· 5 years ago · Feb 06, 2020, 01:40 AM
1######################################### #
2# Operation CasionLeaks 2020 SkillonNet #
3# Demands, Data, Source Code, Trust #
4# SKILLONNET.COM CONTACT FORM LEAKED
5# Pay ransom or we leak more
6#########################################
7
8<?php
9Class Email{
10
11 private $secret_key = '6Lc8_zQUAAAAALO6wkWpyJOrDhnUJ9n9ailyhgTJ';
12 private $_request = [];
13 private $_code = 200;
14 private $_include = [
15 'HTTP_USER_AGENT',
16 'REMOTE_ADDR',
17 'REQUEST_METHOD'
18 ];
19
20 public function __construct(){
21
22 if($_SERVER['REQUEST_METHOD'] != "POST"){
23 $this->response("Page not Found", 404);
24 }
25
26 if(empty($_POST)){
27 $_POST = json_decode(file_get_contents('php://input'), true);
28 }
29
30 $this->_request = $this->prepareRequest($_POST);
31
32 foreach ($this->_include as $key => $value) {
33
34 if(!empty($_SERVER[$value])){
35 $this->_request[$value] = $_SERVER[$value];
36 }else{
37 $this->_request[$value] = null;
38 }
39 }
40 }
41
42 public function sendEmail(){
43
44 $this->checkRequest();
45
46 try {
47 $message = "<html>
48 <head>
49 <title>SkillOnNet.com contact form</title>
50 </head>
51 <body>
52 <h4>Contact form details:</h4>
53 <ul>
54 <li>Name: ".$this->_request['name']."</li>
55 <li>Email: ".$this->_request['email']."</li>
56 <li>Company: ".$this->_request['company']."</li>
57 <li>Telephone: ".$this->_request['telephone']."</li>
58 </ul>
59 <h5>Message:</h5>
60 <p>".$this->_request['message']."</p>
61 </body>
62 </html>";
63
64 $to = 'sergio@kpaxmarketing.com';//, tech@kpaxmarketing.com
65 $subject = 'SkillOnNet.com contact form!';
66
67 $headers = 'MIME-Version: 1.0' . "\r\n";
68 $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
69 $headers .= "From: ".$this->_request['name']." <".$this->_request['email']."> \r\n";
70
71 mail($to, $subject, $message, $headers);
72
73 } catch (Exception $e) {
74 $this->response([
75 'message' => $e->getMessage()
76 ], 422);
77 }
78
79 $this->response([
80 'message' => 'Your message sent, We\'ll get back to you within the next 72 hours.'
81 ], 200);
82
83 }
84
85 public function response($data, $status = 200){
86 $this->_code = ($status) ? $status : 200;
87 $this->set_headers();
88 echo json_encode($data);
89 exit();
90 }
91
92 private function checkRequest(){
93 $request = $this->_request;
94
95 if(empty($request['response'])){
96 $this->response([
97 'message' => 'Please ensure that you are a human!'
98 ], 422);
99 }
100
101 if(!$this->checkCaptcha($request['response'])){
102 $this->response([
103 'message' => 'Please ensure that you are a human!'
104 ], 422);
105 }
106
107 if(empty($request['name'])){
108 $this->response([
109 'message' => 'The name field is required.'
110 ], 422);
111 }else{
112 if(!preg_match('/^[\w-]+$/i', $request['name'])){
113 $this->response([
114 'message' => 'The name may only contain letters, numbers, and dashes.'
115 ], 422);
116 }
117 }
118
119 if(empty($request['email'])){
120 $this->response([
121 'message' => 'The email field is required.'
122 ], 422);
123 }else{
124 if(!filter_var($request['email'], FILTER_VALIDATE_EMAIL)){
125 $this->response([
126 'message' => 'The email must be a valid email address.'
127 ], 422);
128 }
129 }
130
131 if(!empty($request['telephone'])){
132 if(!ctype_digit((string)$request['telephone'])){
133 $this->response([
134 'message' => 'The telephone must be a number.'
135 ], 422);
136 }
137 }
138
139 if(!empty($request['company'])){
140 if(!preg_match('/^[\w-]+$/i', $request['company'])){
141 $this->response([
142 'message' => 'The company may only contain letters, numbers, and dashes.'
143 ], 422);
144 }
145 }
146
147 if(empty($request['message'])){
148 $this->response([
149 'message' => 'The message field is required.'
150 ], 422);
151 }else{
152 $length = strlen(trim($request['message']));
153
154 if($length > 500 && $length < 10){
155 $this->response([
156 'message' => 'The message must be between 10 and 500 characters.'
157 ], 422);
158 }
159 }
160 }
161
162 private function checkCaptcha($response){
163
164 $parameters = http_build_query([
165 'secret' => $this->secret_key,
166 'remoteip' => $this->_request['REMOTE_ADDR'],
167 'response' => $response
168 ]);
169
170 $url = 'https://www.google.com/recaptcha/api/siteverify?' . $parameters;
171 $checkResponse = null;
172
173 // prefer curl, but fall back to file_get_contents
174 if (function_exists('curl_version')) {
175
176 $curl = curl_init($url);
177 curl_setopt($curl, CURLOPT_HEADER, false);
178 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
179 curl_setopt($curl, CURLOPT_TIMEOUT, 1);
180
181 $checkResponse = curl_exec($curl);
182
183 } else {
184
185 $checkResponse = file_get_contents($url);
186
187 }
188
189 if (is_null($checkResponse) || empty( $checkResponse )) {
190 return false;
191 }
192
193 $decodedResponse = json_decode($checkResponse, true);
194
195 return $decodedResponse['success'];
196 }
197
198 private function prepareRequest($data){
199 $clean_input = array();
200 if(is_array($data)){
201 foreach($data as $k => $v){
202 $clean_input[$k] = $this->prepareRequest($v);
203 }
204 }else{
205 if(get_magic_quotes_gpc()){
206 $data = trim(stripslashes($data));
207 }
208
209 $data = strip_tags($data);
210 $clean_input = trim($data);
211 }
212
213 return $clean_input;
214 }
215
216 public function getRequest(){
217 return $this->_request;
218 }
219
220 private function set_headers(){
221 header("HTTP/1.1 ".$this->_code." ".$this->status_message());
222 header("Content-Type:application/json");
223 }
224
225 private function status_message(){
226 $status = [
227 200 => 'OK',
228 201 => 'Created',
229 204 => 'No Content',
230 404 => 'Not Found',
231 406 => 'Not Acceptable',
232 422 => 'Unprocessable Entity'
233 ];
234 return ($status[$this->_code])?$status[$this->_code]:$status[500];
235 }
236}
237
238$mail = New Email;
239
240
241$mail->sendEmail();