CSS Codes
CSS Layouts
Results 1 to 3 of 3

Thread: PHP mail form

  1. 03-11-2009, 03:23 PM #1
    robin9000
    robin9000 is offline Regular Coders
    Join Date
    Feb 2009
    Posts
    159
    Thanks
    60
    Thanked 3 Times in 3 Posts

    Default PHP mail form

    I don't know how to code in PHP and was just wondering if someone could tell me if the PHP form I am using is secure against email stealing robots.
    The link to my form is:
    http://www.robinsden.110mb.com/home/contact.php

    If this is not a secure form can someone help me out by directing my to a form they know to be secure against this type of thing.

    Even better yet dose someone have one they know is secure against that.

    It dose not have to be in PHP but I am assuming that is what these forms are all written in.

    Thanks for any help.
    Computer repairs and Photo editing http://www.robinsden.com
    Reply With Quote Reply With Quote
  2. 03-11-2009, 03:25 PM #2
    Snookerman's Avatar
    Snookerman
    Snookerman is offline Who ya gonna call?
    Join Date
    Oct 2008
    Location
    Sweden
    Posts
    2,023
    Thanks
    17
    Thanked 319 Times in 318 Posts
    Blog Entries
    3

    Default

    We can't see the PHP code, you will have to post it here.
    Reply With Quote Reply With Quote
  3. 03-11-2009, 03:30 PM #3
    robin9000
    robin9000 is offline Regular Coders
    Join Date
    Feb 2009
    Posts
    159
    Thanks
    60
    Thanked 3 Times in 3 Posts

    Default

    sorry about the long format I would put it in between arrows but I don't know how to

    <?php

    echo $_SERVER['HTTP_REFERER'];

    ?>

    <?php
    /* PHP Form Mailer - phpFormMailer v2.2, last updated 23rd Jan 2008 - check back often for updates!
    (easy to use and more secure than many cgi form mailers) FREE from:
    www.TheDemoSite.co.uk
    Should work fine on most Unix/Linux platforms
    for a Windows version see: asp.thedemosite.co.uk
    */

    // ------- three variables you MUST change below -------------------------------------------------------
    $replyemail="robinsden@live.ca";//change to your email address
    $valid_ref1="http://www.robinsden.110mb.com/home/contact.php";// chamge "Your--domain" to your domain
    $valid_ref2="http://www.robinsden.110mb.com/home/contact.php";// chamge "Your--domain" to your domain
    // -------- No changes required below here -------------------------------------------------------------
    // email variable not set - load $valid_ref1 page
    if (!isset($_POST['email']))
    {
    echo "<script language=\"JavaScript\"><!--\n ";
    echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
    exit;
    }

    $ref_page=$_SERVER["HTTP_REFERER"];
    $valid_referrer=0;
    if($ref_page==$valid_ref1) $valid_referrer=1;
    elseif($ref_page==$valid_ref2) $valid_referrer=1;
    if(!$valid_referrer)
    {
    echo "<script language=\"JavaScript\"><!--\n alert(\"ERROR - not sent.\\n\\nCheck your 'valid_ref1' and 'valid_ref2' are correct within contact_process.php.\");\n";
    echo "top.location.href = \"contact.html\"; \n// --></script>";
    exit;
    }

    //check user input for possible header injection attempts!
    function is_forbidden($str,$check_all_patterns = true)
    {
    $patterns[0] = 'content-type:';
    $patterns[1] = 'mime-version';
    $patterns[2] = 'multipart/mixed';
    $patterns[3] = 'Content-Transfer-Encoding';
    $patterns[4] = 'to:';
    $patterns[5] = 'cc:';
    $patterns[6] = 'bcc:';
    $forbidden = 0;
    for ($i=0; $i<count($patterns); $i++)
    {
    $forbidden = eregi($patterns[$i], strtolower($str));
    if ($forbidden) break;
    }
    //check for line breaks if checking all patterns
    if ($check_all_patterns AND !$forbidden) $forbidden = preg_match("/(%0a|%0d|\\n+|\\r+)/i", $str);
    if ($forbidden)
    {
    echo "<font color=red><center><h3>STOP! Message not sent.</font></h3><br><b>
    The text you entered is forbidden, it includes one or more of the following:
    <br><textarea rows=9 cols=25>";
    foreach ($patterns as $key => $value) echo $value."\n";
    echo "\\n\n\\r</textarea><br>Click back on your browser, remove the above characters and try again.
    </b><br><br><br><br>Thankfully protected by phpFormMailer freely available from:
    <a href=\"http://thedemosite.co.uk/phpformmailer/\">http://thedemosite.co.uk/phpformmailer/</a>";
    exit();
    }
    else return $str;
    }

    $name = is_forbidden($_POST["name"]);
    $email = is_forbidden($_POST["email"]);
    $thesubject = is_forbidden($_POST["thesubject"]);
    $themessage = is_forbidden($_POST["themessage"], false);

    $success_sent_msg='<p align="center"><strong>&nbsp;</strong></p>
    <p align="center"><strong>Your message has been successfully sent to us<br>
    </strong> and we will reply as soon as possible.</p>
    <p align="center">A copy of your query has been sent to you.</p>
    <p align="center">Thank you for contacting us.</p>';

    $replymessage = "Hi $name

    Thank you for your email.

    We will endeavour to reply to you shortly.

    Please DO NOT reply to this email.

    Below is a copy of the message you submitted:
    --------------------------------------------------
    Subject: $thesubject
    Query:
    $themessage
    --------------------------------------------------

    Thank you";

    $themessage = "name: $name \nQuery: $themessage";
    mail("$replyemail",
    "$thesubject",
    "$themessage",
    "From: $email\nReply-To: $email");
    mail("$email",
    "Receipt: $thesubject",
    "$replymessage",
    "From: $replyemail\nReply-To: $replyemail");
    echo $success_sent_msg;
    /*
    PHP Form Mailer - phpFormMailer (easy to use and more secure than many cgi form mailers)
    FREE from:

    www.TheDemoSite.co.uk */
    ?>
    Computer repairs and Photo editing http://www.robinsden.com
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules