|
|
Posted by Renι on 02/28/06 22:59
Dear all, would you be able to help me with the following, i created a small
website with a contact form written in php script. The problem is that a lot
of people tried to hack the script and I think I need some more securities
build in, but as you would guess im new to php and am not sure how or what
to do or implement and make it more secure.
Could somebody help me with this? (script can be found below)
Thanks in advance,
kind regards,
Renι
-------------------------------------
<?php
$adminemail = 'email address';
$version = '1.10';
$controlvars = ' thankyou submitteremail ccsubmitter ';
$messagetoadmin = $HTTP_POST_VARS['E-mail'] ." blablablablabalbla:
";
$messagetosubmitter = "Thank you for blablabalbalbla.
blablablablabalabla
_____________________________________________________________
";
while(list($key, $value) = each($HTTP_POST_VARS))
{
if (!stristr($controlvars, ' '. $key .' '))
{
$messagetoadmin .= $key .': '. $value .'
';
$messagetosubmitter .= $key .': '. $value .'
';
}
}
mail($adminemail, 'form'. stripslashes($HTTP_POST_VARS['subject']),
stripslashes($messagetoadmin), 'From: '. $HTTP_POST_VARS['E-mail']);
if ($HTTP_POST_VARS['ccsubmitter'] == 'yes')
{
mail($HTTP_POST_VARS['E-mail'], 'Information form'.
stripslashes($HTTP_POST_VARS['subject']), stripslashes($messagetosubmitter),
'From: '. $adminemail);
}
if ($_POST['autoresponse'] != '')
{
$body = geturl($autoresponse);
mail($submitteremail, 'Re: '. stripslashes($HTTP_POST_VARS['subject']),
stripslashes($body), 'From: '. $adminemail);
}
header('Location: '. $HTTP_POST_VARS['thankyou']);
// just in case redirect doesn't work
die('<meta http-eqiv="refresh" content="0;url='. $HTTP_POST_VARS['thankyou']
..'">');
function geturl($url)
{
if (version_compare("4.3.0", phpversion(), "<"))
{
$filecontents = @file_get_contents($url);
}
else
{
$fd = @fopen($url, 'rb');
$filecontents = @fread ($fd, 30000000);
@fclose ($fd);
}
return $filecontents;
}
?>
[Back to original message]
|