From c02727e444774323d148f511402c6b0062d9243a Mon Sep 17 00:00:00 2001 From: kake26 Date: Wed, 5 Jan 2022 18:54:19 +0100 Subject: [PATCH 1/5] added license I forgot to add this initially --- LICENSE | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..964cd0c --- /dev/null +++ b/LICENSE @@ -0,0 +1,8 @@ +The MIT License (MIT) +Copyright © 2022 Paul Malcher + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file From 56c808c98423144fd13bfa792c51099376a3362c Mon Sep 17 00:00:00 2001 From: Paul Date: Wed, 10 May 2023 23:20:48 -0500 Subject: [PATCH 2/5] Updated filtering to modernize it a bit --- README.md | 0 contactform.php | 18 +++++++----------- 2 files changed, 7 insertions(+), 11 deletions(-) mode change 100644 => 100755 README.md mode change 100644 => 100755 contactform.php diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/contactform.php b/contactform.php old mode 100644 new mode 100755 index 2f9ebe7..23547a4 --- a/contactform.php +++ b/contactform.php @@ -13,6 +13,9 @@ class antibot { function __constructor(){ $passfail = 0; + // beter way to filter input data + $_POST = filter_var_array($_POST, FILTER_UNSAFE_RAW); + $_GET = filter_var_array($_GET, FILTER_UNSAFE_RAW); } private function fromtest() { @@ -49,19 +52,12 @@ class antibot { return $passfail; } - private function test_input($data) { // Cleans the input - $data = trim($data); - $data = stripslashes($data); - $data = htmlspecialchars($data); - return $data; - } - private function sndmsg($target) { // First clean the data - $fname = $this->test_input($_POST["fname"]); - $lname = $this->test_input($_POST["lname"]); - $email = $this->test_input($_POST["email"]); - $comments = $this->test_input($_POST["comments"]); + $fname = $_POST["fname"]; + $lname = $_POST["lname"]; + $email = $_POST["email"]; + $comments = $_POST["comments"]; // compile cleaned message $msg = "From $fname Subject $lname email $email with message $comments"; mail($target,"Website Form Submission",$msg); From f47a26a7e749a0a5b68c14fbed76bc476e588699 Mon Sep 17 00:00:00 2001 From: Paul M Date: Sun, 12 Nov 2023 20:58:19 -0600 Subject: [PATCH 3/5] csrf token added and filter changes --- contactform.php | 174 +++++++++++++++++++++++++++++++++++++--- contactus.html | 207 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 369 insertions(+), 12 deletions(-) create mode 100644 contactus.html diff --git a/contactform.php b/contactform.php index 23547a4..1861459 100755 --- a/contactform.php +++ b/contactform.php @@ -5,21 +5,33 @@ // Anti exploit code, not perfect but should throw a wrench into a bot's plan // This code has been used on several sites before and does seem to do a decent job, not perfect but pretty good +// The form code is now part of the php file so when the form is loaded the php can run to extend the +// functionality of the rate limiting code + session_start(); +$csrf_token = bin2hex(random_bytes(32)); +if (!isset($_SESSION['csrf_token'])) { + + $_SESSION['csrf_token'] = $csrf_token; +} +//$_SESSION['csrf_token'] = $csrf_token; class antibot { private $passfail; + public $token; function __constructor(){ $passfail = 0; // beter way to filter input data - $_POST = filter_var_array($_POST, FILTER_UNSAFE_RAW); - $_GET = filter_var_array($_GET, FILTER_UNSAFE_RAW); + $_POST = filter_var_array($_POST, FILTER_SANITIZE_STRING); + $_GET = filter_var_array($_GET, FILTER_SANITIZE_STRING); + + } private function fromtest() { - if ($_SERVER['HTTP_REFERER'] = "http://yourwebsite.com/contactus/"){ + if ($_SERVER['HTTP_REFERER'] = "https://urandom.link/contactform.php"){ $passfail = 1; } @@ -56,7 +68,7 @@ class antibot { // First clean the data $fname = $_POST["fname"]; $lname = $_POST["lname"]; - $email = $_POST["email"]; + $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); $comments = $_POST["comments"]; // compile cleaned message $msg = "From $fname Subject $lname email $email with message $comments"; @@ -68,24 +80,162 @@ class antibot { $this->ratetest(); $result = $this->traptest(); if($result == 3) { - $this->sndmsg("you@yoursite.com"); + $this->sndmsg("webmaster@pngpst.net"); return 3; }else{ return 0; } } + + } -$lcheck = new antibot(); -$winner = $lcheck->do_tests(); -if ($winner == 3){ - echo "Form Submitted thank you!"; -}else{ - echo "Error: Send failed, please try again."; -} +$antibot = new antibot(); + + +if ($_SERVER["REQUEST_METHOD"] == "POST") { + // Check if the CSRF token is present + if (isset($_POST['csrf_token'])) { + $user_token = $_POST['csrf_token']; + + // Check if the submitted token matches the stored session token + if ($user_token === $_SESSION['csrf_token']) { + // Token is valid, process the form + // ... Your form processing logic goes here ... + $winner = $antibot->do_tests(); + if ($winner == 3){ + echo "Form Submitted thank you!"; + }else{ + echo "Error: Send failed, please try again. -1"; + } + + } else { + // Invalid token, handle accordingly (e.g., log the incident, reject the form) + die("Error: Send failed, please try again. -2"); + } + } else { + // CSRF token is not present, handle accordingly + die("Error: Send failed, please try again. -3"); + } +} //else { + // Handle non-POST requests accordingly + //die("Invalid request method."); +//} + + +// $winner = $lcheck->do_tests(); + +//if ($winner == 3){ +// echo "Form Submitted thank you!"; +// }else{ +// echo "Error: Send failed, please try again."; +//} ?> + + + + + + Urandom.link contact form + + + + + + + +
+ +
+ +
+
+ +
+

