surefire
-
Posts
1,008 -
Joined
-
Last visited
Posts posted by surefire
-
-
I'm confused...
You're saying that I may or may not have to share an IP among my own websites depending on whether I was the first of four accounts on a semi dedicated or if I was the last?
I want to make an educated decision as to whether to host my numerous website accounts individually on shared servers or whether I should host them all on a semidedicated.
Thanks in advance for any assistance with this decision.
-
Still can not figure out how to omit empty fields
If ($content .== "") ..... don't print the son-of-gun!
Be back later (hope somebody figures the empty field thing during my respite).
dsdemmin:
Here is the answer to your question.
Starting at approximately line 165 you will see this:
// prepare contentif ($reserved_violation != 1) {
if (is_array($val)) {
for ($z=0;$zcount($val);$z++) {
$content .= "$key: $val[$z]\n";
}
}
else {
$content .= "$key: $val\n";
}
}
}
}
return $content;
}
And you can change it to this:
// prepare contentif ($reserved_violation != 1) {
if (is_array($val)) {
for ($z=0;$zcount($val);$z++) {
$content .= "$key: $val[$z]\n";
}
}
if($val == "")
{
}
else {
$content .= "$key: $val\n";
}
}
}
}
return $content;
}
There are three lines in bold that I added to make your suggestion work.
Basically, it tells the server, "If this field was left blank then skip it and move on to the next variable in the loop."
I've tested it out on my own site and works fine. Never thought of it before until you mentioned it.
-
Hello again...
Glad to see this script is working well for most of you. I can only take credit for the minor modifications.
Anyhow, someone pointed out a line of code that I had neglected to delete from the script. My apologies.
I hate to repost the entire script again... but I want to put up a copy that is free of unnecessary lines of code I added.
So here it is:
***Special Note***
When you copy this script you MUST make sure that the text editor doesn't artificially wrap longer lines of code onto the next line. I've rewritten the code to try to make sure that this won't be an issue... but your best bet is a text editor like NotePad that will stretch the code as long as required. WordPad is an example of a text editor that you should NOT use because it will cut long lines of code into several lines and could change the way the server reads the PHP code.
Also... make sure that the code starts at the very top of you file. In other words, there can't be a blank line before <?php If you do, then you'll get a message that says Unable To Send Headers on Line 373... or something very similar.
***End Notes***
<?php/*
##############################################################################
# PLEASE DO NOT REMOVE THIS HEADER!!!
#
# COPYRIGHT NOTICE
#
# FormMail.php v4.2
# (Originally v4.1b -- Fixed to illiminate spam gateway exploit)
# Fixed by Tom Parkison ( trparky@toms-world.org )
#
# Copyright 2000,2001 Ai Graphics and Joe Lumbroso © All rights reserved.
# Created 07/06/00 Last Modified 08/06/2001
# Joseph Lumbroso, http://www.aigraphics.com, http://www.dtheatre.com
# http://www.lumbroso.com/scripts/
##############################################################################
#
# This cannot and will not be inforced but I would appreciate a link back
# to any of these sites:
# http://www.lumbroso.com/scripts/
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
##############################################################################
*/
// formmail version (for debugging mostly)
$version = "4.2";
//change the following urls to match the information at your own personal website
$allowed_email_recipients_array = array('yoursite.com','www.yoursite.com');
# THIS IS REQUIRED FOR THE SCRIPT TO RUN. YOU MUST FILL IT IN WITH YOUR
# DOMAIN NAME. THIS IS TO CORRECT THE SPAM GATEWAY EXPLOIT IN v4.1b.
#
# THE VALUES CAN BE FULL EMAIL ADDRESSES OR JUST DOMAIN NAMES.
/*referers.. domains/ips that you will allow forms to reside on.
change urls to match your site url */
$referers = array('yoursite.com','www.yoursite.com');
//Jack at Surefire Webdesign added this for anti-spam purposes
/*change this to a valid email address at your site and it must match one of the urls in $allowed_email_recipients array listed above */
$recipient = "contact@yoursite.com";
/*rewrite the following line of code to match the exact location of your thankyou page... if you have one.
It's a good idea to create one IMHO*/
$redirect = "http://www.yoursite.com/thanks.php";
/* banned emails, these will be email addresses of people
who are blocked from using the script (requested) */
$banlist = array ('*@somedomain.com', 'user@domain.com', 'etc@domains.com');
// our mighty error function..
