X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=contact.php;h=55077d9baac55a77a1a4cb1ebe40d2b61642a64c;hp=11d53b29180c4751d2b1c9442ded404cbf4e7952;hb=9ff52f0dfa297b13659a78a55596c8904a9732d0;hpb=b1833170625cf875d542995ac930a52bb7fb72d7

diff --git a/contact.php b/contact.php
index 11d53b2..55077d9 100644
--- a/contact.php
+++ b/contact.php
@@ -8,21 +8,39 @@
 $GLOBALS['contact_to'] = 'fixme@example.com';
 $GLOBALS['contact_from'] = 'noreply@example.com';
 $GLOBALS['contact_cc'] = '';
-$globals['contact_subject'] = '';
-$GLOBALS['contact_robot_answer'] = 1002;
+$GLOBALS['contact_subject'] = '';
 
 
 require_once(__DIR__.'/'.'inc/wfpl/format.php');
 require_once(__DIR__.'/'.'inc/wfpl/email.php');
 
+# generate a new random 16-character string
+function contact_new_field_key() {
+	$character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+	$id = "                ";
+
+	# PHP 4.2.0 and up seed the random number generator for you.
+	# Lets hope that it seeds with something harder to guess than the clock.
+	for($i = 0; $i < 16; ++$i) {
+		$id{$i} = $character_set{mt_rand(0, 61)};
+	}
+
+	return $id;
+}
+
 function contact_get_fields() {
 	$data = array();
 
+
 	$data['name'] = format_oneline(_REQUEST_cut('name'));
-	$data['email'] = format_email(_REQUEST_cut('email'));
-	$data['robot'] = format_oneline(_REQUEST_cut('robot'));
 	$data['comments'] = format_unix(_REQUEST_cut('comments'));
 
+	$fields = _REQUEST_cut('fields');
+	if (preg_match('/^[a-zA-Z0-9]{32}$/', $fields)) {
+		$data['robot'] = format_oneline(_REQUEST_cut(substr($fields, 0, 16)));
+		$data['email'] = format_email(_REQUEST_cut(substr($fields, 16)));
+	}
+
 	return $data;
 }
 
@@ -32,22 +50,22 @@ function contact_main() {
 }
 
 function contact_main_form() {
-	$robot_correct = "" . $GLOBALS['contact_robot_answer'];
-	$robot_minus_one = "" . ($GLOBALS['contact_robot_answer'] - 1);
-	$robot_plus_one = "" . ($GLOBALS['contact_robot_answer'] + 1);
-	tem_set('robot_minus_one', $robot_minus_one);
-	tem_set('robot_plus_one', $robot_plus_one);
-
 	if (isset($_POST['name'])) {
 		$data = contact_get_fields();
 		$host = this_host();
 
+		# gj robot, you did it ;)
+		if ($data['robot'] !== '') {
+			return './contact_thanks';
+		}
+
 		if (!$data['name'] && !$data['email'] && !$data['comments']) {
 			// message("you didn't fill anything out")
-		} elseif ($data['robot'] !== $robot_correct) {
-			message("Please type $robot_correct into the Robot Barrier field");
+		} elseif (!$data['email']) {
+			message("Error: Please fill out the email field.");
 		} else {
-			if ($GLOBALS['contact_to'] != 'fixme@example.com') {
+			$error = false;
+			if ($data['robot'] === '' && $GLOBALS['contact_to'] != 'fixme@example.com') {
 				$to = $GLOBALS['contact_to'];
 				if ($GLOBALS['contact_from'] === '') {
 					$from = "$host/contact <noreply@$host>";
@@ -57,7 +75,7 @@ function contact_main_form() {
 				$reply_to = $to;
 				if (isset($data['email']) and valid_email($data['email'])) {
 					$reply_to = $data['email'];
-					if ($data['name'] and ereg('^[a-zA-Z0-9_\' -]*$', $data['name']) !== false) {
+					if ($data['name'] and preg_match('/^[a-zA-Z0-9_\'. -]*$/', $data['name']) !== false) {
 						$reply_to = "$data[name] <$reply_to>";
 					}
 				}
@@ -95,5 +113,8 @@ function contact_main_form() {
 		$data = array();
 	}
 
+	$data['robot_field'] = contact_new_field_key();
+	$data['email_field'] = contact_new_field_key();
+
 	tem_set('form', $data);
 }