GreatName Posted August 7, 2007 Share Posted August 7, 2007 I am very, very new to php and I though that I found this great one size fits all php script that will handle all my forms no matter what the field name is. <?php if ($_SERVER['REQUEST_METHOD']=="POST"){ if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>8 ¦¦ !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) die("Bad referer"); $msg="Values submitted by the user:\n"; foreach($_POST as $key => $val){ if (is_array($val)){ $msg.="Item: $key\n"; foreach($val as $v){ $v = stripslashes($v); $msg.=" $v\n"; } } else { $val = stripslashes($val); $msg.="$key: $val\n"; } } $recipient="Myemail@myemail.com"; $subject="Subject line of email"; error_reporting(0); if (mail($recipient, $subject, $msg)){ echo "<h1>Thank you</h1><p>Response message</p>\n"; echo nl2br($input); } else echo "An error occurred and the message could not be sent."; } else echo "Bad request method"; ?> However, I am worried that my form may get hijacked and therefore I wanted to place some security. So I found function clean_input_4email($value, $check_all_patterns = true) { $patterns[0] = '/content-type:/'; $patterns[1] = '/to:/'; $patterns[2] = '/cc:/'; $patterns[3] = '/bcc:/'; if ($check_all_patterns) { $patterns[4] = '/\r/'; $patterns[5] = '/\n/'; $patterns[6] = '/%0a/'; $patterns[7] = '/%0d/'; } } however I cannot figure out how to call this function or even if this is the best solution. If anybody can help me, I would be most thankfull. Quote Link to comment https://forums.phpfreaks.com/topic/63801-php-web-form/ Share on other sites More sharing options...
trq Posted August 7, 2007 Share Posted August 7, 2007 The function you have found doesn't actually do anything. Quote Link to comment https://forums.phpfreaks.com/topic/63801-php-web-form/#findComment-317967 Share on other sites More sharing options...
GreatName Posted August 7, 2007 Author Share Posted August 7, 2007 thanks, what is the best method for me to protect my form fom being hijacked from spammers then? Assuming I wanted to use my one size fits all code. Quote Link to comment https://forums.phpfreaks.com/topic/63801-php-web-form/#findComment-317969 Share on other sites More sharing options...
GreatName Posted August 7, 2007 Author Share Posted August 7, 2007 Just to clarify, Is there any way to protect this form from being hijacked by spammers and to still keep it in its one size fits all forms way? Quote Link to comment https://forums.phpfreaks.com/topic/63801-php-web-form/#findComment-317978 Share on other sites More sharing options...
ToonMariner Posted August 8, 2007 Share Posted August 8, 2007 record ip addresses of people using this form - have a time lapse on its use (1 post per min or similar). the only way to is to record and control usage... Quote Link to comment https://forums.phpfreaks.com/topic/63801-php-web-form/#findComment-318000 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.