<?php session_start(); include 'php/csrf.class.php'; $check = 'Спасибо, ваше сообщение отправлено'; $csrf = new csrf(); $token_id = $csrf->get_token_id(); $token_value = $csrf->get_token($token_id); $form_names = $csrf->form_names(array('email', 'name', 'referer'), false); if (isset($_POST[$form_names['name']], $_POST[$form_names['email']])) { // Check if token id and token value are valid. if ($csrf->check_valid('post')) { // Get the Form Variables. $name = $_POST[$form_names['name']]; $email = $_POST[$form_names['email']]; $ref = $_POST[$form_names['referer']]; //$to='*****@*****.**'; $to = '*****@*****.**'; $headers = "From: admin@readymotors.ru\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $subject = 'Главная форма || Новый лид'; $body .= 'Имя: ' . $name . "\n"; $body .= 'Телефон: ' . $email . "\n"; $body .= 'Откуда пришел: ' . $ref . "\n"; mail($to, $subject, $body, $headers); } $form_names = $csrf->form_names(array('name', 'email', 'referer'), true); } else { echo "string"; $check = 'Сообщение не отправлено. Пожалуйста, проверьте правильность введенных данных и повторите попытку.'; } ?>
<?php // Connects to the Database session_start(); include 'connect.php'; include 'csrf.php'; connect(); $csrf = new csrf(); $token_id = $csrf->get_token_id(); $token_value = $csrf->get_token($token_id); $form_names = $csrf->form_names(array('message', 'post_submit', 'title'), false); //if the login form is submitted if (isset($_POST[$form_names['post_submit']])) { if ($csrf->check_valid('post')) { $_POST[$form_names['title']] = trim($_POST[$form_names['title']]); $_POST[$form_names['message']] = trim($_POST[$form_names['message']]); if (!$_POST[$form_names['title']] | !$_POST[$form_names['message']]) { include 'header.php'; die('<p>You did not fill in a required field. Please go back and try again!</p>'); } mysql_query("INSERT INTO threads (username, title, message, date) VALUES('" . $_COOKIE['hackme'] . "', '" . $_POST[$form_names['title']] . "', '" . $_POST[$form_names['message']] . "', '" . time() . "')") or die(mysql_error()); header("Location: members.php"); } $form_names = $csrf->form_names(array('message', 'post_submit', 'title'), true); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>