Hi All,
My hosting company has disabled this mail script following a spamming issue (a third party spamming, not me!!)
As it is php I thought it would be reasonably secure, but could anybody guide me on any obvious "holes"?
Thanks.
My hosting company has disabled this mail script following a spamming issue (a third party spamming, not me!!)
As it is php I thought it would be reasonably secure, but could anybody guide me on any obvious "holes"?
Thanks.
Code:
<?php
$my_email = "(email address) ";
$email = $HTTP_POST_VARS['email'];
$name = $HTTP_POST_VARS['name'];
$company = $HTTP_POST_VARS['company'];
$subject = $HTTP_POST_VARS['subject'];
$where = $HTTP_POST_VARS['where'];
$comments = $HTTP_POST_VARS['comments'];
$town = $HTTP_POST_VARS['town'];
$message = "Name: $name \n";
$message .= "Subject: $subject \n";
$message .= "E-mail: $email \n";
$message .= "Telephone: $company \n";
$message .= "Town Where You Live: $town \n";
$message .= "Where: $where \n";
$message .= "Comments: $comments \n\n";
$confirmationSubject='Thank You For Contacting us';
$confirmationBody="Thank you for your enquiry. \n";
$confirmationBody .="We will respond as soon as possible.\n";
$confirmationBody .="A copy of your enquiry is shown below for information.\n";
$confirmationBody .="Regards. \n";
$confirmationBody .="Webmaster \n\n";
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<div align='center'><blockquote> <p>Sorry, the e-mail address you gave was invalid. Please re-enter email address.</p></blockquote> ";
echo "<blockquote><a href='javascript:history.back(1);'class='blackfoot'>Return to form.</a></blockquote></div> ";
}
//erroroneous entries
elseif ($email == "") {
echo "<div align='center'><blockquote> <p>Sorry, you have not left an e-mail address. Please add an e-mail address.</p></blockquote> ";
echo "<blockquote><a href='javascript:history.back(1);' class='blackfoot'>Return to form.</a></blockquote></div> ";
}
elseif ($name == "") {
echo "<div align='center'><blockquote> <p>Sorry, you have not left a contact name. Please add a contact name.</p></blockquote> ";
echo "<blockquote><a href='javascript:history.back(1);' class='blackfoot'>Return to form.</a></blockquote></div> ";
}
elseif ($town == "") {
echo "<div align='center'><blockquote> <p>Sorry, you have not left details of the town where you live. Please add details of the town where you live.</p></blockquote> ";
echo "<blockquote><a href='javascript:history.back(1);' class='blackfoot'>Return to form.</a></blockquote></div> ";
}
elseif ($comments == "") {
echo "<div align='center'><blockquote> <p>Sorry, you have not left any comments. Please leave comments.</p></blockquote> ";
echo "<blockquote><a href='javascript:history.back(1);' class='blackfoot'>Return to form.</a></blockquote></div> ";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($my_email,$subject,$message,'From: '.$email."\r\n") && (mail($email,$confirmationSubject,$confirmationBody.$message,'From: '.$my_email."\r\n"))){
echo "<div align='center'><blockquote> <p>Thank you for your interest. We will respond as soon as possible</p></blockquote></div> ";
} else {
echo "<div align='center'><blockquote><p>Sorry but due to an unforseen error we cannot send email to $email. <br><br>Please send your enquiry to (email address) using your usual e-mail application.</p></blockquote></div> ";
}
?>