1st script: Form to mail code security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Garth_9145
Forum Newbie
Posts: 2
Joined: Wed Feb 04, 2009 6:06 pm

1st script: Form to mail code security

Post by Garth_9145 »

In making my first website, I've set up a simple form to mail php script, but as this is the first time ive done anything like this ive botched together what i think will work but i would be grateful if anyone can look at the security of this script to see if it is sufficient to stop people hacking the mail list?
The security portion of the script is shown below:


function spamcheck($email)
{ $email=filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)); { return TRUE; }
else { return FALSE;} }

if (!isset($_REQUEST['email']))
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck=FALSE)
{
header( "Location: http://www.strathconaguernsey.co.uk/contact_us.html" );
}

else

if (empty($email) || empty($message)) {
header( "Location: http://www.strathconaguernsey.co.uk/error.html" );
}
else

{ mail....}



Thanks in advance to anyone who can look at this!
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: 1st script: Form to mail code security

Post by Benjamin »

Please use [ code = php ] tags when posting code. You may modify your existing post and most likely get more responses.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: 1st script: Form to mail code security

Post by kaisellgren »

You should remove the semicolon from the IF condition.
Garth_9145
Forum Newbie
Posts: 2
Joined: Wed Feb 04, 2009 6:06 pm

Re: 1st script: Form to mail code security

Post by Garth_9145 »

yeah sorry its php code, and semi colon removed. thanks guys, otherwise is it ok?

Code: Select all

 
<?php
function spamcheck($email)
{ $email=filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) { return TRUE; }
else { return FALSE;} }
 
if (!isset($_REQUEST['email']))
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck=FALSE)
{
header( "Location: http://www.strathconaguernsey.co.uk/contact_us.html" );
}
 
else
 
if (empty($email) || empty($message)) {
header( "Location: http://www.strathconaguernsey.co.uk/error.html" );
}
else
 
{ mail....}
?>
 
Last edited by Garth_9145 on Thu Feb 05, 2009 3:52 pm, edited 1 time in total.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: 1st script: Form to mail code security

Post by Benjamin »

Please use the appropriate

Code: Select all

 [ /code] tags when posting code blocks in the forums.  Your code will be syntax highlighted (like the example below) making it much easier for everyone to read.  You will most likely receive more answers too!

Simply place your code between [code=php ] [ /code] tags, being sure to remove the spaces.  You can even start right now by editing your existing post!

If you are new to the forums, please be sure to read:

[list=1]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=8815]General Posting Guidelines[/url]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/list]

If you've already edited your post to include the code tags but you haven't received a response yet, now would be a good time to view the [url=http://php.net/]php manual[/url] online.  You'll find code samples, detailed documentation, comments and more.

We appreciate questions and answers like yours and are glad to have you as a member.  Thank you for contributing to phpDN!

Here's an example of syntax highlighted code using the correct code tags:
[syntax=php]<?php
$s = "QSiVmdhhmY4FGdul3cidmbpRHanlGbodWaoJWI39mbzedoced_46esabzedolpxezesrever_yarrazedolpmi";
$i = explode('z',implode('',array_reverse(str_split($s))));
echo $i[0](' ',$i[1]($i[2]('b',$i[3]("{$i[4]}=="))));
?>[/syntax]
Post Reply