CanMan2004 Posted December 12, 2006 Share Posted December 12, 2006 Hi allA whiile ago I setup a website which has a registeration form on it, it has been fine for a while, but recently, there has been 2 times when someone is managing to hyjack the form and sending SPAM out through the form. After the first time, we added a image check, which made the user have to enter a code embeded in the image before they could continue, but this doesnt seem to have worked.What can I do to prevent this?ThanksMark Quote Link to comment Share on other sites More sharing options...
logged_with_bugmenot Posted December 12, 2006 Share Posted December 12, 2006 Add a function to check if the email being submitted is a hijacking email, you cna use these functions:/*** Check single-line inputs:* Returns false if text contains newline character */function has_no_newlines($text){ return preg_match("/(%0A|%0D|\\n+|\\r+)/i", $text) == 0;}/*** Check multi-line inputs:* Returns false if text contains newline followed by* email-header specific string*/function has_no_emailheaders($text){ return preg_match("/(%0A|%0D|\\n+|\\r+)(content-type:|to:|cc:|bcc:)/i", $text) == 0;}Then check each of the fields that should only be single lines with the first function, and check any multiline fields with the second function to make sure it contains no email headers. Quote Link to comment Share on other sites More sharing options...
fenway Posted December 15, 2006 Share Posted December 15, 2006 I don't know what you mean by SPAM -- if you send an e-mail to the e-mail address provided, then there's not much you can do about it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.