AltBody = 'To view the message, please use an HTML compatible email viewer!'; // optional - MsgHTML will create an alternate automatically
  $mail->msgHTML(

    'Received On: '.date('m/d/Y H:i:s').'\n\r

    Insured Information\n'.

    'Name: ' . stripslashes(checkit($_POST['$insuredName'])) . '\n'.
    'Address: $address\n'.
    'City: $city\n'.
    'State: $state\n'.
    'Zip: $zip\n'.
    'Phone: $phone\n'.
    'Email: $email\n'.
    'Date of Birth: $dobMonth'/'$dobDay'/'$dobYear\n'.
    'Drivers License Number: $driversLicense\n'.

    'Current Insurance\n\r'.

    'Do you have Insurance: $do_you\n\r'.

    'Coverages\n\r'.

    'Bodily Injury Liability: $bodilyInjury\n'.
    'Property Damage Liability: $propertyDamage\n'.
    'Medical Payments: $medicalPayments\n'.
    'Comprehensive Deductible: $comprehensiveDeductible\n'.
    'Collision Deductible: $collisionDeductible\n'.
    'Rental Reimbursement: $rentalReimbursement\n' .
    'Towing & Labor: $towing\n\r'.

    'Vehicle 1 Information:\n'.
          'Year: $v1year\n'.
          'Make & Model: $v1make\n'.
          'VIN: $v1vin\n\r'.

    'Vehicle 2 Information:\n'.
          'Year: $v2year\n'.
    '       Make & Model: $v2make\n'.
    '       VIN: $v2vin\n\r'.

    'Licensed Drivers:\n\r'.

    'Any other Drivers: $otherDrivers\n'.
    'How Many?: $howMany\n\r'.

    'Credit Check\n\r'.

    'Permission: $permission\n'.
    'SSN: $ssn');


  $mail->Send();

echo "Message Sent OK</p>\n";
} catch (phpmailerException $e) {
  echo $e->errorMessage(); //Pretty error messages from PHPMailer
} catch (Exception $e) {
  echo $e->getMessage(); //Boring error messages from anything else!
}

/* *********** Second email to customer ****************** */

require_once('class.phpmailer.php');

include("class.smtp.php"); // optional, gets called from within class.phpmailer.php if not already loaded

$mail = new PHPMailer(true); // the true param means it will throw exceptions on errors, which we need to catch

$mail->IsSMTP(); // telling the class to use SMTP

try {

  $mail->Host       = "172.16.4.18, 25"; // SMTP server
  $mail->Port       = 26;
  $mail->SMTPDebug  = 2; // enables SMTP debug information (for testing)

  $mail->AddReplyTo('webserver@tracy-driscoll.com');
  $mail->AddAddress('DPolletta@mbcinteractive.com' , 'Don Polletta');
  $mail->AddAddress('teresa.romano@nc.rr.com' , 'Teresa Romano');
  $mail->SetFrom('"' . stripslashes(checkit($_POST['insuredName'])) . '" <' . stripslashes(checkit($_POST['email'])) . '>');
  $mail->Subject = 'Auto Insurance Quote Request from the Tracy-Driscoll web site';

  $mail->msgHTML(

        'Hello '.$_POST['$insuredName'].',\n.
        Your quote request has been received! This email is a confirmation that we have received your request and is now being processed. You will be contacted by phone or email to discuss your Automobile Insurance Options.\n\r'.

        'For more exciting offers and news, please join our email list or become our fan on Facebook. Thank you for choosing Tracy-Driscoll for your Automobile Insurance Needs.\n\r'.
        'Thank you,\n'.
        'Tracy Driscoll');

$mail->Send();

echo "Message Sent OK</p>\n";
} catch (phpmailerException $e) {
  echo $e->errorMessage(); //Pretty error messages from PHPMailer
} catch (Exception $e) {
  echo $e->getMessage(); //Boring error messages from anything else!
}

      exit();
      }
        else
     {
          echo "you have errors!<br />";
          print_r($errorFields);
          }
      }
      else
      {
      header("Location: http://www.tracy-driscoll.com/landingpages/auto/autoquote2.html");
      }


?>