PHP Help

Discussion in 'Web Design & Coding' started by Jewelzz, Jul 25, 2006.

  1. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
  2. albybum

    albybum Penguin Rancher

    Messages:
    280
    Location:
    Elizabethton, TN
    I tried to fill out the form and I got this message


    It looks like when you submit the script, variables like mime and mime-version are being saved to the data structure "postVars."

    The script (code below) tests whether those variables are set. If they are set, trip the spam condition.

    So on your second consecutive execution of the script, you will trip the condition. This is protecting against spammers.

    PHP:
    if (ereg("mime-version"$postVars) || ereg("mime"$postVars) || ereg("bcc"$postVars) || ereg("cc"$postVars)) {
    mail("jewelzz@studipsp.com""Form Hijack Attempt""A spam relay was attempted from the StudioPSP and was blocked.","From:SpamMonitor");
    echo 
    "<p align='center'>Sorry, you may not spam this website.</p>";
    //No form provided
    die();

     
    Last edited: Jul 26, 2006
  3. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    I want protection against spammers but some people might want to contact the owner more than once, is there a way to fix this?
     
  4. albybum

    albybum Penguin Rancher

    Messages:
    280
    Location:
    Elizabethton, TN
    I was able to just use the back button and resubmit the form. I did not receive any error or spam message from the script. Give this a try.
    Add this to the "Thank You" page.
    -----

    Another option would be:

    You could check whether the person using the script came from your site or is accessing the script directly from some other location. You could scrap the original spam check.

    PHP:
    // Determine if server name is in referer value (ex. is albybum.net in http://www.albybum.net/foo)
    // if expression is not null and not false, allow something
    if(stristr($_SERVER['HTTP_REFERER'],$_SERVER['SERVER_NAME'])!=""&&$_SERVER['SERVER_NAME']!=false)
    {
    // Refferer check ok, do something
    }
    This would be less desired because referer information can be "spoofed" and some legitimate users might be turned away. For instance if someone came to your contact page directly from Google.
     
  5. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    fixed
     
    Jewelzz likes this.
  6. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Reps to you Khayman, you're my hero!