<?php

//ftp credentials for test purpouses
$ftpserver = "ftp.drivehq.com";
$ftppath   = "/";


//include the FTPTransfer class
//include_once('class/ftptransfer.inc.php');
//include the autoload function
include_once('includes/init.inc.php');

//session_start();

set_time_limit(0);
ini_set("memory_limit","-1");
define('MAXIMUM_UPLOAD_LIMIT', '157286400'); //157286400 bytes 150 MB
define('ADMIN_EMAIL_IDS', 'all@avlab.comodo.com');
define('FROM_EMAIL_ID', 'submission-alert@avlab.comodo.com');

//init vars
$submission_type  = '';  //0-Malware-Suspicious; 1-False-Positive
$malware_name     = '';  //in case of false-positive
$email            = '';  
$comments         = '';


$ftp_port         = '';  //the FTP port to be used by submission_type

$remote_file_name = '';  //Remote filename format - SHA1Checksum SourceID SubmitterName EmailAddress RealSampleName

$remote_dir       = '';  //if this variable is empty the root folder will be used for upload to FTP

$ftpuser   		  = "denisr";                //user and pass ftp_user
$ftppass 		  = "super_parola";            

$valid 			  = '';

$error 			  = false;
$errorMessage 	  = array();

$emailBody        = '';

if($_FILES)
{
	//check the form's entries
	$valid = validateFormEntries($_POST);

	//false means the form's input are all valid and the files have been uploaded to the temp folder successfully
	if( false == $valid )
	{	
	  $submission_type = $_POST['submission_type'] == 'false-positive-submission' ? '1' : '0';
	  $malware_name    = $_POST['submission_type'] == 'false-positive-submission' ? trim(strip_tags($_POST['malware_name'])) : '';
	  $email           = trim($_POST['email']);
	  $comments        = trim(strip_tags($_POST['comments']));
	
      //configuring the FTP class		
	  $ftpTransfer = new FTPTransfer();
	  //setup the FTP 	
	  $ftpTransfer->setOptions('ftpHost',$ftpserver);
	  //configuring the port according to malware or false-positive submission
	  $submission_type == 0 ? $ftpTransfer->setOptions('ftpPort','21') :  $ftpTransfer->setOptions('ftpPort','21'); //215 - Malware/Suspicious, 2110 - False-Positive
	  $ftpTransfer->setOptions('ftpUserName',$ftpuser);
	  $ftpTransfer->setOptions('ftpPass', $ftppass);

		for($i=0; $i < count($_FILES['upload']['name']); $i++)
		{
			//check the size and add the files to be transferred to FTP
			if( $_FILES['upload']['size'][$i] <= MAXIMUM_UPLOAD_LIMIT )
			{
				//create the remote file name according to specification
				$remote_file_name = sha1_file($_FILES['upload']['tmp_name'][$i]) . " 4 webinterface " . $email . " " . $_FILES['upload']['name'][$i];
			
				//retrieve the temporary file name
				$localfile = $_FILES['upload']['tmp_name'][$i];
				//add the files to the queue list
				$ftpTransfer->addFiles(array('local_file'=>$localfile, 'remote_file_name'=>$remote_file_name, "submission_type"=>$submission_type));
				//submit the files
				//expected result for success is 0(zero)
				if($ftpTransfer->submitFiles())
				{
					//an error occured during ftp transfer
					//pack and submit it back to the user
					echo '{ "error": "true", "msg" : "' . $ftpTransfer->getLastError() . '"}';
				}else{
					$submittedFiles[] = $_FILES['upload']['name'][$i] .'=>'. $remote_file_name;
				}
			}else{
			
				echo '{ "error": "true", "msg" : "Please submit files smaller then' . MAXIMUM_UPLOAD_LIMIT . '"}';
			}
		}

		if($submission_type == 1)
		{ 
			$subject	= 'False-positive submission'; 
			$body		= 'Malware name: ' . strip_tags($_POST['malware_name']) . "\n";
		}else{  $subject	= 'Malware/Suspicious sample submission'; };
		
		$body .= "Submitted files: \n\n";
		foreach($submittedFiles as $file)
			$body .= '--'. $file . "\n";
		$body .= "\nUser e-mail: " . strip_tags($_POST['email']) ."\n";
		$body .= "User comments: \n" . strip_tags($_POST['comments']) . "\n";
		
		if (!sendEmail(ADMIN_EMAIL_IDS, FROM_EMAIL_ID, $subject, $body, $headers='') )
		{
			echo '{ "error": "true", "msg" : "There was a problem sending email."}';
			return;
		}

		//if upload was successfull and email was successfull
		//send reply ok
		echo '{ "error": "false", "msg" : "" }';
	}
	else{
		$errors = implode("|", $errorMessage);
		//return to page and display error messages
		echo '{ "error": "true", "msg" : "' . $errors . '" }';
	}

}else{
  //return to page and display error message no files were uploaded
  echo '{ "error": "true", "msg" : "Please select at least one file to submit or check if the file can be opened." }';
}


//form submission validation
function validateFormEntries($data)
{
	global $error;
	global $errorMessage;
	
	$zeroSize = '';
	
	//check if email address is valid 
	if(!preg_match("/^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", $data['email']))
	{ 
		$error = true;
		$errorMessage[] = 'Please enter a valid e-mail address.';
	}
	
	//check if the page is the false-positive submission and if user entered the malware name
	if( $data['submission_type'] == 'false-positive-submission' && $data['malware_name'] == '')
	{
		$error = true;
		$errorMessage[] = 'Please enter malware name.';
	}
	
	//check if user agreed to the TOS
	if( ($data['terms']) != 'on' )
	{
		$error = true;
		$errorMessage[] = 'Please read and agree to the terms and conditions.';
	}
	
	//check if user selected atleast one file for upload
	if( !isset($_FILES) )
	{
		$error = true;
		$errorMessage[] = "Please select a file to upload.";
	}else{
		for($i=0; $i < count($_FILES['upload']['name']); $i++)
		{
			if($_FILES['upload']['size'][$i] <= 0 && $_FILES['upload']['name'][$i] != '')
			{
				$zeroSize = true;
				break;
			}
		}
			
		if( true == $zeroSize )
		{
			$error = true;
			$errorMessage[] = 'Please upload files with a size greater than 0 bytes.';
		}	
	}

	return $error;
}

function sendEmail($to, $from, $subject, $body, $headers='')
{
	$header = 'From: ' . $from . "\r\n";
	if(!$headers)
		$header .= 'X-Mailer: TC-WebForm-/'. TCVersion;
	
	return mail('denisr@comodo.com', $subject, $body, $header);
	
}
?>