nige

Hi litebearer, Thanks for the quick reply. See answers below Filename: sendmail.php <? $linefeed='\n'; $Title=$_POST['Title']; $FName=$_POST['FName']; $SName=$_POST['SName']; $email_address=$_POST['email_address']; $mobile=$_POST['mobile']; $Age=$_POST['Age']; $Address1=$_POST['Address1']; $Town_City=$_POST['Town_City']; $County=$_POST['County']; $Country=$_POST['Country']; $Message=$_POST['Message']; $cosmetic=$_POST['cosmetic']; $lingerie=$_POST['lingerie']; $Ccard=$_POST['Ccard']; $Sales=$_POST['Sales']; $FashionShows=$_POST['FashionShows']; $bargin=$_POST['bargin']; $error=0; function check_firstname($FName) { if(preg_match("/[a-zA-Z\-\Ä\ä\Ö\ö\Ü\ü\ ]+$/s",$FName)) return TRUE; else return FALSE; } function check_surname($SName) { if(preg_match("/[a-zA-Z\-\Ä\ä\Ö\ö\Ü\ü\ ]+$/s",$SName)) return TRUE; else return FALSE; } function check_email_address($email_address) { // if(preg_match("/[a-zA-Z0-9\@\ // ]+$/s",$email_address)) // return TRUE; // else // return FALSE; // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email_address)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email_address); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } function check_mobile($mobile) { if(preg_match("/[0-9\ ]+$/s",$mobile)) return TRUE; else return FALSE; } if(!check_firstname($FName)) { echo "<B>Please input your firstname correctly.</B><br>"; $error++; } if(!check_surname($SName)) { echo "<B>Please input your surname correctly.</B><br>"; $error++; } if(!check_email_address($email_address)) { echo "<B>Your email entered is not an invaild email address.</B><br>"; $error++; } if(!check_mobile($mobile)) { echo "<B>Mobile number has wrong format.</B><br>"; $error++; } if($error == 0) { mail( "regform@domain.ie", "A new customer has signed up", "Name: " . $Title . " " . $FName . " " . $SName . "\r\n" . "Email: " . $email_address . "\r\n" . "Mobile Phone: " . $mobile . "\r\n" . "Age: " . $Age . "\r\n" . "Address: " . "\r\n" . " " . $Address1 . "\r\n" . " " . $Town_City . "\r\n" . " " . $County . "\r\n" . " " . $Country . "\r\n" . "Message: " . $Message, "From: Web Registration <regform@domain.ie>" ); mail( $email_address, "Welcome to the Mailing List", "Dear " . $Title . " " . $SName . ",\r\n\r\n" . "Thanks for joining the mailing list." . "\r\n" . "We'll keep you up to date about exciting events and special offers." . "\r\n" . "Be in touch soon!". "\r\n\r\n" . " Department Store", "From: MailingList <regform@domain.ie>\r\n" ); header( "Location: thankyou.htm" ); }else{ echo "<br><br></br></br>"; echo "You will be re-directed back to the registration page in 10 seconds......."; echo '<META HTTP-EQUIV="Refresh" Content="10; URL=register.htm">'; } ?> Thanks Yes Thanks, we checked our logs and there doesn't appear to be any FTP activity but we'll change them anyway.

Hey All, Our web server appears to be getting hacked by a third part and I think they are getting in via a PHP contact form. They are planting a .htaccess file in the root folder redirecting the pages to a blank one. Can anyone give me advice on the best course of action to take. I can post our PHP code if needed. Many Thanks