The script tied to my contact form worked flawlessly for several years. Suddenly, I am receiving spam. Although I created a new email address for this purpose, it started getting spam within 24 hours. Can I protect the script somehow?
<?php
if (isset($_POST['submit']))
{
$post = true;
$sender = $_POST['SenderName'];
$email = $_POST['SenderEmail'];
$subject = stripslashes(trim($_POST['Subject']));
$text = stripslashes(trim($_POST['MessageText']));
if (!strpos($email, '@') || !strpos($email, '.')) {
$fail = "Reason: Please enter your valid return email address";
} elseif (strlen(trim($text)) == 0) {
$fail = "Reason: You did not type in a message";
} else {
$text = nl2br(htmlentities(trim($text),ENT_QUOTES,"",false));
$sender = "\"$sender\" <$email>";
$subject = "inquiry";
$m_email = '
[email protected]';
$head = "<html><head><title>inquiry</title></head><body>";
$tail = "</body></html>";
$text = $head.$text.$tail;
$headers = '';
$headers .= "From: $sender\r\n";
$headers .= "Reply-to: $email\r\n";
$headers .= "Return-path: $email\r\n";
$headers .= 'Envelope-from:
[email protected]'."\r\n";
$headers .= 'MIME-Version:1.0'."\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
$mail_sent = mail($m_email, $subject, $text, $headers, "-f
[email protected]");
if ($mail_sent == false) $fail = 'Server Error: Email could not be sent at this time.';
}
if ($fail) {
echo "<div id=\"mail_send_msg\"><h2>Sorry, your message could not be sent.<br />$fail</h2></div>\n";
} else {
echo "<div id=\"mail_send_msg\"><h2>Your email message has been sent!</h2></div>\n";
}
} else {
echo "POST not recognized.";
}
?>
