dropfaith Posted October 13, 2008 Author Share Posted October 13, 2008 okay thats all done i messed up it wasnt getting post data from when i updated the script Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-663714 Share on other sites More sharing options...
darkfreaks Posted October 13, 2008 Share Posted October 13, 2008 but it works now with the email adress in the javascript? Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-663715 Share on other sites More sharing options...
dropfaith Posted October 13, 2008 Author Share Posted October 13, 2008 its not erroring but i dont get emails im gonna try to echo the myemail function it echoes out just fine as dropfaith@gmail.com but doesnt seem to be emailing me Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-663716 Share on other sites More sharing options...
darkfreaks Posted October 13, 2008 Share Posted October 13, 2008 http://www.anyexample.com/programming/php/how_to_send_email_with_php.xml this is a good example of making sure emails stay out of spam folders Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-663718 Share on other sites More sharing options...
dropfaith Posted October 23, 2008 Author Share Posted October 23, 2008 okay now everything coming from db goes thru this $Id = mysql_escape_string(trim(htmlentities($_GET['Id']))); and going in goes thru $Contact = mysql_real_escape_string(trim(stripslashes($_POST['Contact']))); and my contact form now does this then escapes all details from the post before emailing me So i think im ready for another round as hard as you can go for security <form method="post" action="template/contact.php"> <?php $ipi = getenv("REMOTE_ADDR"); $httprefi = getenv ("HTTP_REFERER"); $httpagenti = getenv ("HTTP_USER_AGENT"); ?> <input type="hidden" name="ip" value="<?php echo $ipi ?>" /> <input type="hidden" name="httpref" value="<?php echo $httprefi ?>" /> <input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" /> <p><label>Name: </label> <input type="text" name="name" size="40" /><br /></p> <p><label>Subject: </label> <select name="subject" style="width:150px;"> <option value="Advertise">Advertise</option> <option value="Support">Support</option> <option value="Web_Design">Web Master</option> <option value="Problem">Problem</option> </select> <br /></p> <p> <label>Email:</label> <input type="text" name="email" size="40" /><br /></p><p> <label>Comments:</label><textarea rows="5" name="message" cols="30"></textarea><br /></p> <input type="hidden" name="myemail" value="dropfaith@gmail.com" /> <p><input type="submit" name="submit" value="Send!"/></p> </form> Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-672735 Share on other sites More sharing options...
darkfreaks Posted October 29, 2008 Share Posted October 29, 2008 post the full code ??? Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-677046 Share on other sites More sharing options...
dropfaith Posted October 29, 2008 Author Share Posted October 29, 2008 i think for the most part the contact form is solved this is now my email <input type="hidden" name="myemail" value="dropfaith@gmail.com" /> but yea if you feel like scanning go for it im always up for improving plus the recipes section and the stories section have a voting system which im leeary about (ps i know you can vote as often as you want but thats not my concern right now oh and i think i deleted the phpfreaks phpfreaks account so you can use my test account currently admin phpfreaks alot of the edit stuff now requires the session to be set its still in the works as its not redirecting yet but yea security then the real function Link to comment https://forums.phpfreaks.com/topic/127660-site-security/page/2/#findComment-677054 Share on other sites More sharing options...
Recommended Posts