|
|
Posted by Michael Vilain on 03/02/06 19:25
In article <1141314396.137460.171620@u72g2000cwu.googlegroups.com>,
"bokke" <micrest@gmail.com> wrote:
> I have an online form - script below. I thought it was secure, but
> last night I got 20 or so blank e-mails from my site and one that
> bounced ?? Is this script secure or am I being abused by spammers?
>
> any ideas?
>
> PHP SCRIPT
> <?php
>
>
> $Name = $HTTP_POST_VARS['Name'];
> $email = $HTTP_POST_VARS['email'];
> $subject = "Message From us";
> $message = $HTTP_POST_VARS['comments'];
> $message2="\n\n$Name just filled in the form.\n\nTheir suggestions
> are:\n$message\n\n
> Their e-mail address is: $email\n\nTheir Phone Number is $phone";
> $to="me@yahoo.ca";
>
> /* PHP form validation: the script checks that the Email field contains
> a valid email address and the Subject field isn't empty. preg_match
> performs a regular expression match. It's a very powerful PHP function
> to validate form fields and other strings - see PHP manual for details.
> */
> if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/",
> $email)) {
> echo "<h4>Invalid email address</h4>";
> echo "<a href='javascript:history.back(1);'>Back</a>";
> } elseif ($Name == "") {
> echo "<h4>It seems you forgot: Name</h4>";
> echo "<a href='javascript:history.back(1);'>Back</a>";
> }
>
> /* Sends the mail and outputs the "Thank you" string if the mail is
> successfully sent, or the error string otherwise. */
> elseif (mail($to,$subject,$message2,"From:$email")) {
> echo "Thank you $Name! We will get back to you as soon as we can.";
> } else {
> echo "<h4>There seems to been an error. Please <a
> href='mailto:info@us.com'>click here to e-mail us</a></h4>";
> }
> ?>
>
>
> HERE IS THE E-MAIL
>
> Hi. This is the qmail-send program at mail.support1.net_bouncehost.
> I'm afraid I wasn't able to deliver your message to the following
> addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <clifford@fresnomail.com>:
> 207.183.238.67 does not like recipient.
> Remote host said: 550 5.1.2 <clifford@fresnomail.com>... Invalid
> Recipient
> Giving up on 207.183.238.67.
>
> --- Enclosed are the original headers of the message.
>
> Forwarded Message [ Download File | Save to Yahoo! Canada Briefcase ]
> To: clifford@fresnomail.com
> Date: 1 Mar 2006 23:22:54 -0000
> From: info@us.com
> Subject: our company
>
> sure looks like I tried to e-mail this guy?
>
> please help!
Your code doesn't look like it's wrong, just the person that's getting
the email doesn't exist. AFAIK, you have to call sendmail or another
useragent to validate the _remote_ email as valid before you try to send
it. Don't know how to do that in php but it should be easy in perl.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
[Back to original message]
|