Home Yellow Pages Movies Classifieds Jokes Jobs Free Hosting Videos




PHP Secure E-mail

The problem with the PHP e-mail script in the previous chapter is that unauthorized users can insert data into the mail headers via the input form.

What happens if the user adds the following text to the email input field in the form?

someone@example.com

%0ACc:person2@example.com

%0ABcc:person3@example.com, person3@example.com, anotherperson4@example.com,person5@example.com

%0ABTo:person6@example.com

The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!.

PHP Stopping E-mail Injections

The best way to stop e-mail injections is to validate the input.

The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:

<html>
<body>
<?php
function spamcheck($field)
{
//eregi() performs a case insensitive regular expression match
if(eregi("to:",$field) || eregi("cc:",$field))
{
return TRUE;
}
else
{
return FALSE;
}
}
//if "email" is filled out, send email
if (isset($_REQUEST['email']))
{
//check if the email address is invalid
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck==TRUE)
{
echo "Invalid input";
}
else
{
//send email
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail("someone@example.com", "Subject: $subject", $message, "From: $email" );
echo "Thank you for using our mail form";
}
}
else
//if "email" is not filled out, display the form
{
echo "<form method='post' action='mailform.php'>
Email: <input name='email' type='text' /><br />
Subject: <input name='subject' type='text' /><br />
Message:<br />
<textarea name='message' rows='15' cols='40'>
</textarea><br />
<input type='submit' />
</form>
}
?>
</body>
</html>

Back to Advanced Functions
BizHat.com   Bookmark   Astrology   Chat Room   Classifieds   Computer   Downloads   Directory   Dating   Domain Tools   Education   eCards   Finance   Forums   Freelance Work   Free Hosting   Free Mail   Gallery   Games   Guest Book   Greeting Cards   Ham Radio   Health   Home Business   Hosting Tutorials   Hosting Directory   India   Jobs   Jokes   Kerala   Matrimonial   Music   Movies   News   News Letter   Recipes   Real Estate   Search   SMS   Tourist Guide   Top 100 Sites   Vote Us   Yellow Pages   Arthunkal Church   Site Map  

Google