johnqgalt
asked on
Simple PHP form handler
I am using the following simple PHP script to process a form:
<?
$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;
mail( "mail@example.com", "Form Results",
$message, "From: $email" );
header( "Location: thankyou.htm" );
?>
Questions:
1. Can the following values be returned in the header as well?
$HTTP_USER_AGENT
$HTTP_HOST
$HTTP_REFERER
$REMOTE_HOST
$REMOTE_ADDR
$REMOTE_PORT
If so, how? If not, what would be the simplest way to grab them?
2. Should the script be made more secure? If so, how?
<?
$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;
mail( "mail@example.com", "Form Results",
$message, "From: $email" );
header( "Location: thankyou.htm" );
?>
Questions:
1. Can the following values be returned in the header as well?
$HTTP_USER_AGENT
$HTTP_HOST
$HTTP_REFERER
$REMOTE_HOST
$REMOTE_ADDR
$REMOTE_PORT
If so, how? If not, what would be the simplest way to grab them?
2. Should the script be made more secure? If so, how?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
*beaten by four minutes* But mine was longer 8-D
Yeah sorry man, he didn't ask me what he needed the $_SERVER variables for, so I just gave a simple explanation of his question. :)
Take care
AJ
Take care
AJ
If basiclife's comment also helps you, I don't mind a split :)))))))))
AJ
AJ
Needless to say I won't complain so thanks for the thought AJ :D Have a nice night (it's coming up to 06:13 for me) *need sleep but can't stop playing on net*
ASKER
basiclife, many thanks for the *awesome* answer. There was only one typo in your reply, which I mention here in case anyone else wants to use it:
In the following line:
"HTTP Host:" . $_SERVER['HTTP_HOST] . "\r\n" .
HTTP_HOST is missing the closing single quote. It should read:
"HTTP Host:" . $_SERVER['HTTP_HOST'] . "\r\n" .
I also appreciate your comments on security and limiting message size.
This is without a doubt the best answer I've ever received on EE.
Thanks again!
In the following line:
"HTTP Host:" . $_SERVER['HTTP_HOST] . "\r\n" .
HTTP_HOST is missing the closing single quote. It should read:
"HTTP Host:" . $_SERVER['HTTP_HOST'] . "\r\n" .
I also appreciate your comments on security and limiting message size.
This is without a doubt the best answer I've ever received on EE.
Thanks again!
ASKER
P.S. How can I send another 150 points to you, basiclife?
Thanks for the offer but it wasn't that much of a sweat. Also, AJ did a lot of work too.
Save the points for when you really need them. And as to the typo - as I said It's now almost 7am Sunday morning and I think that 1 typo is pretty damn good :D
Good luck with the PHP. If you need anything else, post it and I'll keep an eye out.
Save the points for when you really need them. And as to the typo - as I said It's now almost 7am Sunday morning and I think that 1 typo is pretty damn good :D
Good luck with the PHP. If you need anything else, post it and I'll keep an eye out.
Ok, this ( http://www.bits.bris.ac.uk/basiclife/sms/test2.php?string=../binky.gif ) URL is to the code below which seems to work fine on JPEGs and GIFs. I've hard coded the width and height although you could grab them from the URL too if you want. As I said, you
<?PHP
header("Content-type: image/jpeg");
//printf("%s<br>", $string);
if(!isset($_GET['string'])
{
$string = "missing data";
} else {
$string = $_GET['string'];
}
$img = $string;
$width=100;
$height=100;
// create an image of the given filetype *** You can convert it to a fixed case and test otherwise you'll miss jPg, JPeg, etc...
if(strpos($img, ".jpg") !== false ||
strpos($img, ".jpeg") !== false ||
strpos($img, ".JPG") !== false ||
strpos($img, ".JPEG") !== false)
{
$image = imagecreatefromjpeg($img);
$extension = ".jpg";
}
elseif(strpos($img, ".png") !== false ||
strpos($img, ".PNG") !== false)
{
$image = imagecreatefrompng($img);
$extension = ".png";
}
elseif(strpos($img, ".gif") !== false ||
strpos($img, ".GIF") !== false)
{
$image = imagecreatefromgif($img);
$extension = ".gif";
}
else
{
return false;
}
$size = getimagesize($img);
//printf("<br>file %s<br> width %s height %s<br>", $img, $width, $height);
$thumb = imagecreatetruecolor($widt
ImageCopyResampled($thumb,
ImageDestroy($image);
imagejpeg($thumb, "", 70);
ImageDestroy($thumb);
break;
?>
<?PHP
header("Content-type: image/jpeg");
//printf("%s<br>", $string);
if(!isset($_GET['string'])
{
$string = "missing data";
} else {
$string = $_GET['string'];
}
$img = $string;
$width=100;
$height=100;
// create an image of the given filetype *** You can convert it to a fixed case and test otherwise you'll miss jPg, JPeg, etc...
if(strpos($img, ".jpg") !== false ||
strpos($img, ".jpeg") !== false ||
strpos($img, ".JPG") !== false ||
strpos($img, ".JPEG") !== false)
{
$image = imagecreatefromjpeg($img);
$extension = ".jpg";
}
elseif(strpos($img, ".png") !== false ||
strpos($img, ".PNG") !== false)
{
$image = imagecreatefrompng($img);
$extension = ".png";
}
elseif(strpos($img, ".gif") !== false ||
strpos($img, ".GIF") !== false)
{
$image = imagecreatefromgif($img);
$extension = ".gif";
}
else
{
return false;
}
$size = getimagesize($img);
//printf("<br>file %s<br> width %s height %s<br>", $img, $width, $height);
$thumb = imagecreatetruecolor($widt
ImageCopyResampled($thumb,
ImageDestroy($image);
imagejpeg($thumb, "", 70);
ImageDestroy($thumb);
break;
?>
Damn. Sorry. Wring thread
ASKER
Thanks for the quick reply, basiclife. I'd also like to thank you, AJ, for your kind help. May I send you 150 points, and if so, how?
You're welcome. As to the sending points - You can either put AJ as assisting in the answer (not sure how, esp. after you've granted points) or you can open another Q and then award it to AJ
hey basiclife,
well i wouldn't mind getting points .. :))) .. if you would like, just open up a question and i could answer it and you could give me points for that .. or probably you could try and split the points. . if not, its all good ....
have fun programming ..
aj
well i wouldn't mind getting points .. :))) .. if you would like, just open up a question and i could answer it and you could give me points for that .. or probably you could try and split the points. . if not, its all good ....
have fun programming ..
aj
ASKER
Thanks, aratani! Please post an answer to this question to collect your points:
https://www.experts-exchange.com/questions/21094211/Points-for-aratani.html
https://www.experts-exchange.com/questions/21094211/Points-for-aratani.html
$_SERVER ['REMOTE_ADDR'];
.. and so on ..
This is the page in the php manual,
http://www.php.net/manual/en/reserved.variables.php#reserved.variables.server
2. If it just sends a thank you e-mail and you aren't processing any important data why do you want to make it secure? Making it more secure makes it more complex and takes more time; it might not be worth the effort.
I hope this is what you are looking for ..
IF not, just message me back ..
AJ