Welcome to WebmasterWorld hark,

It would be nice to see a formmail type script that wasn't a gaping security hole.

anyone interested?

the usual liability with CGI formmail scripts is that they ask you to put the destination address into the HTML.

<input type="hidden" name="to" value="myemail@home.com">

When you remove things from the HTML and keep them hidden in your script, security benefits. But simplicity and reusability suffers.

One strategy I used recently was keeping a list of email addresses in a database along with a garbage hash. Thus my form looked like this:

<input type="hidden" name="to" value="hshgds8sujdshsd9">

Then my script looks for "hshgds8sujdshsd9" in the database, finds the "to" address there, and sends the mail.

A later version used MD5() to do basically the same thing, but since it's easy to hack an MD5 hash of address, so I added some extra little manipulations like $x=strrev($x) and $x.=metaphone($x). (this is just an example, I won't give away my actual recipe)

jatar_k, what other gaping security holes need to be plugged? I'm always interested in upgrading my bag-o-tricks, and formmail is something I reuse often.

jatar_k,
I just sent a reply to a pm I received about moving this post.
Thanks for the comments. There are (I expect) many ways to lock things down but what about the average little guy who needs a form to email. I fully admit there can never be perfect security but setps can be taken to make things difficult.
I am an old code cranker from way back but the network/security world makes me feel lost so I am not sure how good or bad this script may be.
I am using it myself and would like to make it available but I will not 'put it out there' and take on supporting without feeling like it is a good product.
I do not want to provide a link so IF anyone is interested I should be able to email a zip or tar.

Whatever there is a lot of stuff to read here & am glad I found it.

BTW this project has been a good learning tool. H..l I cudnt evn spel PHP when I started. Not an expert but data driven sites are easier to update than editing several hundred static html pages.

It seems that every mailer out there isn't quite right. I never use them, tried a couple some time ago and threw em all out the window, built my own and have used it reliably for 4 years now.

It is one of the most commonly asked questions in the PHP and Perl forums. How to lock them down or configure them. There needs to be a hard core bolted down solution that is simple to install for joe user.

There isn't one yet that I have been confident in, they always seem to need tweaking. I am always happy for someone to take a new look and try to get a better product.

just my 2 cents CAD

Is it any safer to have the form in a swf file that sends the data to a php file which then sends the email?
Forgive my ignorance.

jatar_k,
Since I am to blind or whatever to see how to do a quote.
you said:
It is one of the most commonly asked questions in the PHP and Perl forums. How to lock them down or configure them. There needs to be a hard core bolted down solution that is simple to install for joe user.

I think the approach I am working on goes a long way. I doubt there is any perfect way that would still be easy for average Joe to use so compromises are in order. That doesn't prevent making it difficult to crack.

Example config file:

# This is a **** Formmail configuration file
# The operation of ****FM.php is controled by the values contained here.
# The form is [directive] value (multiple values are entered 1 per line)

# Multiple values are entered 1 per line.
[recipient] null
[bcc] null

# --NOTE -- To allow any file type set value to 'all' as in...
# [valid_attach_types] all
[valid_attach_types] image
[valid_attach_types] text

# List of file extentions which are not allowed.
# Default list is bat,com,exe,scr,vbs,vbe,js,reg,pcd,inf,plf and pcd
# Add additional here
[non_valid_extensions] null

#list of required form fields
[required_fields] First_Name

# Banned emails, email addresses of people who are blocked from using the script.
# Ex. *@somedomain.com,user@domain.com,etc@domains.com
[banned] harry@starband.net

#--------------------------------------
# Items below only accept single values.
#--------------------------------------

# Environment report is used to include information about the form user.
# To activate an item change to a non-zero value.
[HTTP_HOST] 0
[REMOTE_USER] 0
[HTTP_REFERER] 0
[REMOTE ADDR] 0
[BROWSER] 0

[subject] Form Submission processed by **** Formmail.
# By default blank fields not sent - to change set to non-zero value.
[send_blank_fields] 0

# Html file to redirect the user to after form is processed.
[redirect] null

# File to be emailed to the form submitter.
[auto_responder] testrespon.txt

# Header/footer files -- wrap output to blend with site design.
[er_header_file] er_header_def.htm
[er_footer_file] er_footer_def.htm
[header_file] header_def.htm
[footer_file] footer_def.htm

# Applies to allowed size for attached files.
[MAX_FILE_SIZE] 1000000

# Items below apply only to Safe Mode operation.
# The directory defined here MUST be in(or under) the same directory as HiQFM.php
# and have world write permissions (CHMOD 777).
[safemode_temp_dir] TEMP_FILES
# For Safe Mode set this to a non-zero value.
[safe_mode] 0

----------------

When using the default config file name the only form field required is point to the script. Normally users never edit anything but the config file. Multiple uses with single script file & multiple config files. Yes I am trying to sell the concept cause I think it is a big cut above many of the highly used formmail scripts out there.

I am having no luck finding help in testing so. Take the leap and list on Hotscripts as open source and wait to see what happens. I have people who will do things for $$$$ but this is not a $$$ making project & can't justify spending anything.

END of SALES PITCH!

It seems that every mailer out there isn't quite right.

What's the problem you see with the nms (london perl mongers) formmail version then, jatar_k? It was designed as a lock-down secure application, afaik...

The way I see it, watching so many threads here and other places, there are still problems with all of them. I think the one you are referring to stever is the best one from what I've seen.

We talk about not reinventing the wheel, in this particular situation I just don't there is a wheel yet and there may never be.

Programming for every eventuality is never fun or smart which is why mailers may always have problems but I like to see different approaches for everything.