diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 964cd0c..0000000 --- a/LICENSE +++ /dev/null @@ -1,8 +0,0 @@ -The MIT License (MIT) -Copyright © 2022 Paul Malcher - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md old mode 100755 new mode 100644 index 01c9cdb..7ce7169 --- a/README.md +++ b/README.md @@ -1,7 +1,3 @@ # contactform -A spam and bot resistant contact form. Remeber to update the URL and e-mail address this sends to if you use it. - -# Notes 11/12/23 - -contactform.php now contains the accompanying HTML. Merged due to updates. \ No newline at end of file +A spam and bot resistant contact form. Remeber to update the URL and e-mail address this sends to if you use it. \ No newline at end of file diff --git a/contactform.php b/contactform.php old mode 100755 new mode 100644 index ef5f465..2f9ebe7 --- a/contactform.php +++ b/contactform.php @@ -1,37 +1,23 @@ passfail = 0; - // beter way to filter input data - $_POST = filter_var_array($_POST, FILTER_SANITIZE_STRING); - $_GET = filter_var_array($_GET, FILTER_SANITIZE_STRING); - - + $passfail = 0; } private function fromtest() { - if ($_SERVER['HTTP_REFERER'] = "https://urandom.link/contactform.php"){ - $this->passfail++; + if ($_SERVER['HTTP_REFERER'] = "http://yourwebsite.com/contactus/"){ + $passfail = 1; } } @@ -39,17 +25,16 @@ class antibot { private function ratetest() { if (!$_SESSION['last_submit']){ $_SESSION['last_submit'] = time(); // May not stick to a bot but doing it anyhow - $this->passfail = 1; + $passfail = 2; }else{ //print "Session found"; if (time()-$_SESSION['last_submit'] < 60){ // Purposefully not letting them know what the interval is - - die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.'); - + die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.'); + $passfail = 0; }else{ $_SESSION['last_submit'] = time(); - $this->passfail++; + $passfail = 2; } } @@ -57,28 +42,26 @@ class antibot { private function traptest() { if($_POST['website']){ - $this->passfail = 0; + $passfail = 0; }else{ - $this->passfail++; + $passfail = 3; } - return $this->passfail; + return $passfail; } - private function emptytest() { - if (empty($_POST['fname']) || empty($_POST['lname']) || empty($_POST['email']) || empty($_POST['comments'])){ - $this->passfail = 0; - }else{ - $this->passfail++; - } - - } + private function test_input($data) { // Cleans the input + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; + } private function sndmsg($target) { // First clean the data - $fname = $_POST["fname"]; - $lname = $_POST["lname"]; - $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); - $comments = $_POST["comments"]; + $fname = $this->test_input($_POST["fname"]); + $lname = $this->test_input($_POST["lname"]); + $email = $this->test_input($_POST["email"]); + $comments = $this->test_input($_POST["comments"]); // compile cleaned message $msg = "From $fname Subject $lname email $email with message $comments"; mail($target,"Website Form Submission",$msg); @@ -87,188 +70,26 @@ class antibot { public function do_tests(){ $this->fromtest(); $this->ratetest(); - $this->traptest(); - $this->emptytest(); - if($this->passfail == 4) { - $this->sndmsg("webmaster@pngpst.net"); - return 4; + $result = $this->traptest(); + if($result == 3) { + $this->sndmsg("you@yoursite.com"); + return 3; }else{ return 0; } } - - } +$lcheck = new antibot(); +$winner = $lcheck->do_tests(); -$antibot = new antibot(); - - -if ($_SERVER["REQUEST_METHOD"] == "POST") { - // Check if the CSRF token is present - if (isset($_POST['csrf_token'])) { - $user_token = $_POST['csrf_token']; - - // Check if the submitted token matches the stored session token - if ($user_token === $_SESSION['csrf_token']) { - // Token is valid, process the form - // ... Your form processing logic goes here ... - $winner = $antibot->do_tests(); - if ($winner == 4){ - echo "Form Submitted thank you!"; - }else{ - echo "Error: Send failed, please try again. -1"; - } - - } else { - // Invalid token, handle accordingly (e.g., log the incident, reject the form) - die("Error: Send failed, please try again. -2"); - } - } else { - // CSRF token is not present, handle accordingly - die("Error: Send failed, please try again. -3"); - } -} //else { - // Handle non-POST requests accordingly - //die("Invalid request method."); -//} - - -// $winner = $lcheck->do_tests(); - -//if ($winner == 3){ -// echo "Form Submitted thank you!"; -// }else{ -// echo "Error: Send failed, please try again."; -//} +if ($winner == 3){ + echo "Form Submitted thank you!"; +}else{ + echo "Error: Send failed, please try again."; +} ?> - - - - - - - - Urandom.link contact form - - - - - - -
-
-

- URANDOM.LINK Contact Form -

-

- Embrace the random -

-
-
- -
-
-
- -
-
- -
-
-
-

- - - - -

-
-
-

- - - - - - - -

-
-
-
- - - - - - - -
-
- -
-
-
-
- -
-

- This field is required -

-
-
-
- -
-
- -
-
-
-
- -
-

- This field is required -

-
-
-
- -
-
- -
-
-
-
- -
-
-
-
-
- - - - - - - -
- - - - - - - - - \ No newline at end of file