Topic awaiting preservation: Secure Form Mail Script (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12846" title="Pages that link to Topic awaiting preservation: Secure Form Mail Script (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Secure Form Mail Script <span class="small">(Page 1 of 1)</span>\$

tgullett Obsessive-Compulsive (I) Inmate From: Lexington, Kentucky, USA Insane since: Jun 2003	posted 08-04-2003 04:37 Can anyone help me out. I am not sure if this formmail script is secure enough to keep spammers from using it. What could i do to prevent this. Thanks /TCG code: <? include("header.php"); ?> <table cellpadding="8" cellspacing="0" border="0" width="585"> <tr> <td valign="top" align="right"><img src="images/hdr_contact.gif" width="441" height="52" alt="" border="0"></td> </tr> </table> <table cellpadding="8" cellspacing="0" border="0" width="585"> <tr> <td valign="top"> <? error_reporting(E_ERROR); $body = "XXXXX\n\nSubmitted by a user from IP address: $REMOTE_ADDR\n\n"; foreach($HTTP_POST_VARS as $key => $value) { $body .= "$key -> \"$value\"\n"; } if (mail($to, $subject, $body)) { ?> <br><p class="copy"><b>Thank You!</b></p><br> <? } else { ?> ERROR: Please contact system administrator. <? } ?> </td> </tr> </table> <? include("footer.php"); ?> Thomas Chase Gullett tgullett@elinkdesign.com
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 08-04-2003 10:15 You need to implement referrer check, so that script can only be called from pages that are part of your web site and not from others, which may misuse your script...
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 08-04-2003 11:47 unfortunatly, a referer can be easily forged. I'd suggest you hard code the receiving address... that way only that address could be spammed.

Topic awaiting preservation: Secure Form Mail Script (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12846" title="Pages that link to Topic awaiting preservation: Secure Form Mail Script (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Secure Form Mail Script <span class="small">(Page 1 of 1)</span>\$

tgullett
Obsessive-Compulsive (I) Inmate

From: Lexington, Kentucky, USA
Insane since: Jun 2003

posted 08-04-2003 04:37

Can anyone help me out. I am not sure if this formmail script is secure enough to keep spammers from using it. What could i do to prevent this.

Thanks
/TCG

code:

<?



include("header.php");



?>



<table cellpadding="8" cellspacing="0" border="0" width="585">



<tr>



        <td valign="top" align="right"><img src="images/hdr_contact.gif" width="441" height="52" alt="" border="0"></td>



</tr>



</table>



<table cellpadding="8" cellspacing="0" border="0" width="585">



<tr>



        <td valign="top">

<?



error_reporting(E_ERROR);



$body = "XXXXX\n\nSubmitted by a user from IP address: $REMOTE_ADDR\n\n";



foreach($HTTP_POST_VARS as $key => $value)



{

        $body .= "$key -> \"$value\"\n";

}





if (mail($to, $subject, $body)) {

?>



<br><p class="copy"><b>Thank You!</b></p><br>



<?



} else {



?>



ERROR: Please contact system administrator.



<?



}



?>



</td>



</tr>



</table>

<?



include("footer.php");



?>

Thomas Chase Gullett
tgullett@elinkdesign.com

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 08-04-2003 10:15

You need to implement referrer check, so that script can only be called from pages that are part of your web site and not from others, which may misuse your script...

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 08-04-2003 11:47

unfortunatly, a referer can be easily forged.

I'd suggest you hard code the receiving address... that way only that address could be spammed.

Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
*WARNING* BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail

Maximum Security

OZONE

DHTML/Javascript

Server-Side Scripting - Oh my!

CSS - DOM - XHTML - XML - XSL - XSLT

Stupid Basic HTML

Visual Therapy

Photoshop

Photoshop Pong, Anyone?

***WARNING*** BIG SIG APPROACHING

Photography

3D Modelling & Rendering