Jump to content

Jami

New Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

Jami's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Jami
    Oh, I am posting here, because the code I'm using is from a third party and I am not altogether sure how it works. But this might not be the proper place for this request - so please move it if it's placed wrong, and forgive me.... I'm new around here. The php version I am using is 4.3.10 but I can switch to 5.
  2. Jami
    Hello, I thought I had the spammers shut out, but their back and running right through my php like it wasn't there. I just don't know enough code to secure my forms, please help! Here is an example of the JUNK getting through: Here is what I'm using for testing field data $errors = array(); if($_SERVER['REQUEST_METHOD'] == "POST"){$form_input = $_POST;}elseif($_SERVER['REQUEST_METHOD'] == "GET"){$form_input = $_GET;}else{exit;} // Remove leading whitespace from all values. function recursive_array_check(&$element_value) { if(!is_array($element_value)){$element_value = ltrim($element_value);} else { foreach($element_value as $key => $value){$element_value[$key] = recursive_array_check($value);} } return $element_value; } recursive_array_check($form_input); // Check referrer is from same site. if(!(isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']))){$errors[] = "You must enable referrer logging to use the form";} // Strip HTML tags from all fields. function recursive_array_check2(&$element_value) { if(!is_array($element_value)){$element_value = strip_tags($element_value);} else { foreach($element_value as $key => $value){$element_value[$key] = recursive_array_check2($value);} } return $element_value; } recursive_array_check2($form_input); // Validate FirstName field. if(isset($form_input['FirstName']) && !empty($form_input['FirstName'])) { if(preg_match("`[\r\n]`",$form_input['FirstName'])){$errors[] = "You have submitted an invalid new line character";} if(preg_match("/[^a-z' -]/i",stripslashes($form_input['FirstName']))){$errors[] = "You have submitted an invalid character in the frist name field";} } // Validate LastName field. if(isset($form_input['LastName']) && !empty($form_input['LastName'])) { if(preg_match("`[\r\n]`",$form_input['LastName'])){$errors[] = "You have submitted an invalid new line character";} if(preg_match("/[^a-z' -]/i",stripslashes($form_input['FirstName']))){$errors[] = "You have submitted an invalid character in the last name field";} } // Validate Phone field. if(isset($form_input['Phone']) && !empty($form_input['Phone'])) { if(preg_match("`[\r\n]`",$form_input['Phone'])){$errors[] = "You have submitted an invalid new line character";} // if(preg_match("/[^a-z' -]/i",stripslashes($form_input['FirstName']))){$errors[] = "You have submitted an invalid character in the phone field";} } // Validate Street1 field. if(isset($form_input['Street1']) && !empty($form_input['Street1'])) { if(preg_match("`[\r\n]`",$form_input['Street1'])){$errors[] = "You have submitted an invalid new line character";} } // Validate Street2 field. if(isset($form_input['Street2']) && !empty($form_input['Street2'])) { if(preg_match("`[\r\n]`",$form_input['Street2'])){$errors[] = "You have submitted an invalid new line character";} } // Validate City field. if(isset($form_input['City']) && !empty($form_input['City'])) { if(preg_match("`[\r\n]`",$form_input['City'])){$errors[] = "You have submitted an invalid new line character";} } // Validate email field. if(isset($form_input['Email']) && !empty($form_input['Email'])) { if(preg_match("`[\r\n]`",$form_input['Email'])){$errors[] = "You have submitted an invalid new line character";} if(!preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-z]{2,4}$/i',$form_input['Email'])){$errors[] = "Email address is invalid";} } // Display any errors and exit if errors exist. if(count($errors)){foreach($errors as $value){print "$value<br>";} exit;} As far as I can tell they are not adding new recipients or blind copying, but I could be very wrong - I hope not. So that means they are just spamming us, which is still no good. Why isn't this php striping those <>?/|{[ html tags? And how can I be sure they are not using our forms to send out their spam to others? And why is safe guarding form-data so hard and confusing? Doing a search only brings up conflicting information and websites of discussions where no one agrees and no solutions are given. Oy! I need straight, simple answers - can anyone help me? Thanks
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.