Page 1 of 1

Stop the spam

Posted: Mon May 21, 2007 10:25 am
by php3ch0
I keep getting spammed from my contact form. I want to avoid putting a captcha so it is easy to use. I have looked into mail header injection and think that this could be the problem but shouldn't the regex stop that. Is there anything else I can do?

Please help

Code: Select all

foreach ($_POST as $key => $value) {
				 $$key = mysql_real_escape_string($value);
				 }
	$error == '0';
	$error_message = "";
		
	// validating email
     	if(empty($email) or (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email))) {
	$error1 = 1;
	$error_message .="Please enter a valid email address."; 
	} else {
	$error1 = '0';
	}

if(empty($name)) { $error2 = '1'; $error_message .="Please enter your name."; } else { $error2='0'; }
			
if(empty($message)) { $error3 = '1'; $error_message .="Please enter a message."; } else { $error3='0'; }
				 
			
$error = $error1+$error2+$error3;
			
			
if($error =='0') {
			
$format_message = "From: ".$name."\n\n".$message;
							
// sending email
$headers = "From: ".$email."\r\n";
$headers .= "Reply-To: ".$email."\r\n";
$headers .= "Return-Path: ".$email."\r\n";
							
$site_email = get_shop_details('email');
							
mail($site_email, $subject, $format_message, $headers);
mail("xxx@xxx.co.uk", $subject, $format_message, $headers);
mail("xxx@xxx.co.uk", $subject, $format_message, $headers);
							 
header("Location:contact_sent.php");
}							 }

Posted: Mon May 21, 2007 10:31 am
by Oren
Try Swift Mailer. I believe it handles header injections.

Posted: Mon May 21, 2007 10:47 am
by php3ch0
I have used swift mailer but I think that it is a bit overkill for a simple contact form script.

I also would like to know the solution so I can avoid this in future.

Posted: Mon May 21, 2007 11:08 am
by RobertGonzalez
Swift is the perfect solution to a simple contact form. It is also the perfect solution to a mass email form. It is also a perfect solution for any application that needs to send any amount of mail and wants it sent right, according to the RFC.

Posted: Tue May 22, 2007 2:35 am
by php3ch0
OK get the hint

Swift mailer is now in use. Thanks all