RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
693edccb18
php-mpos/public/include/pages/contactform/contactform.inc.php
xisi 76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
2014-01-20 04:41:13 -05:00

71 lines
3.5 KiB
PHP
Raw Blame History

<?php
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
if ($setting->getValue('recaptcha_enabled')) {
// Load re-captcha specific data
require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
$rsp = recaptcha_check_answer (
$setting->getValue('recaptcha_private_key'),
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]
);
}
// csrf if enabled
$csrfenabled = ($config['csrf']['enabled'] && !in_array('contact', $config['csrf']['disabled_forms'])) ? 1 : 0;
if ($csrfenabled) {
$nocsrf = ($csrftoken->getBasic($user->getCurrentIP(), 'contact') == @$_POST['ctoken']) ? 1 : 0;
}
if ($setting->getValue('disable_contactform')) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
} else if ($setting->getValue('disable_contactform') && !$user->isAuthenticated(false)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is disabled for guests.', 'TYPE' => 'errormsg');
} else {
if ($setting->getValue('recaptcha_enabled') && $_POST["recaptcha_response_field"] && $_POST["recaptcha_response_field"]!=''){
// Check if recaptcha is enabled, process form data if valid
if ($rsp->is_valid) {
// Check if csrf is enabled and fail if token is invalid
if (!$nocsrf && $csrfenabled) {
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
} else {
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key')));
if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'There was a problem sending your message. Please try again.' . $user->getError(), 'TYPE' => 'errormsg');
}
}
} else {
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error));
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again. (' . $rsp->error . ')', 'TYPE' => 'errormsg');
}
// Empty captcha
} else if ($setting->getValue('recaptcha_enabled')) {
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error));
$_SESSION['POPUP'][] = array('CONTENT' => 'Empty Captcha, please try again.', 'TYPE' => 'errormsg');
// Captcha disabled
} else {
// Check if csrf is enabled and fail if token is invalid
if (!$nocsrf && $csrfenabled) {
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
} else if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'There was a problem sending your message. Please try again. ' . $user->getError(), 'TYPE' => 'errormsg');
}
}
}
// csrf token
if ($config['csrf']['enabled'] && !in_array('contact', $config['csrf']['disabled_forms'])) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'contact');
$smarty->assign('CTOKEN', $token);
}
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
?>
Reference in New Issue View Git Blame Copy Permalink