|
|
Posted by J.O. Aho on 06/03/06 06:23
Varanus wrote:
> I'm attempting to set up a form that subscribes people to a mailing
> list.
>
> The way the mailing list works is the user has to send an e-mail to
> blahblah@blah.com from their e-mail account with "SUBSCRIBE BLAH" in
> the body of the e-mail.
>
> I want to make it easier, and have a form where they just type in their
> e-mail and it subscribes them to the mailing list.
>
>
> It seemed simple enough for me, but I can't seem to get it right.
>
> my PHP code:
> <?
> $email = $_REQUEST['email'];
> $from = "$email";
> $body = "SUBSCRIBE CYPHERLOX";
> mail( "stserv@list.cypherlox.com", $body, $email );
> ?>
As lorento already pointed out, the mail() isn't used the right way, you can
see that in the online manual: http://www.php.net/manual/en/function.mail.php
You have a security issue in your script, the $email/$from can be used to send
extra headers as Cc: and Bcc: which are frequently used by spammers. You need
to filter away those and any extra \r\n. Even if you use limitation in your
form-page, it can be got around by calling the script directly.
//Aho
Navigation:
[Reply to this message]
|