|
|
Posted by bokke on 03/02/06 17:46
I have an online form - script below. I thought it was secure, but
last night I got 20 or so blank e-mails from my site and one that
bounced ?? Is this script secure or am I being abused by spammers?
any ideas?
PHP SCRIPT
<?php
$Name = $HTTP_POST_VARS['Name'];
$email = $HTTP_POST_VARS['email'];
$subject = "Message From us";
$message = $HTTP_POST_VARS['comments'];
$message2="\n\n$Name just filled in the form.\n\nTheir suggestions
are:\n$message\n\n
Their e-mail address is: $email\n\nTheir Phone Number is $phone";
$to="me@yahoo.ca";
/* PHP form validation: the script checks that the Email field contains
a valid email address and the Subject field isn't empty. preg_match
performs a regular expression match. It's a very powerful PHP function
to validate form fields and other strings - see PHP manual for details.
*/
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/",
$email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($Name == "") {
echo "<h4>It seems you forgot: Name</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is
successfully sent, or the error string otherwise. */
elseif (mail($to,$subject,$message2,"From:$email")) {
echo "Thank you $Name! We will get back to you as soon as we can.";
} else {
echo "<h4>There seems to been an error. Please <a
href='mailto:info@us.com'>click here to e-mail us</a></h4>";
}
?>
HERE IS THE E-MAIL
Hi. This is the qmail-send program at mail.support1.net_bouncehost.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<clifford@fresnomail.com>:
207.183.238.67 does not like recipient.
Remote host said: 550 5.1.2 <clifford@fresnomail.com>... Invalid
Recipient
Giving up on 207.183.238.67.
--- Enclosed are the original headers of the message.
Forwarded Message [ Download File | Save to Yahoo! Canada Briefcase ]
To: clifford@fresnomail.com
Date: 1 Mar 2006 23:22:54 -0000
From: info@us.com
Subject: our company
sure looks like I tried to e-mail this guy?
please help!
[Back to original message]
|