Email Form Script Security
Posted: Wed Apr 14, 2004 12:56 pm
Clueless newbie questions follow; I thank you in advance for your patience. Is there a straightforward way to make this very crude email form script secure enough to deploy in a shared hosting environment? I understand that the HTTP referer check can easily be spoofed and that user security settings can prevent functionality. Does this check have any practical value? Any suggestions/recommendations?
Code: Select all
<?php
$safedomain = "http://www.mydomain.com";
$safedomain2 = "http://mydomain.com";
if ($_POST & ($_SERVER['HTTP_REFERER'] == "$safedomain/form.html" OR $_SERVER['HTTP_REFERER'] == "$safedomain2/form.html")){
$headers .= "From: $name <$email>\n";
$headers .= "Content-Type: text/plain; charset=iso-8859-1\n";
$tldn = "com";
$who = "username";
$where = "mydomain";
$recipient = $who.'@'.$where.'.'.$tldn;
$subject = "Customer Inquiry";
$message = wordwrap( $message, 1024 );
mail($recipient, $subject, stripslashes($message), $headers);
header("location: ../thanks.html");
}
else {
echo "An unknown error occurred.";
}
?>