$headers = array();
$headers['Date'] = date(DATE_RFC2822);
$headers['Content-Type'] = 'text/plain; charset=UTF-8; format="flowed"';
$headers['Content-Transfer-Encoding'] = 'base64';
$headers['From'] = 'Contact Form <*****@*****.**>';
if (preg_match('/\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}\\b/i', $_POST['from'], $res) > 0) {
$headers['Reply-To'] = $res[0];
}
$_POST['message'] = preg_replace('/\\r\\n?/', "\n", $_POST['message']);
$body = "Date: " . date('Y-m-d H:i:s') . "\nFrom: " . $_POST['from'] . "\nIP: " . $_SERVER['REMOTE_ADDR'] . "\nUser Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
$banned = BotCheck(true);
$body .= "Banned: " . ($banned['isbanned'] ? 'yes: ' . $banned['reason'] . ' ' . $banned['ip'] : 'no') . "\n";
$loginState = GetLoginState();
$body .= "User: "******"\n";
if (isset($loginState['id'])) {
$body .= "Paid until: " . date('Y-m-d H:i:s', GetUserPaidUntil($loginState['id'])) . "\n";
}
if (isset($_POST['region'])) {
$body .= "Region: " . $_POST['region'] . "\n";
}
if (isset($_POST['realm'])) {
$body .= "Realm: " . $_POST['realm'] . "\n";
}
if (isset($_POST['house'])) {
$body .= "House: " . $_POST['house'] . "\n";
}
$body .= "\n---------------\n" . $_POST['message'];
$body = wordwrap(base64_encode($body), 70, "\n", true);
$headerString = '';
foreach ($headers as $k => $v) {
$headerString .= ($headerString == '' ? '' : "\n") . "{$k}: {$v}";
function GetLoginState($logOut = false)
{
$userInfo = [];
if (!isset($_COOKIE[SUBSCRIPTION_LOGIN_COOKIE])) {
return $userInfo;
}
$state = preg_replace('/[^a-zA-Z0-9_-]/', '', substr($_COOKIE[SUBSCRIPTION_LOGIN_COOKIE], 0, 24));
if (strlen($state) != 24) {
return $userInfo;
}
$stateBytes = base64_decode(strtr($state, '-_', '+/'));
$cacheKey = SUBSCRIPTION_SESSION_CACHEKEY . $state;
if ($logOut) {
MCDelete($cacheKey);
$db = DBConnect();
$stmt = $db->prepare('DELETE FROM tblUserSession WHERE session=?');
$stmt->bind_param('s', $stateBytes);
$stmt->execute();
$stmt->close();
} else {
$userInfo = MCGet($cacheKey);
if ($userInfo === false) {
$db = DBConnect();
// see also MakeNewSession in api/subscription.php
$stmt = $db->prepare('SELECT u.id, concat_ws(\'|\', cast(ua.provider as unsigned), ua.providerid) as publicid, u.name, u.locale, unix_timestamp(u.acceptedterms) acceptedterms FROM tblUserSession us join tblUser u on us.user=u.id join tblUserAuth ua on ua.user=u.id WHERE us.session=? group by u.id');
$stmt->bind_param('s', $stateBytes);
$stmt->execute();
$result = $stmt->get_result();
$userInfo = DBMapArray($result);
$stmt->close();
if (count($userInfo) < 1) {
$logOut = true;
} else {
$userInfo = array_pop($userInfo);
MCSet($cacheKey, $userInfo);
$ip = substr($_SERVER['REMOTE_ADDR'], 0, 40);
$ua = substr($_SERVER['HTTP_USER_AGENT'], 0, 250);
$stmt = $db->prepare('UPDATE tblUserSession SET lastseen=NOW(), ip=?, useragent=? WHERE session=?');
$stmt->bind_param('sss', $ip, $ua, $stateBytes);
$stmt->execute();
$stmt->close();
$stmt = $db->prepare('UPDATE tblUser SET lastseen=NOW() WHERE id=?');
$stmt->bind_param('i', $userInfo['id']);
$stmt->execute();
$stmt->close();
}
}
if (isset($userInfo['id'])) {
$userInfo['paiduntil'] = GetUserPaidUntil($userInfo['id']);
}
}
if ($logOut) {
setcookie(SUBSCRIPTION_LOGIN_COOKIE, '', time() - SUBSCRIPTION_SESSION_LENGTH, '/api/', '', true, true);
setcookie(SUBSCRIPTION_CSRF_COOKIE, '', 0, '/api/csrf.txt', '', true, false);
return [];
}
if (!headers_sent()) {
setcookie(SUBSCRIPTION_LOGIN_COOKIE, $state, time() + SUBSCRIPTION_SESSION_LENGTH, '/api/', '', true, true);
setcookie(SUBSCRIPTION_CSRF_COOKIE, strtr(base64_encode(hash_hmac('sha256', $stateBytes, SUBSCRIPTION_CSRF_HMAC_KEY, true)), '+/=', '-_.'), 0, '/api/csrf.txt', '', true, false);
}
return $userInfo;
}