Contact us

+ + +
+ +
+
+ + + + + + + + + + + + + + + +
+Your Name: +
+Subject:       +
+E-mail:         +
+Message:    +
+ + + +
+
+
+ + +
+ + + +
+
+ + + +

+ + + + + + + \ No newline at end of file diff --git a/contactus.html b/contactus.html new file mode 100644 index 0000000..b883a80 --- /dev/null +++ b/contactus.html @@ -0,0 +1,207 @@ + + + + + New Hope Ranch + + + + + + + + + + +
+ +
+ +
+
+ +
+

Contact us

+ + +
+ +
+
+ + + + + + + + + + + + + + + +
+Your Name: +
+Subject:       +
+E-mail:         +
+Message:    +
+ + +
+
+
+ + +
+ + + +
+
+ + + + +
+ +

+ + + + + + + From 037120167155c60e71078b35af7c75f031c1fc68 Mon Sep 17 00:00:00 2001 From: Paul M Date: Sun, 12 Nov 2023 21:03:41 -0600 Subject: [PATCH 4/5] files removed and merged, read me updated --- README.md | 6 +- contactus.html | 207 ------------------------------------------------- 2 files changed, 5 insertions(+), 208 deletions(-) delete mode 100644 contactus.html diff --git a/README.md b/README.md index 7ce7169..01c9cdb 100755 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ # contactform -A spam and bot resistant contact form. Remeber to update the URL and e-mail address this sends to if you use it. \ No newline at end of file +A spam and bot resistant contact form. Remeber to update the URL and e-mail address this sends to if you use it. + +# Notes 11/12/23 + +contactform.php now contains the accompanying HTML. Merged due to updates. \ No newline at end of file diff --git a/contactus.html b/contactus.html deleted file mode 100644 index b883a80..0000000 --- a/contactus.html +++ /dev/null @@ -1,207 +0,0 @@ - - - - - New Hope Ranch - - - - - - - - - - -
- -
- -
-
- -
-

Contact us

- - -
- -
-
- - - - - - - - - - - - - - - -
-Your Name: -
-Subject:       -
-E-mail:         -
-Message:    -
- - -
-
-
- - -
- - - -
-
- - - - -
- -

- - - - - - - From f9cf02d1339969958cd166eb82609593698950fb Mon Sep 17 00:00:00 2001 From: Paul M Date: Fri, 17 Nov 2023 13:28:12 -0600 Subject: [PATCH 5/5] Copied form my website. This merged the HTML and PHP to support additional anti spam code, bluma was added to make it nicer and passfail got fixed --- contactform.php | 219 ++++++++++++++++++++++++++++-------------------- 1 file changed, 126 insertions(+), 93 deletions(-) diff --git a/contactform.php b/contactform.php index 1861459..ef5f465 100755 --- a/contactform.php +++ b/contactform.php @@ -1,13 +1,12 @@ passfail = 0; // beter way to filter input data $_POST = filter_var_array($_POST, FILTER_SANITIZE_STRING); $_GET = filter_var_array($_GET, FILTER_SANITIZE_STRING); @@ -32,7 +31,7 @@ class antibot { private function fromtest() { if ($_SERVER['HTTP_REFERER'] = "https://urandom.link/contactform.php"){ - $passfail = 1; + $this->passfail++; } } @@ -40,16 +39,17 @@ class antibot { private function ratetest() { if (!$_SESSION['last_submit']){ $_SESSION['last_submit'] = time(); // May not stick to a bot but doing it anyhow - $passfail = 2; + $this->passfail = 1; }else{ //print "Session found"; if (time()-$_SESSION['last_submit'] < 60){ // Purposefully not letting them know what the interval is - die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.'); - $passfail = 0; + + die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.'); + }else{ $_SESSION['last_submit'] = time(); - $passfail = 2; + $this->passfail++; } } @@ -57,11 +57,20 @@ class antibot { private function traptest() { if($_POST['website']){ - $passfail = 0; + $this->passfail = 0; }else{ - $passfail = 3; + $this->passfail++; } - return $passfail; + return $this->passfail; + } + + private function emptytest() { + if (empty($_POST['fname']) || empty($_POST['lname']) || empty($_POST['email']) || empty($_POST['comments'])){ + $this->passfail = 0; + }else{ + $this->passfail++; + } + } private function sndmsg($target) { @@ -78,10 +87,11 @@ class antibot { public function do_tests(){ $this->fromtest(); $this->ratetest(); - $result = $this->traptest(); - if($result == 3) { + $this->traptest(); + $this->emptytest(); + if($this->passfail == 4) { $this->sndmsg("webmaster@pngpst.net"); - return 3; + return 4; }else{ return 0; } @@ -107,7 +117,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { // Token is valid, process the form // ... Your form processing logic goes here ... $winner = $antibot->do_tests(); - if ($winner == 3){ + if ($winner == 4){ echo "Form Submitted thank you!"; }else{ echo "Error: Send failed, please try again. -1"; @@ -140,7 +150,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { - + + + Urandom.link contact form @@ -148,92 +160,113 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { +
+
+

+ URANDOM.LINK Contact Form +

+

+ Embrace the random +

+
+
-
- - - -
-
- - -

- -