This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Dreamweaver > February 2006 > php contact form
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Dear all, would you be able to help me with the following, i created a small website with a contact form written in PHP script. The problem is that a lot of people tried to hack the script and I think I need some more securities build in, but as you would guess im new to PHP and am not sure how or what to do or implement and make it more secure.
Could somebody help me with this? (script can be found below)
Thanks in advance,
kind regards,
René
-------------------------------------
<?php
$adminemail = 'email address';
$version = '1.10';
$controlvars = ' thankyou submitteremail ccsubmitter ';
$messagetoadmin = $HTTP_POST_VARS['E-mail'] ." blablablablabalbla:
";
$messagetosubmitter = "Thank you for blablabalbalbla.
blablablablabalabla
_____________________________________________________________
";
while(list($key, $value) = each($HTTP_POST_VARS))
{
if (!stristr($controlvars, ' '. $key .' '))
{
$messagetoadmin .= $key .': '. $value .'
';
$messagetosubmitter .= $key .': '. $value .'
';
}
}
mail($adminemail, 'form'. stripslashes($HTTP_POST_VARS['subject']), stripslashes($messagetoadmin), 'From: '. $HTTP_POST_VARS['E-mail']);
if ($HTTP_POST_VARS['ccsubmitter'] == 'yes')
{
mail($HTTP_POST_VARS['E-mail'], 'Information form'. stripslashes($HTTP_POST_VARS['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail);
}
if ($_POST['autoresponse'] != '')
{
$body = geturl($autoresponse);
mail($submitteremail, 'Re: '. stripslashes($HTTP_POST_VARS['subject']), stripslashes($body), 'From: '. $adminemail);
}
header('Location: '. $HTTP_POST_VARS['thankyou']);
// just in case redirect doesn't work
die('<meta http-eqiv="refresh" content="0;url='. $HTTP_POST_VARS['thankyou'] .'">');
function geturl($url)
{
if (version_compare("4.3.0", phpversion(), "<"))
{
$filecontents = @file_get_contents($url);
}
else
{
$fd = @fopen($url, 'rb');
$filecontents = @fread ($fd, 30000000);
@fclose ($fd);
}
return $filecontents;
}
?>
| |
| google@impliedbydesign.com 2006-02-28, 10:15 pm |
|
Ren=E9 wrote:
> Dear all, would you be able to help me with the following, i created a sm=
all website with a contact form written in PHP script. The problem is that =
a lot of people tried to hack the script and I think I need some more secur=
ities build in, but as you would guess im new to PHP and am not sure how or=
what to do or implement and make it more secure.
> Could somebody help me with this? (script can be found below)
Hello Rene,
One thing you could do is have a verification page to verify that they
really want to send the content they typed in. To do this, you'd just
send the variables to a verification page where you would display the
contents of the form, and then have the user click the "Yes, these are
the values I want to send" button. Most spam scripts won't go so far
as to deal with a second page.
Hope that helps, good luck!
Chris S.
Implied By Design LLC.
http://www.impliedbydesign.com
Free Web Design Tools
http://www.impliedbydesign.com/free...re-scripts.html
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|