diff --git a/contactform.php b/contactform.php index 23547a4..1861459 100755 --- a/contactform.php +++ b/contactform.php @@ -5,21 +5,33 @@ // Anti exploit code, not perfect but should throw a wrench into a bot's plan // This code has been used on several sites before and does seem to do a decent job, not perfect but pretty good +// The form code is now part of the php file so when the form is loaded the php can run to extend the +// functionality of the rate limiting code + session_start(); +$csrf_token = bin2hex(random_bytes(32)); +if (!isset($_SESSION['csrf_token'])) { + + $_SESSION['csrf_token'] = $csrf_token; +} +//$_SESSION['csrf_token'] = $csrf_token; class antibot { private $passfail; + public $token; function __constructor(){ $passfail = 0; // beter way to filter input data - $_POST = filter_var_array($_POST, FILTER_UNSAFE_RAW); - $_GET = filter_var_array($_GET, FILTER_UNSAFE_RAW); + $_POST = filter_var_array($_POST, FILTER_SANITIZE_STRING); + $_GET = filter_var_array($_GET, FILTER_SANITIZE_STRING); + + } private function fromtest() { - if ($_SERVER['HTTP_REFERER'] = "http://yourwebsite.com/contactus/"){ + if ($_SERVER['HTTP_REFERER'] = "https://urandom.link/contactform.php"){ $passfail = 1; } @@ -56,7 +68,7 @@ class antibot { // First clean the data $fname = $_POST["fname"]; $lname = $_POST["lname"]; - $email = $_POST["email"]; + $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); $comments = $_POST["comments"]; // compile cleaned message $msg = "From $fname Subject $lname email $email with message $comments"; @@ -68,24 +80,162 @@ class antibot { $this->ratetest(); $result = $this->traptest(); if($result == 3) { - $this->sndmsg("you@yoursite.com"); + $this->sndmsg("webmaster@pngpst.net"); return 3; }else{ return 0; } } + + } -$lcheck = new antibot(); -$winner = $lcheck->do_tests(); -if ($winner == 3){ - echo "Form Submitted thank you!"; -}else{ - echo "Error: Send failed, please try again."; -} +$antibot = new antibot(); + + +if ($_SERVER["REQUEST_METHOD"] == "POST") { + // Check if the CSRF token is present + if (isset($_POST['csrf_token'])) { + $user_token = $_POST['csrf_token']; + + // Check if the submitted token matches the stored session token + if ($user_token === $_SESSION['csrf_token']) { + // Token is valid, process the form + // ... Your form processing logic goes here ... + $winner = $antibot->do_tests(); + if ($winner == 3){ + echo "Form Submitted thank you!"; + }else{ + echo "Error: Send failed, please try again. -1"; + } + + } else { + // Invalid token, handle accordingly (e.g., log the incident, reject the form) + die("Error: Send failed, please try again. -2"); + } + } else { + // CSRF token is not present, handle accordingly + die("Error: Send failed, please try again. -3"); + } +} //else { + // Handle non-POST requests accordingly + //die("Invalid request method."); +//} + + +// $winner = $lcheck->do_tests(); + +//if ($winner == 3){ +// echo "Form Submitted thank you!"; +// }else{ +// echo "Error: Send failed, please try again."; +//} ?> + + + + + + Urandom.link contact form + + + + + + + +
+ +
+ +
+
+ +
+

Contact us

+ + +
+ +
+
+ + + + + + + + + + + + + + + +
+Your Name: +
+Subject:       +
+E-mail:         +
+Message:    +
+ + + +
+
+
+ + +
+ + + +
+
+ + + +

+ + + + + + + \ No newline at end of file diff --git a/contactus.html b/contactus.html new file mode 100644 index 0000000..b883a80 --- /dev/null +++ b/contactus.html @@ -0,0 +1,207 @@ + + + + + New Hope Ranch + + + + + + + + + + +
+ +
+ +
+
+ +
+

Contact us

+ + +
+ +
+
+ + + + + + + + + + + + + + + +
+Your Name: +
+Subject:       +
+E-mail:         +
+Message:    +
+ + +
+
+
+ + +
+ + + +
+
+ + + + +
+ +

+ + + + + + +