Dodanie zabezpieczenia
This commit is contained in:
@@ -1,101 +1,159 @@
|
||||
<?php
|
||||
define('ANTISPAM_HONEYPOT', true); // Ukryte pole, którego człowiek nie wypełni
|
||||
define('ANTISPAM_CSRF', true); // Token CSRF. Chroni przed automatycznymi żądaniami POST.
|
||||
define('ANTISPAM_TIME', true); // Sprawdzenie czasu wypełnienia formularza
|
||||
define('ANTISPAM_MIN_TIME', 5); // Minimalny czas w sekundach, jaki powinien zająć wypełnienie formularza
|
||||
|
||||
function antispam_honeypot()
|
||||
{
|
||||
if (!ANTISPAM_HONEYPOT) return true;
|
||||
|
||||
return empty($_POST['company_website']);
|
||||
}
|
||||
|
||||
function antispam_time()
|
||||
{
|
||||
if (!ANTISPAM_TIME) return true;
|
||||
|
||||
if (!isset($_POST['form_time'])) return false;
|
||||
|
||||
return (time() - (int)$_POST['form_time']) >= ANTISPAM_MIN_TIME;
|
||||
}
|
||||
|
||||
function antispam_csrf()
|
||||
{
|
||||
if (!ANTISPAM_CSRF) return true;
|
||||
|
||||
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])) return false;
|
||||
|
||||
return hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']);
|
||||
}
|
||||
|
||||
|
||||
if ( \S::get('action') == 'home_page_form_send' )
|
||||
{
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||
{
|
||||
// NOWE KLUCZE V3
|
||||
$recaptchaSecret = '6Lf1XC8sAAAAAIokP1OHFj8W-jdJp3xj6e0NYO6Z';
|
||||
$recaptchaResponse = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : null;
|
||||
// === ANTISPAM CHECKS ===
|
||||
if (
|
||||
!antispam_honeypot() ||
|
||||
!antispam_time() ||
|
||||
!antispam_csrf()
|
||||
) {
|
||||
error_log('SPAM blocked: '. $_SERVER['REMOTE_ADDR']);
|
||||
$ALLOW_SUBMIT = false;
|
||||
}
|
||||
|
||||
if ($recaptchaResponse) {
|
||||
// Weryfikacja
|
||||
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaSecret}&response={$recaptchaResponse}");
|
||||
$responseKeys = json_decode($response, true);
|
||||
if ($ALLOW_SUBMIT) {
|
||||
// NOWE KLUCZE V3
|
||||
$recaptchaSecret = '6Lf1XC8sAAAAAIokP1OHFj8W-jdJp3xj6e0NYO6Z';
|
||||
$recaptchaResponse = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : null;
|
||||
|
||||
// Próg wiarygodności (0.5)
|
||||
$minScore = 0.5;
|
||||
if ($recaptchaResponse) {
|
||||
// Weryfikacja
|
||||
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaSecret}&response={$recaptchaResponse}");
|
||||
$responseKeys = json_decode($response, true);
|
||||
|
||||
// Sprawdzamy Success oraz Score
|
||||
if ($responseKeys["success"] && isset($responseKeys["score"]) && $responseKeys["score"] >= $minScore) {
|
||||
// Próg wiarygodności (0.5)
|
||||
$minScore = 0.5;
|
||||
|
||||
// --- KOD HUBSPOT (bez zmian) ---
|
||||
$hubspot_url = "https://api.hsforms.com/submissions/v3/integration/submit/7094950/8ad893c2-2f25-4cb0-b929-6565bf6cde01";
|
||||
$hubspotutk = isset($_COOKIE['hubspotutk']) ? $_COOKIE['hubspotutk'] : null;
|
||||
// Sprawdzamy Success oraz Score
|
||||
if ($responseKeys["success"] && isset($responseKeys["score"]) && $responseKeys["score"] >= $minScore) {
|
||||
|
||||
$postData = [
|
||||
'fields' => [
|
||||
[ 'name' => 'liczba_transakcji_miesiecznie', 'value' => $_POST['monthly_transactions'] ],
