static/php/contact.php

   1 <?php
   2
   3 // Set the e-mail address that submission should be sent to.
   4 $address = 'danix@danix.xyz';
   5
   6 // Set the e-mail subject prefix.
   7 $prefix = 'Website feedback';
   8
   9 // DO NOT EDIT ANYTHING BELOW UNLESS YOU KNOW WHAT YOU ARE DOING.
  10
  11 $error = false;
  12 $success = false;
  13
  14 // Check that the submission address is valid.
  15 if ((bool) filter_var(trim($address), FILTER_VALIDATE_EMAIL)) {
  16   // Also set sender/return path header to this address to avoid SPF errors.
  17   $to = $sender = trim($address);
  18 }
  19 else {
  20   $error = true;
  21 }
  22
  23 // Check that referer is local server.
  24 if (!isset($_SERVER['HTTP_REFERER']) || (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $_SERVER['SERVER_NAME'])) {
  25   exit('Direct access not permitted');
  26 }
  27
  28 // Check that this is a post request.
  29 if ($_SERVER['REQUEST_METHOD'] != 'POST' || empty($_POST)) {
  30   $error = true;
  31 }
  32
  33 // Check if fake url field is filled in, i.e. spam bot.
  34 if (!empty($_POST['url'])) {
  35   $error = true;
  36 }
  37
  38 // Check that e-mail address is valid.
  39 if ((bool) filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL)) {
  40   $email = trim($_POST['email']);
  41 }
  42 else {
  43   $error = true;
  44 }
  45
  46 if (!$error) {
  47   // Construct the mail with headers.
  48   $name = _contact_clean_str($_POST['name'], ENT_QUOTES, true, true);
  49   $prefix = _contact_clean_str($prefix, ENT_NOQUOTES, true, true);
  50   $subject = _contact_clean_str($_POST['subject'], ENT_NOQUOTES, true, true);
  51   $subject = "[$prefix] $subject";
  52   $message = _contact_clean_str($_POST['message'], ENT_NOQUOTES);
  53   $lines = explode("\n", $message);
  54   array_walk($lines, '_contact_ff_wrap');
  55   $message = implode("\n", $lines);
  56   $headers = [
  57     'From'                      => "$name <$email>",
  58     'Sender'                    => $sender,
  59     'Return-Path'               => $sender,
  60     'MIME-Version'              => '1.0',
  61     'Content-Type'              => 'text/plain; charset=UTF-8; format=flowed; delsp=yes',
  62     'Content-Transfer-Encoding' => '8Bit',
  63     'X-Mailer'                  => 'Hugo - Zen',
  64   ];
  65   $mime_headers = [];
  66   foreach ($headers as $key => $value) {
  67     $mime_headers[] = "$key: $value";
  68   }
  69   $mail_headers = join("\n", $mime_headers);
  70
  71   // Send the mail, suppressing errors and setting Return-Path with the "-f" option.
  72   $success = @mail($to, $subject, $message, $mail_headers, '-f' . $sender);
  73 }
  74
  75 $status = $success ? 'submitted' : 'error';
  76 $contact_form_url = strtok($_SERVER['HTTP_REFERER'], '?');
  77
  78 // Redirect back to contact form with status.
  79 header('Location: ' . $contact_form_url . '?' . $status, TRUE, 302);
  80 exit;
  81
  82 function _contact_ff_wrap(&$line) {
  83   $line = wordwrap($line, 72, "  \n");
  84 }
  85
  86 function _contact_clean_str($str, $quotes, $strip = false, $encode = false) {
  87   if ($strip) {
  88     $str = strip_tags($str);
  89   }
  90
  91   $str = htmlspecialchars(trim($str), $quotes, 'UTF-8');
  92
  93   if ($encode && preg_match('/[^\x20-\x7E]/', $str)) {
  94     $str = '=?UTF-8?B?' . base64_encode($str) . '?=';
  95   }
  96
  97   return $str;
  98 }