|
|
Help "locking down" a form
Date: 12/16/05
(PHP Community) Keywords: php, html, web, hosting, spam
Thanks to the responses on the captcha code. I think I know what I can do with it, but as someone pointed out, there will be accessibility problems, which is an issue because the site I'm working on is a gov't site.
My hosting company says the script to handle the contact form is vulnerable and that I should lock it down. They recommended the captcha method or a "guest" login requirement via .htaccess. I'll look into that, but in the meantime, they mentioned that my handler was "badly coded and allows more than one email address to be added to it." Since I've learned PHP by the seat of my pants, I'm not surprised, but I also don't know what to do to clean it up and make it better. Any help?
The HTML Form
< form action="contactmail.php" method="post" name="contact">
< table width="411" border="0" cellspacing="2" cellpadding="4">
< tr>
< td align="right" valign="middle" width="143">
< p>Your Name:< /p>
< /td>
< td align="left" valign="middle" width="254">< input type="text" name="yourname" size="36" tabindex="1">< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143">
< p>Your Email:< /p>
< /td>
< td align="left" valign="middle" width="254">< input type="text" name="youremail" size="36" tabindex="2">< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143">
< p>Your Organization:< /p>
< /td>
< td align="left" valign="middle" width="254">< input type="text" name="yourorganization" size="36" tabindex="3">< /td>
< /tr>
< tr>
< td align="right" valign="top" width="143">
< p>Comment or Question:< /p>
< /td>
< td align="left" valign="middle" width="254">< textarea name="comment" rows="17" cols="33" tabindex="4">< /textarea>< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143"> |
< td align="left" valign="middle" width="254">< input type="submit" name="submitEmail" value="Send Email">< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143">
< td align="left" valign="middle" width="254">
< /tr>
< /table>
< /form>
The PHP script
if (!empty($HTTP_POST_VARS))
{
//Check for spammers first
if (eregi("MIME-Version: ",$_POST['youremail'].$_POST['yourname'].
$_POST['yourorganization'].$_POST['comment'])){die('Get out, spammer.');}
$now = date( "D dS M h:m:s" ); // Set these variables according to your details
$toAddress = "***@****.***" ;
$redirect = "contactconfirm.php";
$subject = "Contact Message from BII Website" ;
// Form information.
$formEmail = trim($HTTP_POST_VARS[ 'youremail' ]);
$emailparts=explode("@",$formEmail);
if ($emailparts[1]=="*****.***"){ //Another spammer stop.
die('You seem to be trying to use this form to spam. Stop it.');
}
$formName = trim($HTTP_POST_VARS[ 'yourname' ]);
$formOrg = trim($HTTP_POST_VARS[ 'yourorganization' ]);
$formMessage = trim($HTTP_POST_VARS[ 'comment' ]); // Email message
$message = "Name: " .$formName. "\n" ;
$message .= "Email: " .$formEmail. "\n" ;
$message .="IP Address: ".$REMOTE_ADDR. "\n";
$message .= "Organization:" .$formOrg. "\n" ;
$message .= "Comments:\n" ;
$message .= $formMessage. "\n" ;
$headers="From: \"".$formName."\" <".$formEmail.">\n";
$bMailSent = mail($toAddress, $subject, $message, $headers);
if (!$bMailSent){ echo "Unable to send email"; }
else { header("Location: $redirect"); }
}
?>
Source: http://www.livejournal.com/community/php/380005.html