241 lines
No EOL
5.4 KiB
PHP
Executable file
241 lines
No EOL
5.4 KiB
PHP
Executable file
<?php
|
|
// Form code for mail submissions
|
|
// For usage with hugo site
|
|
|
|
// Anti exploit code, not perfect but should throw a wrench into a bot's plan
|
|
// This code has been used on several sites before and does seem to do a decent job, not perfect but pretty good
|
|
|
|
// The form code is now part of the php file so when the form is loaded the php can run to extend the
|
|
// functionality of the rate limiting code
|
|
|
|
session_start();
|
|
$csrf_token = bin2hex(random_bytes(32));
|
|
if (!isset($_SESSION['csrf_token'])) {
|
|
|
|
$_SESSION['csrf_token'] = $csrf_token;
|
|
}
|
|
//$_SESSION['csrf_token'] = $csrf_token;
|
|
|
|
class antibot {
|
|
|
|
private $passfail;
|
|
public $token;
|
|
|
|
function __constructor(){
|
|
$passfail = 0;
|
|
// beter way to filter input data
|
|
$_POST = filter_var_array($_POST, FILTER_SANITIZE_STRING);
|
|
$_GET = filter_var_array($_GET, FILTER_SANITIZE_STRING);
|
|
|
|
|
|
}
|
|
|
|
private function fromtest() {
|
|
if ($_SERVER['HTTP_REFERER'] = "https://urandom.link/contactform.php"){
|
|
$passfail = 1;
|
|
}
|
|
|
|
}
|
|
|
|
private function ratetest() {
|
|
if (!$_SESSION['last_submit']){
|
|
$_SESSION['last_submit'] = time(); // May not stick to a bot but doing it anyhow
|
|
$passfail = 2;
|
|
}else{
|
|
//print "Session found";
|
|
if (time()-$_SESSION['last_submit'] < 60){
|
|
// Purposefully not letting them know what the interval is
|
|
die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.');
|
|
$passfail = 0;
|
|
}else{
|
|
$_SESSION['last_submit'] = time();
|
|
$passfail = 2;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
private function traptest() {
|
|
if($_POST['website']){
|
|
$passfail = 0;
|
|
}else{
|
|
$passfail = 3;
|
|
}
|
|
return $passfail;
|
|
}
|
|
|
|
private function sndmsg($target) {
|
|
// First clean the data
|
|
$fname = $_POST["fname"];
|
|
$lname = $_POST["lname"];
|
|
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
|
|
$comments = $_POST["comments"];
|
|
// compile cleaned message
|
|
$msg = "From $fname Subject $lname email $email with message $comments";
|
|
mail($target,"Website Form Submission",$msg);
|
|
}
|
|
|
|
public function do_tests(){
|
|
$this->fromtest();
|
|
$this->ratetest();
|
|
$result = $this->traptest();
|
|
if($result == 3) {
|
|
$this->sndmsg("webmaster@pngpst.net");
|
|
return 3;
|
|
}else{
|
|
return 0;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
$antibot = new antibot();
|
|
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
// Check if the CSRF token is present
|
|
if (isset($_POST['csrf_token'])) {
|
|
$user_token = $_POST['csrf_token'];
|
|
|
|
// Check if the submitted token matches the stored session token
|
|
if ($user_token === $_SESSION['csrf_token']) {
|
|
// Token is valid, process the form
|
|
// ... Your form processing logic goes here ...
|
|
$winner = $antibot->do_tests();
|
|
if ($winner == 3){
|
|
echo "Form Submitted thank you!";
|
|
}else{
|
|
echo "Error: Send failed, please try again. -1";
|
|
}
|
|
|
|
} else {
|
|
// Invalid token, handle accordingly (e.g., log the incident, reject the form)
|
|
die("Error: Send failed, please try again. -2");
|
|
}
|
|
} else {
|
|
// CSRF token is not present, handle accordingly
|
|
die("Error: Send failed, please try again. -3");
|
|
}
|
|
} //else {
|
|
// Handle non-POST requests accordingly
|
|
//die("Invalid request method.");
|
|
//}
|
|
|
|
|
|
// $winner = $lcheck->do_tests();
|
|
|
|
//if ($winner == 3){
|
|
// echo "Form Submitted thank you!";
|
|
// }else{
|
|
// echo "Error: Send failed, please try again.";
|
|
//}
|
|
|
|
?>
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
|
|
<title>Urandom.link contact form</title>
|
|
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
|
|
<div id="container">
|
|
<div id="header">
|
|
<div id="headerleft">
|
|
<div id="title"><a href="https://urandom.link">Urandom.link</a><br />
|
|
<h3>Embrace the random!</h3>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="headerright">
|
|
<div id="flickr">
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="content">
|
|
<div id="center">
|
|
|
|
<div class="post">
|
|
<h1><a href="#">Contact us</a></h1>
|
|
|
|
|
|
<div class="storycontent">
|
|
|
|
<div>
|
|
<form action="https://urandom.link/contactform.php" method="post" id="contact">
|
|
<table>
|
|
<tr>
|
|
<td>
|
|
Your Name: <input type="text" name="fname" />
|
|
</td></tr>
|
|
<tr>
|
|
<td>
|
|
Subject: <input type="text" name="lname" />
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
E-mail: <input type="text" name="email" />
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
Message: <textarea name="comments" cols="50" rows="25"></textarea>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<input type="text" name="website" style=" display: none;"/>
|
|
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"/>
|
|
<button type="submit">Send Message </button>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div id="sidebar">
|
|
<div id="left">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
<div style="clear: both"><br /></div>
|
|
|
|
<div id="footer">
|
|
<div id="footernote">
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
</body>
|
|
</html>
|