mail form
- Started
- Last post
- 21 Responses
- rasko4
I need a totally basic and easy emailform script, anything other than matts form mail?
is PHP a better way to go I hear, any leads?
ta
- mrdobolina0
http://php.resourceindex.com/det…
php is so much easier than matt's
- rasko40
sweet cheers dobs :)
- UndoUndo0
if you mail me rasko I have a set of functions that prevent spam bots and hackers exploiting PHP mail forms.
are you familiar with PHP?
- mrdobolina0
hope it helps rasko, there are only like 2 variables that need to change and that script has decent documentation.
- determinedmoth0
Undo - I've a suggestion regarding that function. Can it (or indeed does it) pass TRUE or FALSE upon an exploit?
It works fine, but I need something to check for so I can tell my page not to write to DB/send email etc...
- UndoUndo0
it can do yes, but not at the moment, if it detects an eploit then it removes any threatening code so its then safe to use with mail() or in a database.
Do you think its useful to record details about the attack i.e userID details etc and send a mail to an admin??
most of the attempts i have traced are bots that change alot of the info used to detect them ie IP address and USER AGENT so having an email tell me this really doesnt help but I'm interested to here yr thoughts
- determinedmoth0
Well I'm only interested in the Email so I can understand how they do it. It also helps us justify costing a good amount for site security if we keep tracks on how many exploits are attempted.
In general though, I dont think you need the email.
I think returning a true/false var could be helpfull though, so the user can define a different response depending on a genuine submission, or a hack.
As it stands, the info going to my DB WITH an empty var "stripped" is another hazzard... Although I can fix it.
Just a suggestion!
- determinedmoth0
Sorry Rasko.
Email me if you need help with that form.
- Crouwel0
you need one that can't be injected by hacksters!
i almost got kicked off by (mt) for not using a haX0rZ-proof mailform..
- determinedmoth0
gee I wonder what we were just talking about Crouwel...
- Crouwel0
me too.
- radar0
Thanks Dob's, that's a great resource - really straight forward.
- determinedmoth0
haha... sorry.
- rasko40
ok that sounds cool, but I have no knowledge of PHP as I am a lowly designer, so if its complicated I will die, and its just for a quick job so its probably not justified in this instance, though sounds like it would be useful for future reference, thanks!
- UndoUndo0
Moth, only the 'threatening' parts of the injection are stripped and the rest is left intack so you shouldn't ever get an empty var back.
I'll send you an updated version.
Rasko if you send me the script that processes yr form i will sort out the protection for you.
- rasko40
really? that would be awesome, once I have it sorted I shall send it over
thanks muchos!
sorry its sunny and the BeerPhone™ just rang so I must go and save pints from wastage!
- UndoUndo0
no problem, enjoy teh sun & beerz
- determinedmoth0
did you see that?
Rasko off-loads his work on NT, and then goes down the pub!That's proper skillz that is.
- UndoUndo0
LOL @ Moth, I was looking at the clock and thinking he's a lucky man
- UndoUndo0
Moth, The '-MT.php' version of the script I sent to you is setup to send an email with a copy of the attackers attempt. Did I not send it to you?