Forum Moderators: coopster
I move to a new shared hosting and now I get those emails but variables are completely empty (I fill the form, the email is sent but is all empty where you filled data).
It happened before and tech support said they changed some php settings and worked again. But this new hosting don't have idea about what causes that.
Perhaps somebody may point me in the right direction?
I know the problem is not my code. But I post this to see if helps out in any way.
My php form page has something like this:
<form action="formokinsc.php" method="post" target="okinsc" onSubmit="YY_checkform('inscripcion','nombre','#q','0','Field \'nombre\' is not valid.','email','#S','2','Field \'email\' is not valid.','telefono','#q','0','Field \'telefono\' is not valid.','comonosencontro','#q','1','Field \'comonosencontro\' is not valid.');return document.MM_returnValue" value=Inscribirme>My "Ok" page has something like this:
<?
//mime
foreach ( $_POST as $key => $value ) {
$postVars .= $value;
} if(eregi("MIME-Version:",$postVars)) {
die('Your message containts the words
"MIME-Version:" this is considerd as spam!');
}
$sploited = 0;
foreach($_POST as $key=>$value){
if(preg_match("!bcc:.+@!" , $value , $sploit_matches)){
$sploited = 1;
}
}
// If the form has been exploited, return a 404
if($sploited){
header("HTTP/1.0 404 Not Found");
echo "<h1>404 - Not Found</h1>";
exit();
}
else{
//PROCESS VALID FORM DATA HERE
$formulario = "Title";
$emailreceptor = "mi@email.here";
$receptor .= "E-mail: $email\n";
$receptor .= "\n";
$receptor .= "name: $nombre\n";
$receptor .= "\n";
$receptor .= "Suscribir al newsletter: $suscribiranewsletter\n";
$receptor .= "\n";
$receptor .= "----------Información Remota----------\n";
$receptor .= "$HTTP_USER_AGENT\n";
$receptor .= "$REMOTE_ADDR\n";
mail("$emailreceptor", "$formulario", $receptor, "From: $email");
}
?>
$formulario = "Title";
$emailreceptor = "mi@email.here";$email=htmlspecialchars($_POST['email']);
$receptor .= "E-mail: $email\n";
$receptor .= "\n";$receptor .= "name: ".htmlspecialchars($_POST['nombre'])."\n";
$receptor .= "\n";$receptor .= "Suscribir al newsletter: ".htmlspecialchars($_POST['suscribiranewsletter'])."\n";
$receptor .= "\n";$receptor .= "----------Información Remota----------\n";
$receptor .= $_SERVER['HTTP_USER_AGENT']."\n";
$receptor .= $_SERVER['REMOTE_ADDR']."\n";mail("$emailreceptor", "$formulario", $receptor, "From: $email");<edit>
Note I suggested some protection for you (htmlspecialchars()) from user input, which should never be trusted. You should include more protection, as well, because this script could easily be used to spam people simply by adding a few extra headers in the form. The $email field is the worst. Imagine I filled out the $email field with
me@email.com\n\nCC:victim@some.net,sucker@other.org ...[edited by: StupidScript at 10:16 pm (utc) on April 10, 2007]
BTW you said something pretty interesting, what other protection may I use to avoid abuse?
As far as protecting yourself and others, Google this site (and many others) for many tips on protecting yourself from user input, and protecting others from an emailing form that can be abused.
[edited by: StupidScript at 11:05 pm (utc) on April 10, 2007]
