Hi folks,

now i have my form up and running, i would like to get it protected against spammers. I did a google on it but it seems hard for me as a newbie to get it right so i ask for your advice.
Would the following code, inserted after the mail() function work?

$dodgy_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
                ,"bcc:"
);

function is_valid_email($email) {
  return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);
}

function contains_bad_str($str_to_test) {
  $bad_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
		,"Content-Transfer-Encoding:"
                ,"bcc:"
		,"cc:"
		,"to:"
  );
  
  foreach($bad_strings as $bad_string) {
    if(eregi($bad_string, strtolower($str_to_test))) {
      echo "$bad_string found. Suspected injection attempt - mail not being sent.";
      exit;
    }
  }
}

function contains_newlines($str_to_test) {
   if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
     echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
     exit;
   }
} 

if($_SERVER['REQUEST_METHOD'] != "POST"){
   echo("Unauthorized attempt to access page.");
   exit;
}

if (!is_valid_email($email)) {
  echo 'Invalid email submitted - mail not being sent.';
  exit;
}

contains_bad_str($email);
contains_bad_str($subjectline);
contains_bad_str(body);

contains_newlines($email);
contains_newlines($subjectline);

TIA

Ezzaral,

as i understand it, what the user will see are instructions in english. Unfortunately, i'm doing this stuff for a brazilian client and their english over here isn't that good ;-)

Ezzaral,

as i understand it, what the user will see are instructions in english. Unfortunately, i'm doing this stuff for a brazilian client and their english over here isn't that good ;-)

Hmm, yeah I don't see anything on the site about internationalized instructions. Sorry =\

no worries,

i'll just keep hoping that some php code will resolve it ;-)

This article has been dead for over six months. Start a new discussion instead.