gitmedia/mivita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mivita/_static/contact_form.php
Kevin Adametz 610aa1e202 First Commit
2018-10-29 09:39:31 +01:00

179 lines
6.2 KiB
PHP
Raw Blame History

<?php
class Contact_Form {
private $securekey, $iv;
function __construct($textkey) {
$this->securekey = hash('sha256',$textkey,TRUE);
// $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
// $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$this->iv = mcrypt_create_iv(32, MCRYPT_RAND);
}
public function submit() {
$plugin_settings["recipient_name"] = "mivita.care";
//$plugin_settings["recipient_email"] = "info@mivita.care";
$plugin_settings["recipient_email"] = "kevin.adametz@me.com";
$plugin_settings["email_subject"] = "Mail von mivita.care";
$errors = array();
if ( empty( $plugin_settings['recipient_email'] ) ) {
$errors['general'] = 'The recipient email is not set.';
return array("errors"=>$errors);
exit;
}
if( empty($_POST['required']) ){
$errors['general'] = 'Pflichtfelder nicht definiert.';
return array("errors"=>$errors);
exit;
}
//check token
if(!$this->checkSpamAutoSend($_POST['sender_token'])){
$errors['general'] = 'Konnte nicht gesendet werden. Bitte nur alle 10 sec. senden.';
return array("errors"=>$errors);
exit;
}
if ( empty( $_POST['sender_email_repeat'] ) ) {
//$errors['sender_email_repeat'] = 'invalid';
$errors['general'] = 'Konnte nicht gesendet werden. Bitte alle Felder ausfüllen.'.$_POST['sender_email_repeat'];
return array("errors"=>$errors);
exit;
}
$required = explode(",", trim($_REQUEST['required']));
$required = array_merge($required, array( 'sender_email', 'sender_name' ) );
$key = array_search("sender_email_repeat",$required);
if($key!==false){
unset($required[$key]);
}
foreach ( $required as $req ) {
if ( empty( $_POST[$req] ) ) {
$errors[$req] = 'required';
}
}
if ( !isset( $errors['sender_email'] ) && !strpos($_POST['sender_email'], "@") ) {
$errors['sender_email'] = 'invalid';
}
if ( !empty( $errors ) ) {
return array("errors"=>$errors);
exit;
}
$malicious = array( 'sender_name', 'sender_email' );
foreach ( $malicious as $mal ) {
if ( $this->is_malicious( $_POST[$mal] ) ) {
$errors[$mal] = 'malicious';
}
}
if ( !empty( $errors ) ) {
return array("errors"=>$errors);
exit;
}
//remove POST
unset($_POST['sender_token']);
unset($_POST['sender_email_repeat']);
$to = trim( $plugin_settings['recipient_name'] . ' <' . $plugin_settings['recipient_email'] . '>' );
$from = $_POST['sender_name'] . ' <' . $_POST['sender_email'] . '>';
$subject = $plugin_settings['email_subject'];
$message = '';
foreach ( $_POST as $name => $value ) {
if(strpos($name, 'sender_') !== false) {
$nicename = ucwords( str_replace( '_', ' ', str_replace('sender_', '', $name) ) );
$message .= $nicename . ': ';
if ( !empty( $_POST[$name] ) ) {
$message .= ( strpos( $_POST[$name], "\n" ) !== false ) ? "\r\n" : '';
$message .= $_POST[$name];
}
$message .= "\r\n\r\n-----------------------------------------------------------\r\n\r\n";
}
}
$message .= "\r\n";
$message .= $_POST['message'];
$message .= "\r\n\r\n-----------------------------------------------------------\r\n".
"Datum: ". date("H:i - d.m.y", time()). "\r\n".
"Onlinenummer: " .time(). "\r\n".
"-----------------------------------------------------------\r\n".
"\r\n\r\n".
"Abgesendet von:\r\n".
"IP-Adresse: " . $_SERVER['REMOTE_ADDR'] . "\r\n".
"Benutzer Browser: ". $_SERVER['HTTP_USER_AGENT'] . "\r\n".
"Server Zeit: ". date("H:i - d.m.y", time()). "\r\n\r\n";
$message = wordwrap( $message, 80, "\r\n");
$headers = "MIME-Version: 1.0\r\n";
$headers .= "From: $from\r\n";
$headers .= "Content-Type: text/plain; charset=\"UTF-8\"\r\n";
//header( 'Content-Type: text/plain' ); print_r( compact( 'to', 'subject', 'message', 'headers' ) ); exit;
if ( !mail( $to, $subject, $message, $headers ) ) {
$errors['general'] = 'For some reason the call to mail() failed. Best to contact the web host.';
return array("errors"=>$errors);
exit;
}
return array( 'success' => true );
exit;
}
private function checkSpamAutoSend($token) {
//var_dump($this->language);
$time = $this->decrypt($token);
$time_now = time();
if(!empty($time)){
if (!isset($time)) { return false; /* Feld fehlt ->Spam */ }
elseif (!is_numeric($time)) { return false; /* Manipulierung ->Spam */ }
elseif (intval($time) > $time_now-5) { return false; /* zu schnell */ }
elseif (intval($time) < $time_now-10*3600) { return false; /* altes Formular ->Spam */ }
else { return true; /* weitere Überprüfungen */ }
}
return false;
}
private function is_malicious( $input ) {
$bad_inputs = array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" );
foreach ( $bad_inputs as $bad_input ) {
if ( stripos( strtolower( $input ), strtolower( $bad_input ) ) !== false ) {
return true;
}
}
return false;
}
public function encrypt($input) {
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_ECB, $this->iv));
}
public function decrypt($input) {
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_ECB, $this->iv));
}
}
Reference in a new issue View git blame Copy permalink