&1"; exec($cmd, $output, $returnVar); return $returnVar === 0; } // Vérifier l'action soumise $action = isset($_POST['action']) ? $_POST['action'] : ''; // Générer ou récupérer la question antispam if ($action === 'new_question' || !isset($_SESSION['current_question'])) { // Choisir une nouvelle question aléatoire $questions_list = array_keys($txt['questions']); $current_question = $questions_list[array_rand($questions_list)]; $correct_answers = $txt['questions'][$current_question]; // Mettre à jour la session avec la question et les réponses acceptées $_SESSION['current_question'] = $current_question; $_SESSION['correct_answers'] = $correct_answers; } else { // Utiliser la question stockée dans la session $current_question = $_SESSION['current_question']; $correct_answers = $_SESSION['correct_answers']; } // Vérification de l'envoi du formulaire $try = isset($_POST['try']) ? $_POST['try'] : ''; $nobotv = isset($_POST['nobotv']) ? $_POST['nobotv'] : ''; $nobotc = isset($_POST['nobotc']) ? $_POST['nobotc'] : ''; $nobots = isset($_POST['nobots']) ? $_POST['nobots'] : ''; $nobot = time() . '_' . rand(50000, 60000); if ($action === 'submit_form' && $try === 'send') { // Vérifier le token CSRF if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) { echo "" . $txt['csrf_error'] . ""; return; } // Vérifications anti-spam if (($nobotc != md5($nobotv)) || empty($nobotv) || !empty($nobots)) { echo "" . $txt['antispam_error'] . ""; return; } // Traitement des données du formulaire if ($_SERVER["REQUEST_METHOD"] === "POST") { $name = strip_tags(trim($_POST["name"])); $email = filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL); $subject = strip_tags(trim($_POST["subject"])); $message = strip_tags(trim($_POST["message"])); $user_answer = isset($_POST['answer']) ? trim($_POST['answer']) : ''; // Validation des champs obligatoires if (empty($name) || empty($email) || empty($subject) || empty($message) || empty($user_answer)) { echo "" . $txt['required_fields'] . ""; return; } // Vérifier la présence de liens if (preg_match('/http(s?):\/\//i', $message)) { echo "" . $txt['link_error'] . ""; return; } // Vérifier les mots interdits $bad_words = $config['bad_words']; foreach ($bad_words as $bad) { if (stripos($message, $bad) !== false) { echo "" . $txt['bad_word_error'] . ""; return; } } // Vérification de la réponse anti-spam if (!empty($user_answer) && in_array(strtolower($user_answer), array_map('strtolower', $correct_answers))) { echo $txt['good_answer']; // Réinitialiser la session pour la question unset($_SESSION['current_question']); unset($_SESSION['correct_answers']); // Préparer l'envoi de l'email $to = $config['email']; $subject_prefix = $config['subject_prefix']; $subjectreal = "$subject_prefix : $subject"; $headers = "From: $name <$email>"; if (msmtp_send($to, $subjectreal, $message, $headers, $account)) { echo $txt['email_success']; } else { echo $txt['email_error']; } } else { echo "" . $txt['bad_answer'] . ""; } } } ?>