diff --git a/index.php b/index.php
index f12d0ce..ff5bb7a 100644
--- a/index.php
+++ b/index.php
@@ -37,10 +37,20 @@ if (isset($_GET['v'])) {
$title = isset($_GET['t']) ? $_GET['t'] : '';
$version = isset($_GET['v']) ? $_GET['v'] : '';
$xpath = isset($_GET['q']) ? $_GET['q'] : '';
- $filtered_email = filter_var($email, FILTER_VALIDATE_EMAIL);
$filtered_version = filter_var($version, FILTER_VALIDATE_INT);
$filtered_url = filter_var($url, FILTER_VALIDATE_URL);
- if ($filtered_email !== false && $filtered_version !== false && $filtered_url !== false) {
+ if ($filtered_version !== false && $filtered_url !== false) {
+ //ADDING STATS
+ include "XMLSQL.php";
+ $stats = new XMLSQL('emails.xml');
+ $filtered_email = $stats->select(['email'])->from('email')->where(null, ['token' => $email])->query();
+ if (empty($filtered_email)) {
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Invalid token"); });', $_SERVER['HTTP_HOST']);
+ // TODO log for fail2ban
+ exit;
+ } else {
+ $filtered_email = current($filtered_email);
+ }
$content = '';
$f = $xpath != '' ? @DomDocument::loadHTMLFile($url) : false;
if ($f) {
@@ -59,7 +69,7 @@ if (isset($_GET['v'])) {
$mail = new PHPMailer(true);
$mail->setFrom($config['from_email'], $config['from_name']);
$mail->Subject = 'A new article to read : ' . $title;
- $mail->addAddress($email);
+ $mail->addAddress($filtered_email);
if (!empty($config['bcc'])) {
$mail->addBCC($config['bcc']);
}
@@ -68,49 +78,43 @@ if (isset($_GET['v'])) {
else
$mail->Body = '
' . nl2br($body) . '
';
if ($mail->send()) {
- echo 'loadScript("//' . $_SERVER['HTTP_HOST'].'/js/alertify.min.js",
-function() { alertify.alert("Email Sent."); });';
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Email Sent."); });', $_SERVER['HTTP_HOST']);
} else {
- echo ':(';
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Problem while sending email. Sorry."); });', $_SERVER['HTTP_HOST']);
}
} catch (phpmailerException $et) {
- echo 'alert("Error from sendmail :(");';
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Error from sendmail :("); });', $_SERVER['HTTP_HOST']);
exit;
} catch (Exception $ep) {
- echo 'alert("Email from SMTP :(");';
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Email from SMTP :("); });', $_SERVER['HTTP_HOST']);
exit;
}
} else {
- if ($filtered_email === false) {
- echo 'alert("Invalid Email");';
- }
if ($filtered_version === false) {
- echo 'alert("Invalid Version");';
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Invalid Version"); });', $_SERVER['HTTP_HOST']);
}
if ($filtered_url === false) {
- echo 'alert("Invalid URL");';
+ echo sprintf('loadScript("//%s/js/alertify.min.js",function() { alertify.alert("Invalid URL"); });', $_SERVER['HTTP_HOST']);
}
}
} else if (isset($_POST['email'])) {
$filtered_email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if ($filtered_email !== false) {
- if ($_POST['html'] == 'on') { // bookmarklet pour l'envoi en HTML
- $include = 'Bookmark by email';
- } else { // bookmarklet pour l'envoi normal
- $include = "Bookmark by email";
- }
-
+ $token = bin2hex(random_bytes(72));
//ADDING STATS
include "XMLSQL.php";
$stats = new XMLSQL('emails.xml');
- $stats->insert(array('ip' => getenv('REMOTE_ADDR'), 'date' => date('d/m/Y'), 'email' => $_POST['email']))->into('emails')->query();
-
+ $stats->insert(array('ip' => getenv('REMOTE_ADDR'), 'date' => date('d/m/Y'), 'token' => $token, 'email' => $_POST['email']))->into('emails')->query();
+ if ($_POST['html'] == 'on') { // bookmarklet pour l'envoi en HTML
+ $include = 'Bookmark by email';
+ } else { // bookmarklet pour l'envoi normal
+ $include = "Bookmark by email";
+ }
} else {
$include = 'Invalid email. Please go back
';
}
include 'template.php';
-
} else {
$include = '