Secure mail form (avoiding spammers)

guarriman

Hi.

I want to create a simple web form in order to allow visitors to send me their comments via
email. I created this code:

$to = "mybox@mydomain.com";
$subject = "Comments from the web";
$body = "Comments:\n";
$body = $body . "----------------------- \n";
$body = $body . $email . "\n";
$body = $body . "----------------------- \n";
$body = $body . $name . "\n";
$body = $body . "----------------------- \n";
$body = $body . $text . "\n";
$headers = "From: $email";
mail($to,$subject,$body,$headers);

'$email' is the email address of the visitor, '$name' is their name, and '$text'
is the contents of the comments.

But I found out that some spammers used this form to send spam. I didn't make any
filter of the contents, and I was suggested they were using script injection within
the form.

Do you know any more-secure web form for sending emails? Thank you very much.

StevenJ

I suffered this problem too, and very annoying it was.

What I chose to do, was add an extra text box for the user to enter a number. At the beginning of the ph script, I generated a random number, and this is diplayed in the form, and stored in a session. When the form is submitted, it checks the value of the random number generated, and the number entered on the form - if it doesn't match I fail to send the email, and log the IP.

examlpe here:

contact

execute

I m not sure but i believe you can put edit your headers by putting you know From: etc...\n
and the last "header" line you have... you should put \r\n\n i think, and they won't be able to inject extra headers in anymore which is how they spam.