pauld_82

Ok so will this work? [code]<?php // start the god damn session session_start(); // starts the session. Must be at the start of the page if ($_SESSION[submitted] == 3){ // put whatever number you want here redirect to error page (use meta-refresh)} else{ $_SESSION[submitted] = $_SESSION[submitted] + 1; //increment the submit counter } //block spam security script foreach( $_POST as $value ){       if(strpos($value,'Content-Type:') !== FALSE ){         mail('webmaster@scriptsforyou.net','Spammer Bot Attempt on form.php',$_SERVER['REMOTE_ADDR']);          exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded. Spam bot attempt");       }     } //start building the mail string $msg = "<p><strong>First Name:</strong> $_POST[firstname]</p>"; $msg .= "<p><strong>Surname:</strong> $_POST[surname]</p>"; $msg .= "<p><strong>Phone:</strong> $_POST[phone]</p>"; $msg .= "<p><strong>E-Mail:</strong> $_POST[email]</p>"; $msg .= "<p><strong>Enquiry Type:</strong> $_POST[enquirytype]</p>"; $msg .= "<p><strong>Message:</strong> $_POST[enquiry]</p>"; $msg .= "<p><strong>Where did you find us?</strong> $_POST[findus]</p>"; //error checking if (!checkemail($_GET[email])){ $error_msg = "error"; }else if(empty($_GET[firstname])){ $error_msg = "error"; }else if(empty($_GET[surname])){ $error_msg = "error"; }else if(empty($_GET[email])){ $error_msg = "error"; }else if(empty($_GET[enquirytype])){ $error_msg = "error"; }else if(empty($_GET[enquiry])){ $error_msg = "error"; }else if(empty($_GET[findus])){ $error_msg = "error"; } //error checking if (!empty($error_msg)){ then it means there is an error in the form take them back to the form with the error message displayed. } //set up the mail $recipient = "me@mysite.com.au"; $subject = "Contact Form Submission Results"; $mailheaders = "MIME-Version: 1.0\r\n"; $mailheaders .= "Content-type: text/html; charset=ISO-8859-1\r\n"; $mailheaders .= "From: The Web Site <me@mysite.com.au> \n"; $mailheaders .= "Reply-To: ".addslashes($_POST['email']); //check the email function  checkEmail($email) { if (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {   return false; } return true; } //send the mail mail($recipient, $subject, $msg, $mailheaders); //redirect page $URL="http://www.thesite.com.au/contactus_thanks.html"; header ("Location: $URL"); ?> <html> <title>Thanks for contacting the website</title> <head></head> <body> </body> </html>[/code]

so both bits of code go in my code, correct? Because when I did that and tested the form it automatically sent me to the error page.?

Call it from where? I'm really new to all of this :(

Hi wickning1 Thanks for your reply, much appreciated! Do I add this code to the top of my exisiting PHP file? OR Do I have to call it somehow? Here is my new code (it works so I'm hoping that the SPAM stops, comes every 24hours so I will keep you posted I guess, can you tell from looking at the script whether it will work?) [code] <?php //block spam security script foreach( $_POST as $value ){       if(strpos($value,'Content-Type:') !== FALSE ){         mail('webmaster@scriptsforyou.net','Spammer Bot Attempt on form.php',$_SERVER['REMOTE_ADDR']);          exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded. Spam bot attempt");       }     } //start building the mail string $msg = "<p><strong>First Name:</strong> $_POST[firstname]</p>"; $msg .= "<p><strong>Surname:</strong> $_POST[surname]</p>"; $msg .= "<p><strong>Phone:</strong> $_POST[phone]</p>"; $msg .= "<p><strong>E-Mail:</strong> $_POST[email]</p>"; $msg .= "<p><strong>Enquiry Type:</strong> $_POST[enquirytype]</p>"; $msg .= "<p><strong>Message:</strong> $_POST[enquiry]</p>"; $msg .= "<p><strong>Where did you find us?</strong> $_POST[findus]</p>"; //set up the mail $recipient = "me@mysite.com.au"; $subject = "Contact Form Submission Results"; $mailheaders = "MIME-Version: 1.0\r\n"; $mailheaders .= "Content-type: text/html; charset=ISO-8859-1\r\n"; $mailheaders .= "From: The my Web Site <me@mysite.com.au> \n"; $mailheaders .= "Reply-To: ".addslashes($_POST['email']); //check the email function  checkEmail($email) { if (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {   return false; } return true; } //send the mail mail($recipient, $subject, $msg, $mailheaders); //redirect page $URL="http://www.mysite.com.au/contactus_thanks.html"; header ("Location: $URL"); ?> <html> <title>Thanks for contacting mysite</title> <head></head> <body> </body> </html>    [/code]

Hi guys, The other day I was hacked by a 'Injection Bot' on my webserver. Now I'm receiving about 1000 emails of 'mail subsystem returns' every day from 'aol.com' Can anyone help me make my PHP mail file more secure? [code]<?php //block spam security script foreach( $_POST as $value ){       if(strpos($value,'Content-Type:') !== FALSE ){         mail('webmaster@scriptsforyou.net','Spammer Bot Attempt on form.php',$_SERVER['REMOTE_ADDR']);          exit("{$_SERVER['REMOTE_ADDR']} Has been Recorded. Spam bot attempt");       }     } //start building the mail string $msg = "<p><strong>First Name:</strong> $_POST[firstname]</p>"; $msg .= "<p><strong>Surname:</strong> $_POST[surname]</p>"; $msg .= "<p><strong>Phone:</strong> $_POST[phone]</p>"; $msg .= "<p><strong>E-Mail:</strong> $_POST[email]</p>"; $msg .= "<p><strong>Enquiry Type:</strong> $_POST[enquirytype]</p>"; $msg .= "<p><strong>Message:</strong> $_POST[enquiry]</p>"; $msg .= "<p><strong>Where did you find us?</strong> $_POST[findus]</p>"; //set up the mail $recipient = "me@mysite.com.au"; $subject = "Contact Form Submission Results"; $mailheaders = "MIME-Version: 1.0\r\n"; $mailheaders .= "Content-type: text/html; charset=ISO-8859-1\r\n"; $mailheaders .= "From: The Web Site <me@mysite.com.au> \n"; $mailheaders .= "Reply-To: $_POST[email]"; //send the mail mail($recipient, $subject, $msg, $mailheaders); $URL="http://www.mysite.com.au/contactus_thanks.html"; header ("Location: $URL"); ?> <html> <title>Thanks for contacting My Site</title> <head></head> <body> </body> </html>    [/code]