diff --git a/php/commentsubmit.php b/php/commentsubmit.php index b1f66f6..bf831f3 100644 --- a/php/commentsubmit.php +++ b/php/commentsubmit.php @@ -25,7 +25,7 @@ // the From: address. Whilst you could, in theory, change this to take the // address out of the form, it's *incredibly* highly recommended you don't, // because that turns you into an open relay, and that's not cool. -$EMAIL_ADDRESS = "blogger@example.com"; +$EMAIL_ADDRESS = "root"; // The contents of the following file (relative to this PHP file) will be // displayed after the comment is received. Customise it to your heart's @@ -35,11 +35,11 @@ // The contents of the following file (relative to this PHP file) will be // displayed if the comment contains spam. Customise it to your heart's // content. -$COMMENT_CONTAINS_SPAM = "comment_contains_spam.html"; +//$COMMENT_CONTAINS_SPAM = "comment_contains_spam.html"; // If the emails arrive in your client "garbled", you may need to change this // line to "\n" instead. -$HEADER_LINE_ENDING = "\r\n"; +$HEADER_LINE_ENDING = "\n"; /**************************************************************************** @@ -47,12 +47,6 @@ ****************************************************************************/ require_once 'mail.php'; -require_once 'spamfilter.php'; - -function get_post_field($key, $defaultValue = "") -{ - return (isset($_POST[$key]) && !empty($_POST[$key])) ? $_POST[$key] : $defaultValue; -} function get_post_data_as_yaml() { @@ -75,32 +69,65 @@ function get_post_data_as_yaml() return $yaml_data; } -$COMMENTER_NAME = get_post_field('name', "Anonymous"); -$COMMENTER_EMAIL_ADDRESS = get_post_field('email', $EMAIL_ADDRESS); -$COMMENTER_WEBSITE = get_post_field('link'); -$COMMENT_BODY = get_post_field('comment', ""); -$COMMENT_DATE = date($DATE_FORMAT); - -$POST_TITLE = get_post_field('post_title', "Unknown post"); -$POST_ID = get_post_field('post_id', ""); -unset($_POST['post_id']); - - -$SPAM = spam_check_text($COMMENT_BODY); -if (!empty($SPAM)) +/* NOTE the checkdnsrr function seems to be unreliable */ +function get_warnings_for($name, $email, $url) { - include $COMMENT_CONTAINS_SPAM; - die(); + $warnings = ''; + + // http://php.net/manual/en/filter.filters.validate.php + $name_is_a_url = filter_var($name, FILTER_VALIDATE_URL); + $name_is_an_email_address = filter_var($name, FILTER_VALIDATE_EMAIL); + $email_is_invalid = !filter_var($email, FILTER_VALIDATE_EMAIL); + $url_is_invalid = !filter_var($url, FILTER_VALIDATE_URL); + $url_a_record_invalid = false; + $email_a_record_invalid = false; + $email_mx_record_invalid = false; + + if (!$email_is_invalid) { + // TODO only retrieve $domain + list($user, $domain) = explode('@', $email, 2); + $email_a_record_invalid = !checkdnsrr($domain, 'A'); + $email_mx_record_invalid = !checkdnsrr($domain, 'MX'); + } + + if (!$url_is_invalid) { + list($protocol, $domain) = explode('/', str_replace('//', '/', $url)); + $url_a_record_invalid = !checkdnsrr($domain, 'A'); + } + + $name_is_a_url ? $warnings .= "* Name: Is a URL\n" : ''; + $name_is_an_email_address ? $warnings .= "* Name: Is an email address\n" : ''; + $email_is_invalid ? $warnings .= "* Email: Invalid address\n" : ''; + $email_a_record_invalid ? $warnings .= "* Email: Invalid Domain A record\n" : ''; + $email_mx_record_invalid ? $warnings .= "* Email: Invalid Domain MX record\n" : ''; + !empty($url) && $url_is_invalid ? $warnings .= "* Website: Invalid URL\n" : ''; + $url_a_record_invalid ? $warnings .= "* Website: Invalid Domain A record\n" : ''; + + // This is of minor elegance and error prone, I know. + $warnings_count = substr_count($warnings, "\n"); + return strlen($warnings) > 0 ? "\n$warnings_count WARNING/S:\n$warnings" : ''; } +$COMMENT_DATE = date($DATE_FORMAT); -$subject = "Comment from $COMMENTER_NAME on '$POST_TITLE'"; +$COMMENTER_NAME = filter_input(INPUT_POST, 'name'); +$COMMENTER_EMAIL_ADDRESS = filter_input(INPUT_POST, 'email'); +$COMMENTER_WEBSITE = filter_input(INPUT_POST, 'link'); +$COMMENT_BODY = filter_input(INPUT_POST, 'comment'); + +$POST_TITLE = filter_input(INPUT_POST, 'post_title'); +$POST_ID = filter_input(INPUT_POST, 'post_id'); +unset($_POST['post_id']); + +$subject = "$COMMENTER_NAME on '$POST_TITLE'"; $message = "$COMMENT_BODY\n\n"; $message .= "----------------------\n"; $message .= "$COMMENTER_NAME\n"; $message .= "$COMMENTER_WEBSITE\n"; +$message .= get_warnings_for($COMMENTER_NAME, $COMMENTER_EMAIL_ADDRESS, $COMMENTER_WEBSITE); + $mail = new Mail($subject, $message); $mail->set_from($EMAIL_ADDRESS, $COMMENTER_NAME); $mail->set_reply_to($COMMENTER_EMAIL_ADDRESS, $COMMENTER_NAME); diff --git a/php/mail.php b/php/mail.php index 20ddbf8..5ed8a7b 100644 --- a/php/mail.php +++ b/php/mail.php @@ -106,6 +106,7 @@ public function send($recipient_email, $recipient_name = "") if (!empty($reply_to)) $headers []= "Reply-To: $reply_to"; $headers []= "X-Mailer: PHP/" . phpversion(); + $headers []= "Message-ID: <" . sha1(microtime()) . "@" . $_SERVER['SERVER_NAME'] . ">"; $headers []= "MIME-Version: 1.0"; $headers []= "Content-Type: multipart/mixed; boundary=\"$uid\""; $headers []= "";