Closed Thread Icon

Topic awaiting preservation: Secure Form Mail Script (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=12846" title="Pages that link to Topic awaiting preservation: Secure Form Mail Script (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Secure Form Mail Script <span class="small">(Page 1 of 1)</span>\

 
tgullett
Obsessive-Compulsive (I) Inmate

From: Lexington, Kentucky, USA
Insane since: Jun 2003

posted posted 08-04-2003 04:37

Can anyone help me out. I am not sure if this formmail script is secure enough to keep spammers from using it. What could i do to prevent this.

Thanks
/TCG

code:
<?

include("header.php");

?>

<table cellpadding="8" cellspacing="0" border="0" width="585">

<tr>

<td valign="top" align="right"><img src="images/hdr_contact.gif" width="441" height="52" alt="" border="0"></td>

</tr>

</table>

<table cellpadding="8" cellspacing="0" border="0" width="585">

<tr>

<td valign="top">
<?

error_reporting(E_ERROR);

$body = "XXXXX\n\nSubmitted by a user from IP address: $REMOTE_ADDR\n\n";

foreach($HTTP_POST_VARS as $key => $value)

{
$body .= "$key -> \"$value\"\n";
}


if (mail($to, $subject, $body)) {
?>

<br><p class="copy"><b>Thank You!</b></p><br>

<?

} else {

?>

ERROR: Please contact system administrator.

<?

}

?>

</td>

</tr>

</table>
<?

include("footer.php");

?>



Thomas Chase Gullett
tgullett@elinkdesign.com

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 08-04-2003 10:15

You need to implement referrer check, so that script can only be called from pages that are part of your web site and not from others, which may misuse your script...


Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 08-04-2003 11:47

unfortunatly, a referer can be easily forged.

I'd suggest you hard code the receiving address... that way only that address could be spammed.

« BackwardsOnwards »

Show Forum Drop Down Menu