-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmessage.php
More file actions
116 lines (99 loc) · 3.57 KB
/
message.php
File metadata and controls
116 lines (99 loc) · 3.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
if( !isset($_POST['g-recaptcha-response']) || !isset($_POST['email']) || !isset($_POST['name']) || !isset($_POST['message'])
|| empty($_POST['g-recaptcha-response']) || empty($_POST['email']) || empty($_POST['name']) || empty($_POST['message'])){
header('Location: ' . dirname($_SERVER['REQUEST_URI']));
exit(0);
}
$email = stripslashes(
htmlspecialchars(
trim(
$_POST['email']
)));
$name = stripslashes(
htmlspecialchars(
trim(
$_POST['name']
)));
$message = stripslashes(
htmlspecialchars(
trim(
$_POST['message']
)));
$valid_captcha = false;
$valid_email = false;
$valid_name = false;
$valid_message = false;
$valid_database = false;
$api_key = file_get_contents('/api-keys/recaptcha.key');
$database_key = file_get_contents('/api-keys/database.key');
$valid_email = strlen($email) > 0 && strlen($email) <= 255 && filter_var($email, FILTER_VALIDATE_EMAIL);
$valid_name = strlen($name) > 0 && strlen($name) <= 255;
$valid_message = strlen($message) > 0 && strlen($message) <= 5000;
if( !$valid_email || !$valid_name || !$valid_message ){
http_response_code(400);
if( !$valid_email ){
echo("Invalid email");
}
if( !$valid_name ){
echo("Invalid name");
}
if( !$valid_message ){
echo("Invalid message");
}
exit(0);
}
try {
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = ['secret' => $api_key,
'response' => $_POST['g-recaptcha-response'],
'remoteip' => $_SERVER['REMOTE_ADDR']];
$options = [
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
]
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$valid_captcha = json_decode($result)->success;
}
catch (Exception $e) {
$valid_captcha = false;
}
if( !$valid_captcha ){
http_response_code(400);
echo "Invalid captcha";
exit(0);
}
$mysqli_con = new mysqli("localhost","http",$database_key,"replaceits");
if(!mysqli_connect_errno()){
$valid_database = true;
$sql = "INSERT IGNORE INTO contact_form (full_name, email_address, message, message_date) VALUES ( ? , ? , ? ,'" . date("Y-m-d H:i:s") . "');";
if($stmt = $mysqli_con->prepare($sql)){
$stmt->bind_param('sss', $name, $email, $message);
$stmt->execute();
$stmt->store_result();
$stmt->close();
} else {
$valid_database = false;
}
}
$mysqli_con->close();
if( !$valid_database ){
http_response_code(500);
echo("Invalid database");
exit(0);
}
mail("sidwil0790@students.ecpi.edu", "Contact Form - " . $name, $email . "\n\n" . $message,
'From: contact@replaceits.me' . "\r\n" .
'Reply-To: ' . $email . "\r\n" .
'MIME-Version: 1.0' . "\r\n" .
'Content-Type: text/plain; charset=utf-8' . "\r\n" .
'X-Priority: 1' . "\r\n" .
'X-Mailer: PHP/' . phpversion() . "\r\n"
);
http_response_code(200);
echo("Success");
exit(0);
?>