$form['name'] = array(
'#type' => 'textfield',
'#title' => t('your name'),
'#default_value' => $object['name'],
'#size' => 30,
'#maxlength' => 128,
'#required' => TRUE,
);

$form['eMail'] = array(
'#type' => 'textfield',
'#title' => t('your email-adress'),
'#default_value' => $object['eMail'],
'#size' => 30,
'#maxlength' => 128,
'#required' => TRUE,
);

$form['subject'] = array(
'#type' => 'textfield',
'#title' => t('subject'),
'#default_value' => $object['subject'],
'#size' => 30,
'#maxlength' => 128,
'#required' => TRUE,
);

$form['message'] = array(
'#type' => 'textarea',
'#title' => t('your message'),
'#default_value' => $object['message'],
'#size' => 30,
'#maxlength' => 128,
'#rows' => 7,
'#required' => TRUE,
);

$form['file1'] = array(
'#type' => 'file',
'#title' => t('attach your files here'),
);
$form['file2'] = array(
'#type' => 'file',
);
$form['file3'] = array(
'#type' => 'file',
);

$form['submit'] = array(
'#type' => 'submit',
'#value' => t('send email'),
);

$form['#attributes']['enctype'] = 'multipart/form-data';

$output = drupal_get_form('contactform', $form);
return $output;

// validation function for the contact form
function contactform_validate($form_id, $form_values) {
// first we validate if there is a email injection
$finds = array("/bcc:/i",
"/Content-Type:/i",
"/Mime-Type:/i",
"/MIME-Version:/i",
"/multipart\/mixed/i",
"/boundary=/i",
"/subject:/i",
"/cc:/i",
"/to:/i");
foreach($form_values as $value)
foreach($finds as $find)
if(preg_match($find,$value))
form_set_error('', '

Stop spamming

');

// then we validate the email-adress
if (!valid_email_address($form_values['eMail']) && !empty($form_values['eMail']))
form_set_error('', t('Please check the spelling of your email-adress.'));
}


// submit function for the contact form
function contactform_submit($form_id, $form_values) {

$from = $form_values['name'].' <'.$form_values['eMail'].'>';
$recipient = 'Michael Smolla ';
$subject = $form_values['subject'];
$body = wordwrap($form_values['message']);
$reply = 'Thank you for your message.';
$goto = '';

if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) {
$output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3)));
drupal_set_message('

'.$output.'

');
drupal_goto($goto);
}else{
$attachment = FALSE;
$trenner = md5(uniqid(time()));
$headers .= "MIME-Version: 1.0\n";
$headers .= "From: $from\nReply-to: $from\nReturn-path: $from\nErrors-to: $from\nX-Mailer: Drupal\n";
$headers .= "Content-Type: multipart/mixed;\n\tboundary=$trenner\n";
$message .= "\n--$trenner\n";
$message .= "Content-Type: text/plain; charset=UTF-8;"."\n\n"; // sets the mime type
$message .= $body."\n";
$message .= "\n\n";
for($i=1;$i<=3;$i++){
$file = file_check_upload('file'.$i);
if($file->filename){
$file->filepath = str_replace("\\","\\\\",$file->filepath);
$message .= "--$trenner"."\n";
$message .= "Content-Type:$file->filemime;\n\tname=$file->filename\n";
$message .= "Content-Transfer-Encoding: base64\n";
$message .= "Content-Disposition: attachment;\n\tfilename=$file->filename\n\n";
$filedata = fread(fopen($file->filepath, "rb"), $file->filesize);
$message .= chunk_split(base64_encode($filedata));
$message .= "\n\n";
$attachment = TRUE;
}
}
$message .= "--$trenner--";

// send Mail
if($attachment) // use the php mail function if we have attachments
mail($recipient, $subject, $message, $headers);
else
user_mail($recipient, $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from");

// Reply
user_mail($from, $subject, wordwrap($reply), "From: $recipient\nReply-to: $recipient\nX-Mailer: Drupal\nReturn-path: $recipient\nErrors-to: $recipient");

// Log the operation:
flood_register_event('contact');
watchdog('mail', t('%name-from use contact form', array('%name-from' => theme('placeholder', $form_values['name'] ." <$from>"),)));

drupal_set_message('Your message has been sent to us');
drupal_goto($goto);
}

}