-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.php
44 lines (42 loc) · 1.36 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?php
require __DIR__.'/src/bootstrap.php';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$data = $_POST;
if(NoCSRF::check('notrolling', $data))
{
if(!array_key_exists('anon', $data))
{
$data['anon'] = 0;
}
$result = $signatures->insert($data);
if($result[0])
{
// Render good news page
echo $twig->render('thanks.html.twig');
session_destroy(); //No need to keep csrf hash any more
}
else
{
//Render error (and new CSRF key)
$csrfkey = NoCSRF::generate('notrolling');
echo $twig->render('landing.html.twig', array('error' => $result[1], 'data'=>$data, 'csrfkey'=>$csrfkey));
}
}
else
{
//Render error (and new CSRF key)
$csrfkey = NoCSRF::generate('notrolling');
echo $twig->render('landing.html.twig', array('error' => 'Yikes! Our CSRF (Request Forgery Protection) system tripped. If this keeps happening, please <a href="mailto:[email protected]">let us know</a>.', 'data'=>$data, 'csrfkey'=>$csrfkey));
mail('[email protected]', 'Apparently someone was hacked...', $data['uname'], 'From: [email protected]');
}
}
else
{
$csrfkey = NoCSRF::generate('notrolling');
echo $twig->render('landing.html.twig', array('csrfkey'=>$csrfkey));
$analytics = new Analytics($db);
$analytics->insertUAString($_SERVER['HTTP_USER_AGENT']);
/*$parser = new UAParser;
$client = $parser->parse($_SERVER['HTTP_USER_AGENT']);*/
}