Bamn Dastards - PHP form help please

rottnluv · December 11, 2013

Hello, I recently started working for a small health care college and at some point they were convinced that a lead generating company was a good idea and gave them complete access to our website. After many miserable monthes with them, the school gave up on the idea but the bamn dastards weren't done with us yet. Somehow they sabotaged our web form. I am familiar with html, javascript, asp...but never got into php. I have done what debugging I can, but just not familiar enough with it to get further. Would you mind looking at the following code and seeing if there is something that jumps out at you? Ya'll are the greatest!!

Cheers, chele

<?php
//--------------------------Set these paramaters--------------------------
 
// Subject of email sent to you.
$subject = 'AHI Contact Form';
 
// Your email address. This is where the form information will be sent.verkerk@powertan.no
$emailadd = 'msurace@americanhealth.edu';
 
// Where to redirect after form is processed.
$url = '[url=http://www.americanhealth.edu/Thank_You.php';]http://www.americanhealth.edu/Thank_You.php';[/url]
 
// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '0';
 
// --------------------------Do not edit below this line--------------------------
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 20)
{echo "Name of form element $key cannot be longer than 20 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
?>

Edited December 11, 2013 by ignace

Ch0cu3r · December 11, 2013

Somehow they sabotaged our web form.

How do you know that and what have they done?

What should the code do? and what does it do now?

Edited December 11, 2013 by Ch0cu3r

rottnluv · December 11, 2013

We know because we stopped getting the form results emailed to us and then because they told us! The form when submitted should email to admissions but it just seems to skip that part and go to the redirected page, thank you for filling out the form page...

this page is called from the form via this code:

Ch0cu3r · December 11, 2013

The code you posted is fine, (although it could be improved) there is no suspicious code that is stopping the emails.

Are you sure the emails are not being identified as spam? Check your spam folders to see if this is the case.

Is msurace@americanhealth.edu the correct email address for the contact form messages to go to? And can you send emails to this address yourself?

Is the SMTP settings in the php.ini been changed?

and at some point they were convinced that a lead generating company was a good idea and gave them complete access to our website

The first step is to change the passwords to all accounts on the server so they cant access your server again.

Edited December 11, 2013 by Ch0cu3r

rottnluv · December 11, 2013

I believe that was done, but will verify for sure...

Yes, that is the proper email address and I can receive mail at that address.

Went to go check the spam folders and the email server is down... sigh..this just never ends...

I'll check the php.ini file as soon as I can get in...

Thanks for your help...

(The english major in me reads your name as Chaucer... )

cheers, chele

rottnluv · December 11, 2013

I can connect to the site through dreamweaver, but not access it directly through the hosting site.. (go figure) I don't see a php.ini at all... Can it run without it? The site works. except for the form issue...

cyberRobot · December 11, 2013

Does the third-party still have access to the website? If so, I would recommend removing that access first.

Note that it might be helpful to know how the third-party was accessing the website. Did they have a login to a CMS, full FTP access, access to the admin panel for the website host?

cyberRobot · December 11, 2013

Also, have you checked with your website host? Perhaps they could restore the website to a previous state if they've been backing up the files. Or maybe they could review the server logs to see what has changed.

rottnluv · December 11, 2013

Awesome idea cyber!! I will definitely check about the logs!

I believe they had access through the admin panel..

Trying to get a message to the owner... she's out of town at a conference of course!

rottnluv · December 11, 2013

Ok, the error logs tell me "20130802T191233: www.americanhealth.edu/Contact.php

[32517] Cannot send message: Forbidden to use mail"

Obviously this is the problem!

Now how do I go about fixing this problem?!

Sign In

Bamn Dastards - PHP form help please

Recommended Posts

rottnluv

Link to comment

Share on other sites

Ch0cu3r

Link to comment

Share on other sites

rottnluv

Link to comment

Share on other sites

Ch0cu3r

Link to comment

Share on other sites

rottnluv

Link to comment

Share on other sites

rottnluv

Link to comment

Share on other sites

cyberRobot

Link to comment

Share on other sites

cyberRobot

Link to comment

Share on other sites

rottnluv

Link to comment

Share on other sites

rottnluv

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information