-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathnewcontact.php
123 lines (101 loc) · 3.5 KB
/
newcontact.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
session_start();
session_regenerate_id();
function hashCreate($name) {
return $_SESSION[$name] = bin2hex(random_bytes(24));
} // hashCreate
function hashExists($name, $hash) {
return isset($_SESSION[$name]) && ($_SESSION[$name] == $hash) && isset($_SESSION['started']);
} // hashExists
function checkSessionAge() {
$datetime1 = new DateTime();
$datetime2 = new DateTime($_SESSION['started']);
return ($datetime1->getTimestamp() - $datetime2->getTimestamp());
} // checkSessionAge
function createSuccessResponse() {
header('Content-Type: application/json');
header('HTTP/1.0 200 Successful');
echo json_encode([
'title' => 'Message Sent Successfully',
'content' => 'Thank you for contacting us.',
'newHash' => hashCreate('contactHash')
]);
}
function isValidEmail($address) {
if (filter_var($address, FILTER_VALIDATE_EMAIL) == FALSE) return false;
// explode out local and domain
list($local,$domain)=explode('@',$address);
$localLength = strlen($local);
$domainLength = strlen($domain);
return
// check for proper lengths
($localLength > 0 && $localLength < 65) &&
($domainLength > 3 && $domainLength < 256) &&
// and if it's a valid domain
( checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') );
} // isValidEmail
function postNotMailHeaderSafe($indexes) {
foreach ($indexes as $index)
if (array_key_exists($index, $_POST) && (
strpos($_POST[$index], "\n") || strpos($_POST[$index], "\r")
)) return true;
return false;
} // postNotMailHeaderSafe
function mailCleanPost($index) {
return str_replace(["\r", "\n", ';'], ' ', $_POST[$index]);
} // mailCleanPost
function formMail() {
$subject = mailCleanPost('subject');
$email = mailCleanPost('email');
$from = mailCleanPost('name');
$header =
'From: ' . $from . ' <' . $email . ">\r\n" .
'Reply-To: ' . $email . "\r\n" .
'X-Mailer: PHP/' . phpversion() . "\r\n" .
'Content-Type: text/plain';
$message = htmlspecialchars($_POST['message']) . '
Logged IP: ' . $_SERVER['REMOTE_ADDR'] . '
UA String: ' . $_SERVER['HTTP_USER_AGENT'];
return mail(
$subject,
$message,
$header
);
} // formMail
if (
!empty($_POST['contactHash']) && hashExists('contactHash',$_POST['contactHash'])) {
if (postNotMailHeaderSafe(['name', 'email', 'subject']) || !isValidEmail($_POST['email'])) {
header('Content-Type: application/json');
header('HTTP/1.0 403 Forbidden');
echo json_encode([
'title' => 'Error - Invalid Input',
'content' => 'Oops! You\'ve encountered an error.',
'newHash' => hashCreate('contactHash')
]);
} else if (isset($_POST['agreeTerms'])) {
createSuccessResponse();
} else if (checkSessionAge() < 10) {
createSuccessResponse();
} else if (formMail()) {
createSuccessResponse();
} else {
ob_clean();
header('Content-Type: application/json');
header('HTTP/1.0 500 Internal Server Error');
echo json_encode([
'title' => 'Error - Unable to Contact Us',
'content' => 'Uh oh! It looks like we are having a problem. Please email us at <a href="mailto:[email protected]">[email protected]</a> and let us know!',
'newHash' => hashCreate('contactHash')
]);
}
} else {
header('Content-Type: application/json');
header('HTTP/1.0 403 Forbidden');
echo json_encode([
'title' => 'Error - Invalid Request',
'content' => 'Oops! You\'ve encountered an error.',
'newHash' => hashCreate('contactHash')
]);
}
?>