<%@ codepage=65001%><% 'option explicit Function checkemail(val) Dim objRegExp Set objRegExp = New RegExp objRegExp.Pattern = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$" checkemail = objRegExp.Test(val) Set objRegExp = Nothing end Function Function checkLink(val1,val2) Dim objRegExp,n_url Set objRegExp = New RegExp objRegExp.Pattern = "https://|http://|ftp://" n_url = objRegExp.replace(val1, "") n_url = LEFT(n_url,instr(n_url,"/")-1) Set objRegExp = Nothing if n_url = val2 then checkLink = true else checkLink = false end if end Function Function strfix(val) strfix=htmlencode(Trim(val)) end Function Function htmlencode(val) htmlencode=Server.HtmlEncode(val) end Function Function urlencode(val) urlencode=Server.URLEncode(val) end Function Function urldecode(val) urldecode=Server.URLDecode(val) end Function Function checkfname(val) Dim objRegExp Set objRegExp = New RegExp objRegExp.Pattern = "<\/?\w+\s*[^>]*>" if(objRegExp.Test(val))then checkfname=false else 'if(objRegExp.Pattern = "^(.){3,20}$")then checkfname=true 'end if end if End Function Function checkfname2(val) Dim objRegExp Set objRegExp = New RegExp objRegExp.Pattern = "(apparently\s*-\s*to)|(bcc)|(boundary)|(charset)|(content\s*-\s*disposition)|(content\s*-\s*type)|(content\s*-\s*transfer\s*-\s*encoding)|(errors\s*-\s*to)|(in\s*-\s*reply\s*-\s*to)|(message\s*-\s*id)|(mime\s*-\s*version)|(multipart\s*/\s*mixed)|(multipart\s*/\s*alternative)|(multipart\s*/\s*related)|(reply\s*-\s*to)|(x\s*-\s*mailer)|(x\s*-\s*sender)|(x\s*-\s*uidl)" 'objRegExp.Pattern = "^[a-zA-Z''-'\s]{3,40}$" if(objRegExp.Test(val))then checkfname2=true else checkfname2=false end if Set objRegExp = Nothing End Function Function ReadFromFile(Name) Set objFSO = Server.CreateObject("Scripting.FileSystemObject") Const fsoForReading = 1 Dim objTextStream Set objTextStream = objFSO.OpenTextFile(Server.MapPath(Name), fsoForReading) ReadFromFile=objTextStream.ReadAll End function Function readUTF_File(FileUrl) Set objStream = Server.CreateObject("ADODB.Stream") With objStream .Charset = "utf-8" .Type=2 .mode=3 .Open .loadfromfile FileUrl readUTF_File=.readtext .Close End With Set objStream = Nothing End Function '=================================== dim strName, strEmail, strFdName(3),strFdEmail(3), errStr, FdEmailFound, i, dupEmailFound,j,ref,key, rtnString,posParamStart,paramStartChar,successpage,strMailLink, trusted,value,strbanner dim trustedDomain(2) trustedDomain(0) = "202.67.153.67" trustedDomain(1) = "promotion.hk.msn.com" errStr="" FdEmailFound=false dupEmailFound=false trusted = false strName = strfix(Request.Form("strName")) strEmail = strfix(Request.Form("strEmail")) strFdName(0) = strfix(Request.Form("strFdName1")) strFdName(1) = strfix(Request.Form("strFdName2")) strFdName(2) = strfix(Request.Form("strFdName3")) strFdEmail(0) = strfix(Request.Form("strFdEmail1")) strFdEmail(1) = strfix(Request.Form("strFdEmail2")) strFdEmail(2) = strfix(Request.Form("strFdEmail3")) strMailLink = strfix(Request.Form("link")) strbanner = strfix(Request.Form("banner")) ref = Request.Form("referer") successpage = Request.Form("successpage") if(ref="" )then ref = Request.QueryString("referer").Item end if ref = strfix(ref) for i=0 to UBound(trustedDomain) if(checkLink(ref,trustedDomain(i)))then if(checkLink(strMailLink,trustedDomain(i)))then if(checkLink(strbanner,trustedDomain(i)))then trusted = true Exit for end if end if end if Next if trusted = false then response.end for i=0 to UBound(strFdName) if strFdName(i) <> "" and strFdEmail(i) <> "" then