Contact-mail/index.php

<?php
require_once './vendor/autoload.php';

$helperLoader = new SplClassLoader('Helpers', './vendor');
$mailLoader   = new SplClassLoader('SimpleMail', './vendor');

$helperLoader->register();
$mailLoader->register();

use Helpers\Config;
use SimpleMail\SimpleMail;

$config = new Config;
$config->load('./config/config.php');

//check secu code
$number_1 = rand(1, 9);
$number_2 = rand(1, 9);
$answer = substr(md5($number_1+$number_2),5,10);
//--


if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $name    = stripslashes(trim($_POST['form-name']));
    $email   = stripslashes(trim($_POST['form-email']));
//--
$user_answer = htmlspecialchars(trim($_POST['user_answer']));
$answer = htmlspecialchars(trim($_POST['answer']));
//--
    $subject = stripslashes(trim($_POST['form-subject']));
    $message = stripslashes(trim($_POST['form-message']));
    $pattern = '/[\r\n]|Content-Type:|Bcc:|Cc:/i';

    if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $subject)) {
        die("Header injection detected");
    }

    $emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);
      

    if ($name && $email && $emailIsValid && $subject && $message && substr(md5($user_answer),5,10) === $answer) {
  
  $mail = new SimpleMail();
 
//  $headers = "From: contact@echosystem.fr";
  $mailpage = file_get_contents("mail.txt.html");
//  $mail->setHtml($);
//  $mailpage2 = "<html>". $mailpage. "</html>";
//  $subject = "confirmation: message enregistrer";
//  mail($email,$subject,$mailpage2,$headers);
$mail->setTo($email); 
$mail->setFrom("contact@echosystem.fr");
$mail->setSender($name);
$mail->setSubject("confirmation: message enregistrer");
$mail->setHtml($mailpage);
        $mail->send();

    $mail = new SimpleMail();

        $mail->setTo($config->get('emails.to'));
        $mail->setFrom($config->get('emails.from'));
        $mail->setSender($name);
        $mail->setSubject($config->get('subject.prefix') . ' ' . $subject);

    $body = "
        <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
        <html>
            <head>
                <meta charset=\"utf-8\">
            </head>
            <body>
                <h1>{$subject}</h1>
        <h1> Contact Form</h1>
        <p> Echosystem.fr.</p>
                <p><strong>{$config->get('fields.name')}:</strong> {$name}</p>
                <p><strong>{$config->get('fields.email')}:</strong> {$email}</p>
                <p><strong>{$config->get('fields.message')}:</strong> {$message}</p>
            </body>
        </html>";

        $mail->setHtml($body);
        $mail->send();

        $emailSent = true;
    } else {
        $hasError = true;
    }
}
?><!DOCTYPE html>
<html>
<head>
    <title>Echosystem.fr Contact Form</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta charset="utf-8">
    <link href="//netdna.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" media="screen">
    <link rel="shortcut icon" type="image/x-icon" href="https://echosystem.fr/favicon.png" />

</head>
<body>
    <div class="jumbotron">
<table>
 <tr>
  <thead>
   <th><a target="_blank" style="text-decoration: none;"  href="/"><img border="0" vspace="0" hspace="0"  src="https://echosystem.fr/i/echosystem.png"   alt="Please enable images to view this content" title="echosystem Image"  width="540" style="max-width: 540px; color: #FFFFFF; font-size: 13px; margin: 50px; padding: 0; outline: none; text-decoration: none; -ms-interpolation-mode:bicubic; border: none; display: block;"/></a></th>
   <th><h1> Contact Form</h1><br><img border="0" vspace="0" hspace="0"  src="images/contact.png" /><h2> Echosystem.fr</h2></th>
  <thead>
 </tr>
 <tr>
  <td> </td>
  <td> </td>
 </tr>
</table>

