PHP FORM SPAM

Posted By: redgtsviper ()
Posted On: 2006-Feb-28 03:41

To start with I am new to PHP. Very green. I have a form on my site using the code below. From what I have been (told and can tell myself) for form is being used to send out spam. Does anyone know hoe to fix this problem. If so please send code.

Thanks
Charles


<?php
$msg = "My Website Online Contact Submission";
$msg .= "Name: $name";
$msg .= "Comments: $emailAddress";
$msg .= "Comments: $phone";
$msg .= "Comments: $message";

// Edit if it is nessecery
$to = "$toaddress";
$subject = "CONTACT PAGE FROM WEBSITE";
$mailheaders = "From: Website Submission Form <$emailAddress>";
$mailheaders .= "Reply-To:$Email_Address <$emailAddress>";

// Mail to address
mail ( $to, $subject, $msg, $mailheaders );

?>



Posted By: dirty_shame ()
Posted On: 2006-Feb-28 06:07

OOPS! I just noticed that lizardz posted the same code snip I just posted in the NEXT thread down...So I guess you can disregard my reiteration of the same below. Same source.

Here's some code (somebody else's) that I saved some time ago that filters the MIME type and some other things that will help you eliminate spammers almost completely. You can figure it out...Your own code would go after the last part (with a closing bracket, of course).

$error = '';

// get all the email form data

$ems = '';

// stop email server hacks
$ems .= $message;
$ems .= $subject;
$ems .= $address;

if ( stristr( $ems, 'content-type:' ) ¦¦ stristr( $ems, 'multipart/mixed' ) ¦¦ stristr( $ems, 'boundary="' ) ¦¦ stristr( $ems, 'cc:' ) ¦¦ stristr( $ems, 'multi-part message in mime format' ) ¦¦ stristr( $ems, 'to:' ) ¦¦ eregi( "(%[a-f0-9])", $ems ) ¦¦ stristr( $ems, '0x' ))
// the last two are in case they try using hex or other non standard characters
{
$error .= "<p>Don't bother</p>";
}

if ( $error )
{
echo $error;
}
else
{
...... finish email sending


Posted By: redgtsviper ()
Posted On: 2006-Feb-28 15:08

So would the following be right

<?php

$error = '';

// get all the email form data

$ems = '';

// stop email server hacks
$ems .= $message;
$ems .= $subject;
$ems .= $address;

if ( stristr( $ems, 'content-type:' ) ¦¦ stristr( $ems, 'multipart/mixed' ) ¦¦ stristr( $ems, 'boundary="' ) ¦¦ stristr( $ems, 'cc:' ) ¦¦ stristr( $ems, 'multi-part message in mime format' ) ¦¦ stristr( $ems, 'to:' ) ¦¦ eregi( "(%[a-f0-9])", $ems ) ¦¦ stristr( $ems, '0x' ))
// the last two are in case they try using hex or other non standard characters
{
$error .= "<p>Don't bother</p>";
}

if ( $error )
{
echo $error;
}
else
{

$msg = "My Website Online Contact Submission";
$msg .= "Name: $name";
$msg .= "Comments: $emailAddress";
$msg .= "Comments: $phone";
$msg .= "Comments: $message";

// Edit if it is nessecery
$to = "$toaddress";
$subject = "CONTACT PAGE FROM WEBSITE";
$mailheaders = "From: Website Submission Form <$emailAddress>";
$mailheaders .= "Reply-To:$Email_Address <$emailAddress>";

// Mail to address
mail ( $to, $subject, $msg, $mailheaders );
}
?>

[ Message was edited by: redgtsviper 02/28/2006 09:08 pm ]

Posted By: dirty_shame ()
Posted On: 2006-Mar-01 19:51

Well, you just have to change the variables for the $ems .= [somevariable]; to match the ones coming in from your form in order for the script to check ALL of them for hackers/spammers. Then, if the subject, address and message are legit, you can set up the mailing variables and send it with the mail() function.