<?php 
// Invite a friend 
// By Taco Vader 

//  Make sure the session is started only once and before any output is generated! 
session_start(); 

$output = ''; 
$fields_with_errors = array(); 

//  Constructs an input field with label 
//  If $name is in $fields_with_errors, it gets the class 'error' 
function input_box( $name, $label, $value='') { 
  global $fields_with_errors; 
  $class = ( isset($fields_with_errors[$name]) ) ? ' class="error"' : ''; 
  return '<li><label for="'.$name.'">'.$label.'</label><input type="text" name="'.$name.'" value="'.$value.'"'.$class.' /></li>'; 
} 

//  Validates an email. Returns the email on success and false on failure 
function is_email( $value ) { 
  if ( preg_match('#^[a-z0-9][a-z0-9_.\-]*@([a-z0-9]+\.)*[a-z0-9][a-z0-9\-]+\.([a-z]{2,6})$#', $value) ) { 
    return $value; 
  } 
  else { 
    return false; 
  } 
} 

//  Validates plain text. Returns the sanitized text on success and false on failure 
function is_plaintext( $value ) { 
  $value = preg_replace('#[^\w ]#', '', $value); 
  if ( $value == '' ) { 
    return false; 
  } 
  else { 
    return $value; 
  } 
} 

//  If the form is posted, process the data 
if ( $_SERVER['REQUEST_METHOD']=='POST' ) { 

  //  Negate any effects from magic_quotes if needed and validate data 
  if ( get_magic_quotes_gpc() ) { 
    $sender = is_plaintext( stripslashes( $_POST['sender'] ) ); 
    $recipient = is_plaintext( stripslashes( $_POST['recipient'] ) ); 
    $email = is_email( stripslashes( $_POST['email'] ) ); 
  } 
  else { 
    $sender = is_plaintext( $_POST['sender'] ); 
    $recipient = is_plaintext( $_POST['recipient'] ); 
    $email = is_email( $_POST['email'] ); 
  } 
  
  //  We collect all error messages in this array 
  $errors = array(); 
  
  //  Check session data as  defense against accidental flooding 
  if ( !isset($_SESSION['mailstosent']) ) { 
    //  There is no record of the number of how many mails there are left to send. 
    $errors[] = 'This form needs cookies to function. Please enable cookies in your browser settings.'; 
  } 
  elseif ( $_SESSION['mailstosent'] == 0 ) { 
    //  The maximum amount of e-mails has already been already send 
    $errors[] = 'You cannot invite any more friends.'; 
  } 
  elseif ( !isset( $_SESSION['recipients'] ) ) { 
    //  There is no recipient-list yet, this is probably the first mail this user sends 
    $_SESSION['recipients'] = array(); 
  } 
  elseif ( isset( $_SESSION['recipients'][$email] ) ) { 
    //  The recipient is on the list. This user has entered this e-mail-address before 
    $errors[] = 'You already mailed that friend!'; 
  } 

  //  Now check form data 
  if ( $sender == false ) { 
    $fields_with_errors['sender'] = true; 
    $errors[] = 'Please fill in your name'; 
  } 
  if ( $recipient == false ) { 
    $fields_with_errors['recipient'] = true; 
    $errors[] = 'Please fill in your friend\'s name'; 
  } 
  if ( $email == false ) { 
    $fields_with_errors['email'] = true; 
    $errors[] = 'Please fill in your friend\'s e-mail address'; 
  } 
  
  //  If there are errors, print them and continue to the form 
  if ( count( $errors ) > 0 ) { 
    foreach ( $errors as $error ) { 
      $output .= $error . "<br />"; 
    } 
  } 
  //  If there are no errors, send the mail 
  else { 
    $subject = 'You are invited by ' . $sender . '!'; 
    $mail_body = "Take a look at this site:\r\n"; 
    $mail_body .= "www.phpfreakz.nl\r\n"; 
    $mail_body .= "\r\n"; 
    $mail_body .= "Greetings,\r\n"; 
    $mail_body .= "\r\n"; 
    $mail_body .= $sender . "\r\n"; 
    if ( mail($email, $subject, $mail_body ) ) { 
      print 'Your friend has been notified'; 
      //  Updat session data to prevent flooding 
      $_SESSION['recipients'][$email] = true; 
      $_SESSION['mailstosent']--; 
      //  Set the variables to their defaults again 
      $sender = ''; 
      $recipient = ''; 
      $email = '';   
    } 
    else { 
      print 'There was an internal error sending the mail. Please try again later or contact the administrator.'; 
    } 
  } 
} 
else { 
  //  Set the variables to their defaults 
  $sender = ''; 
  $recipient = ''; 
  $email = '';   
} 

//  Make sure no more than 10 mails are sent with one session 
if ( !isset($_SESSION['mailstosent']) ) { 
  $_SESSION['mailstosent'] = 10; 
} 

//  Construct the form 
$output .= ' 
<form action="'.$_SERVER['PHP_SELF'].'" method="POST"> 
  <fieldset> 
    <legend>Invite a friend</legend> 
    <ol> 
      ' . input_box('sender', 'Your name:', $sender) . ' 
      ' . input_box('recipient', 'Your friend\'s name:', $recipient) . ' 
      ' . input_box('email', 'Your friend\'s email:', $email) . ' 
      <input type="submit" value="Invite!" /> 
    </ol> 
  </fieldset> 
</form>'; 

echo $output; 
?> 