    </div>
    <?php if(!empty($emailSent)): ?>
        <div class="col-md-6 col-md-offset-3">
            <div class="alert alert-success text-center"><?php echo $config->get('messages.success'); ?></div>
        </div>
    <?php else: ?>
        <?php if(!empty($hasError)): ?>
        <div class="col-md-5 col-md-offset-4">
            <div class="alert alert-danger text-center"><?php echo $config->get('messages.error'); ?></div>
        </div>
        <?php endif; ?>

    <div class="col-md-6 col-md-offset-3">
        <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" enctype="application/x-www-form-urlencoded" id="contact-form" class="form-horizontal" method="post">
            <div class="form-group">
                <label for="form-name" class="col-lg-2 control-label"><?php echo $config->get('fields.name'); ?></label>
                <div class="col-lg-10">
                    <input type="text" class="form-control" id="form-name" name="form-name" placeholder="<?php echo $config->get('fields.name'); ?>" required>
                </div>
            </div>
            <div class="form-group">
                <label for="form-email" class="col-lg-2 control-label"><?php echo $config->get('fields.email'); ?></label>
                <div class="col-lg-10">
                    <input type="email" class="form-control" id="form-email" name="form-email" placeholder="<?php echo $config->get('fields.email'); ?>" required>
                </div>
            </div>

            <div class="form-group">
                <label for="answer" class="col-lg-2 control-label"><?php echo $number_1; ?> + <?php echo $number_2; ?> = </label>
                <div class="col-lg-10">

<input type="tel" class="form-control" id="form-phone" name="user_answer" required placeholder="?  (To help prevent spam, please enter the answer to this question)"  />
<input type="hidden" name="answer" value="<?php echo $answer; ?>">
                </div>
            </div>

            <div class="form-group">
                <label for="form-subject" class="col-lg-2 control-label"><?php echo $config->get('fields.subject'); ?></label>
                <div class="col-lg-10">
                    <input type="text" class="form-control" id="form-subject" name="form-subject" placeholder="<?php echo $config->get('fields.subject'); ?>" required>
                </div>
            </div>
            <div class="form-group">
                <label for="form-message" class="col-lg-2 control-label"><?php echo $config->get('fields.message'); ?></label>
                <div class="col-lg-10">
                    <textarea class="form-control" rows="3" id="form-message" name="form-message" placeholder="<?php echo $config->get('fields.message'); ?>" required></textarea>
                </div>
            </div>
            <div class="form-group">
                <div class="col-lg-offset-2 col-lg-10">
                    <button type="submit" class="btn btn-default"><?php echo $config->get('fields.btn-send'); ?></button>
                </div>
            </div>
        </form>

<footer>
<br>
<font size="3px">  Your IP :
<b>
 <?php
  echo $_SERVER['REMOTE_ADDR']; // Show IP
  ?></b> is registered.</font>
<br>
<p><font size="1px">  Last Modif:<?php setlocale(LC_ALL,'french'); echo "  ".date("m/d/y H:i", getlastmod()); ?></font></p>
 </footer>

    </div>

    <?php endif; ?>

    <!--[if lt IE 9]>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
    <![endif]-->
    <!--[if gte IE 9]><!-->
        <script src="//ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
    <!--<![endif]-->
    <script type="text/javascript" src="public/js/contact-form.js"></script>

</body>
</html>
First commit First commit 2016-09-25 11:17:13 +02:00			`<?php`
			`require_once './vendor/autoload.php';`

			`$helperLoader = new SplClassLoader('Helpers', './vendor');`
			`$mailLoader = new SplClassLoader('SimpleMail', './vendor');`

			`$helperLoader->register();`
			`$mailLoader->register();`

			`use Helpers\Config;`
			`use SimpleMail\SimpleMail;`

			`$config = new Config;`
			`$config->load('./config/config.php');`

			`//check secu code`
			`$number_1 = rand(1, 9);`
			`$number_2 = rand(1, 9);`
			`$answer = substr(md5($number_1+$number_2),5,10);`
			`//--`


