Email Form Script Security

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dazed
Forum Newbie
Posts: 1
Joined: Wed Apr 14, 2004 12:56 pm

Email Form Script Security

Post by dazed »

Clueless newbie questions follow; I thank you in advance for your patience. Is there a straightforward way to make this very crude email form script secure enough to deploy in a shared hosting environment? I understand that the HTTP referer check can easily be spoofed and that user security settings can prevent functionality. Does this check have any practical value? Any suggestions/recommendations?

Code: Select all

<?php
  $safedomain = "http://www.mydomain.com";
  $safedomain2 = "http://mydomain.com";
  if ($_POST & ($_SERVER['HTTP_REFERER'] == "$safedomain/form.html"   OR $_SERVER['HTTP_REFERER'] == "$safedomain2/form.html")){
    $headers .= "From: $name <$email>\n";
    $headers .= "Content-Type: text/plain; charset=iso-8859-1\n";
    $tldn = "com";
    $who = "username";
    $where = "mydomain";
    $recipient = $who.'@'.$where.'.'.$tldn;
    $subject = "Customer Inquiry";

    $message = wordwrap( $message, 1024 );

    mail($recipient, $subject, stripslashes($message), $headers);

    header("location: ../thanks.html");
  }
  else {
    echo "An unknown error occurred.";
  }
?>
Post Reply