Posted by Neil McDermott on 09/14/05 15:21

The solution to my initial issue can be seen here
http://www.phpfreaks.com/forums/index.php?showtopic=66987&st=0

Well it seems to be working at the minute anyway!!!

--
Regards,

Neil McDermott
01604 622345
07841 865970
http://www.easiserv.com

"Kimmo Laine" <eternal.erectionN05P@Mgmail.com> wrote in message
news:wPOVe.23906$Or1.17672@reader1.news.jippii.net...
> "Seen" <spoonfed@net.com> wrote in message
> news:9a7fi11qs63qbmvphlsf948th25dec6jcj@4ax.com...
>> On Thu, 8 Sep 2005 13:11:11 +0000 (UTC), "Neil McDermott"
>> <neil.mcdermott@easiserv.com> wrote:
>>
>>>Hello,
>>>
>>>I hope someone can help.
>>>
>>>I use a php form to process contact forms on my web sites. Recently I
>>>have
>>>been receiving lots of strange data coming through the contact forms like
>>>this :
>>>
>>>NB. mysite = the actual site that the contact form is on.
>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>>From: qsukgmtfqg@mysiteco.uk add to address book
>>>Return-Path: mysite.co.uk@hosts.co.uk add to blacklist add to whitelist
>>>Delivery-Date: Thursday, September 8, 2005 2:57 AM
>>>To: mark@mysite.co.uk
>>>Subject: Information request
>>>
>>>show headers | download source | printable view | back to folder | next
>>>message Spam score: 0
>>>
>>>
>>>Name : qsukgmtfqg@mysite.co.uk
>>>
>>>
>>>
>>>Phone : qsukgmtfqg@mysiteco.uk
>>>
>>>
>>>
>>>Email : qsukgmtfqg@mysiteco.uk
>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>>It spoofs the address of the site that the contact form is on. This has
>>>happened accross every site that the form is on so I am guessing their is
>>>a
>>>vulnaribility in the script below . Can anyone help please?
>>>
>>>
>>>php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>>
>>><?
>>>$name=$_POST['name'];
>>>$phone=$_POST['phone'];
>>>$email=$_POST['email'];
>>>$query=$_POST['query'];
>>>$to="enquiries@mysite.co.uk";
>>>$from="$email";
>>>$message="Customer Name : $name\n\n
>>>Phone : $phone\n\n
>>>Email Address : $email\n\n
>>>Query : $query\n";
>>>if (mail($to, "Customer Information", "$message\n", "From: $from"))
>>>{$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
>>>} else {
>>>echo "There was a problem sending the mail. Please check that you filled
>>>in
>>>the form correctly.";
>>>}
>>>?>
>>>
>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>>Any help would be greatly appreciated. I am no php expert , I simply
>>>adjusted a form I found on a php tutorial site.
>>>
>>>Thank you in advance,
>>>
>>>Neil
>>>
>>
>> If I could follow up with an additional question -
>>
>> I have a PHP file that produces a form. I have the form validated with
>> java script through the html form option on submit. The the page shows
>> up and all the source is there including the javascript.
>>
>> The problem is that the java script doesn't do anything. I've
>> intentionally entered an error in one of the fields and the scrip is
>> bypassed. This also occures if I have the form in an HTML file and
>> call a PHP file to do more with the inputs.
>>
>> Any ideas??
>>
>
> Without seeing the form and the script - no. I can read your posts but not
> your mind. But I'm guessing you have some little bug in the script.
>
> --
> Welcome to Usenet! Please leave tolerance, understanding
> and intelligence at the door. They aren't welcome here.
> eternal piste erection miuku gmail piste com
>

[Back to original message]