Email PHP code Gone Wrong?

[enemeth]

Hi there,

 

Created a php script that i got working great,

 

it takes the information from the form , even an attachment, sends it to me

 

all is dandy,

 

but it seems like something is going wrong since i have recieved about 40 emails so far from someone or something i have no clue on what or who it is ... if anyone can help , maybe someone has had it happen to them,

 

the email is as follows:

 

the subject reads :  formmail-relaytest middlemancan.bmtwebdesign.com//mail.php

 

(which is .bmtwebdesign.com , that is my domain and the mail.php is the file i made that gets the information from the form to my email address)

 

the sender is (UNKOWN)

 

and the fields that are sent to my email from the site is simple,

 

Name: 

Email: [email protected]

Other: 

Phone:

 

and that is all i get, about 40 of them all at the same time...

 

any ideas?

 

if you need to see the code for the mail.php , here it is :

 

<html>

<head>

<title> Sending Email </title>

</head>

<body>

<?php

// Read POST request params into global vars

$my_email = "[email protected]";

$from    = $_POST['from'];

$subject = $_POST['subject'];

$message = stripslashes("Name: " . $from . "\n\n" . "Email: " . $_POST['email'] . "\n\nOther: ". $_POST['other'] . "\n\n" . "Phone: " . $_POST['phone']);

 

// Obtain file upload vars

$fileatt      = $_FILES['fileatt']['tmp_name'];

$fileatt_type = $_FILES['fileatt']['type'];

$fileatt_name = $_FILES['fileatt']['name'];

 

$headers = "From: $from";

 

if (is_uploaded_file($fileatt)) {

  // Read the file to be attached ('rb' = read binary)

  $file = fopen($fileatt,'rb');

  $data = fread($file,filesize($fileatt));

  fclose($file);

 

  // Generate a boundary string

  $semi_rand = md5(time());

  $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";

 

  // Add the headers for a file attachment

  $headers .= "\nMIME-Version: 1.0\n" .

              "Content-Type: multipart/mixed;\n" .

              " boundary=\"{$mime_boundary}\"";

 

  // Add a multipart boundary above the plain message

  $message = "This is a multi-part message in MIME format.\n\n" .

            "--{$mime_boundary}\n" .

            "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .

            "Content-Transfer-Encoding: 7bit\n\n" .

            $message . "\n\n";

 

  // Base64 encode the file data

  $data = chunk_split(base64_encode($data));

 

  // Add file attachment to the message

  $message .= "--{$mime_boundary}\n" .

              "Content-Type: {$fileatt_type};\n" .

              " name=\"{$fileatt_name}\"\n" .

              //"Content-Disposition: attachment;\n" .

              //" filename=\"{$fileatt_name}\"\n" .

              "Content-Transfer-Encoding: base64\n\n" .

              $data . "\n\n" .

              "--{$mime_boundary}--\n";

}

 

// Send the message

mail($my_email, $subject, $message, $headers);

 

?>

<html>

 

<body>

<?php include 'header.php';?><br>

<p align="center"><strong><font face="Arial"><big>Thank you for submitting information<br>

You will be redirected shortly</big></font></strong></p>

 

<script>

var redirecturl="index.php"

var pausefor=5

 

 

function postaction(){

if (window.timer){

clearInterval(timer)

clearInterval(timer_2)

}

window.location=redirecturl

}

setTimeout("postaction()",pausefor*1000)

 

</script>

 

<br><br><br><br><br><br>

<img src="images/progressbar.gif"><br><br><br><br>

<?php include 'footer.php';?>

</body>

</html>

 

if anyone has ever seen this before can you please let me know, how i can either stop it or should i contact my hosting company?

 

Thank you,

 

Elaine

 

[Caesar]

So the form does not require someone to be logged in or authenticated in order to submit?

 

That be your problem thar.

[miracle_potential]

Are all the emails identicle you didnt seem to tell us.

[enemeth]

yes all the emails are identical

 

 

[enemeth]

i dont no about it being authentication problem , because i have 5 other mailtoforms.php files that do not need authentication on the same hosting account, which i never recieved one spam on , it doesnt make sense

 

 

[miracle_potential]

You will need some sort of image varification scipt to stop bots running and spidering your codes!

 

 

http://www.php-mysql-tutorial.com/user-authentication/image-verification.php

 

Be a good start, and if the emails are all identicle its probably a looping error I didnt sift through the code so check for any loops or that your headers arnt relocating to each other (causing a server loop) because variables are kept on memory until the session is over

[enemeth]

Thank you , I went through that code but the form i have on the site is not a form to log in, it is a simple who are you form and send in your resume,

 

it would be nice to have this to work without the log in method

 

Elaine

[miracle_potential]

I'm not saying have a login for it, jsut have an image verification to stop bots from suing your form there are a LOT spiders looking for a tasty form to fill out so it can get your email address.

 

Thats the only thing I can think of

[enemeth]

ok sounds good i will disect the code for the image authentication and use it on my site , thank you