Files
novaconium/App/pages/contact/index.php
T
code fbd4e92e9f Replace v1 with v2 codebase
Full rewrite: swap out the v1 framework (src/, controllers/, views/,
twig/, sass/, skeleton/) for the working v2 codebase from phpproject
(App/, novaconium/, public/).
2026-07-14 01:58:25 +00:00

55 lines
1.7 KiB
PHP

<?php
use App\Response;
use Lib\Csrf;
use Lib\FormValidator;
use Lib\Input;
use Lib\Mailer;
use Lib\SpamGuard;
$errors = [];
$old = ['name' => '', 'email' => '', 'message' => ''];
$spamGuard = new SpamGuard();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!Csrf::verify(Input::post('csrf_token'))) {
return Response::redirect('/contact?error=security');
}
$old = [
'name' => Input::post('name', ''),
'email' => Input::post('email', ''),
'message' => Input::post('message', ''),
];
$validator = (new FormValidator())
->required($old['name'], 'name', 'Name is required.')
->email($old['email'], 'email', 'A valid email is required.')
->required($old['message'], 'message', 'Message is required.');
if ($validator->passes()) {
// $spamGuard checks the honeypot field + submission timing (see
// Lib\SpamGuard and index.twig's hidden fields) — a bot gets the
// exact same redirect a human would either way, with nothing in
// the response revealing which check it tripped, or that a check
// exists at all. Only Mailer::send() is skipped for spam.
if (!$spamGuard->isSpam(Input::post())) {
(new Mailer())->send($old['name'], $old['email'], $old['message']);
}
return Response::redirect('/contact?sent=1');
}
$errors = $validator->errors();
}
return [
'errors' => $errors,
'old' => $old,
'sent' => Input::get('sent') !== null,
'securityError' => Input::get('error') === 'security',
'renderedAt' => $spamGuard->renderedAt(),
'csrfField' => Csrf::fieldName(),
'csrfToken' => Csrf::token(),
];