Hello:
Does anyone know of a secure PHP form mailer which is equivalent to the nms formmail.pl script which I can download?
Thanks for the help.
PHP Form Mailer
It's really not very hard to create one's own. If you know nothing about PHP, then that's one thing, but even with minimal experience, something like that should be pretty easy to create. If I find some free time today, maybe I can help you out...
And when you say "secure", how do you mean? Email is never secure without encryption, so if that's a requirement, then that's a little different.
Hi,
I'm a beginner with PHP. I had a few scripts written that sent out emails and the SPAM that resulted from it was unbelievable.
As for security, I was referring to SPAM. I would appreciate any help you can give me.
I've attached the PHP scripts that were giving me the problem. Whatever you can do to help me fix them to avoid SPAM would be AWESOME!
I attached a very short and simple contact script. I thought if I can get this one to work, I can apply the same coding to more involved scripts.
Thank you for your help.
Those files look pretty good to me... why do you suspect you were receiving SPAM as a result of using the script? The email address shouldn't be accessible to Web crawlers, as it's embedded in the PHP code. In theory, then, the only way the address could be captured and used as a SPAM target would be once the message is already en route to your incoming mail server.
9 days later
Hello:
Thank you for your reply.
I apologize for not replying sooner. We had winter break here and took the opportunity to take a vacation. For once, I did not bring my laptop.
The hosting company called me and identified the specific PHP scripts that were causing the SPAM problem. The two that I attached was one of them.
So, I'm not sure where the breakdown occurred. But, I need to figure out what to do so I can use these scripts without having the SPAM problem.
looks like anyone can send SPAM with your from mailer script. They just need to post data to your contact.php with the varibles "$email" and "$comment" and the ConfirmEmail() function in the clsEmail.php page will send the spam to the "$email" email address.
You can fix this by changing the $email varible name to something less guessable var name. Or the best way is not to use a form post var to get a the email address for the $to mail(); function. You can use a session var or get it from a database.
Perhasp you sould have a IF statement to make sure that $SERVER['HTTP_REFERER'] is coming from your server. just explode("." , $SERVER['HTTP_REFERER']) you get your domain.
Hello:
Thank you for the reply.
I'm having a difficult time understanding the following from a previous post:
Or the best way is not to use a form post var to get a the email address for the $to mail(); function. You can use a session var or get it from a database.
If I don't use post, how do I get the email address from the person filling out the form and then send an email?