1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:54 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Having a problem with a php script

not blocking as it was intended

         

peten

7:51 am on Jun 23, 2011 (gmt 0)

10+ Year Member



Hi all.

Think this is the right place to post this i have a php script on the club web site that handles site error reports but , It is supposed to block empty mail as well as other unwanted junk but i am still getting empty mails thru my php is not good i have had this script hanging around for ages but it seems it is not playing the game script below 

<?php

$title = $_REQUEST['title'] ;

$name = $_REQUEST['name'] ;

$comments = $_REQUEST['comments'] ;
$email = $_REQUEST['email'] ;



//prevent email strings

if((strpos($name, '@')!==false) || strlen($email)>50 || strlen($name)>30 )

  die();



//prevent bad strings

function contains_bad_str($str_to_test) {

 $bad_strings = array(

        "content-type:",

"mime-version:",

"multipart/mixed",

"Content-Transfer-Encoding:",

"bcc:","cc:",

"to:" );

 

 foreach($bad_strings as $bad_string) {

  if(eregi($bad_string, strtolower($str_to_test))) {

   echo "$bad_string found. Suspected injection attempt - mail not being sent. If you are trying to inject spam or other junk unfortunately it will not work no Windows here.";

   exit;

  }

 }

}



function contains_newlines($str_to_test) {

  if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {

   echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent. If you are trying to inject spam or other junk unfortunately it will not work no Windows here.";

   exit;

  }

}



contains_bad_str($name);

contains_bad_str($email);

contains_newlines($name);

contains_newlines($email);



 if (!isset($_REQUEST['email'])) {

  header( "Location: contact.html" );

 }

 elseif (empty($email)) {

  header( "Location: noemail.html" );

 }



mail( "mail@me.co.uk", "Site Report",
"$message\r\ntitle: $title\r\nname: $name\r\ncomments: $comments\r\nemail: $email", 

 "From: $name <$email>" );

header( "Location: thankyou.html" );



 ?>


Any pointers please ..
Thanks Pete .

g1smd

8:18 am on Jun 23, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



eregi is deprecated. You'll need to use preg_match.

penders

8:46 am on Jun 23, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Although eregi is deprecated (as of PHP 5.3) and you should use preg_match() [uk3.php.net] instead - it should still work (unless you are on PHP6?).

You refer to $message in your mail() function - presumably the body of the email(?) - but you are not setting this in your script. It looks like every email would be 'empty'?

peten

12:59 pm on Jun 23, 2011 (gmt 0)

10+ Year Member



Hi Both ..

Right to penders well if i got to the site i can enter a message and it lands no problem the actual mail contents comes from a html page but what iam trying to dry up is the empty mails that someone keeps banging out

to g1smd ok on eregi being deprecated not got a php book dont use much php just this one case so not up to speed with what is and not good so can i just switch eregi out and sub preq_match
73 g6njr


cheers both
pete

londrum

2:55 pm on Jun 23, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



are they entering a space (or spaces) as the entry?

try putting trim() around what they enter before you start checking if it's empty.

penders

3:39 pm on Jun 23, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



...and check the $message variable, since you don't seem to be checking this anywhere and I assume this is the actual (blank) email message? When you say 'blank', presumably it still contains....
title:
name:
comments:
email:

so it is still going through your script and is not totally blank?!

Try this before your call to 
mail()
: 
$message = trim($message); 
if (empty($message)) { 
  echo "Message is empty - mail not being sent."; 
  exit; 
}

peten

5:01 pm on Jun 23, 2011 (gmt 0)

10+ Year Member



Hi ..

Still cant get this to behave think either my head is no on square right now or it needs a complete re-write probably the latter knowing my present luck
have to buy a book on PHP and burry my head in it i think unless anyone can point me in the right direction

Pete .

peten

5:03 pm on Jun 23, 2011 (gmt 0)

10+ Year Member



Oh sorry penders yes it still sends the
title:
name:
comments:
email:

bits ..

pete .

penders

12:34 am on Jun 24, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Presumably YOU are able to send these blank emails? Do you get redirected to noemail.html for instance, but still the email is being sent?

peten

9:31 am on Jun 24, 2011 (gmt 0)

10+ Year Member



Hi all

right i have solved the problem for now i have switched to another method that seems to be ok now that i found lurking on the hosting service site thanks for all your help i will one day get this one sorted for the sheer hell of it but got other things to fix right now
new thread about to appear thanks folks
pete .
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:54 am Apr 28, 2026