|
|
Posted by Norman Peelman on 12/17/06 14:22
"peter" <submit@flexiwebhost.com> wrote in message
news:em3515$fvj$1@aioe.org...
>
> > Google for 'obfuscate email' and you'll find what you need. Here's
one
> > example:
> >
> > http://www.fingerlakesbmw.org/main/flobfuscate.php
>
> how is that going to to help stop spam on a contact form, that is simply
for
> making it hard for spammers to get your address if you display it on a
> webpage. The ops email is not getting displayed at all.
>
>
My misunderstanding. It's a good thing to know anyway! :) Now what they
are looking for are some simple checks against the form input fields. I
believe someone else provided a link for a good expanation on email
injection. Here is a class
http://framework.zend.com/manual/en/zend.mail.html that says it has some
protection built in. I have found that by using regexs to validate my
email forms I have prevented alot of spam from my sites (well, i've not seen
any anyway). Example:
--validate email--
if (isset($_POST['field1']))
{
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+[a-zA-Z]{2,6}\$";
/*
$pattern =
"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.
)+";
$pattern .= "([aero|biz|coop|com|net]";
$pattern .= "{2,6}[\.]{0,})[ac|ad|ae|af|ag]{0,}\$";
*/
// stop unwanted email hosts here
$unwanted = array(
0 => 'spamhole',
1 => 'mytrashmail',
2 => 'mailexpire',
3 => 'spamgourmet',
4 => 'mailinator',
5 => 'woodyland',
6 => 'spammotel',
7 => 'sneakmail',
8 => 'jetable'
);
foreach($unwanted as $key => $value)
{ // first void unwanted email domains
$value .= '{1}';
if (eregi($value,$_POST['field1']))
{
header('Location: hxxp://www.mydomain.com/error.php?error=5');
exit;
}
}
// now vaildate email if we're still here
if (eregi($pattern,$_POST['field1']))
{// email passed verification
... do your thing here
}
---
Before anyone starts, I know this may or may not be the best 'pattern'
for validating email but, i'm on Windows and I have'nt had much luck with
the workarounds of not being able to use getmxrr(). I'ts close enough for me
(for now).
Norm
--
FREE Avatar hosting at www.easyavatar.com
Navigation:
[Reply to this message]
|