diff --git a/templates_user/home-page-form.php b/templates_user/home-page-form.php
index 268e253..0a43ecc 100644
--- a/templates_user/home-page-form.php
+++ b/templates_user/home-page-form.php
@@ -1,101 +1,159 @@
= ANTISPAM_MIN_TIME;
+}
+
+function antispam_csrf()
+{
+ if (!ANTISPAM_CSRF) return true;
+
+ if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])) return false;
+
+ return hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']);
+}
+
+
if ( \S::get('action') == 'home_page_form_send' )
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
- // NOWE KLUCZE V3
- $recaptchaSecret = '6Lf1XC8sAAAAAIokP1OHFj8W-jdJp3xj6e0NYO6Z';
- $recaptchaResponse = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : null;
+ // === ANTISPAM CHECKS ===
+ if (
+ !antispam_honeypot() ||
+ !antispam_time() ||
+ !antispam_csrf()
+ ) {
+ error_log('SPAM blocked: '. $_SERVER['REMOTE_ADDR']);
+ $ALLOW_SUBMIT = false;
+ }
- if ($recaptchaResponse) {
- // Weryfikacja
- $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaSecret}&response={$recaptchaResponse}");
- $responseKeys = json_decode($response, true);
+ if ($ALLOW_SUBMIT) {
+ // NOWE KLUCZE V3
+ $recaptchaSecret = '6Lf1XC8sAAAAAIokP1OHFj8W-jdJp3xj6e0NYO6Z';
+ $recaptchaResponse = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : null;
- // Próg wiarygodności (0.5)
- $minScore = 0.5;
+ if ($recaptchaResponse) {
+ // Weryfikacja
+ $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaSecret}&response={$recaptchaResponse}");
+ $responseKeys = json_decode($response, true);
- // Sprawdzamy Success oraz Score
- if ($responseKeys["success"] && isset($responseKeys["score"]) && $responseKeys["score"] >= $minScore) {
+ // Próg wiarygodności (0.5)
+ $minScore = 0.5;
- // --- KOD HUBSPOT (bez zmian) ---
- $hubspot_url = "https://api.hsforms.com/submissions/v3/integration/submit/7094950/8ad893c2-2f25-4cb0-b929-6565bf6cde01";
- $hubspotutk = isset($_COOKIE['hubspotutk']) ? $_COOKIE['hubspotutk'] : null;
+ // Sprawdzamy Success oraz Score
+ if ($responseKeys["success"] && isset($responseKeys["score"]) && $responseKeys["score"] >= $minScore) {
- $postData = [
- 'fields' => [
- [ 'name' => 'liczba_transakcji_miesiecznie', 'value' => $_POST['monthly_transactions'] ],
- [ 'name' => 'liczba_sklepow_stacjonarnych', 'value' => $_POST['stationary_stores'] ],
- [ 'name' => 'liczba_sklepow_lub_wersji_jezykowych', 'value' => $_POST['language_versions'] ],
- [ 'name' => 'email', 'value' => $_POST['email'] ],
- [ 'name' => 'firstname', 'value' => $_POST['firstname'] ],
- [ 'name' => 'phone', 'value' => $_POST['phone'] ]
- ],
- 'context' => [
- 'hutk' => $hubspotutk,
- 'pageUri' => 'https://zaufane.pl/',
- 'pageName' => 'zaufane.pl'
- ],
- 'legalConsentOptions' => [
- 'consent' => [
- 'content' => 'By submitting this form, you agree that we may use the data you provide to contact you with information related to your request/submission and the relevant LinkedIn product. If you are a LinkedIn member, you can control the messages you receive from LinkedIn in your settings. If you are a guest, you can unsubscribe from LinkedIn marketing emails at any time by clicking the unsubscribe link in the email. To learn more, see LinkedIn\'s Privacy Policy.',
- 'consentToProcess' => true,
- 'text' => 'I agree to the processing of my personal data by LinkedIn.',
- 'communications' => [
- [
- 'value' => true,
- 'subscriptionTypeId' => 8383894,
- 'text' => 'I agree to receive marketing communications from LinkedIn.'
+ // --- KOD HUBSPOT (bez zmian) ---
+ $hubspot_url = "https://api.hsforms.com/submissions/v3/integration/submit/7094950/8ad893c2-2f25-4cb0-b929-6565bf6cde01";
+ $hubspotutk = isset($_COOKIE['hubspotutk']) ? $_COOKIE['hubspotutk'] : null;
+
+ $postData = [
+ 'fields' => [
+ [ 'name' => 'liczba_transakcji_miesiecznie', 'value' => $_POST['monthly_transactions'] ],
+ [ 'name' => 'liczba_sklepow_stacjonarnych', 'value' => $_POST['stationary_stores'] ],
+ [ 'name' => 'liczba_sklepow_lub_wersji_jezykowych', 'value' => $_POST['language_versions'] ],
+ [ 'name' => 'email', 'value' => $_POST['email'] ],
+ [ 'name' => 'firstname', 'value' => $_POST['firstname'] ],
+ [ 'name' => 'phone', 'value' => $_POST['phone'] ]
+ ],
+ 'context' => [
+ 'hutk' => $hubspotutk,
+ 'pageUri' => 'https://zaufane.pl/',
+ 'pageName' => 'zaufane.pl'
+ ],
+ 'legalConsentOptions' => [
+ 'consent' => [
+ 'content' => 'By submitting this form, you agree that we may use the data you provide to contact you with information related to your request/submission and the relevant LinkedIn product. If you are a LinkedIn member, you can control the messages you receive from LinkedIn in your settings. If you are a guest, you can unsubscribe from LinkedIn marketing emails at any time by clicking the unsubscribe link in the email. To learn more, see LinkedIn\'s Privacy Policy.',
+ 'consentToProcess' => true,
+ 'text' => 'I agree to the processing of my personal data by LinkedIn.',
+ 'communications' => [
+ [
+ 'value' => true,
+ 'subscriptionTypeId' => 8383894,
+ 'text' => 'I agree to receive marketing communications from LinkedIn.'
+ ]
]
]
]
- ]
- ];
+ ];
- $jsonData = json_encode($postData);
+ $jsonData = json_encode($postData);
- $ch = curl_init($hubspot_url);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
+ $ch = curl_init($hubspot_url);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
+ curl_setopt($ch, CURLOPT_POST, true);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
- $response = curl_exec($ch);
+ $response = curl_exec($ch);
- if ($response === false) {
- $error = curl_error($ch);
- echo "cURL Error: $error";
- } else {
- $responseData = json_decode($response, true);
- if (isset($responseData['inlineMessage'])) {
- echo "';
- } else {
- echo "';
- }
- }
- curl_close($ch);
- // --- KONIEC KODU HUBSPOT ---
- ?>
-
- Weryfikacja antyspamowa nie powiodła się. Spróbuj ponownie.
";
- }
- } else {
- // echo "";
+ if ($response === false) {
+ $error = curl_error($ch);
+ echo "cURL Error: $error";
+ } else {
+ $responseData = json_decode($response, true);
+ if (isset($responseData['inlineMessage'])) {
+ echo "';
+ } else {
+ echo "';
+ }
+ }
+ curl_close($ch);
+ // --- KONIEC KODU HUBSPOT ---
+ ?>
+
+ Weryfikacja antyspamowa nie powiodła się. Spróbuj ponownie.
";
+ }
+ } else {
+ // echo "";
+ }
}
}
}
+
+if (ANTISPAM_CSRF) {
+ $_SESSION['csrf_token'] = bin2hex(random_bytes(16));
+}
+$form_time = time();
?>