Hosting company's warning to me concerning PHP formmail script

[Xurion]

Whenever I have made a simple contact form on a client's site I have always used the following PHP formmail script:

 

<?php
ini_set("sendmail_from", "enquiries@domain.com");
$mailfrom = "enquiries@domain.com";
$mailto = "enquiries@domain.com";
$thanks = "thankyou.html";

foreach ($_POST as $key=>$value)
{
$mailtext .= '<b>'.$key.':</b> '.$value.'<br>';
}
$headers = 'From: '.$mailfrom.'
Reply-to: '.$mailform.'
Return-path: '.$mailfrom.'
Content-type: text/html

';
mail($mailto, "Website Enquiry", $mailtext, $headers);
Header("location: $thanks");
?>

 

Recently I recieved a warning fromone of my client's hosts who informed me that the formmail was "poorly programmed" (lol) and it would allow any anonymous users to POST http data resulting in a surge of email going thought our companies was server. This aparently is a breach in their hosting agreement and they have deleted the formmail.php from the site so I must replace it with a script that will not cause this problem.

 

If anyone could either show me an example of a script that does the above and avoids this breach in the hosting agreement, or if someone knoews anywhere I can read up on how to get around this problem that would be great.

 

Thx to all in adv.

 

Xur~

 

[ToonMariner]

Not too sure what they mean as this only sends one email to one address...

 

I think what they may mean is that it could be called any number of times by an automated script so that WOULD send lost of emails in a very short time.

 

I suggest you put a check in so that one ip address cannot send more than one email every ten minutes or so.

 

To achieve this you could either require a session cookie, a normal cookie or record each ip address into a database tabel and check that on each request...