kcrwfrd · July 5, 2016 09:13
diff --git a/submit.php b/submit.php
 <?php
 /**
 * FormTools Spam Honeypot
 *
 * Use in conjunction with a form field like
 * <input type="text" id="url_2" name="url_2" />
 * And then hide the field using CSS. If the field gets filled out,
 * then it was a spam bot that did it, and we can ignore the submission.
 * Otherwise, we use cURL to send the submission on to our FormTools application
 * at http://forms.epraxa2.com
 *
 * At the same time, we can optionally do some server-side validation
 */	
 	$processor_url = 'http://forms.epxhost.com/process.php';
 	$hasErrors = false;
 	$errors = array();
 	
 	 
 	// Check if name, email and message are filled out.
 	if(empty($_POST) || !isset($_POST)){ 
 		$hasErrors	= true;
 		$errors[]	= 'No Post Made';
 	} else {
 		foreach($_POST as $key => $field) {
 			if($key == 'email' && !(filter_var($field, FILTER_VALIDATE_EMAIL))){
 				$hasErrors = true;
 				$errors[] = 'Please enter a valid email address.';
 			}
 		} 
 	}
 	
 	if(!empty($errors)){
 		foreach($errors as $error){
 			echo '<p style="text-align:center; background:#900; color:#fff; padding:20px; margin:50px 100px;">'.$error.'</p>';
 		}
 		echo '<p style="text-align:center;"><a href="../" style="color:#900;">&laquo; Back to Form</a></p>';
 		die();
 	} else {
 		$hasErrors = false;
 	}

 	
 	// url_2 is a HIDDEN dummy field
 	// If this is filled out, it's spam, proceed if it's empty...
 	if(empty($_POST["url_2"]) && $hasErrors == false)
 	{
 		// Traverse POST Data array and/or nested arrays
 		foreach($_POST as $key => $value){
 			if (is_array($value)){
 				$value = implode(", ", $value);
 			}
 			$post_items[] = $key . "=" . $value;
 		}
 		// And turn it into a string
 		$post_string = implode("&", $post_items);
 		
 		// Initiate cURL
 		$c = curl_init($processor_url);

 		//curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 30); // 30 second timeout
 		curl_setopt($c, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2");
 		curl_setopt($c, CURLOPT_HEADER, true); // Include header in the output
 		curl_setopt($c, CURLOPT_RETURNTRANSFER, true); // Return output of request instead of displaying it
 		//curl_setopt($c, CURLOPT_NOBODY, true); // Exclude body from the output
 		curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); // No SSL
 		curl_setopt($c, CURLOPT_POST, true); // Set to http POST
 		
 		// Set data to be posted
 		curl_setopt($c, CURLOPT_POSTFIELDS, $post_string);
 		
 		// Post it & close connection
 		$result = curl_exec($c);
 		$info = curl_getinfo($c);
 		curl_close($c);
 		
 		if($info['http_code'] == 302) // Redirect
 		{
 			$protocol = (strpos($result, 'http://') !== false) ? 'http://' : 'https://';	

 			$redirect = explode(" ", substr($result, strpos($result, $protocol)));
 			$redirect = explode("\r\n", $redirect[0]);
 			$redirect = $redirect[0];
 			
 			header("Location: $redirect");
 			
 		} else // No redirect
 		{
 			echo "Submission received.";
 		}
 	} else 
 	{ 
 		// Spam!
 	}
 		
 ?>
	<?php
	/**
	* FormTools Spam Honeypot
	*
	* Use in conjunction with a form field like
	* <input type="text" id="url_2" name="url_2" />
	* And then hide the field using CSS. If the field gets filled out,
	* then it was a spam bot that did it, and we can ignore the submission.
	* Otherwise, we use cURL to send the submission on to our FormTools application
	* at http://forms.epraxa2.com
	*
	* At the same time, we can optionally do some server-side validation
	*/
	$processor_url = 'http://forms.epxhost.com/process.php';
	$hasErrors = false;
	$errors = array();


	// Check if name, email and message are filled out.
	if(empty($_POST) \|\| !isset($_POST)){
	$hasErrors = true;
	$errors[] = 'No Post Made';
	} else {
	foreach($_POST as $key => $field) {
	if($key == 'email' && !(filter_var($field, FILTER_VALIDATE_EMAIL))){
	$hasErrors = true;
	$errors[] = 'Please enter a valid email address.';
	}
	}
	}

	if(!empty($errors)){
	foreach($errors as $error){
	echo '<p style="text-align:center; background:#900; color:#fff; padding:20px; margin:50px 100px;">'.$error.'</p>';
	}
	echo '<p style="text-align:center;"><a href="../" style="color:#900;">« Back to Form</a></p>';
	die();
	} else {
	$hasErrors = false;
	}


	// url_2 is a HIDDEN dummy field
	// If this is filled out, it's spam, proceed if it's empty...
	if(empty($_POST["url_2"]) && $hasErrors == false)
	{
	// Traverse POST Data array and/or nested arrays
	foreach($_POST as $key => $value){
	if (is_array($value)){
	$value = implode(", ", $value);
	}
	$post_items[] = $key . "=" . $value;
	}
	// And turn it into a string
	$post_string = implode("&", $post_items);

	// Initiate cURL
	$c = curl_init($processor_url);

	//curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 30); // 30 second timeout
	curl_setopt($c, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2");
	curl_setopt($c, CURLOPT_HEADER, true); // Include header in the output
	curl_setopt($c, CURLOPT_RETURNTRANSFER, true); // Return output of request instead of displaying it
	//curl_setopt($c, CURLOPT_NOBODY, true); // Exclude body from the output
	curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); // No SSL
	curl_setopt($c, CURLOPT_POST, true); // Set to http POST

	// Set data to be posted
	curl_setopt($c, CURLOPT_POSTFIELDS, $post_string);

	// Post it & close connection
	$result = curl_exec($c);
	$info = curl_getinfo($c);
	curl_close($c);

	if($info['http_code'] == 302) // Redirect
	{
	$protocol = (strpos($result, 'http://') !== false) ? 'http://' : 'https://';

	$redirect = explode(" ", substr($result, strpos($result, $protocol)));
	$redirect = explode("\r\n", $redirect[0]);
	$redirect = $redirect[0];

	header("Location: $redirect");

	} else // No redirect
	{
	echo "Submission received.";
	}
	} else
	{
	// Spam!
	}

	?>