shawnplr Posted October 5, 2009 Share Posted October 5, 2009 I have created a contact form using a flat file to avoid using sendmail. I use fwrite on a flat file which is set to 0622. i am wondering if this is secure code? <?php if (!empty($_POST)) { $file = "contact.txt"; $handle = fopen($file, 'a+'); $ip=$_SERVER['REMOTE_ADDR']; $name = $_POST["name"]; $nameformat = nameize($name); $email = $_POST["email"]; $message = $_POST["message"]; $agree = $_POST["agreement"]; if (empty($name)) { echo "<p><b>“Please supply your name to use this form.”</b></p>"; } elseif (!$email == "" && (!strstr($email,"@") || !strstr($email,".")) || (empty($email))) { echo "<p><b>“Please supply a valid email to use this form.”</b></p>"; } elseif (empty($message)) { echo "<p><b>“Please supply a reason for contacting us.”</b></p>"; } elseif ($agree == "disagree") { echo "<p><b>“All information is confidential. You may agree to terms to submit this form.”</b></p>"; } else { fwrite($handle, "\n" . "\n" . $ip . "\n" . $nameformat . "\n" . $email . "\n" . $message); fclose($handle); echo "<p><b>“Thank you " . $nameformat . ". Your message has been sent.”</b></p>"; }} function nameize($str,$a_char = array("'","-"," ")){ $string = strtolower($str); foreach ($a_char as $temp){ $pos = strpos($string,$temp); if ($pos){ $mend = ''; $a_split = explode($temp,$string); foreach ($a_split as $temp2){ $mend .= ucfirst($temp2).$temp; } $string = substr($mend,0,-1); }} return ucfirst($string); } ?> My form <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p>Name:* <input type="text" name="name" value="<?php if (isset($name)) {echo $name;} ?>"/></p> <p>email:* <input type="text" name="email" value="<?php if (isset($email)) {echo $email;} ?>" /></p> <p>Reason for contacting us:*<br /><textarea rows="10" cols="40" name="message"><?php if (isset($message)) {echo $message;} ?></textarea></p> <p><input checked="checked" type="radio" value="disagree" name="agreement" />I do not wish to complete all of the fields.</p> <p><input type="radio" value="agree" name="agreement" />All Fields are complete I wish to continue.</p> <hr> <p><input type="submit" value="Submit" /></p> </form> The working code is at http://www.trimtools.net/cont/ Link to comment https://forums.phpfreaks.com/topic/176546-secure-contact/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.