95 lines
2.4 KiB
PHP
95 lines
2.4 KiB
PHP
<?php
|
|
// Form code for mail submissions
|
|
// For usage with hugo site
|
|
|
|
// Anti exploit code, not perfect but should throw a wrench into a bot's plan
|
|
// This code has been used on several sites before and does seem to do a decent job, not perfect but pretty good
|
|
|
|
session_start();
|
|
|
|
class antibot {
|
|
|
|
private $passfail;
|
|
|
|
function __constructor(){
|
|
$passfail = 0;
|
|
}
|
|
|
|
private function fromtest() {
|
|
if ($_SERVER['HTTP_REFERER'] = "http://yourwebsite.com/contactus/"){
|
|
$passfail = 1;
|
|
}
|
|
|
|
}
|
|
|
|
private function ratetest() {
|
|
if (!$_SESSION['last_submit']){
|
|
$_SESSION['last_submit'] = time(); // May not stick to a bot but doing it anyhow
|
|
$passfail = 2;
|
|
}else{
|
|
//print "Session found";
|
|
if (time()-$_SESSION['last_submit'] < 60){
|
|
// Purposefully not letting them know what the interval is
|
|
die('Error: Message not sent, rate limit hit. Please wait a few minutes and try again.');
|
|
$passfail = 0;
|
|
}else{
|
|
$_SESSION['last_submit'] = time();
|
|
$passfail = 2;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
private function traptest() {
|
|
if($_POST['website']){
|
|
$passfail = 0;
|
|
}else{
|
|
$passfail = 3;
|
|
}
|
|
return $passfail;
|
|
}
|
|
|
|
private function test_input($data) { // Cleans the input
|
|
$data = trim($data);
|
|
$data = stripslashes($data);
|
|
$data = htmlspecialchars($data);
|
|
return $data;
|
|
}
|
|
|
|
private function sndmsg($target) {
|
|
// First clean the data
|
|
$fname = $this->test_input($_POST["fname"]);
|
|
$lname = $this->test_input($_POST["lname"]);
|
|
$email = $this->test_input($_POST["email"]);
|
|
$comments = $this->test_input($_POST["comments"]);
|
|
// compile cleaned message
|
|
$msg = "From $fname Subject $lname email $email with message $comments";
|
|
mail($target,"Website Form Submission",$msg);
|
|
}
|
|
|
|
public function do_tests(){
|
|
$this->fromtest();
|
|
$this->ratetest();
|
|
$result = $this->traptest();
|
|
if($result == 3) {
|
|
$this->sndmsg("you@yoursite.com");
|
|
return 3;
|
|
}else{
|
|
return 0;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$lcheck = new antibot();
|
|
|
|
$winner = $lcheck->do_tests();
|
|
|
|
if ($winner == 3){
|
|
echo "Form Submitted thank you!";
|
|
}else{
|
|
echo "Error: Send failed, please try again.";
|
|
}
|
|
|
|
?>
|