/**
* Show the contact page
* @param string $lang
*/
public function index($lang = "")
{
// https://css-tricks.com/serious-form-security/
$this->to_tpl['errors'] = array();
$this->to_tpl['success'] = false;
$this->set_language($lang);
if ($lang == "sr") {
$this->template = "contact-sr";
} else {
$this->template = "contact-en";
}
$this->set_page_name($this->language_titles["contact"][$lang]);
if (isset($_POST['submit'])) {
if (verify_form_token('contact')) {
// Building a whitelist array with keys which will send through the form,
// no others would be accepted later on
$whitelist = array('token', 'name', 'email', 'message', 'submit');
// Building an array with the $_POST-superglobal
foreach ($_POST as $key => $item) {
// Check if the value $key (fieldname from $_POST)
// can be found in the whitelisting array,
// if not, die with a short message to the hacker
if (!in_array($key, $whitelist)) {
write_log('Unknown form fields');
die("Hack-Attempt detected. Please use only the fields in the form.");
}
}
// if pass, send email
$from_name = stripcleantohtml($_POST['name']);
$from_email = stripcleantohtml($_POST['email']);
$message = cleantohtml($_POST['message']);
$errors = $this->check_input($from_name, $from_email, $message);
if (!empty($errors)) {
$this->to_tpl['errors'] = $errors;
$this->to_tpl['token'] = $_POST['token'];
return;
}
$send = $this->phpmailer($from_name, $from_email, $message);
if ($send === true) {
$this->to_tpl['success'] = true;
} else {
var_dump($send);
die;
//write_log('PHP Mailer error: ' . $send);
}
} else {
write_log('Formtoken');
die("Hack-Attempt detected.");
}
return;
}
// Generate a new token for the $_SESSION superglobal
// and put them in a hidden field
$this->to_tpl['token'] = generate_form_token('contact');
return;
}
<?php
function stripcleantohtml($s)
{
return htmlentities(trim(strip_tags(stripslashes($s))), ENT_NOQUOTES, "UTF-8");
}
function cleantohtml($s)
{
return strip_tags(htmlentities(trim(stripslashes($s)), ENT_NOQUOTES, "UTF-8"));
}
if ($_POST) {
$name = stripcleantohtml($_POST["name"]);
$mail = stripcleantohtml($_POST["mail"]);
$object = stripcleantohtml($_POST["object"]);
$user_message = cleantohtml($_POST["message"]);
$to = '*****@*****.**';
$subject = $object;
$message = 'De ' . $name . ' <br><br>Mail : ' . $mail . '<br><br>Message :<br><br>' . $user_message;
$headers = 'From: ' . $name . ' - ' . $mail;
$headers = 'Content-Type : text/html; charset="utf8"';
$send_mail = mail($to, $subject, $message, $headers);
}
$height = $givenHeight;
$startX = $givenStartX;
$startY = $givenStartY;
$goalX = $givenGoalX;
$goalY = $givenGoalY;
}
}
if (!$invalidInput) {
$min = new CartesianCoordinates(0, 0);
$size = new CartesianCoordinates($width, $height);
$region = new CartesianRegion($min, $size);
$grid = new Grid();
// 2. Set obstacles
$obstacle_mode = 'random_few';
if (isset($_POST['obstacles'])) {
$obstacle_mode = stripcleantohtml($_POST['obstacles']);
}
if ($obstacle_mode === 'random_many') {
// many obstacles
$filler_sampler = new EqualDistributionGenerator(0.6);
$filler_sampler->fillRegion($grid, $region, new Tile(false));
$wall_sampler = new RandomWallGenerator(0.05, 7);
$wall_sampler->fillRegion($grid, $region, new Tile(true));
} elseif ($obstacle_mode === 'maze') {
// maze
$filler_sampler = new EqualDistributionGenerator(1);
$filler_sampler->fillRegion($grid, $region, new Tile(false));
$maze_sampler = new MazeGenerator();
$maze_sampler->fillRegion($grid, $region, new Tile(true));
} else {
// few obstacles
