formdata.php

<?php namespace HashOver;// Copyright (C) 2015-2021 Jacob Barkdull// This file is part of HashOver.//// HashOver is free software: you can redistribute it and/or modify// it under the terms of the GNU Affero General Public License as// published by the Free Software Foundation, either version 3 of the// License, or (at your option) any later version.//// HashOver is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the// GNU Affero General Public License for more details.//// You should have received a copy of the GNU Affero General Public License// along with HashOver.  If not, see <http://www.gnu.org/licenses/>.class FormData{	protected $setup;	protected $locale;	protected $spamCheck;	protected $cookies;	protected $referer;	public $data = array ();	public $remoteAccess = false;	public $file;	public $replyTo;	public $viaAJAX = false;	// Fake inputs used as spam trap fields	protected $trapFields = array (		'summary',		'age',		'lastname',		'address',		'zip'	);	public function __construct (Setup $setup, Cookies $cookies)	{		// Store parameters as properties		$this->setup = $setup;		// Instantiate various classes		$this->locale = new Locale ($setup);		$this->spamCheck = new SpamCheck ($setup);		$this->cookies = $cookies;		// Use POST or GET based on whether request is for JSONP		$request = isset ($_GET['jsonp']) ? $_GET : $_POST;		// Get regular expression escaped admin path		$admin_path = preg_quote ($this->setup->getHttpPath ('admin'), '/');		// Attempt to get referer		$referer = Misc::getArrayItem ($_SERVER, 'HTTP_REFERER');		// Set status		if (isset ($request['status'])) {			$this->data['status'] = $this->forceUTF8 ($request['status']);		}		// Set name		if (isset ($request['name'])) {			$this->data['name'] = $this->forceUTF8 ($request['name']);		}		// Set password		if (isset ($request['password'])) {			$this->data['password'] = $this->forceUTF8 ($request['password']);		}		// Set e-mail address		if (isset ($request['email'])) {			$this->data['email'] = $this->forceUTF8 ($request['email']);		}		// Set website URL		if (isset ($request['website'])) {			$this->data['website'] = $this->forceUTF8 ($request['website']);		}		// Set comment		if (isset ($request['comment'])) {			$this->data['comment'] = $this->forceUTF8 ($request['comment']);		}		// Set indicator of remote access		if (isset ($request['remote-access'])) {			$this->remoteAccess = true;		}		// Get comment file		if (isset ($request['file'])) {			$this->file = $request['file'];		}		// Get reply comment file		if (isset ($request['reply-to'])) {			$this->replyTo = $request['reply-to'];		}		// Set indicator of AJAX requests		if (isset ($request['ajax'])) {			$this->viaAJAX = true;		}		// Check if we're coming from an admin page		if (preg_match ('/' . $admin_path . '/i', $referer)) {			// If so, use it as the kickback URL			$this->referer = $_SERVER['HTTP_REFERER'];		} else {			// If not, check if posting from remote domain			if ($this->remoteAccess === true) {				// If so, use absolute path				$this->referer = $setup->pageURL;			} else {				// If not, use relative path				$this->referer = $setup->filePath;			}			// Add URL queries to kickback URL			if (!empty ($setup->urlQueries)) {				$this->referer .= '?' . $setup->urlQueries;			}		}	}	// Force a string to UTF-8 encoding and acceptable character range	protected function forceUTF8 ($string)	{		$string = mb_convert_encoding ($string, 'UTF-16', 'UTF-8');		$string = mb_convert_encoding ($string, 'UTF-8', 'UTF-16');		$string = preg_replace ('/[^\x{0009}\x{000A}\x{000D}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]/u', '?', $string);		return trim ($string, " \r\n\t");	}	// Sets header to redirect user back to the previous page	public function kickback ($anchor = 'comments')	{		header ('Location: ' . $this->referer . '#' . $anchor);	}	// Displays message to visitor, via AJAX or redirect	public function displayMessage ($locale, $error = false)	{		// Message type as string		$message_type = ($error === true) ? 'error' : 'message';		// Get message text from locales if it exists		if (!empty ($this->locale->text[$locale])) {			$locale = $this->locale->text[$locale];		}		// Check if request is not over an AJAX request		if ($this->viaAJAX !== true) {			// If so, set cookie to specified message			$this->cookies->set ($message_type, $locale);			// And redirect user to previous page			return $this->kickback ('hashover-form-section');		}		// Otherwise, display JSON for JavaScript frontend		echo Misc::jsonData (array (			'message' => $locale,			'type' => $message_type		));	}	// Checks user IP against spam databases	public function checkForSpam ($mode = 'javascript')	{		// Treat JSON mode as JavaScript mode		if ($mode === 'json') {			$mode = 'javascript';		}		// Block user if they fill any trap fields		foreach ($this->trapFields as $name) {			if ($this->setup->getRequest ($name)) {				throw new \Exception ('You are blocked!');			}		}		// Check user's IP address against local blocklist		if ($this->spamCheck->checkList () === true) {			throw new \Exception ('You are blocked!');		}		// Whether to check for spam in current mode		if ($this->setup->spamCheckModes === $mode		    or $this->setup->spamCheckModes === 'both')		{			// Check user's IP address against local or remote database			if ($this->spamCheck->{$this->setup->spamDatabase}() === true) {				throw new \Exception ('You are blocked!');			}			// Throw any error message as exception			if (!empty ($this->spamCheck->error)) {				throw new \Exception ($this->spamCheck->error);			}		}	}}