back.index.php 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. <?php
  2. require_once './vendor/autoload.php';
  3. $helperLoader = new SplClassLoader('Helpers', './vendor');
  4. $mailLoader = new SplClassLoader('SimpleMail', './vendor');
  5. $helperLoader->register();
  6. $mailLoader->register();
  7. use Helpers\Config;
  8. use SimpleMail\SimpleMail;
  9. $config = new Config;
  10. $config->load('./config/config.php');
  11. //check secu code
  12. $number_1 = rand(1, 9);
  13. $number_2 = rand(1, 9);
  14. $answer = substr(md5($number_1+$number_2),5,10);
  15. //
  16. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  17. $name = stripslashes(trim($_POST['form-name']));
  18. $email = stripslashes(trim($_POST['form-email']));
  19. $phone = stripslashes(trim($_POST['form-phone']));
  20. $subject = stripslashes(trim($_POST['form-subject']));
  21. $message = stripslashes(trim($_POST['form-message']));
  22. $pattern = '/[\r\n]|Content-Type:|Bcc:|Cc:/i';
  23. if (preg_match($pattern, $name) || preg_match($pattern, $email) || preg_match($pattern, $subject)) {
  24. die("Header injection detected");
  25. }
  26. $emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);
  27. if ($name && $email && $emailIsValid && $subject && $message) {
  28. $mail = new SimpleMail();
  29. $mail->setTo($config->get('emails.to'));
  30. $mail->setFrom($config->get('emails.from'));
  31. $mail->setSender($name);
  32. $mail->setSubject($config->get('subject.prefix') . ' ' . $subject);
  33. $body = "
  34. <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
  35. <html>
  36. <head>
  37. <meta charset=\"utf-8\">
  38. </head>
  39. <body>
  40. <h1>{$subject}</h1>
  41. <p><strong>{$config->get('fields.name')}:</strong> {$name}</p>
  42. <p><strong>{$config->get('fields.email')}:</strong> {$email}</p>
  43. <p><strong>{$config->get('fields.phone')}:</strong> {$phone}</p>
  44. <p><strong>{$config->get('fields.message')}:</strong> {$message}</p>
  45. </body>
  46. </html>";
  47. $mail->setHtml($body);
  48. $mail->send();
  49. $emailSent = true;
  50. } else {
  51. $hasError = true;
  52. }
  53. }
  54. ?><!DOCTYPE html>
  55. <html>
  56. <head>
  57. <title>Echosystem.fr Contact Form</title>
  58. <meta name="viewport" content="width=device-width, initial-scale=1.0">
  59. <meta charset="utf-8">
  60. <link href="//netdna.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" media="screen">
  61. <link rel="shortcut icon" type="image/x-icon" href="https://echosystem.fr/favicon.png" />
  62. </head>
  63. <body>
  64. <div class="jumbotron">
  65. <h1> Contact Form</h1>
  66. <p> Echosystem.fr.</p>
  67. </div>
  68. <?php if(!empty($emailSent)): ?>
  69. <div class="col-md-6 col-md-offset-3">
  70. <div class="alert alert-success text-center"><?php echo $config->get('messages.success'); ?></div>
  71. </div>
  72. <?php else: ?>
  73. <?php if(!empty($hasError)): ?>
  74. <div class="col-md-5 col-md-offset-4">
  75. <div class="alert alert-danger text-center"><?php echo $config->get('messages.error'); ?></div>
  76. </div>
  77. <?php endif; ?>
  78. <div class="col-md-6 col-md-offset-3">
  79. <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" enctype="application/x-www-form-urlencoded" id="contact-form" class="form-horizontal" method="post">
  80. <div class="form-group">
  81. <label for="form-name" class="col-lg-2 control-label"><?php echo $config->get('fields.name'); ?></label>
  82. <div class="col-lg-10">
  83. <input type="text" class="form-control" id="form-name" name="form-name" placeholder="<?php echo $config->get('fields.name'); ?>" required>
  84. </div>
  85. </div>
  86. <div class="form-group">
  87. <label for="form-email" class="col-lg-2 control-label"><?php echo $config->get('fields.email'); ?></label>
  88. <div class="col-lg-10">
  89. <input type="email" class="form-control" id="form-email" name="form-email" placeholder="<?php echo $config->get('fields.email'); ?>" required>
  90. </div>
  91. </div>
  92. <div class="form-group">
  93. <label for="form-phone" class="col-lg-2 control-label"><?php echo $config->get('fields.phone'); ?></label>
  94. <div class="col-lg-10">
  95. <input type="tel" class="form-control" id="form-phone" name="form-phone" placeholder="<?php echo $config->get('fields.phone'); ?>">
  96. </div>
  97. </div>
  98. <div class="form-group">
  99. <label for="form-subject" class="col-lg-2 control-label"><?php echo $config->get('fields.subject'); ?></label>
  100. <div class="col-lg-10">
  101. <input type="text" class="form-control" id="form-subject" name="form-subject" placeholder="<?php echo $config->get('fields.subject'); ?>" required>
  102. </div>
  103. </div>
  104. <div class="form-group">
  105. <label for="form-message" class="col-lg-2 control-label"><?php echo $config->get('fields.message'); ?></label>
  106. <div class="col-lg-10">
  107. <textarea class="form-control" rows="3" id="form-message" name="form-message" placeholder="<?php echo $config->get('fields.message'); ?>" required></textarea>
  108. </div>
  109. </div>
  110. <div class="form-group">
  111. <div class="col-lg-offset-2 col-lg-10">
  112. To help prevent spam, please enter the answer to this question:</p>
  113. <span><?php echo $number_1; ?> + <?php echo $number_2; ?> = </span><input type="text" required placeholder="?" name="user_answer" /><input type="hidden" name="answer" value="<?php echo $answer; ?>" />
  114. <button type="submit" class="btn btn-default"><?php echo $config->get('fields.btn-send'); ?></button>
  115. </div>
  116. </div>
  117. </form>
  118. <footer>
  119. <br>
  120. <font size="-2"> Your IP :
  121. <b>
  122. <?php
  123. echo $_SERVER['REMOTE_ADDR']; // Show IP
  124. ?></b> is registered.</font>
  125. <br>
  126. <p><font size="-2"> | Last Modif:<?php setlocale(LC_ALL,'french'); echo " ".date("m/d/y H:i", getlastmod()); ?></font></p>
  127. </footer>
  128. </div>
  129. <?php endif; ?>
  130. <!--[if lt IE 9]>
  131. <script src="//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
  132. <![endif]-->
  133. <!--[if gte IE 9]><!-->
  134. <script src="//ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  135. <!--<![endif]-->
  136. <script type="text/javascript" src="public/js/contact-form.js"></script>
  137. </body>
  138. </html>