jarednz

Hi all I was wondering if someone could take a quick peak at my code and let me know if I have any major security flaws in my code. Such as any variables that could be hijacked for any injection or methods that could be used to get access to our web server, that sort of stuff. Its a simple contact form built in php, takes values from fields in a form and posts it to an email address. There is no database back end. <?php function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(myCheckDNSRR($domain,"MX") || myCheckDNSRR($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; } function myCheckDNSRR($hostName, $recType = '') { if(!empty($hostName)) { if( $recType == '' ) $recType = "MX"; exec("nslookup -type=$recType $hostName", $result); // check each line to find the one that starts with the host // name. If it exists then the function succeeded. foreach ($result as $line) { if(eregi("^$hostName",$line)) { return true; } } // otherwise there was no mail handler for the domain return false; } return false; } $name = trim($_REQUEST['name']); $emailCheck = trim($_REQUEST['email']); $phone = trim($_REQUEST['phone']); $EnquirySubject = $_REQUEST['EnquirySubject']; $queryComments = trim($_REQUEST['queryComments']); switch ($_REQUEST['EnquirySubject']) { case "General land information": $checkedSubject0 = 'checked="checked"'; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "How to order a land record, eg. Title": $checkedSubject0 = ""; $checkedSubject1 = 'checked="checked"'; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Geodetic mark updates and information": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = 'checked="checked"'; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "online": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = 'checked="checked"'; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Maps": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = 'checked="checked"'; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Hydrographic information": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = 'checked="checked"'; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Our website": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = 'checked="checked"'; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "OIA Requests": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = 'checked="checked"'; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Survey Mark Protection Service": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = 'checked="checked"'; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Report damage or disturbance to survey marks": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = 'checked="checked"'; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Recommendations for additional survey control": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = 'checked="checked"'; $checkedSubject11 = ""; break; case "Other": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = 'checked="checked"'; break; } function displayForm($name, $email, $phone, $EnquirySubject, $queryComments, $checkedSubject0, $checkedSubject1, $checkedSubject2, $checkedSubject3, $checkedSubject4, $checkedSubject5, $checkedSubject6, $checkedSubject7, $checkedSubject8, $checkedSubject9, $checkedSubject10, $checkedSubject11, $phoneError) { //make $emailCheck global so function can get value from global scope. global $emailCheck; //name echo '<form action="index.php" method="post" name="contact" id="contact">'."\n". '<fieldset>'."\n". '<div>'."\n". '<label for="name">Your name:</label>'."\n". '<input type="text" name="name" id="name" class="inputText required" value="'. $name .'" />'."\n"; //check if name field is filled out if (isset($_REQUEST['submit']) && empty($name)) { echo '<label for="name" class="error">Please enter your name.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //Email echo '<label for="email">Your email:</label>'."\n". '<input type="text" name="email" id="email" class="inputText required email" value="'. $emailCheck .'" />'."\n"; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && validEmail($emailCheck) == false) { echo '<label for="email" class="error">Invalid email address entered.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //phone echo '<label for="phone">Your phone number:</label>'."\n". '<input type="text" name="phone" id="phone" class="inputText" value="'. $phone .'" />'."\n". '<span class="mandatory small">(optional)</span>'; // check if phone field is filled out that it has numbers and not characters if (isset($_REQUEST['submit']) && $phoneError == "true") { echo '<label for="email" class="error">Please enter a valid phone number.</label>'."\n"; } echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //subect of enquiry echo '<p style="padding-left: 1em">Subject of your enquiry:</p>'; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && empty($EnquirySubject)) { echo '<label class="error" style="float: none !important;clear:both">These fields are required.</label><br />'."\n"; } echo '<div class="radioError"></div>'; echo '<p><label class="contactRadio" for="Subject_0"><input type="radio" name="EnquirySubject" value="General land information" id="Subject_0" '. $checkedSubject0 .' /> General land information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_1"><input type="radio" name="EnquirySubject" value="How to order a land record, eg. Title" id="Subject_1" '. $checkedSubject1 .' /> How to order a land record, eg. Title</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_2"><input type="radio" name="EnquirySubject" value="Geodetic mark updates and information" id="Subject_2" '. $checkedSubject2 .' /> Geodetic mark updates and information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_3"><input type="radio" name="EnquirySubject" value="online" id="Subject_3" '. $checkedSubject3 .' /> online</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_4"><input type="radio" name="EnquirySubject" value="Maps" id="Subject_4" '. $checkedSubject4 .' /> Maps</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_5"><input type="radio" name="EnquirySubject" value="Hydrographic information" id="Subject_5" '. $checkedSubject5 .' /> Hydrographic information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_6"><input type="radio" name="EnquirySubject" value="Our website" id="Subject_6" '. $checkedSubject6 .' /> Our website</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_7"><input type="radio" name="EnquirySubject" value="OIA Requests" id="Subject_7" '. $checkedSubject7 .' /> OIA Requests</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_8"><input type="radio" name="EnquirySubject" value="Survey Mark Protection Service" id="Subject_8" '. $checkedSubject8 .' /> Survey Mark Protection Service</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_9"><input type="radio" name="EnquirySubject" value="Report damage or disturbance to survey marks" id="Subject_9" '. $checkedSubject9 .' /> Report damage or disturbance to survey marks</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_10"><input type="radio" name="EnquirySubject" value="Recommendations for additional survey control" id="Subject_10" '. $checkedSubject10 .' /> Recommendations for additional survey control</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_11"><input type="radio" name="EnquirySubject" value="Other" id="Subject_11" '. $checkedSubject11 .' /> Other</label>'."\n\r". '<br /></p>'; echo '</div>'."\n". '<div>'."\n"; //comment/query echo '<label class="queryComments" for="queryComments">Query/Comments:</label>'."\n". '<textarea name="queryComments" id="queryComments" class="required">'. $queryComments .'</textarea>'."\n"; //check if message field is filled out if (isset($_REQUEST['submit']) && empty($_REQUEST['queryComments'])) { echo '<label for="queryComments" class="error">This field is required.</label>'."\n"; } echo '</div>'."\n". '</fieldset>'; echo '<div class="submit"><input type="submit" name="submit" value="Submit" id="submit" /></div>'. '<div class="clear"><p><br /></p></div>'. '<p class="contact-form">If you have a problem using this form please email us at <a href="mailto:[email protected]">[email protected]</a></p>'. '</form>'."\n"; } if (isset($_REQUEST['submit']) && !empty($_REQUEST['phone']) && !is_numeric($_REQUEST['phone'])) { $phoneError = "true"; } if(empty($name) || empty($emailCheck) || empty($EnquirySubject) || empty($queryComments) || validEmail($emailCheck) == false || $phoneError == "true") { displayForm($name, $email, $phone, $EnquirySubject, $queryComments, $checkedSubject0, $checkedSubject1, $checkedSubject2, $checkedSubject3, $checkedSubject4, $checkedSubject5, $checkedSubject6, $checkedSubject7, $checkedSubject8, $checkedSubject9, $checkedSubject10, $checkedSubject11, $phoneError); } else { //send email $to = "[email protected]"; $subject = "$EnquirySubject - Contact Feedback from the website"; $message = "Name: $name \n\r" . "Phone Number: $phone \n\r" . "Message: $queryComments"; $headers = "From: $name <$emailCheck>"; mail($to, $subject, $message, $headers ); echo '<div id="thankyoubox">'; echo '<h2>Thank you</h2>'; echo '<p>Thank you for submitting the contact us form. If you have requested information we will get back to you within 10 working days.</p>'; echo '</div>'; } ?> Appreciate your help and constructive criticism Apologies in advanced if I posted this in the wrong forum, but testing on this would also be appreciated if I missed a a task that a user could do in the form that relates to validation etc. cheers Jared

