Posted by Seen on 09/14/05 07:05

On Thu, 8 Sep 2005 13:11:11 +0000 (UTC), "Neil McDermott"
<neil.mcdermott@easiserv.com> wrote:

>Hello,
>
>I hope someone can help.
>
>I use a php form to process contact forms on my web sites. Recently I have
>been receiving lots of strange data coming through the contact forms like
>this :
>
>NB. mysite = the actual site that the contact form is on.
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
>From: qsukgmtfqg@mysiteco.uk add to address book
>Return-Path: mysite.co.uk@hosts.co.uk add to blacklist add to whitelist
>Delivery-Date: Thursday, September 8, 2005 2:57 AM
>To: mark@mysite.co.uk
>Subject: Information request
>
>show headers | download source | printable view | back to folder | next
>message Spam score: 0
>
>
>Name : qsukgmtfqg@mysite.co.uk
>
>
>
>Phone : qsukgmtfqg@mysiteco.uk
>
>
>
>Email : qsukgmtfqg@mysiteco.uk
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
>It spoofs the address of the site that the contact form is on. This has
>happened accross every site that the form is on so I am guessing their is a
>vulnaribility in the script below . Can anyone help please?
>
>
>php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
>
><?
>$name=$_POST['name'];
>$phone=$_POST['phone'];
>$email=$_POST['email'];
>$query=$_POST['query'];
>$to="enquiries@mysite.co.uk";
>$from="$email";
>$message="Customer Name : $name\n\n
>Phone : $phone\n\n
>Email Address : $email\n\n
>Query : $query\n";
>if (mail($to, "Customer Information", "$message\n", "From: $from"))
>{$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
>} else {
>echo "There was a problem sending the mail. Please check that you filled in
>the form correctly.";
>}
>?>
>
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
>Any help would be greatly appreciated. I am no php expert , I simply
>adjusted a form I found on a php tutorial site.
>
>Thank you in advance,
>
>Neil
>

If I could follow up with an additional question -

I have a PHP file that produces a form. I have the form validated with
java script through the html form option on submit. The the page shows
up and all the source is there including the javascript.

The problem is that the java script doesn't do anything. I've
intentionally entered an error in one of the fields and the scrip is
bypassed. This also occures if I have the form in an HTML file and
call a PHP file to do more with the inputs.

Any ideas??

TIA

SR

• Next in forum: Re: how do I get the file name of the currently running PHP file
• Prev in forum: Re: Newbie to Javascript needs help with zip to city, county state page
• Thread view: Re: php form problem

[Reply to this message]