<?php namespace HashOver;
// Copyright (C) 2015-2019 Jacob Barkdull
// This file is part of HashOver.
//
// HashOver is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// HashOver is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with HashOver. If not, see <http://www.gnu.org/licenses/>.
class FormData
{
protected $setup;
protected $locale;
protected $spamCheck;
protected $cookies;
protected $referer;
public $data = array ();
public $remoteAccess = false;
public $file;
public $replyTo;
public $viaAJAX = false;
// Fake inputs used as spam trap fields
protected $trapFields = array (
'summary',
'age',
'lastname',
'address',
'zip'
);
public function __construct (Setup $setup, Cookies $cookies)
{
// Store parameters as properties
$this->setup = $setup;
// Instantiate various classes
$this->locale = new Locale ($setup);
$this->spamCheck = new SpamCheck ($setup);
$this->cookies = $cookies;
// Use POST or GET based on whether request is for JSONP
$request = isset ($_GET['jsonp']) ? $_GET : $_POST;
// Get regular expression escaped admin path
$admin_path = preg_quote ($this->setup->getHttpPath ('admin'), '/');
// Attempt to get referer
$referer = Misc::getArrayItem ($_SERVER, 'HTTP_REFERER');
// Set status
if (isset ($request['status'])) {
$this->data['status'] = $this->forceUTF8 ($request['status']);
}
// Set name
if (isset ($request['name'])) {
$this->data['name'] = $this->forceUTF8 ($request['name']);
}
// Set password
if (isset ($request['password'])) {
$this->data['password'] = $this->forceUTF8 ($request['password']);
}
// Set e-mail address
if (isset ($request['email'])) {
$this->data['email'] = $this->forceUTF8 ($request['email']);
}
// Set website URL
if (isset ($request['website'])) {
$this->data['website'] = $this->forceUTF8 ($request['website']);
}
// Set comment
if (isset ($request['comment'])) {
$this->data['comment'] = $this->forceUTF8 ($request['comment']);
}
// Set indicator of remote access
if (isset ($request['remote-access'])) {
$this->remoteAccess = true;
}
// Get comment file
if (isset ($request['file'])) {
$this->file = $request['file'];
}
// Get reply comment file
if (isset ($request['reply-to'])) {
$this->replyTo = $request['reply-to'];
}
// Set indicator of AJAX requests
if (isset ($request['ajax'])) {
$this->viaAJAX = true;
}
// Check if we're coming from an admin page
if (preg_match ('/' . $admin_path . '/i', $referer)) {
// If so, use it as the kickback URL
$this->referer = $_SERVER['HTTP_REFERER'];
} else {
// If not, check if posting from remote domain
if ($this->remoteAccess === true) {
// If so, use absolute path
$this->referer = $setup->pageURL;
} else {
// If not, use relative path
$this->referer = $setup->filePath;
}
// Add URL queries to kickback URL
if (!empty ($setup->urlQueries)) {
$this->referer .= '?' . $setup->urlQueries;
}
}
}
// Force a string to UTF-8 encoding and acceptable character range
protected function forceUTF8 ($string)
{
$string = mb_convert_encoding ($string, 'UTF-16', 'UTF-8');
$string = mb_convert_encoding ($string, 'UTF-8', 'UTF-16');
$string = preg_replace ('/[^\x{0009}\x{000A}\x{000D}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]/u', '?', $string);
return trim ($string, " \r\n\t");
}
// Sets header to redirect user back to the previous page
public function kickback ($anchor = 'comments')
{
header ('Location: ' . $this->referer . '#' . $anchor);
}
// Displays message to visitor, via AJAX or redirect
public function displayMessage ($locale, $error = false)
{
// Message type as string
$message_type = ($error === true) ? 'error' : 'message';
// Get message text from locales if it exists
if (!empty ($this->locale->text[$locale])) {
$locale = $this->locale->text[$locale];
}
// Check if request is not over an AJAX request
if ($this->viaAJAX !== true) {
// If so, set cookie to specified message
$this->cookies->set ($message_type, $locale);
// And redirect user to previous page
return $this->kickback ('hashover-form-section');
}
// Otherwise, display JSON for JavaScript frontend
echo Misc::jsonData (array (
'message' => $locale,
'type' => $message_type
));
}
// Checks user IP against spam databases
public function checkForSpam ($mode = 'javascript')
{
// Treat JSON mode as JavaScript mode
if ($mode === 'json') {
$mode = 'javascript';
}
// Block user if they fill any trap fields
foreach ($this->trapFields as $name) {
if ($this->setup->getRequest ($name)) {
throw new \Exception ('You are blocked!');
}
}
// Check user's IP address against local blocklist
if ($this->spamCheck->checkList () === true) {
throw new \Exception ('You are blocked!');
}
// Whether to check for spam in current mode
if ($this->setup->spamCheckModes === $mode
or $this->setup->spamCheckModes === 'both')
{
// Check user's IP address against local or remote database
if ($this->spamCheck->{$this->setup->spamDatabase}() === true) {
throw new \Exception ('You are blocked!');
}
// Throw any error message as exception
if (!empty ($this->spamCheck->error)) {
throw new \Exception ($this->spamCheck->error);
}
}
}
}