			`if ($_SERVER['REQUEST_METHOD'] === 'POST') {`
			`$name = stripslashes(trim($_POST['form-name']));`
			`$email = stripslashes(trim($_POST['form-email']));`
			`//--`
			`$user_answer = htmlspecialchars(trim($_POST['user_answer']));`
			`$answer = htmlspecialchars(trim($_POST['answer']));`
			`//--`
			`$subject = stripslashes(trim($_POST['form-subject']));`
			`$message = stripslashes(trim($_POST['form-message']));`
			`$pattern = '/[\r\n]\|Content-Type:\|Bcc:\|Cc:/i';`

			`if (preg_match($pattern, $name) \|\| preg_match($pattern, $email) \|\| preg_match($pattern, $subject)) {`
			`die("Header injection detected");`
			`}`

			`$emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);`


			`if ($name && $email && $emailIsValid && $subject && $message && substr(md5($user_answer),5,10) === $answer) {`

			`$mail = new SimpleMail();`

			`// $headers = "From: contact@echosystem.fr";`
			`$mailpage = file_get_contents("mail.txt.html");`
			`// $mail->setHtml($);`
			`// $mailpage2 = "<html>". $mailpage. "</html>";`
			`// $subject = "confirmation: message enregistrer";`
			`// mail($email,$subject,$mailpage2,$headers);`
			`$mail->setTo($email);`
			`$mail->setFrom("contact@echosystem.fr");`
			`$mail->setSender($name);`
			`$mail->setSubject("confirmation: message enregistrer");`
			`$mail->setHtml($mailpage);`
			`$mail->send();`

			`$mail = new SimpleMail();`

			`$mail->setTo($config->get('emails.to'));`
			`$mail->setFrom($config->get('emails.from'));`
			`$mail->setSender($name);`
			`$mail->setSubject($config->get('subject.prefix') . ' ' . $subject);`

			`$body = "`
			`<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">`
			`<html>`
			`<head>`
			`<meta charset=\"utf-8\">`
			`</head>`
			`<body>`
			`<h1>{$subject}</h1>`
			`<h1> Contact Form</h1>`
			`<p> Echosystem.fr.</p>`
			`<p><strong>{$config->get('fields.name')}:</strong> {$name}</p>`
			`<p><strong>{$config->get('fields.email')}:</strong> {$email}</p>`
			`<p><strong>{$config->get('fields.message')}:</strong> {$message}</p>`
			`</body>`
			`</html>";`

			`$mail->setHtml($body);`
			`$mail->send();`

			`$emailSent = true;`
			`} else {`
			`$hasError = true;`
			`}`
			`}`
			`?><!DOCTYPE html>`
			`<html>`
			`<head>`
			`<title>Echosystem.fr Contact Form</title>`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0">`
			`<meta charset="utf-8">`
			`<link href="//netdna.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" media="screen">`
			`<link rel="shortcut icon" type="image/x-icon" href="https://echosystem.fr/favicon.png" />`

			`</head>`
			`<body>`
			`<div class="jumbotron">`
			`<table>`
			`<tr>`
			`<thead>`
Update 'index.php' 2018-04-16 11:14:19 +02:00			`<th><a target="_blank" style="text-decoration: none;" href="/"><img border="0" vspace="0" hspace="0" src="https://echosystem.fr/i/echosystem.png" alt="Please enable images to view this content" title="echosystem Image" width="540" style="max-width: 540px; color: #FFFFFF; font-size: 13px; margin: 50px; padding: 0; outline: none; text-decoration: none; -ms-interpolation-mode:bicubic; border: none; display: block;"/></a></th>`
First commit First commit 2016-09-25 11:17:13 +02:00			`<th><h1> Contact Form</h1><br><img border="0" vspace="0" hspace="0" src="images/contact.png" /><h2> Echosystem.fr</h2></th>`
			`<thead>`
			`</tr>`
			`<tr>`
			`<td> </td>`
			`<td> </td>`
			`</tr>`
			`</table>`

