Hi,
I recently noticed a message on two filenames:
mail.php3l-UNSECURE-S[AM-SPURCE-FOR-HACKERS-PLEASE-SECURE-BEFORE-USING-AGAIN
mail.html-UNSECURE-S[AM-SPURCE-FOR-HACKERS-PLEASE-SECURE-BEFORE-USING-AGAIN
Now this is a simple form that e-mails a application from people interested in joining our site/league and i can't see what's the issue... but if anyone can help me make the forms more secure, any help would be very much appreciated.
Peter
The php code...
<?PHP
// +----------------------------------------------------------------------+
// | PHP version 4.0 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997, 1998, 1999, 2000, 2001 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Original Author <contact_bogomil@dir.bg> |
// | GPL:Eurosoft Ltd <eurosoft@xi-tec.com> |
// +----------------------------------------------------------------------+
//
// $ID EUBGRSMAL180601$
$today=date("M-d-Y");
if ($pic !="Pictures"){
// Path to your picture dir.
$base="http://example.com/design/mail";
$message_n="<html><head>
</head>
<table align=center border=1 bordercolor=$color>
<tr>
<td><center>
Name: $sender </center></td>
</tr>
<tr>
<td><center>
Name: $reply </center></td>
</tr>
<tr>
<td><center>
Age: $age </center></td>
</tr>
<td><center>
<p>Interested in: $Interested_in </p>
</center></td>
</tr>
<tr>
<td><center>
AIM SN: $AIM </center></td>
</tr>
<td><center>
<p>MSN SN: $MSN</p>
</center></td>
</tr>
<tr>
<td><center>
ICQ SN: $ICQ </center></td>
</tr>
<td><center>
<p>Yahoo SN: $Yahoo</p>
</center></td>
</tr>
<tr>
<td><center>
EHM Experience (How long): $EHM_Exp </center></td>
</tr>
<td>
<center>
<p>Online League Experience: $Online_Exp</p>
</center></td>
</tr>
<td><center>
<p>How did you find us: $Find</p>
</center></td>
</tr>
<td><center>
<p>Send date: $today</p>
</center></td>
</tr>
</table>
</body><html>";
}
else {
$message_n="<html><head>
</head>
<table align=center border=1 bordercolor=$color>
<tr>
<td><center>
Name: $sender </center></td>
</tr>
<tr>
<td><center>
Name: $reply </center></td>
</tr>
<tr>
<td><center>
Age: $age </center></td>
</tr>
<td><center>
<p>Interested in: $Interested_in </p>
</center></td>
</tr>
<tr>
<td><center>
AIM SN: $AIM </center></td>
</tr>
<td><center>
<p>MSN SN: $MSN</p>
</center></td>
</tr>
<tr>
<td><center>
ICQ SN: $ICQ </center></td>
</tr>
<td><center>
<p>Yahoo SN: $Yahoo</p>
</center></td>
</tr>
<tr>
<td><center>
EHM Experience (How long): $EHM_Exp </center></td>
</tr>
<td>
<center>
<p>Online League Experience: $Online_Exp</p>
</center></td>
</tr>
<td><center>
<p>How did you find us: $Find</p>
</center></td>
</tr>
<td><center>
<p>Send date: $today</p>
</center></td>
</tr>
</table>
</body><html>";
}
$headers .= "MIME-Version: 1.0 \n" ;
$headers .= "From:$sender \n";
$headers .= "X-Sender:Admin<Who@me.network> \n";
$headers .= "X-Mailer:webFormMailer v1.0001 \n";
$headers .= "X-Priority:$Priority \n";
$headers .= "Return-Path: <@softf.eurosoft.bg> \n";
$headers .= "Content-Type:text/html;charset=iso-8859-1 \n";
$recipient = 'apply@enhl-hockey.net';
$subject="eNHL Website Application";
$mail_fn=mail($recipient,$subject,$message_n,$headers);
if($mail_fn==0)
{
echo"Oops....";
}
else
echo"Done";
echo"<br><a href=javascript:history.go(-1)>Back to M.center</a>";
?>
The html...
<html>
<head>
<title>E-mail</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
// -->
</script>
</head>
<body bgcolor="#3F5569" text="#000000">
<div id="Layer1" style="position:relative; width:557px; height:384px; z-index:1; left: 7px; top: 50px; background-color: #CCCCCC; layer-background-color: #CCCCCC; border: 1px none #000000;">
<table width="100%" border="1" height="377" bgcolor="#CCCCCC" bordercolor="#FFFFFF">
<form name="form" method="post" action="mail.php3">
<tr>
<td width="24%">Name:</td>
<td width="76%"> <input type="text" name="sender" size="35"> </td>
</tr>
<tr>
<td>Reply e-mail:</td>
<td> <p>
<input type="text" name="reply" size="35">
</p></td>
</tr>
<tr>
<td width="24%">Age:</td>
<td width="76%"> <p>
<input type="text" name="age" size="35">
</p></td>
</tr>
<tr>
<td width="24%">What teams are you interested in:</td>
<td width="76%"> <p>
<input type="text" name="Interested_in" size="35">
</p></td>
</tr>
<tr>
<td width="24%">AIM:</td>
<td width="76%"> <p>
<input type="text" name="AIM" size="35">
</p></td>
</tr>
<tr>
<td width="24%">MSN:</td>
<td width="76%"> <p>
<input type="text" name="MSN" size="35">
</p></td>
</tr>
<tr>
<td width="24%">ICQ:</td>
<td width="76%"> <p>
<input type="text" name="ICQ" size="35">
</p></td>
</tr>
<tr>
<td width="24%">Yahoo:</td>
<td width="76%"> <p>
<input type="text" name="Yahoo" size="35">
</p></td>
</tr>
<tr>
<td width="24%">EHM Experience (How long):</td>
<td width="76%"> <p>
<input type="text" name="EHM_Exp" size="35">
</p></td>
</tr>
<tr>
<td width="24%">Online League Experience:</td>
<td width="76%"> <p>
<input type="text" name="Online_Exp" size="35">
</p></td>
</tr>
<tr>
<td width="24%">How did you find us:</td>
<td width="76%"> <p>
<input type="text" name="Find" size="35">
</p></td>
</tr>
<tr>
<td width="24%"> </td>
<td width="76%"> </td>
</tr>
<tr>
<td width="24%">Send </td>
<td width="76%"> <p>
<input type="submit" name="Submit" value="Send">
<input type="reset" name="Clear" Value="Clear">
</p>
<tr>
<td colspan="2"><a href="http://www.enhl-hockey.net" target="_parent">Return to the Main Page</a></td>
</form></td></tr>
</table>
</div>
<p> </p></body>
</html>
