1 | <?php |
---|
2 | /** |
---|
3 | * technikum29 translation system submission for AJAX calls. |
---|
4 | * September 2010, Quick and dirty |
---|
5 | **/ |
---|
6 | |
---|
7 | function get($var, $default=false, $valids=null, $do_not_check_for_bad_input=false) { |
---|
8 | $value = isset($_POST[$var]) ? $_POST[$var] : $default; |
---|
9 | if(isset($valids) && !in_array($value, $valids)) $value = $default; |
---|
10 | if(preg_match('/<(\s*)(script|style)|php|javascript|on[a-z]=/i', $value)) { |
---|
11 | // bad content! Exit immediately. |
---|
12 | header("HTTP/1.1 400 Bad Request"); |
---|
13 | print "Illegal value for '$var'. Please contact the staff."; |
---|
14 | exit(); |
---|
15 | } |
---|
16 | return $value; |
---|
17 | } |
---|
18 | |
---|
19 | $source = get("source", false, array('ajax')); |
---|
20 | $page = get("page"); |
---|
21 | $node = get("node"); |
---|
22 | $initial_text = get("initial_text"); |
---|
23 | $initial_html = get("initial_html"); |
---|
24 | $new_text = get("new_text"); |
---|
25 | $new_html = get("new_html"); |
---|
26 | $user_name = get("user_name", "not given"); |
---|
27 | $user_loc = get("user_loc", "not given"); |
---|
28 | |
---|
29 | // spamschutz |
---|
30 | if(!$source) { |
---|
31 | header("HTTP/1.1 400 Bad Request"); |
---|
32 | print "Only AJAX driven calls are allowed."; |
---|
33 | exit; |
---|
34 | } |
---|
35 | |
---|
36 | // some intermediates |
---|
37 | $pagename = preg_match("#/([^/]+?)(\.[a-z]+)?$#i", $page, $pageparts) ? $pageparts[1] : false; |
---|
38 | |
---|
39 | // setup mail |
---|
40 | $to = "sven@, heribert@"; |
---|
41 | $to = str_replace('@', "@technikum29.de", $to); // spamschutz (svn!) |
---|
42 | $subject = "t29 translation submission"; |
---|
43 | if($pagename) $subject .= " for $pagename"; |
---|
44 | $message = <<<HERE |
---|
45 | This ist technikum29 translation system at /en/dev/translation/submit.php form mailer. |
---|
46 | A user translated, using $source, |
---|
47 | Page: $page |
---|
48 | Node: $node |
---|
49 | |
---|
50 | New Plain Text is: |
---|
51 | |
---|
52 | ----------------------- START OF USER TEXT ------------------------------------ |
---|
53 | $new_text |
---|
54 | ------------------------ END OF USER TEXT ------------------------------------- |
---|
55 | |
---|
56 | Versus old Plaintext was: |
---|
57 | |
---|
58 | ----------------------- START OF OLD TEXT ------------------------------------ |
---|
59 | $initial_text |
---|
60 | ------------------------ END OF OLD TEXT ------------------------------------- |
---|
61 | |
---|
62 | New HTML is: |
---|
63 | |
---|
64 | ------------------------ START OF USER HTML ----------------------------------- |
---|
65 | $new_html |
---|
66 | ------------------------ END OF USER HTML ------------------------------------- |
---|
67 | |
---|
68 | Old HTML was: |
---|
69 | |
---|
70 | ------------------------ START OF OLD HTML ----------------------------------- |
---|
71 | $initial_html |
---|
72 | ------------------------ END OF OLD HTML ------------------------------------- |
---|
73 | |
---|
74 | Something about the user: |
---|
75 | |
---|
76 | Referer: $_SERVER[HTTP_REFERER] |
---|
77 | Agent: $_SERVER[HTTP_USER_AGENT] |
---|
78 | IP: $_SERVER[REMOTE_ADDR] |
---|
79 | |
---|
80 | User given credentials: |
---|
81 | |
---|
82 | Name: $user_name |
---|
83 | Loc: $user_loc |
---|
84 | HERE; |
---|
85 | |
---|
86 | // Send mail right now |
---|
87 | |
---|
88 | if(mail($to, $subject, $message, "From: t29-translation-www"."@technikum29.de")) { |
---|
89 | // mail successfully sent |
---|
90 | print "Mail successfully sent :)"; |
---|
91 | } else { |
---|
92 | // error at mail sending!!! |
---|
93 | header("HTTP/1.1 500 Internal Server Error"); |
---|
94 | print "I'm sorry, I could not mail your text to the developer team."; |
---|
95 | } |
---|
96 | |
---|
97 | |
---|