$prop) echo "0"; else echo "1"; exit(0); } $post_to = $_POST['to']; if (!assureString($post_to) || strlen($post_to) < 3 || strstr($post_to, '@') === false) { echo "1"; exit(0); } if (isset($_SESSION['demoself']) || isset($_GET['demoself']) || isset($_POST['demoself'])) { $post_to = $_POST['from']; } $sql = "SELECT ID FROM Personen WHERE (TRIM(LOWER(Email)) = ? OR TRIM(LOWER(`Email-Privat`)) = ? OR TRIM(LOWER(`Email-Geschäftlich`)) = ?) AND `wuenscht_keine_Emails` LIMIT 1;"; $post_to_clean = trim(strtolower($post_to)); $stmt = $mysqli->prepare($sql); $stmt->bind_param('sss', $post_to_clean, $post_to_clean, $post_to_clean); $stmt->bind_result($no_email); $stmt->execute(); $stmt->fetch(); $stmt->reset(); if ($no_email > 0) { echo "3"; exit(0); } if ( stristr($_POST['from'], '@upb.de') === false && stristr($_POST['from'], '@uni-paderborn.de') === false && stristr($_POST['from'], '@uni-paderborn.de') === false && stristr($_POST['from'], '@hochschule-rhein-waal.de') === false && stristr($_POST['from'], '@hsrw.dein-stip.de') === false ) { echo "4"; exit(0); } $mid = "" . time() . "-" . base_convert(bin2hex(random_bytes(8)), 16, 36) . "@hsrw.dein-stip.de"; $boundary = "sfowl" . md5(uniqid('', true)); $h = "From: " . $_POST['from'] . "\r\n"; $h .= "Sender: " . $_POST['from'] . "\r\n"; $h .= "Reply-To: " . "deutschlandstipendium@hochschule-rhein-waal.de" . "\r\n"; $h .= "Errors-To: " . "deutschlandstipendium@hochschule-rhein-waal.de" . "\r\n"; if (!isset($_SESSION['demoself'])) { if (strlen($_POST['cc'])> 0) { $h .= "Cc: " . $_POST['cc'] . "\r\n"; } if (strlen($_POST['bcc'])> 0) { $h .= "Bcc: " . $_POST['bcc'] . "\r\n"; } } $h .= "Message-ID: <" . $mid . ">\r\n"; $h .= "MIME-Version: 1.0\r\n"; $full = ""; $html = '' . "\r\n" . $_POST['html']; if (strstr($html, '/si', trim($tags), $tags); $tags = array_unique($tags[1]); if(is_array($tags) AND count($tags) > 0) { if($invert == FALSE) { return preg_replace('@<(?!(?:'. implode('|', $tags) .')\b)(\w+)\b.*?>.*?@si', '', $text); } else { return preg_replace('@<('. implode('|', $tags) .')\b.*?>.*?@si', '', $text); } } elseif($invert == FALSE) { return preg_replace('@<(\w+)\b.*?>.*?@si', '', $text); } return $text; } $text = trim(strip_tags(str_replace("
", "\r\n", str_replace("

", "\r\n", str_replace("

", "\r\n", strip_tags(strip_tags_content($_POST['html'], '