worldcomingtoanend Posted October 9, 2009 Share Posted October 9, 2009 I have setup a "mail this page to a friend"script below and before i put on my live server I am kindly requesting you to help me be sure if this is secure against spammers. I decided not to use the captcha since a lot of feedback from my users suggests that the current form with the captcha thing is a bit annoying. Thanks for your help. <?php if(isset($Send)) //i.e. when the user clicks send button do what follows { $message="asaas"; Hi ".$friendname.", <br>" .$yourname." (".$youremail.")"." invites you to see this page on www.yoursite.com<br><br> <a href=".$myurl.">".$myurl."</a><br><br> Regards, <a href=\"http://www.yoursite.com\">yoursite.com</a> staff.<br> </p> </BODY></HTML> "; // In $message insert any thing i want $obj= $yourname. " invites you to see yoursite.com"; //Insert here the subject of your email $sender="[email protected]"; //This will shown the email sender $reply="[email protected]"; //Edit this line to allow a replay to the email $headers = "From: $sender\nReply-To: $reply\nX-Mailer: Sismail Web Email Interface\nMIME-version: 1.0\nContent-type: text/html; charset=iso-8859-1\r\n "; echo "email successfully sent!"; if(!(@mail($friendemail,$obj,$message, $headers))){ print "<H5>Email sending process failed.</H5>";} } else { echo "<br />"; } ?> <p>Please fill all the fields exactly to send the link of the page you've chosen to your friend</p> <form name="form1" method="post" action="<? $PHP_SELF; ?>"> <p> <input name="yourname" type="text" id="yourname"> your name</p> <p> <input name="youremail" type="text" id="youremail"> your email</p> <p> </p> <p> <input name="friendname" type="text" id="friendname"> your <strong>friend's</strong> name</p> <p> <input name="friendemail" type="text" id="friendemail"> your <strong>friend's</strong> email </p> <p> <input name="Send" type="submit" value="Send"> <input type="reset" name="Submit2" value="reset"> </p> </form> <p> </p> Link to comment https://forums.phpfreaks.com/topic/177079-solved-is-my-script-secure-against-spammers/ Share on other sites More sharing options...
redarrow Posted October 9, 2009 Share Posted October 9, 2009 Sorry captcha only way if there not logged in. If they are logged in ask them to provide there password sending mail. Link to comment https://forums.phpfreaks.com/topic/177079-solved-is-my-script-secure-against-spammers/#findComment-933648 Share on other sites More sharing options...
Bricktop Posted October 9, 2009 Share Posted October 9, 2009 Hi worldcomingtoanend, Currently there appears to be no valiadation of the entered data, have a look at this helpful article for advice on avoiding header injections etc. when using PHP's mail() function. Also, not sure if it's because you haven't posted that part of the code but you're not converting any POSTed data into variables, i.e.: $friendname = $_POST['friendname']; Hope this helps. Link to comment https://forums.phpfreaks.com/topic/177079-solved-is-my-script-secure-against-spammers/#findComment-933649 Share on other sites More sharing options...
worldcomingtoanend Posted October 9, 2009 Author Share Posted October 9, 2009 Bricktop Thank you very much bricktop for the advice..the link u gave me proved to be soo helpful. I will work out further on my script. hv a nice weekend. Link to comment https://forums.phpfreaks.com/topic/177079-solved-is-my-script-secure-against-spammers/#findComment-933670 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.