PHP Guru's Formmail Help!!

kona72

Ok, so i have been using the same basic php form page all in one type combo on all of my sites (alot!) I just got word from my host this afternoon that the form is being exploited to send out a bunch of spam and had to be removed. I need a fix for this, i am by no means a php security expert and could really use some pointers on this...

here is the page. I really appreciate this!!!!

<?php

if(isset($Submit))
{
	if($name != "" && $email != "")
	{
		$message = "Subject Header:<br><br>
		Name: $name<br>
		Last Name: $lastname<br>
		Location: $where<br>
		Phone Number: $number<br>
		Email: $email2<br>
		Subject: $subject<br>		
		Your Message: $message";

	$headers = "MIME-Version: 1.0\n"; 
	$headers .= "Content-Type: text/html; charset=iso-8859-1\n"; 
	$headers .= "From: <$email>\n"; 
	$headers .= "Reply-To: <$email>\n"; 

	mail("someone@somewhere.com,$email", "Subject of email", $message, $headers); 


	header("Location: thanks.htm");
}
else
{
	$error = "y";
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php

			  if($error == "y")
			  {
			  	echo "<font color=#666666 size=2 face=Verdana, Arial, Helvetica, sans-serif>You must fill in the name and e-mail.";
			  	exit;
			  }
			  ?>
<br>
<br>
<form name="contact" action="contact.php" method="post">
  <table width="409" border="0" cellspacing="0" cellpadding="0">
    <tr align="left" valign="top">
      <td width="113">First Name : <br>
      <br></td>
      <td width="296"><input name="name" type="text" id="firstname2">
      <br></td>
    </tr>
    <tr align="left" valign="top">
      <td>Last Name: <br></td>
      <td width="296"><input name="lastname" type="text" id="lastname">
      <br></td>
    </tr>
    <tr align="left" valign="top">
      <td> Location:</td>
      <td><input name="location" type="text" id="where2">        

      (country&amp; city) <br></td>
    </tr>
    <tr align="left" valign="top">
      <td>Phone Number:<br></td>
      <td><input name="number" type="text" id="number2">
      <br></td>
    </tr>
    <tr align="left" valign="top">
      <td>E-Mail Address:<br></td>
      <td>        <input name="email2" type="text" id="email2">
      <br></td>
    </tr>
    <tr align="left" valign="top">
      <td>Subject:<br></td>
      <td><input name="subject" type="text" id="subject">
      <br></td>
    </tr>
    <tr align="left" valign="top">
      <td>Your Message: </td>
      <td><textarea name="message" class="style10" id="message"></textarea>
          <br></td>
    </tr>
    <tr align="left" valign="top">
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
  <blockquote>
    <p align="left" class="style3"><br />
        <input name="Submit" type="submit" id="Submit" value="Send" />
        <input type="reset" name="Submit2" value="Reset">
</p>
  </blockquote>
</form>
</body>
</html>

robin_percy

I would suggest using visual verification to stop bots from being able to post through your interface. You can find an article on it here.