bump ;p

Hi PHP Version 4.3.3 I have 2 forms, one for a message/contact details from the user and also a mini form that allows the user to upload files to my server. My code for the uploading process is fine and dandy. It uploads the file to the server and then stores the file name into an array called "$_SESSION['filearray']". When it gets time for the user to submit the entire form everything should be picked up from the session filearray and emailed off to the designated email address. This works fine and I have no problem with getting the message details or recieving the email But the multi attachments seem to be a problem, rather than attaching everything in the filearray it seems to only take the last file in the array. My code below // set the max number of uploads $count = count($_SESSION['filearray']); $max_uploads = $count; $cur = 0; while ($max_uploads > $cur) { $path_parts[$cur] = pathinfo($DOCUMENT_ROOT.'/tls/form_template/wcr/upload/' . $_SESSION['filearray'][$cur]); $fileatt[$cur] = $DOCUMENT_ROOT.'/tls/form_template/wcr/upload/' . $_SESSION['filearray'][$cur]; $fileatt_type[$cur] = $path_parts[$cur]['extension']; $fileatt_name[$cur] = $path_parts[$cur]['basename']; $file = fopen($fileatt[$cur],'rb'); $data = fread($file, filesize($fileatt[$cur])); fclose($file); // Base64 encode the first file data $data = chunk_split(base64_encode($data)); // Add the file attachment to the message $message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type[$cur]};\n" . " name=\"{$fileatt_name[$cur]}\"\n" . //"Content-Disposition: attachment;\n" . //" filename=\"{$fileatt_name.$cur}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data; $cur++; } I've been playing around for a few days now just trying things with the while and renaming variables that kind of stuff, even using print_r to check if its getting everything from the session array(and it is!) but yet still I only get 1 file attachment in the email result. Here is also a print of the mime headers that the email sends out.. To: me Subject: email script test: Wednesday 15th August 2007 12:49:58 PM From: <> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex" This is a multi-part message in MIME format. --==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message details etc etc helloworld12345 --==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex Content-Type: txt; name="New Text Document.txt" Content-Transfer-Encoding: base64 --==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex Content-Type: txt; name="New Text Document (2).txt" Content-Transfer-Encoding: base64 As you can see it is setting the boundarys for all the files and is picking the names up from the array but only 1 file gets attached. I'm lost. My theories are I'm stuffing my boundaries up, or my loop just plain outright sucks Could someone please shed some light, banging my head around on this one. TIA. Jared