fbd4e92e9f
Full rewrite: swap out the v1 framework (src/, controllers/, views/, twig/, sass/, skeleton/) for the working v2 codebase from phpproject (App/, novaconium/, public/).
55 lines
1.7 KiB
PHP
55 lines
1.7 KiB
PHP
<?php
|
|
|
|
use App\Response;
|
|
use Lib\Csrf;
|
|
use Lib\FormValidator;
|
|
use Lib\Input;
|
|
use Lib\Mailer;
|
|
use Lib\SpamGuard;
|
|
|
|
$errors = [];
|
|
$old = ['name' => '', 'email' => '', 'message' => ''];
|
|
$spamGuard = new SpamGuard();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (!Csrf::verify(Input::post('csrf_token'))) {
|
|
return Response::redirect('/contact?error=security');
|
|
}
|
|
|
|
$old = [
|
|
'name' => Input::post('name', ''),
|
|
'email' => Input::post('email', ''),
|
|
'message' => Input::post('message', ''),
|
|
];
|
|
|
|
$validator = (new FormValidator())
|
|
->required($old['name'], 'name', 'Name is required.')
|
|
->email($old['email'], 'email', 'A valid email is required.')
|
|
->required($old['message'], 'message', 'Message is required.');
|
|
|
|
if ($validator->passes()) {
|
|
// $spamGuard checks the honeypot field + submission timing (see
|
|
// Lib\SpamGuard and index.twig's hidden fields) — a bot gets the
|
|
// exact same redirect a human would either way, with nothing in
|
|
// the response revealing which check it tripped, or that a check
|
|
// exists at all. Only Mailer::send() is skipped for spam.
|
|
if (!$spamGuard->isSpam(Input::post())) {
|
|
(new Mailer())->send($old['name'], $old['email'], $old['message']);
|
|
}
|
|
|
|
return Response::redirect('/contact?sent=1');
|
|
}
|
|
|
|
$errors = $validator->errors();
|
|
}
|
|
|
|
return [
|
|
'errors' => $errors,
|
|
'old' => $old,
|
|
'sent' => Input::get('sent') !== null,
|
|
'securityError' => Input::get('error') === 'security',
|
|
'renderedAt' => $spamGuard->renderedAt(),
|
|
'csrfField' => Csrf::fieldName(),
|
|
'csrfToken' => Csrf::token(),
|
|
];
|