jarednz Posted April 7, 2010 Share Posted April 7, 2010 Hi all I was wondering if someone could take a quick peak at my code and let me know if I have any major security flaws in my code. Such as any variables that could be hijacked for any injection or methods that could be used to get access to our web server, that sort of stuff. Its a simple contact form built in php, takes values from fields in a form and posts it to an email address. There is no database back end. <?php function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(myCheckDNSRR($domain,"MX") || myCheckDNSRR($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; } function myCheckDNSRR($hostName, $recType = '') { if(!empty($hostName)) { if( $recType == '' ) $recType = "MX"; exec("nslookup -type=$recType $hostName", $result); // check each line to find the one that starts with the host // name. If it exists then the function succeeded. foreach ($result as $line) { if(eregi("^$hostName",$line)) { return true; } } // otherwise there was no mail handler for the domain return false; } return false; } $name = trim($_REQUEST['name']); $emailCheck = trim($_REQUEST['email']); $phone = trim($_REQUEST['phone']); $EnquirySubject = $_REQUEST['EnquirySubject']; $queryComments = trim($_REQUEST['queryComments']); switch ($_REQUEST['EnquirySubject']) { case "General land information": $checkedSubject0 = 'checked="checked"'; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "How to order a land record, eg. Title": $checkedSubject0 = ""; $checkedSubject1 = 'checked="checked"'; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Geodetic mark updates and information": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = 'checked="checked"'; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "online": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = 'checked="checked"'; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Maps": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = 'checked="checked"'; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Hydrographic information": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = 'checked="checked"'; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Our website": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = 'checked="checked"'; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "OIA Requests": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = 'checked="checked"'; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Survey Mark Protection Service": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = 'checked="checked"'; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Report damage or disturbance to survey marks": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = 'checked="checked"'; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Recommendations for additional survey control": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = 'checked="checked"'; $checkedSubject11 = ""; break; case "Other": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = 'checked="checked"'; break; } function displayForm($name, $email, $phone, $EnquirySubject, $queryComments, $checkedSubject0, $checkedSubject1, $checkedSubject2, $checkedSubject3, $checkedSubject4, $checkedSubject5, $checkedSubject6, $checkedSubject7, $checkedSubject8, $checkedSubject9, $checkedSubject10, $checkedSubject11, $phoneError) { //make $emailCheck global so function can get value from global scope. global $emailCheck; //name echo '<form action="index.php" method="post" name="contact" id="contact">'."\n". '<fieldset>'."\n". '<div>'."\n". '<label for="name">Your name:</label>'."\n". '<input type="text" name="name" id="name" class="inputText required" value="'. $name .'" />'."\n"; //check if name field is filled out if (isset($_REQUEST['submit']) && empty($name)) { echo '<label for="name" class="error">Please enter your name.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //Email echo '<label for="email">Your email:</label>'."\n". '<input type="text" name="email" id="email" class="inputText required email" value="'. $emailCheck .'" />'."\n"; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && validEmail($emailCheck) == false) { echo '<label for="email" class="error">Invalid email address entered.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //phone echo '<label for="phone">Your phone number:</label>'."\n". '<input type="text" name="phone" id="phone" class="inputText" value="'. $phone .'" />'."\n". '<span class="mandatory small">(optional)</span>'; // check if phone field is filled out that it has numbers and not characters if (isset($_REQUEST['submit']) && $phoneError == "true") { echo '<label for="email" class="error">Please enter a valid phone number.</label>'."