, etc. entered by the user are not treated # as part of the HTML of the page # If the email address and real name haven't been entered yet, # check $_SESSION for them. If Accountable is in use, we can # pre-fill these fields for the user. $escapedEmail = htmlspecialchars($_POST['email']); $escapedRealName = htmlspecialchars($_POST['realname']); $escapedSubject = htmlspecialchars($_POST['subject']); $escapedBody = htmlspecialchars($_POST['body']); $returnUrl = $_POST['returnurl']; if (!strlen($returnUrl)) { # We'll return the user to the page they came from $returnUrl = $_SERVER['HTTP_REFERER']; if (!strlen($returnUrl)) { # Stubborn browser won't give us a referring # URL, so return to the home page of our site instead $returnUrl = '/'; } } $escapedReturnUrl = htmlspecialchars($returnUrl); # Shift back into HTML mode to send the form ?> Contact Us prompt(); # Fetch email address and real name from Accountable. # We don't do this sooner because we want it to work # even if the user just finished logging in # (and $login->prompt() handles that situation) if (!strlen($escapedEmail)) { $escapedEmail = htmlspecialchars($_SESSION['email']); } if (!strlen($escapedRealName)) { $escapedRealName = htmlspecialchars($_SESSION['realname']); } } ?>

Contact Us

0) { $message = implode("
\n", $messages); echo("

$message

\n"); } ?>

Your Email Address

Your Real Name (so our reply won't get stuck in your spam folder)

Subject Of Your Message

Please enter the text of your message in the field that follows.

Please help us prevent fraud by entering the code displayed in the image in the text field. Alternatively, you may click Listen To This to hear the code spoken aloud.

Listen To This

\r\n" . "Reply-To: $realName <$email>\r\n"); # Thank the user and invite them to continue, at which point # we direct them to the page they came from. Don't allow # unreasonable characters in the URL $escapedReturnUrl = htmlspecialchars($_POST['returnurl']); ?> Thank You

Thank You

Thank you for contacting us! Your message has been sent.