|
||||
[ 'name' => 'liczba_sklepow_stacjonarnych', 'value' => $_POST['stationary_stores'] ],
|
||||
[ 'name' => 'liczba_sklepow_lub_wersji_jezykowych', 'value' => $_POST['language_versions'] ],
|
||||
[ 'name' => 'email', 'value' => $_POST['email'] ],
|
||||
[ 'name' => 'firstname', 'value' => $_POST['firstname'] ],
|
||||
[ 'name' => 'phone', 'value' => $_POST['phone'] ]
|
||||
],
|
||||
'context' => [
|
||||
'hutk' => $hubspotutk,
|
||||
'pageUri' => 'https://zaufane.pl/',
|
||||
'pageName' => 'zaufane.pl'
|
||||
],
|
||||
'legalConsentOptions' => [
|
||||
'consent' => [
|
||||
'content' => 'By submitting this form, you agree that we may use the data you provide to contact you with information related to your request/submission and the relevant LinkedIn product. If you are a LinkedIn member, you can control the messages you receive from LinkedIn in your settings. If you are a guest, you can unsubscribe from LinkedIn marketing emails at any time by clicking the unsubscribe link in the email. To learn more, see LinkedIn\'s Privacy Policy.',
|
||||
'consentToProcess' => true,
|
||||
'text' => 'I agree to the processing of my personal data by LinkedIn.',
|
||||
'communications' => [
|
||||
[
|
||||
'value' => true,
|
||||
'subscriptionTypeId' => 8383894,
|
||||
'text' => 'I agree to receive marketing communications from LinkedIn.'
|
||||
// --- KOD HUBSPOT (bez zmian) ---
|
||||
$hubspot_url = "https://api.hsforms.com/submissions/v3/integration/submit/7094950/8ad893c2-2f25-4cb0-b929-6565bf6cde01";
|
||||
$hubspotutk = isset($_COOKIE['hubspotutk']) ? $_COOKIE['hubspotutk'] : null;
|
||||
|
||||
$postData = [
|
||||
'fields' => [
|
||||
[ 'name' => 'liczba_transakcji_miesiecznie', 'value' => $_POST['monthly_transactions'] ],
|
||||
[ 'name' => 'liczba_sklepow_stacjonarnych', 'value' => $_POST['stationary_stores'] ],
|
||||
[ 'name' => 'liczba_sklepow_lub_wersji_jezykowych', 'value' => $_POST['language_versions'] ],
|
||||
[ 'name' => 'email', 'value' => $_POST['email'] ],
|
||||
[ 'name' => 'firstname', 'value' => $_POST['firstname'] ],
|
||||
[ 'name' => 'phone', 'value' => $_POST['phone'] ]
|
||||
],
|
||||
'context' => [
|
||||
'hutk' => $hubspotutk,
|
||||
'pageUri' => 'https://zaufane.pl/',
|
||||
'pageName' => 'zaufane.pl'
|
||||
],
|
||||
'legalConsentOptions' => [
|
||||
'consent' => [
|
||||
'content' => 'By submitting this form, you agree that we may use the data you provide to contact you with information related to your request/submission and the relevant LinkedIn product. If you are a LinkedIn member, you can control the messages you receive from LinkedIn in your settings. If you are a guest, you can unsubscribe from LinkedIn marketing emails at any time by clicking the unsubscribe link in the email. To learn more, see LinkedIn\'s Privacy Policy.',
|
||||
'consentToProcess' => true,
|
||||
'text' => 'I agree to the processing of my personal data by LinkedIn.',
|
||||
'communications' => [
|
||||
[
|
||||
'value' => true,
|
||||
'subscriptionTypeId' => 8383894,
|
||||
'text' => 'I agree to receive marketing communications from LinkedIn.'