\n"; } echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //subect of enquiry echo '<p style="padding-left: 1em">Subject of your enquiry:</p>'; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && empty($EnquirySubject)) { echo '<label class="error" style="float: none !important;clear:both">These fields are required.</label><br />'."\n"; } echo '<div class="radioError"></div>'; echo '<p><label class="contactRadio" for="Subject_0"><input type="radio" name="EnquirySubject" value="General land information" id="Subject_0" '. $checkedSubject0 .' /> General land information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_1"><input type="radio" name="EnquirySubject" value="How to order a land record, eg. Title" id="Subject_1" '. $checkedSubject1 .' /> How to order a land record, eg. Title</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_2"><input type="radio" name="EnquirySubject" value="Geodetic mark updates and information" id="Subject_2" '. $checkedSubject2 .' /> Geodetic mark updates and information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_3"><input type="radio" name="EnquirySubject" value="online" id="Subject_3" '. $checkedSubject3 .' /> online</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_4"><input type="radio" name="EnquirySubject" value="Maps" id="Subject_4" '. $checkedSubject4 .' /> Maps</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_5"><input type="radio" name="EnquirySubject" value="Hydrographic information" id="Subject_5" '. $checkedSubject5 .' /> Hydrographic information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_6"><input type="radio" name="EnquirySubject" value="Our website" id="Subject_6" '. $checkedSubject6 .' /> Our website</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_7"><input type="radio" name="EnquirySubject" value="OIA Requests" id="Subject_7" '. $checkedSubject7 .' /> OIA Requests</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_8"><input type="radio" name="EnquirySubject" value="Survey Mark Protection Service" id="Subject_8" '. $checkedSubject8 .' /> Survey Mark Protection Service</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_9"><input type="radio" name="EnquirySubject" value="Report damage or disturbance to survey marks" id="Subject_9" '. $checkedSubject9 .' /> Report damage or disturbance to survey marks</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_10"><input type="radio" name="EnquirySubject" value="Recommendations for additional survey control" id="Subject_10" '. $checkedSubject10 .' /> Recommendations for additional survey control</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_11"><input type="radio" name="EnquirySubject" value="Other" id="Subject_11" '. $checkedSubject11 .' /> Other</label>'."\n\r". '<br /></p>'; echo '</div>'."\n". '<div>'."\n"; //comment/query echo '<label class="queryComments" for="queryComments">Query/Comments:</label>'."\n". '<textarea name="queryComments" id="queryComments" class="required">'. $queryComments .'</textarea>'."\n"; //check if message field is filled out if (isset($_REQUEST['submit']) && empty($_REQUEST['queryComments'])) { echo '<label for="queryComments" class="error">This field is required.</label>'."\n"; } echo '</div>'."\n". '</fieldset>'; echo '<div class="submit"><input type="submit" name="submit" value="Submit" id="submit" /></div>'. '<div class="clear"><p><br /></p></div>'. '<p class="contact-form">If you have a problem using this form please email us at <a href="mailto:blah@blahblahblahhblah.com">blah@blahblahblahhblah.com</a></p>'. '</form>'."\n"; } if (isset($_REQUEST['submit']) && !empty($_REQUEST['phone']) && !is_numeric($_REQUEST['phone'])) { $phoneError = "true"; } if(empty($name) || empty($emailCheck) || empty($EnquirySubject) || empty($queryComments) || validEmail($emailCheck) == false || $phoneError == "true") { displayForm($name, $email, $phone, $EnquirySubject, $queryComments, $checkedSubject0, $checkedSubject1, $checkedSubject2, $checkedSubject3, $checkedSubject4, $checkedSubject5, $checkedSubject6, $checkedSubject7, $checkedSubject8, $checkedSubject9, $checkedSubject10, $checkedSubject11, $phoneError); } else { //send email $to = "blah@blahblahblahhblah.com"; $subject = "$EnquirySubject - Contact Feedback from the website"; $message = "Name: $name \n\r" . "Phone Number: $phone \n\r" . "Message: $queryComments"; $headers = "From: $name <$emailCheck>"; mail($to, $subject, $message, $headers ); echo '<div id="thankyoubox">'; echo '<h2>Thank you</h2>'; echo '<p>Thank you for submitting the contact us form. If you have requested information we will get back to you within 10 working days.</p>'; echo '</div>'; } ?> Appreciate your help and constructive criticism Apologies in advanced if I posted this in the wrong forum, but testing on this would also be appreciated if I missed a a task that a user could do in the form that relates to validation etc. cheers Jared Link to comment Share on other sites More sharing options...
Recommended Posts