Reply to Re: help!!!!! — All PHP — IT news, forums, messages

Posted by Jim Michaels on 02/27/06 23:50

"Seattlemx" <web206@gmail.com> wrote in message
news:1140366993.961845.139790@o13g2000cwo.googlegroups.com...
> hi .. i just start learning php and I'm doing my first scrip !!! but it
> doesn't work .....
> this is the script
>
>
> page.php
> ----------------------------------------------------------------------------------------
> <?
> $to = "me-mail@gmail.com";
> $name = $_POST['name'];
> $from = $_POST['from'];
> $subject = $_POST['subject'];
> $body = $_POST['body'];
>
> mail($to, $subject, $body, $from, $name);
>
> ?>

you picked a tough one to start. you should be checking for \n or bcc: or
cc: in at least your from: field. people do things like that you know.
it's called PHP mail header injection. google for it and you'll find some
anti-spammer code.
maybe this code isn't perfect. but it seems to work.

at the top,
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Cache-Control: private");
header("Pragma: no-cache");
session_start();
?><html>

<?php
function is_valid_email_address($email){
$qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]';
$dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]';
$atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
'\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+';
$quoted_pair = '\\x5c[\\x00-\\x7f]';
$domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d";
$quoted_string = "\\x22($qtext|$quoted_pair)*\\x22";
$domain_ref = $atom;
$sub_domain = "($domain_ref|$domain_literal)";
$word = "($atom|$quoted_string)";
$domain = "$sub_domain(\\x2e$sub_domain)*";
$local_part = "$word(\\x2e$word)*";
$addr_spec = "$local_part\\x40$domain";
return preg_match("!^$addr_spec$!", $email) ? 1 : 0;
}

##################################################################################/* function test($email){ echo "<tr><td>".HtmlEntities($email)."</td>"; echo "<td>".(is_valid_email_address($email)?'Yes':'No')."</td></tr>"; }*/ ##################################################################################function is_valid_email($email) { if (strlen($email)>64 || stristr($email, "\n") || stristr($email,"\r")/* || stristr($email, "\\")*/) { return false; } return is_valid_email_address($email); //still don't work.}function normalize_linebreaks($text) { $text = str_replace("\r\n", "\n", $text); /* win -> un*x */ $text = str_replace("\r", "\n", $text); /* mac -> un*x */ return $text;}function send_mail($sendername, $senderemail, $fromname, $fromemail,$contactname, $contactemail, $subject, $message) { if (is_valid_email($contactemail)){ $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\n"; $headers .= "X-Priority: 1\n"; $headers .= "X-MSMail-Priority: High\n"; //$headers .= "X-Mailer: php/" . phpversion() . "\n"; $headers .= "X-Mailer: Microsoft Outlook Express 6.00.2900.2180\n"; $headers .= "X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180\n"; $headers .= "From: \"".$fromname."\" <".$fromemail.">\n"; $headers .= "Reply-To: \"".$sendername."\" <".$senderemail.">\n"; $headers .= "Return-Path: <".$senderemail.">\n"; return(mail("\"".$contactname."\" <".$contactemail.">", $subject,normalize_linebreaks($message), $headers)); } else { echo "<div style=\"color:red;\">The email address was incorrect.</div>\n"; } return false;} if (!isset($_SESSION['token']) || $_SESSION['token']!=$_POST['token'] || !isset($_POST['email']) || ''==$_POST['email'] || !isset($_POST['text']) || ''==$_POST['text'] || !isset($_POST['name']) || ''==$_POST['name']) { // incomplete emailform data. don't send anything. show form. $token=md5('somestring' . microtime() . 'someotherstring'); $_SESSION['token']=$token; ?> <form action="index.php" method="post" name="eml"style="border-style:dashed; border-color:#CC0033; border-width:thin;"> Your name:<input type=text name="name" size=50style="background-color:#FFFF99;"><br> Your Email Address:<input name="email" type="text" size=40style="background-color:#FFFF99;"><br> <textarea name="text" cols="50" rows="4" wrap="virtual"style="background-color:#FFFF99;"></textarea><br> <input type=hidden name=token value="<?php echo $token; ?>"> <input name="" type="submit" value="Send"> </form> <?php } else { // full email form filled. attempt to send email. if (preg_match('/[\r\n]/',$_POST['name'])) { // here, we found a newline or carriage return // corrupted data should be set to empty string $_POST['name']=''; } if (preg_match('/[\r\n]/',$_POST['email'])) { // here, we found a newline or carriage return // corrupted data should be set to empty string $_POST['email']=''; }// echo $_SERVER['DOCUMENT_ROOT'] . "<br>";// echo $_SERVER['HTTP_REFERER'] . "<br>"; //note: if they ever move this directory somewhere else, this form willno longer work. if ('' != $_POST['name'] && '' != $_POST['email'] && '/ww/mysite.com' == $_SERVER['DOCUMENT_ROOT'] /*&& ('http://mysite.com/index.php' == $_SERVER['HTTP_REFERER'] || 'http://www.mysite.com/index.php' == $_SERVER['HTTP_REFERER'] || 'http://www.mysite.com' == $_SERVER['HTTP_REFERER'] || 'http://mysite.com' == $_SERVER['HTTP_REFERER'])*/ && send_mail($_POST['name'],$_POST['email'], "some name", "from@mysite.com", "another name", "sendto@somewhere.com", "subject", "$_POST[text]\n$_POST[name] $_POST[email]") /*, "From: nobody@someplace.com\n" ."Reply-To: $_POST[email]\n" ."X-Mailer: PHP/" . phpversion())*/) { /*if (mail("me@somewhere.com", "subject", "$_POST[text]\n$_POST[email]", "From: nobody@someplace.com")) {*/ echo "<div style=\"color:red;\">The email was successfullysent.</div>\n"; } else { echo "<div style=\"color:red;\">There was a problem sending the email.Sorry — Please try again.</div>\n"; $token=md5('somestring' . microtime() . 'someotherstring'); $_SESSION['token']=$token; ?> <form action="index.php" method="post" name="eml"style="border-style:dashed; border-color:#CC0033;"> Your Email Address:<input name=\"email\" type="text" size=40style=\"background-color:#FFFF99;"><br> <textarea name="text" cols=\"50\" rows="4" wrap="virtual"style="background-color:#FFFF99;"></textarea><br> <input type=hidden name=token value="<?php echo $token; ?>"> <input name="" type="submit" value="Send"> </form> <?php } } ?>>> Email has been sent.>>===----------------------------------------------------------------------------------> went the people send me a comment about my web page i didn't get his> e-mail address,,,, i just get his name, subject, and boby text but> not his e-mail address can some one help me whats going on whit this> script !!!>> them this the 2 part of the scrip>> form.php> ----------------------------------------------------------------------------------------------------> <BODY>> <FORM METHOD=POST ACTION="page.php">> Name: <INPUT TYPE=TEXT NAME="name">> Email Address: <INPUT TYPE=TEXT NAME="from">> Subjeto: <INPUT TYPE=TEXT NAME="subject">> Comments: <TEXTAREA NAME="body" ROWS=5 COLS=50> WRAP=PHYSICAL></TEXTAREA>> <INPUT TYPE=SUBMIT VALUE="SUBMIT FORM">> </BODY>> ---------------------------------------------------------------------------------------> can some on e help me what i did wrone ....> thanks .......>

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация