Mailer.php help

[calumogg]

Hi all, this is my first post and I dont really know alot about php but can normally work through something, but this has just stumped me completly! I run a photography website and it has a mailer.php thing on it so I can get feedback, but recently the php file has been used to send spam from my server so so I have tried to add in some anti spam stuff but its not worked so I have removed the scripts from my server. If anyone knows how to improve the script to stop the spammers please let me know here is a copy of the code I am using:

 

<?php
// ------- three variables you MUST change below  -------------------------------------------------------
$replyemail="I removed my e-mail address for spam reasons!!";//change to your email address
$url = 'http://www.calumogg.co.uk/contact/ok.html';
// ------------------------------------------------------------

//clean input in case of header injection attempts!
function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
  $patterns[4] = '/\r/';
  $patterns[5] = '/\n/';
  $patterns[6] = '/%0a/';
  $patterns[7] = '/%0d/';
}
//NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0.
return preg_replace($patterns, "", strtolower($value));
}

$name = clean_input_4email($_POST["name"]);
$email = clean_input_4email($_POST["email"]);
$thesubject = clean_input_4email($_POST["thesubject"]);
$themessage = clean_input_4email($_POST["themessage"], false);

// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:    
if(!isset($_SERVER['HTTP_USER_AGENT'])){
   die("Forbidden - You are not authorized to view this page");
   exit;
}

// Make sure the form was indeed POST'ed:
//  (requires your html form to use: action="post") 
if(!$_SERVER['REQUEST_METHOD'] == "POST"){
   die("Forbidden - You are not authorized to view this page");
   exit;    
} 

// Host names from where the form is authorized
// to be posted from: 
$authHosts = array("calumogg.co.uk");

// Where have we been posted from?
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));

// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos($fromArray['host'], "www.");

// Make sure the form was posted from an approved host name.
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){    
   logBadRequest();
   header("HTTP/1.0 403 Forbidden");
       exit;    
}

// Attempt to defend against header injections:
$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:", "\r", "\n", "%0a", "%0d" );

// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v){
   foreach($badStrings as $v2){
       if(strpos($v, $v2) !== false){
           logBadRequest();
           header("HTTP/1.0 403 Forbidden");
               exit;
       }
   }
}    

// Made it past spammer test, free up some memory
// and continue rest of script:    
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); 

$error_msg='The message could not be sent at this time please try again.';

$replymessage = "Thank you $name for your enquriy, I will get back to you as soon as I can.
If you have any other questions or comments, please dont hesitate to contact me again.

Below is a copy of your enquriy:
------------------------------
Name: $name
E-mail address: $email
Subject: $thesubject
Comment:
$themessage

------------------------------

Calum Ogg\n\n";


$themessage = "name: $name \nQuery: $themessage";
mail("$replyemail",
     "$thesubject",
     "$themessage",
     "From: $email\nReply-To: $email");
mail("$email",
     "$thesubject",
     "$replymessage",
     "From: $replyemail\nReply-To: $replyemail");
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
?>

 

Thanks in advance for any help!