FdEmailFound=true for j=0 to UBound(strFdName) if i<>j and strFdEmail(i) = strFdEmail(j) then dupEmailFound = True end if Next end if Next if not FdEmailFound then errStr="me=1" if dupEmailFound then errStr="de=1" IF FdEmailFound then IF not checkfname(strName) and strName<>"" Then errStr = "in=1" IF not checkemail(strEmail) and strEmail<>"" Then errStr = "ie=1" IF not checkfname(strFdName(0)) and strFdName(0)<>"" Then errStr = "fin1=1" IF not checkfname(strFdName(1)) and strFdName(1)<>"" Then errStr = "fin2=1" IF not checkfname(strFdName(2)) and strFdName(2)<>"" Then errStr = "fin3=1" IF not checkemail(strFdEmail(0)) and strFdEmail(0)<>"" Then errStr = "fie1=1" IF not checkemail(strFdEmail(1)) and strFdEmail(1)<>"" Then errStr = "fie2=1" IF not checkemail(strFdEmail(2)) and strFdEmail(2)<>"" Then errStr = "fie3=1" End If if errStr ="" and trusted then Dim iMsg, iConf, Flds,schema, cdoConfig if true then Set iMsg = CreateObject("CDO.Message") Set iConf = CreateObject("CDO.Configuration") Set Flds = iConf.Fields schema = "http://schemas.microsoft.com/cdo/configuration/" dim alt alt = 0 if alt=1 then Flds.Item(schema & "sendusing") = 2 Flds.Item(schema & "smtpserver") = "smtp.live.com" Flds.Item(schema & "smtpserverport") = 25 Flds.Item(schema & "smtpauthenticate") = 1 Flds.Item(schema & "sendusername") = "messenger-express@live.com" Flds.Item(schema & "sendpassword") = "cyber911" Flds.Item(schema & "smtpusessl") = true Flds.Update else Flds.Item(schema & "sendusing") = 2 Flds.Item(schema & "smtpserver") = "smtp3.udomain.com.hk" Flds.Item(schema & "smtpserverport") = 25 Flds.Item(schema & "smtpauthenticate") = 1 Flds.Item(schema & "sendusername") = "smtp@bates141.com" Flds.Item(schema & "sendpassword") = "ba9648Te" Flds.Item(schema & "smtpusessl") = false Flds.Update end if for i=0 to UBound(strFdEmail) if(strFdEmail(i)<>"" and strFdName(i)<>"")then With iMsg Set .Configuration = iConf .BodyPart.charset = "utf-8" .To = "<"&strFdEmail(i)&">" .From = "messenger-express" .Subject = "Some cool new stuff for you from Windows Live Messenge" .HTMLBody = replace(ReadFromFile("template.html"),"{{strFdName}}",strFdName(i)) .HTMLBody = replace(.HTMLBody,"{{strName}}",strName) .HTMLBody = replace(.HTMLBody,"{{strMailLink}}",strMailLink) .HTMLBody = replace(.HTMLBody,"{{strbanner}}",strbanner) .Sender = "messenger-express@live.com" .Organization = "Microsoft" .ReplyTo = "messenger-express@live.com" SendEmail = .Send End With end if Next set iMsg = nothing set iConf = nothing set Flds = nothing end if end if 'posParamStart = InStrRev(ref,"?") 'if(posParamStart>0) then paramStartChar="&" else paramStartChar="?" 'for each key in Request.Form 'value=value &"&"& strfix(key) &"="&strfix(Request.Form(key)) 'next 'value = MID(value,2) value="strName="&strName value=value&"&"&"strEmail="&strEmail value=value&"&"&"strFdName1="&Request.Form("strFdName1") value=value&"&"&"strFdName2="&Request.Form("strFdName2") value=value&"&"&"strFdName3="&Request.Form("strFdName3") value=value&"&"&"strFdEmail1="&Request.Form("strFdEmail1") value=value&"&"&"strFdEmail2="&Request.Form("strFdEmail2") value=value&"&"&"strFdEmail3="&Request.Form("strFdEmail3") rtnString=rtnString&"?"&value if len(errStr) > 0 then rtnString=rtnString&"&"&errStr 'if len(rtnString)>0 then rtnString = paramStartChar&mid(rtnString,2) end if Response.AddHeader "Cache-Control","no-cache" Response.ContentType = "text/html" if(ref <>"" and errStr <>"" ) then %> "> <%elseif(errStr="") then%> <%else%> Missing Referer <%end if%>