RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d83542e03e
php-mpos/public/include/pages/contactform/contactform.inc.php
xisi d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
2014-01-20 04:27:58 -05:00

74 lines
3.7 KiB
PHP
Raw Blame History

<?php
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
if ($setting->getValue('recaptcha_enabled')) {
// Load re-captcha specific data
require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
$rsp = recaptcha_check_answer (
$setting->getValue('recaptcha_private_key'),
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]
);
}
// csrf if enabled
if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
$nocsrf = ($csrftoken->getBasic($user->getCurrentIP(), 'contact', 'mdyH') == $_POST['ctoken']) ? 1 : 0;
}
if ($setting->getValue('disable_contactform')) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
} else if ($setting->getValue('disable_contactform') && !$user->isAuthenticated(false)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is disabled for guests.', 'TYPE' => 'errormsg');
} else {
if ($setting->getValue('recaptcha_enabled') && $_POST["recaptcha_response_field"] && $_POST["recaptcha_response_field"]!=''){
// Check if recaptcha is enabled, process form data if valid
if ($rsp->is_valid) {
// Check if csrf is enabled and fail if token is invalid
if (!$nocsrf && $config['csrf']['enabled'] && $config['csrf']['forms']['register']) {
$img = $csrftoken->getDescriptionImageHTML();
$_SESSION['POPUP'][] = array('CONTENT' => "Contact token expired, please try again $img", 'TYPE' => 'info');
} else {
// csrf is valid or disabled, send
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key')));
if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'There was a problem sending your message. Please try again.' . $user->getError(), 'TYPE' => 'errormsg');
}
}
} else {
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error));
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again. (' . $rsp->error . ')', 'TYPE' => 'errormsg');
}
// Empty captcha
} else if ($setting->getValue('recaptcha_enabled')) {
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error));
$_SESSION['POPUP'][] = array('CONTENT' => 'Empty Captcha, please try again.', 'TYPE' => 'errormsg');
// Captcha disabled
} else {
// Check if csrf is enabled and fail if token is invalid
if (!$nocsrf && $config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
$img = $csrftoken->getDescriptionImageHTML();
$_SESSION['POPUP'][] = array('CONTENT' => "Contact token expired, please try again $img", 'TYPE' => 'info');
} else if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'There was a problem sending your message. Please try again. ' . $user->getError(), 'TYPE' => 'errormsg');
}
}
}
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
// csrf token
if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'contact', 'mdyH');
$smarty->assign('CTOKEN', $token);
}
?>
Reference in New Issue View Git Blame Copy Permalink