			`</div>`
			`<?php if(!empty($emailSent)): ?>`
			`<div class="col-md-6 col-md-offset-3">`
			`<div class="alert alert-success text-center"><?php echo $config->get('messages.success'); ?></div>`
			`</div>`
			`<?php else: ?>`
			`<?php if(!empty($hasError)): ?>`
			`<div class="col-md-5 col-md-offset-4">`
			`<div class="alert alert-danger text-center"><?php echo $config->get('messages.error'); ?></div>`
			`</div>`
			`<?php endif; ?>`

			`<div class="col-md-6 col-md-offset-3">`
			`<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" enctype="application/x-www-form-urlencoded" id="contact-form" class="form-horizontal" method="post">`
			`<div class="form-group">`
			`<label for="form-name" class="col-lg-2 control-label"><?php echo $config->get('fields.name'); ?></label>`
			`<div class="col-lg-10">`
			`<input type="text" class="form-control" id="form-name" name="form-name" placeholder="<?php echo $config->get('fields.name'); ?>" required>`
			`</div>`
			`</div>`
			`<div class="form-group">`
			`<label for="form-email" class="col-lg-2 control-label"><?php echo $config->get('fields.email'); ?></label>`
			`<div class="col-lg-10">`
			`<input type="email" class="form-control" id="form-email" name="form-email" placeholder="<?php echo $config->get('fields.email'); ?>" required>`
			`</div>`
			`</div>`

			`<div class="form-group">`
			`<label for="answer" class="col-lg-2 control-label"><?php echo $number_1; ?> + <?php echo $number_2; ?> = </label>`
			`<div class="col-lg-10">`

			`<input type="tel" class="form-control" id="form-phone" name="user_answer" required placeholder="? (To help prevent spam, please enter the answer to this question)" />`
			`<input type="hidden" name="answer" value="<?php echo $answer; ?>">`
			`</div>`
			`</div>`

			`<div class="form-group">`
			`<label for="form-subject" class="col-lg-2 control-label"><?php echo $config->get('fields.subject'); ?></label>`
			`<div class="col-lg-10">`
			`<input type="text" class="form-control" id="form-subject" name="form-subject" placeholder="<?php echo $config->get('fields.subject'); ?>" required>`
			`</div>`
			`</div>`
			`<div class="form-group">`
			`<label for="form-message" class="col-lg-2 control-label"><?php echo $config->get('fields.message'); ?></label>`
			`<div class="col-lg-10">`
			`<textarea class="form-control" rows="3" id="form-message" name="form-message" placeholder="<?php echo $config->get('fields.message'); ?>" required></textarea>`
			`</div>`
			`</div>`
			`<div class="form-group">`
			`<div class="col-lg-offset-2 col-lg-10">`
			`<button type="submit" class="btn btn-default"><?php echo $config->get('fields.btn-send'); ?></button>`
			`</div>`
			`</div>`
			`</form>`

			`<footer>`
			`<br>`
			`<font size="3px"> Your IP :`
			`<b>`
			`<?php`
			`echo $_SERVER['REMOTE_ADDR']; // Show IP`
			`?></b> is registered.</font>`
			`<br>`
			`<p><font size="1px"> Last Modif:<?php setlocale(LC_ALL,'french'); echo " ".date("m/d/y H:i", getlastmod()); ?></font></p>`
			`</footer>`

			`</div>`

			`<?php endif; ?>`

			`<!--[if lt IE 9]>`
			`<script src="//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>`
			`<![endif]-->`
			`<!--[if gte IE 9]><!-->`
			`<script src="//ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>`
			`<!--<![endif]-->`
			`<script type="text/javascript" src="public/js/contact-form.js"></script>`

			`</body>`
			`</html>`