leave-a-message/writemessage.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

<html>
<?php
	function onerror($n,$m)
	{
		echo "<script>
		window.onload=function()
		{
			var f = document.createElement('form');
			f.action='https://chrisoft.org/leave-a-message/';
			f.method='POST';
			f.style.display='none';

			var i=document.createElement('input');
			i.type='hidden';
			i.name='name';
			i.value='".$n."';
			f.appendChild(i);
			i=document.createElement('input');
			i.type='hidden';
			i.name='content';
			i.value='".$m."';
			f.appendChild(i);

			document.body.appendChild(f);
			f.submit();
		}
		</script>";
	}
	$name;$mesg;$captcha;
	if(isset($_POST['name']))
		$name=$_POST['name'];
	if(isset($_POST['content']))
		$mesg=$_POST['content'];
	if(isset($_POST['g-recaptcha-response']))
		$captcha=$_POST['g-recaptcha-response'];
	if(!$captcha){
		onerror($name,$mesg);
		exit;
	}
	//OH SHIT I LEAKED MY OWN KEY!!!
	//$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Lf1lAcUAAAAABRj_EJ1OzhzGfiorpfYFbcGQE5r&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
	//if($response['success'] == false)onerror($name,$mesg);
	if(false)
	{
		if(strlen($mesg)+strlen($name)>16300)echo "Your message is too long!!!";
		$rmesg=htmlspecialchars($mesg);
		$rmesg=nl2br($rmesg,false);
		$rmesg=trim(preg_replace('/\s\s+/', ' ', $rmesg));
		$f=fopen("/var/www/html/leave-a-message/messages.txt","a");
		$str=sprintf("<div class=\"comment\"><p>%s</p><div class=\"author\">%s at %s</div></div><br>\n",$rmesg,htmlspecialchars($name),strftime("%Y-%m-%d %H:%M"));
		fwrite($f,$str);
		fclose($f);
		$f=fopen("/var/www/html/leave-a-message/messages.json","a");
		$str=sprintf("{\"cont\":\"%s\",\"author\":\"%s\",\"time\":\"%s\"}\n",$rmesg,htmlspecialchars($name),strftime("%Y-%m-%d %H:%M"));
		fwrite($f,$str);
		fclose($f);
		$f=fopen("/var/www/html/leave-a-message/archive.txt","a");
		$str=sprintf("comment: %s\nauthor: %s\ntime: %s\nIP: %s\n\n",$mesg,$name,strftime("%Y-%m-%d %H:%M:%S"),$_SERVER['HTTP_X_FORWARDED_FOR']?$_SERVER['HTTP_X_FORWARDED_FOR']:$_SERVER['REMOTE_ADDR']);
		fwrite($f,$str);
		fclose($f);
		echo "<script>window.location='https://chrisoft.org/#guestbook'</script>";
	}
?>
</html>
<body>
</body>