Jump to content


Photo

form security


  • Please log in to reply
2 replies to this topic

#1 ellen

ellen
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 10 May 2006 - 04:00 PM

Help! I have a simple form on my website--host shut it down because they said it is being used by spammers to send email. My code:

if (isset($_POST['Name'])) {
$n = $_POST['Name'];
$em = $_POST['Email'];
// Configuration Settings
$SendTo =      "xxx@xxx.com";
$SubjectLine = "xxx resumé";
//$from = "From: $visitormail \r\n";
$headers .= "From: ";
$headers .= $n;
$headers .= "<";
$headers .= $em;
$headers .= ">\r\n";


$Divider =     "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";

// Build Message Body from Web Form Input
$MsgBody = @gethostbyaddr($REMOTE_ADDR) . "\n$Divider\n";
?> <?php 

foreach ($_POST as $Field => $Value)
   $MsgBody .= "$Field: $Value\n";
   $MsgBody .= $Divider . "\n" . $HTTP_USER_AGENT . "\n";
$MsgBody = htmlspecialchars($MsgBody);  //make content safe

// Send E-Mail
mail($SendTo, $SubjectLine, $MsgBody, $headers);

Will someone please tell me how to change this so it is safe?

Thanks so much!

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 10 May 2006 - 04:10 PM

Read [a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]this article[/a] from the NYPHP Users Group. It explains what happened and how to fix it.

Ken

#3 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 10 May 2006 - 04:24 PM

Interesting article, good reading. Thanks for that!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users