From 416d776e7243a942b21151cc503ab44830dec6ca Mon Sep 17 00:00:00 2001
From: INOPIAE <inopiae@cacert.org>
Date: Wed, 12 Dec 2012 00:29:01 +0100
Subject: bug 792:layout in forms, code in www/account.php

---
 pages/account/40.php |  6 +++---
 pages/index/11.php   |  4 ++--
 www/account.php      | 43 ++++++++++++++++++++++---------------------
 www/index.php        |  1 -
 4 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/pages/account/40.php b/pages/account/40.php
index 04d628e..ad78697 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -27,7 +27,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
 <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
 <p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
 <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
-<form method="post" action="index.php" name="form1">
+<form method="post" action="account.php" name="form1">
   <input type="hidden" name="oldid" value="<?=$id?>">
 <!--   <input type="hidden" name="support" value="yes"> --> 
   <input type="hidden" name="secrethash2" value="">
@@ -42,8 +42,8 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
     <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr>
 
     <tr>
-      <td colspan="2" width="200"><font color="#ff0000"><?=_("Warning: Please do not use send to mailing list when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
-      <td colspan="2" width="200"><?=_("For confidential data use send to support.")?></font></td>
+      <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use send to mailing list when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
+      <td colspan="2"><?=_("For confidential data use send to support.")?></font></td>
     </tr>
     <tr>
       <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td>
diff --git a/pages/index/11.php b/pages/index/11.php
index 95488b7..8a52c10 100644
--- a/pages/index/11.php
+++ b/pages/index/11.php
@@ -42,8 +42,8 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
     <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr>
 
     <tr>
-      <td colspan="2" width="200"><font color="#ff0000"><?=_("Warning: Please do not use send to mailing list when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
-      <td colspan="2" width="200"><?=_("For confidential data use send to support.")?></font></td>
+      <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use send to mailing list when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
+      <td colspan="2"><?=_("For confidential data use send to support.")?></font></td>
     </tr>
     <tr>
       <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td>
diff --git a/www/account.php b/www/account.php
index 0b32c2c..3f115e0 100644
--- a/www/account.php
+++ b/www/account.php
@@ -25,34 +25,35 @@
 	} else if($id == 19) {
 		include_once("../pages/account/19.php");
 		exit;
-	} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] != "yes") {
-		$who = stripslashes($_REQUEST['who']);
-		$email = stripslashes($_REQUEST['email']);
-		$subject = stripslashes($_REQUEST['subject']);
-		$message = stripslashes($_REQUEST['message']);
-
-                $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
-
-		sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, $email, "", "CAcert Website");
-                showheader(_("Welcome to CAcert.org"));
-                echo _("Your message has been sent.");
-                showfooter();
-                exit;
-	} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] == "yes") {
+	} else if($oldid == 40 && $_REQUEST['process'] != "") {
 		$who = stripslashes($_REQUEST['who']);
 		$email = stripslashes($_REQUEST['email']);
 		$subject = stripslashes($_REQUEST['subject']);
 		$message = stripslashes($_REQUEST['message']);
 
+		//check for spam via honeypot
+		if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){ 
+			echo _("Form could not be send.");
+			showfooter();
+			exit;
+		}
 
-                $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
+		$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
+		if (isset($process[0])){
+			sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
+			showheader(_("Welcome to CAcert.org"));
+			echo _("Your message has been sent to the general support list.");
+			showfooter();
+			exit;
+		}
+		if (isset($process[1])){
+			sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
+			showheader(_("Welcome to CAcert.org"));
+			echo _("Your message has been sent.");
+			showfooter();
+			exit;
+		}
 
-                sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert Website");
-		
-                showheader(_("Welcome to CAcert.org"));
-                echo _("Your message has been sent to the general support list.");
-                showfooter();
-                exit;
 	} else if($id == 51 && $_GET['img'] == "show") {
 		$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
 		$res = mysql_query($query);
diff --git a/www/index.php b/www/index.php
index f203d61..3cddb47 100644
--- a/www/index.php
+++ b/www/index.php
@@ -614,7 +614,6 @@ require_once('../includes/lib/l10n.php');
 	{
 		$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
 		if (isset($process[0])){
-			$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
 			sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
 			showheader(_("Welcome to CAcert.org"));
 			echo _("Your message has been sent to the general support list.");
-- 
cgit v1.2.1