•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 391,989 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 4,217 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 448 | Replies: 5
 |
•
•
Join Date: Jun 2008
Posts: 3
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi all,
i have a php form that i use on websites for their contact forms.
it uses basic php mail send.
i have just received a couple of emails that were sent using the form, but i feel didnt get sent via the website. i.e. i think that they created a form which referenced to my form and used it remotely.
below is the code in the php form. is there any way to only allow access to the form from the server it is held on?
please note that i have removed our information i.e. our domain name etc.
also, the form works fine, we just need to lock it down.
thanks in advance
Jason
i have a php form that i use on websites for their contact forms.
it uses basic php mail send.
i have just received a couple of emails that were sent using the form, but i feel didnt get sent via the website. i.e. i think that they created a form which referenced to my form and used it remotely.
below is the code in the php form. is there any way to only allow access to the form from the server it is held on?
please note that i have removed our information i.e. our domain name etc.
also, the form works fine, we just need to lock it down.
<?php
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
exit('No direct Access is allowed');
}
$to = 'info@domain.com';
$from = $_POST['email'];
$subject = 'WEBSITE CONTACT FORM RE: - '.$_POST['subject'];
$subject2 = $_POST['subject'];
$message = $_POST['message'];
$content = "
This Email was generated from the domain.com website in regards to:</br>
$subject2</br></br>
Please contact me about the following: </br>
$message";
$header = "MIME-Version: 1.0" . "\r\n";
$header .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$header .= "From: $from" . "\r\n";
$header .= "Reply-To: $from" . "\r\n";
/*$header .="X-Mailer: PHP/" . phpversion();*/
/* ----------------- BELOW IS THE AUTO RPLY EMAIL SENT TO THE CONTACT ----------- */
$ccto = $_POST['email'];
$ccfrom = "NOREPLY@domain.com";
$ccsubject = "Autoreply from the domain.com website";
$ccsubject2 = $_POST['subject'];
$ccmessage = $_POST['message'];
$cccontent = "
Please DO NOT respond to this email. the address it goes to does NOT get checked </BR></BR>
Please note that your email has been received and </br>
we will contact you as soon as possible about your enquiry.</br></br>
The following has been sent to us from the webform:</br></br>
------------------------------------------------------------- </br>
This Email was generated from the domain.com website in regards to:</br>
$ccsubject2</br></br>
Please contact me about the following: </br>
$ccmessage </br></br>
------------------------------------------------------------- </br> </br>
Regards</br>
me";
$ccheader = "MIME-Version: 1.0" . "\r\n";
$ccheader .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$ccheader .= "From: $ccfrom" . "\r\n";
$ccheader .= "Reply-To: $ccto" . "\r\n";
if(mail($to,$subject,$content,$header)){
if(mail($ccto,$ccsubject,$cccontent,$ccheader)){
echo ("<font color=#000099 size=6px valign=center>".'Email Sent' . "<font color=#000000 size=4px valign=center>".'</br>Please Click below to return to the c4i' . "<font color=#000099 size=4px valign=center> <a href=http://www.domain.com/contactus.html>".'</br> Return');
} else {
echo ("Error, mail not sent, Please the click the back button and try again.");}}
else {
echo ("Error, mail not sent, Please the click the back button and try again.");}
?>thanks in advance
Jason
•
•
Join Date: Jun 2007
Location: Valley Center, Kansas
Posts: 536
Reputation:
Rep Power: 3
Solved Threads: 54
Posting Pro
sometimes i resort to the referrer for something like that. its not always reliable but works when it is. look up HTTP_REFERER on php.net. there a proably other ways to accomplish this but i know this way could work.
Last edited by kkeith29 : Jun 29th, 2008 at 11:36 pm.
•
•
Join Date: Jun 2008
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
thanks for the quick reply kkeith29,
i cannot actually find HTTP_REFERER on php.net.
there is other HTTP functions but not that one.
after googling it i got a broad cross section that refer to it but either warn against it as some browsers and servers do not pass info to it, and others say it is out of date.... others say that some string values come back as nulla lot of the time..... and the list goes on...
what are your thoughts and experience on this?
Jason
i cannot actually find HTTP_REFERER on php.net.
there is other HTTP functions but not that one.
after googling it i got a broad cross section that refer to it but either warn against it as some browsers and servers do not pass info to it, and others say it is out of date.... others say that some string values come back as nulla lot of the time..... and the list goes on...
what are your thoughts and experience on this?
Jason
•
•
Join Date: Jun 2007
Location: Valley Center, Kansas
Posts: 536
Reputation:
Rep Power: 3
Solved Threads: 54
Posting Pro
i read its not reliable all the time but after thinking on it i couldn't find another solution.
•
•
Join Date: Jun 2008
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
oh.... do you have an example on how to use it?
will keep the post alive and see if anyone else has any ideas as well.
will keep the post alive and see if anyone else has any ideas as well.
•
•
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation:
Rep Power: 8
Solved Threads: 238
You can do a session check. For example, in the contact form, set a session variable, say,
Or, you can also do it this way.
In the contact form, assign the value of session_id() to a hidden textbox. Then in the script, check if $_POST['hiddentextbox'] value is equal to session_id().
$_SESSION['valid'] = "true";
In the script which does the processing, check if $_SESSION['valid'] is set and its true. If yes, then process the form. php Syntax (Toggle Plain Text)
In the contact form, assign the value of session_id() to a hidden textbox. Then in the script, check if $_POST['hiddentextbox'] value is equal to session_id().
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
*PM asking for help will be ignored*
*PM asking for help will be ignored*
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
Other Threads in the PHP Forum
- Previous Thread: Simple syntax error
- Next Thread: how to specify online users
