2024-09-11 13:06:40 +00:00
< ? php
2024-11-18 09:53:18 +00:00
// Pour le bon fonctionnement du script, mettre session_start(); au tout début de la page de contact, avant tout autre chose, avant le code html. Sinon la suite ne fonctionnera pas.
2024-09-11 13:06:40 +00:00
// Générer ou récupérer le token CSRF
if ( empty ( $_SESSION [ 'csrf_token' ])) {
$_SESSION [ 'csrf_token' ] = bin2hex ( random_bytes ( 32 ));
}
2024-11-18 09:53:18 +00:00
// Charger la configuration et les traductions
2024-09-11 13:06:40 +00:00
$config = include ( 'form_config.php' );
include 'form_lang.php' ;
2024-11-18 09:53:18 +00:00
// Fonction pour échapper les données
2024-09-11 13:06:40 +00:00
function escape ( $data ) {
return htmlspecialchars ( $data , ENT_QUOTES , 'UTF-8' );
}
2024-11-18 09:53:18 +00:00
// Fonction pour envoyer un mail avec msmtp
$account = $config [ 'account_msmtp' ];
function msmtp_send ( $to , $subject , $message , $headers , $account ) {
$emailContent = " To: $to\nSubject : $subject\n $headers\n\n $message\n " ;
$cmd = " echo " . escapeshellarg ( $emailContent ) . " | msmtp --account= $account $to 2>&1 " ;
exec ( $cmd , $output , $returnVar );
return $returnVar === 0 ;
}
// Vérifier l'action soumise
$action = isset ( $_POST [ 'action' ]) ? $_POST [ 'action' ] : '' ;
2024-09-11 13:06:40 +00:00
// Générer ou récupérer la question antispam
2024-11-18 09:53:18 +00:00
if ( $action === 'new_question' || ! isset ( $_SESSION [ 'current_question' ])) {
// Choisir une nouvelle question aléatoire
2024-09-11 13:06:40 +00:00
$questions_list = array_keys ( $txt [ 'questions' ]);
$current_question = $questions_list [ array_rand ( $questions_list )];
$correct_answers = $txt [ 'questions' ][ $current_question ];
// Mettre à jour la session avec la question et les réponses acceptées
$_SESSION [ 'current_question' ] = $current_question ;
$_SESSION [ 'correct_answers' ] = $correct_answers ;
} else {
// Utiliser la question stockée dans la session
$current_question = $_SESSION [ 'current_question' ];
$correct_answers = $_SESSION [ 'correct_answers' ];
}
2024-11-18 09:53:18 +00:00
// Vérification de l'envoi du formulaire
$try = isset ( $_POST [ 'try' ]) ? $_POST [ 'try' ] : '' ;
$nobotv = isset ( $_POST [ 'nobotv' ]) ? $_POST [ 'nobotv' ] : '' ;
$nobotc = isset ( $_POST [ 'nobotc' ]) ? $_POST [ 'nobotc' ] : '' ;
$nobots = isset ( $_POST [ 'nobots' ]) ? $_POST [ 'nobots' ] : '' ;
2024-09-11 13:06:40 +00:00
$nobot = time () . '_' . rand ( 50000 , 60000 );
2024-11-18 09:53:18 +00:00
if ( $action === 'submit_form' && $try === 'send' ) {
2024-09-11 13:06:40 +00:00
// Vérifier le token CSRF
if ( ! isset ( $_POST [ 'csrf_token' ]) || $_POST [ 'csrf_token' ] !== $_SESSION [ 'csrf_token' ]) {
2024-11-18 09:53:18 +00:00
echo " <span class= \" spam \" > " . $txt [ 'csrf_error' ] . " </span> " ;
return ;
2024-09-11 13:06:40 +00:00
}
2024-11-18 09:53:18 +00:00
// Vérifications anti-spam
if (( $nobotc != md5 ( $nobotv )) || empty ( $nobotv ) || ! empty ( $nobots )) {
echo " <span class= \" spam \" > " . $txt [ 'antispam_error' ] . " </span> " ;
return ;
}
// Traitement des données du formulaire
if ( $_SERVER [ " REQUEST_METHOD " ] === " POST " ) {
$name = strip_tags ( trim ( $_POST [ " name " ]));
$email = filter_var ( trim ( $_POST [ " email " ]), FILTER_VALIDATE_EMAIL );
$subject = strip_tags ( trim ( $_POST [ " subject " ]));
$message = strip_tags ( trim ( $_POST [ " message " ]));
$user_answer = isset ( $_POST [ 'answer' ]) ? trim ( $_POST [ 'answer' ]) : '' ;
// Validation des champs obligatoires
if ( empty ( $name ) || empty ( $email ) || empty ( $subject ) || empty ( $message ) || empty ( $user_answer )) {
echo " <span class= \" spam \" > " . $txt [ 'required_fields' ] . " </span> " ;
return ;
}
// Vérifier la présence de liens
if ( preg_match ( '/http(s?):\/\//i' , $message )) {
echo " <span class= \" spam \" > " . $txt [ 'link_error' ] . " </span> " ;
return ;
}
// Vérifier les mots interdits
$bad_words = $config [ 'bad_words' ];
foreach ( $bad_words as $bad ) {
if ( stripos ( $message , $bad ) !== false ) {
echo " <span class= \" spam \" > " . $txt [ 'bad_word_error' ] . " </span> " ;
return ;
}
}
// Vérification de la réponse anti-spam
if ( ! empty ( $user_answer ) && in_array ( strtolower ( $user_answer ), array_map ( 'strtolower' , $correct_answers ))) {
echo $txt [ 'good_answer' ];
// Réinitialiser la session pour la question
unset ( $_SESSION [ 'current_question' ]);
unset ( $_SESSION [ 'correct_answers' ]);
// Préparer l'envoi de l'email
$to = $config [ 'email' ];
$subject_prefix = $config [ 'subject_prefix' ];
$subjectreal = " $subject_prefix : $subject " ;
$headers = " From: $name < $email > " ;
2024-11-18 09:55:28 +00:00
// Usage de msmtp
2024-11-18 09:53:18 +00:00
if ( msmtp_send ( $to , $subjectreal , $message , $headers , $account )) {
echo $txt [ 'email_success' ];
2024-09-11 13:06:40 +00:00
} else {
2024-11-18 09:53:18 +00:00
echo $txt [ 'email_error' ];
2024-09-11 13:06:40 +00:00
}
2024-11-18 09:55:28 +00:00
// Sinon commentez au dessus et décommenter ici pour utiliser la fonction mail de php
/* if ( mail ( $to , $subjectreal , $message , $headers )) {
echo $txt [ 'email_success' ];
} else {
echo $txt [ 'email_error' ];
} */
2024-11-18 09:53:18 +00:00
} else {
echo " <span class= \" spam \" > " . $txt [ 'bad_answer' ] . " </span> " ;
2024-09-11 13:06:40 +00:00
}
}
}
?>