|
|
Posted by shimmyshack on 02/28/07 21:50
On 28 Feb, 21:25, "r...@chaparralboats.com" <r...@chaparralboats.com>
wrote:
> > I assume you rename the contact.html to contactform.php
>
> When you assume you really make an ass out of me!! haha!!! Thank you
> sooooooooo much, everything works now!!!! Now I just have to work on
> the security aspect of it!!
>
> I can't believe I fiddled with this for two days and all I had to do
> was change .html to .php jeeezzzz!!!! I take back everything I said
> before about feeling stupid.. NOW I reaalllyyy feeelll retarded!!!
> dee-de-deeeee
>
> Ok, now on to security measures.... Could someone explain to me what
> this code does, how it secures the emails and where in my code I
> should implement it?
>
> $emailInput = array($to, $from, $cc, $bcc, $subject, $message);
> $injections = array('to', 'from', 'cc', 'bcc');
> foreach ($emailInput as $input)
> {
> foreach ($injections as $injection)
> {
> $input = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
> $input);
> }
>
> }
this code should be used just before the mail function, all it does,
is to enforce the format of each "header" - a header here just means
To: email@email.com
From: me@home.com
rather like the headers of an HTTP request
etc... the part before the : cprresponds to $to $from etc.. the part
afterwards to the value
of $to $from etc...
so that it won't allow the value of one header to actually be two
headers together - which would smuggle in more BCC address rather than
the single value you wanted to allw.
Its a neat method.
Phpmailer has this all built in so that the code you write is all
about the stuff you need rather than a whole lot of extra checking
etc...
see this example:
require_once('class.phpmailer.php');
$mail = new PHPMailer();
// set mailer to use SMTP
$mail->IsSMTP();
// specify main and backup server
$mail->Host = 'auth.smtp.server.com';
// turn on SMTP authentication
$mail->SMTPAuth = true;
// SMTP username
$mail->Username = $username;
// SMTP password
$mail->Password = $password;
//$mail->SetLanguage("br", "/optional/path/to/language/directory");
$mail->From = $from;
$mail->FromName = $fromname;
$mail->AddAddress($to, $toname);
$mail->AddReplyTo($reply, $replyname);
$mail->WordWrap = 50;
$mail->IsHTML(true);
$mail->Subject = $subject;
$mail->Body = $body;
easy huh
[Back to original message]
|