kake26/contactform
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
contactform/contactform.php

274 lines
No EOL
7 KiB
PHP
Executable file
Raw Permalink Blame History

<?php
// Form code for mail submissions
// Anti exploit code, not perfect but should throw a wrench into a bot's plan
// This code has been used on several sites before and does seem to do a decent job, not perfect but pretty good
// The form code is now part of the php file so when the form is loaded the php can run to extend the
// functionality of the rate limiting code
// Using Bluma for the html parts really does make things look and work better
session_start();
$csrf_token = bin2hex(random_bytes(32));
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = $csrf_token;
}
//$_SESSION['csrf_token'] = $csrf_token;
class antibot {
private $passfail;
public $token;
function __constructor(){
$this->passfail = 0;
// beter way to filter input data
$_POST = filter_var_array($_POST, FILTER_SANITIZE_STRING);
$_GET = filter_var_array($_GET, FILTER_SANITIZE_STRING);
}
private function fromtest() {
if ($_SERVER['HTTP_REFERER'] = "https://urandom.link/contactform.php"){
$this->passfail++;
}
}
private function ratetest() {
if (!$_SESSION['last_submit']){
$_SESSION['last_submit'] = time(); // May not stick to a bot but doing it anyhow
$this->passfail = 1;
}else{
//print "Session found";
if (time()-$_SESSION['last_submit'] < 60){
// Purposefully not letting them know what the interval is
die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.');
}else{
$_SESSION['last_submit'] = time();
$this->passfail++;
}
}
}
private function traptest() {
if($_POST['website']){
$this->passfail = 0;
}else{
$this->passfail++;
}
return $this->passfail;
}
private function emptytest() {
if (empty($_POST['fname']) || empty($_POST['lname']) || empty($_POST['email']) || empty($_POST['comments'])){
$this->passfail = 0;
}else{
$this->passfail++;
}
}
private function sndmsg($target) {
// First clean the data
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
$comments = $_POST["comments"];
// compile cleaned message
$msg = "From $fname Subject $lname email $email with message $comments";
mail($target,"Website Form Submission",$msg);
}
public function do_tests(){
$this->fromtest();
$this->ratetest();
$this->traptest();
$this->emptytest();
if($this->passfail == 4) {
$this->sndmsg("webmaster@pngpst.net");
return 4;
}else{
return 0;
}
}
}
$antibot = new antibot();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Check if the CSRF token is present
if (isset($_POST['csrf_token'])) {
$user_token = $_POST['csrf_token'];
// Check if the submitted token matches the stored session token
if ($user_token === $_SESSION['csrf_token']) {
// Token is valid, process the form
// ... Your form processing logic goes here ...
$winner = $antibot->do_tests();
if ($winner == 4){
echo "Form Submitted thank you!";
}else{
echo "Error: Send failed, please try again. -1";
}
} else {
// Invalid token, handle accordingly (e.g., log the incident, reject the form)
die("Error: Send failed, please try again. -2");
}
} else {
// CSRF token is not present, handle accordingly
die("Error: Send failed, please try again. -3");
}
} //else {
// Handle non-POST requests accordingly
//die("Invalid request method.");
//}
// $winner = $lcheck->do_tests();
//if ($winner == 3){
// echo "Form Submitted thank you!";
// }else{
// echo "Error: Send failed, please try again.";
//}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css">
<title>Urandom.link contact form</title>
</head>
<body>
<section class="hero">
<div class="hero-body">
<p class="title">
URANDOM.LINK Contact Form
</p>
<p class="subtitle">
Embrace the random
</p>
</div>
</section>
<section class="section">
<div class="container">
<form action="https://urandom.link/contactform.php" method="post" id="contact">
<div class="field is-horizontal">
<div class="field-label is-normal">
<label class="label">From</label>
</div>
<div class="field-body">
<div class="field">
<p class="control is-expanded has-icons-left">
<input class="input" type="text" placeholder="Your Name" name="fname">
<span class="icon is-small is-left">
<i class="fas fa-user"></i>
</span>
</p>
</div>
<div class="field">
<p class="control is-expanded has-icons-left has-icons-right">
<input class="input is-success" type="email" placeholder="Email" name="email">
<span class="icon is-small is-left">
<i class="fas fa-envelope"></i>
</span>
<span class="icon is-small is-right">
<i class="fas fa-check"></i>
</span>
</p>
</div>
</div>
</div>
<div class="field is-horizontal">
<div class="field-label is-normal">
<label class="label">Subject</label>
</div>
<div class="field-body">
<div class="field">
<div class="control">
<input class="input is-danger" type="text" placeholder="Subject" name="lname">
</div>
<p class="help is-danger">
This field is required
</p>
</div>
</div>
</div>
<div class="field is-horizontal">
<div class="field-label is-normal">
<label class="label">Message</label>
</div>
<div class="field-body">
<div class="field">
<div class="control">
<textarea class="textarea is-danger" placeholder="Your message here" name="comments"></textarea>
</div>
<p class="help is-danger">
This field is required
</p>
</div>
</div>
</div>
<div class="field is-horizontal">
<div class="field-label">
<!-- Left empty for spacing -->
</div>
<div class="field-body">
<div class="field">
<div class="control">
<button class="button is-primary">
Send message
</button>
</div>
</div>
</div>
</div>
</div>
<input type="text" name="website" style=" display: none;"/>
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"/>
</form>
</section>
</body>
</html>
Reference in a new issue View git blame Copy permalink