|
||||
]
|
||||
]
|
||||
]
|
||||
]
|
||||
]
|
||||
];
|
||||
];
|
||||
|
||||
$jsonData = json_encode($postData);
|
||||
$jsonData = json_encode($postData);
|
||||
|
||||
$ch = curl_init($hubspot_url);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
|
||||
curl_setopt($ch, CURLOPT_POST, true);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
|
||||
$ch = curl_init($hubspot_url);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
|
||||
curl_setopt($ch, CURLOPT_POST, true);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
|
||||
|
||||
$response = curl_exec($ch);
|
||||
$response = curl_exec($ch);
|
||||
|
||||
if ($response === false) {
|
||||
$error = curl_error($ch);
|
||||
echo "cURL Error: $error";
|
||||
} else {
|
||||
$responseData = json_decode($response, true);
|
||||
if (isset($responseData['inlineMessage'])) {
|
||||
echo "<div id='custom-form-response'><p>" . $responseData['inlineMessage'] . '</p></div>';
|
||||
} else {
|
||||
echo "<div id='custom-form-response'><p>" . $response . '</p></div>';
|
||||
}
|
||||
}
|
||||
curl_close($ch);
|
||||
// --- KONIEC KODU HUBSPOT ---
|
||||
?>
|
||||
<script class="footer">
|
||||
$(document).ready(function() {
|
||||
$('#custom-form').remove()
|
||||
})
|
||||
</script>
|
||||
<?php
|
||||
} else {
|
||||
// echo "<div id='custom-form-response'><p>Weryfikacja antyspamowa nie powiodła się. Spróbuj ponownie.</p></div>";
|
||||
}
|
||||
} else {
|
||||
// echo "<div id='custom-form-response'><p>Błąd weryfikacji formularza.</p></div>";
|
||||
if ($response === false) {
|
||||
$error = curl_error($ch);
|
||||
echo "cURL Error: $error";
|
||||
} else {
|
||||
$responseData = json_decode($response, true);
|
||||
if (isset($responseData['inlineMessage'])) {
|
||||
echo "<div id='custom-form-response'><p>" . $responseData['inlineMessage'] . '</p></div>';
|
||||
} else {
|
||||
echo "<div id='custom-form-response'><p>" . $response . '</p></div>';
|
||||
}
|
||||
}
|
||||
curl_close($ch);
|
||||
// --- KONIEC KODU HUBSPOT ---
|
||||
?>
|
||||
<script class="footer">
|
||||
$(document).ready(function() {
|
||||
$('#custom-form').remove()
|
||||
})
|
||||
</script>
|
||||
<?php
|
||||
} else {
|
||||
// echo "<div id='custom-form-response'><p>Weryfikacja antyspamowa nie powiodła się. Spróbuj ponownie.</p></div>";
|
||||
}
|
||||
} else {
|
||||
// echo "<div id='custom-form-response'><p>Błąd weryfikacji formularza.</p></div>";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (ANTISPAM_CSRF) {
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(16));
|
||||
}
|
||||
$form_time = time();
|
||||
?>
|
||||
|
||||
<form method="POST" action="" id="custom-form">
|
||||
<input type="hidden" name="action" value="home_page_form_send">
|
||||
|
||||
<input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response-home">
|
||||
|
||||
<?php if (ANTISPAM_HONEYPOT): ?>
|
||||
<input type="text" name="company_website" tabindex="-1" autocomplete="off" style="display:none">
|
||||
<?php endif; ?>
|
||||
<?php if (ANTISPAM_TIME): ?>
|
||||
<input type="hidden" name="form_time" value="<?= $form_time ?>">
|
||||
<?php endif; ?>
|
||||
<?php if (ANTISPAM_CSRF): ?>
|
||||
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||
<?php endif; ?>
|
||||
|
||||
<div class="f-row">
|
||||
<p><strong>Średnia liczba transakcji miesięcznie:</strong></p>
|
||||
|
||||
Reference in New Issue
Block a user