DavidT Posted February 5, 2010 Share Posted February 5, 2010 Hi there! I have two different hosting services: on the first one I can regularly use the function mail(), but the second does not allow me to send mails (it will block the account for mass mailing). I need to use mail to notify things to user who requested it, so I need to be able to send mail from this second server too. I thought that I will create a mailer script on the firs server, so that the second will simply call the script when needed, passing the e-mail addresses, the subject and content trough POST. Now, how to avoid that some malicious user uses my script to send own mails? I thought that I can send with the POST two vars, "time" and "secure_code" (I will eventually fake the names, so that is not so easy to recognize), where "time" is get by time(), and "secure_code" is a function depending on the value of "time". The mailer script gets the both values, and use the same function to verify if the "secure_code" is correct, according to time. Question is, is this safe? What kind of function shall I use? Also, how could I avoid that a malicious user simply same the "time" and "secure_code" in a certain moment, and use it again? Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/191028-secure-mailer-on-an-other-server/ Share on other sites More sharing options...
teamatomic Posted February 5, 2010 Share Posted February 5, 2010 I would put the stuff I wanted to mail into a file and zip it up. I would then pass it off to a script that would FTP it to the mail server. The mail server would have a script cron jobbed that would check the upload folder every minute if it found a file it would move it to a working folder and fork a script to uppack,process the file and mail the contents. Fairly easy to do and no outside files for a hacker to abuse. If you are really uptight about security have a cron jobbed script create a file and then give the scripts the same user/group and knock the perms down to 770. If somebody breaks in that far youre already toast anyways. HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/191028-secure-mailer-on-an-other-server/#findComment-1007308 Share on other sites More sharing options...
DavidT Posted February 9, 2010 Author Share Posted February 9, 2010 Thank you! Link to comment https://forums.phpfreaks.com/topic/191028-secure-mailer-on-an-other-server/#findComment-1009305 Share on other sites More sharing options...
DavidT Posted August 12, 2010 Author Share Posted August 12, 2010 Ok, after a little pause I'm starting finally to making this script. Couple of further questions: is there any way to create a file "on the fly"? I mean, instead of doing this: $handle = fopen("file_to_upload","w"); $write = fwrite($handle,"This is the mail data which will be sent to the other server "); $upload = ftp_put($ftp_connection, "mailer_folder", "file_to_upload" ); to solve somehow so that it does need to create the file, and just doing something like $upload = ftp_put($ftp_connection, "mailer_folder", DATA ); The other question is: is there some reason why you told me to zip the file containing mail data? Maybe security reasons? Wouldn't it work same way if is just a plain file? Thanks in advance Link to comment https://forums.phpfreaks.com/topic/191028-secure-mailer-on-an-other-server/#findComment-1098556 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.