Solved

php mail

Posted on 2013-01-08
3
285 Views
Last Modified: 2013-01-12
could you please check my script for security resons?
do you think I have an open space for the spammers to use my code to send spam emails from my web site?
I use also spry form validation with Dreamweaver.
<?php

$ipi = getenv("REMOTE_ADDR");

$httprefi = getenv ("HTTP_REFERER");

$httpagenti = getenv ("HTTP_USER_AGENT");

$httpref = $_POST['httpref'];

if(isset($_POST['email'])) {
     
    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = "my mail address";
    $email_subject = "contact form";
     
    function died($error) {
        // your error code can go here
        echo "there are some errors  ";
        echo "error<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }
     
    // validation expected data exists
    if(!isset($_POST['first_name']) ||
        !isset($_POST['last_name']) ||
        !isset($_POST['email']) ||
        !isset($_POST['telephone'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');      
    }
     
    $first_name = $_POST['first_name']; // required
    $last_name = $_POST['last_name']; // required
    $email_from = $_POST['email']; // required
    $telephone = $_POST['telephone']; // not required
         
    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
  
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Web site contact form\n\n";
     
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "<br><br>" . "Ad-Soyad: ".clean_string($first_name)."\n"."<br>";
	$email_message .= "Email: ".clean_string($email_from)."\n"."<br>";
	$email_message .= "Cep Tel: ".clean_string($telephone)."\n"."<br>";
    $email_message .= "Sehir: ".clean_string($last_name)."\n"."<br>";
    $email_message .= "IP: ".clean_string($ipi)."\n"."<br>";
	$email_message .= "Refferal: ".clean_string($httprefi)."\n"."<br>";
	$email_message .= "Browser: ".clean_string($httpagenti)."\n"."<br>";
 
$headers .= 'Content-type: text/html; charset=utf-8' ."\n";
$headers .= "Reply-To: myotheremail@domain.com" ."\n";
$headers .= 'Cc: myotheremail@domain.com'  ."\n";
$headers .= 'Bcc: myotheremail@domain.com' ."\n";


// create email headers
//$headers .= "From: info@livcon.com.tr" . "\r\n";
//$headers .= "Reply-To: info@livcon.com.tr" . "\r\n"; 
//$headers .= "Organization: LIVCON\r\n"; 
//$headers .= "X-Priority: 3\r\n";
//$headers .= "X-MSMail-Priority: Normal" ."\r\n";
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers); 

echo "thank you";
}
?>

Open in new window

0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 390 total points
ID: 38755175
It does not look like the code is vulnerable. You are controlling the To, CC, and BCC, and the headers, although I would make sure that your first $headers assignment is not appending:

From:
$headers .= 'Content-type: text/html; charset=utf-8' ."\n";

To:
$headers = 'Content-type: text/html; charset=utf-8' ."\n";
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 110 total points
ID: 38755362
The only thing I would change is the validation of the email address.

if (!filter_var($email_from, FILTER_VALIDATE_EMAIL))

Will catch any invalid email address without the regex

Cd&
0
 
LVL 13

Expert Comment

by:darren-w-
ID: 38756164
Use htmlentities on the message : $email_message
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question