function print_error($reason,$type = 0) {
global $version;
build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet);
// for missing required data
if ($type == "missing") {
?>
<p> </p>
<h2>The form was not submitted for the following reasons:</h2>
<ul><?php
print("$reason.\n");
?></ul>
<p>Please use your browser's back button to return to the form and try again.</p>
<?php
} else
{
// every other error
?>
<h2>The form was not submitted because of the following reasons:</h2>
<?php
}
print("<br><br>\n");
echo "<small>This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's'>http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!/a></small>\n\n";
}
// function to check the banlist
// suggested by a whole lot of people.. Thanks
function check_banlist($banlist, $email) {
if (count($banlist)) {
$allow = true;
foreach($banlist as $banned) {
$temp = explode("@", $banned);
if ($temp[0] == "*") {
$temp2 = explode("@", $email);
if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1])))
$allow = false;
} else {
if (trim(strtolower($email)) == trim(strtolower($banned)))
$allow = false;
}
}
}
if (!$allow) {
print_error("You are using from a <b>banned email address.</b>");
}
}
// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
print_error("You are coming from an <b>unauthorized domain.</b>");
error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; // not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);
if ($banlist)
check_banlist($banlist, $email);
// parse the form and create the content string which we will send
function parse_form($array) {
// build reserved keyword array
$reserved_keys[] = "MAX_FILE_SIZE";
$reserved_keys[] = "required";
$reserved_keys[] = "redirect";
$reserved_keys[] = "email";
$reserved_keys[] = "require";
$reserved_keys[] = "path_to_file";
$reserved_keys[] = "recipient";
$reserved_keys[] = "subject";
$reserved_keys[] = "bgcolor";
$reserved_keys[] = "text_color";
$reserved_keys[] = "link_color";
$reserved_keys[] = "vlink_color";
$reserved_keys[] = "alink_color";
$reserved_keys[] = "title";
$reserved_keys[] = "missing_fields_redirect";
$reserved_keys[] = "env_report";
if (count($array)) {
while (list($key, $val) = each($array)) {
// exclude reserved keywords
$reserved_violation = 0;
for ($ri=0; $ri<count($reserved_keys); $ri++) {
if ($key == $reserved_keys[$ri]) {
$reserved_violation = 1;
}
}
// prepare content
if ($reserved_violation != 1) {
if (is_array($val)) {
for ($z=0;$zcount($val);$z++) {
$content .= "$key: $val[$z]\n";
}
} else {
$content .= "$key: $val\n";
}
}
}
}
return $content;
}
// mail the content we figure out in the following steps
function mail_it($content, $subject, $email, $recipient, $allowed_email_recipients_array) {
// INCLUDED TO FIX SPAM GATEWAY EXPLOIT
$recipient_array = explode(",", $recipient);
$size_of_recipients_array = count($recipient_array);
$size_of_allowed_recipients_array = count($allowed_email_recipients_array);
for ($recipients_array_count = 0; $recipients_array_count != $size_of_recipients_array; $recipients_array_count++) {
for ($allowed_recipients_array_count = 0; $allowed_recipients_array_count != $size_of_allowed_recipients_array; $allowed_recipients_array_count++) {
if ( stristr($recipient_array[$recipients_array_count],$allowed_email_recipients_array[$allowed_recipients_array_count]) ) {
if ($new_recipient == "") {
$new_recipient = $recipient_array[$recipients_array_count];
}
else {
$new_recipient .= ",";
$new_recipient .= "$recipient_array[$recipients_array_count]";
}
}
}
}
$recipient = $new_recipient;
// INCLUDED TO FIX SPAM GATEWAY EXPLOIT
mail($recipient, $subject, $content, "From: $email\r\nReply-To: $email\r\nX-Mailer: DT_formmail");
}
/* take in the body building arguments and build the body tag for page display */
function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet) {
if ($style_sheet)
echo "<LINK rel=STYLESHEET href=\"$style_sheet\" Type=\"text/css\">\n";
if ($title)
echo "<title>$title</title>\n";
if (!$bgcolor)
$bgcolor = "#FFFFFF";
if (!$text_color)
$text_color = "#000000";
if (!$link_color)
$link_color = "#0000FF";
if (!$vlink_color)
$vlink_color = "#FF0000";
if (!$alink_color)
$alink_color = "#000088";
if ($background)
$background = "background=\"$background\"";
echo "<body bgcolor=\"$bgcolor\" text=\"$text_color\" link=\"$link_color\" vlink=\"$vlink_color\" alink=\"$alink_color\" $background>\n\n";
}
/* check for a recipient email address and check the validity of it
Thanks to Bradley miller (bradmiller@accesszone.com) for pointing
out the need for multiple recipient checking and providing the code. */
$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
$recipient_to_test = trim($recipient_in[$i]);
if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $recipient_to_test)) {
print_error("<b>I NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE</b>");
}
}
/* This is because I originally had it require but too many people
were used to Matt's Formmail.pl which used required instead. */
if ($required)
$require = $required;
// handle the required fields
if ($require) {
// seperate at the commas
$require = ereg_replace( " +", "", $require);
$required = split(",",$require);
for ($i=0;$i<count($required);$i++) {
$string = trim($required[$i]);
// check if they exsist
if((!(${$string})) || (!(${$string}))) {
// if the missing_fields_redirect option is on: redirect them
if ($missing_fields_redirect) {
header ("Location: $missing_fields_redirect");
exit;
}
$require;
$missing_field_list .= "<b>Missing: $required[$i]</b><br>\n";
}
}
// send error to our mighty error function
if ($missing_field_list)
print_error($missing_field_list,"missing");
}
// check the email fields for validity
if (($email) || ($EMAIL)) {
$email = trim($email);
if ($EMAIL)
$email = trim($EMAIL);
if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $email)) {
print_error("your <b>email address</b> is invalid");
}
$EMAIL = $email;
}
// check zipcodes for validity
if (($ZIP_CODE) || ($zip_code)) {
$zip_code = trim($zip_code);
if ($ZIP_CODE)
$zip_code = trim($ZIP_CODE);
if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code)))) {
print_error("your <b>zip/postal code</b> is invalid");
}
}
// check phone for validity
if (($PHONE_NO) || ($phone_no)) {
$phone_no = trim($phone_no);
if ($PHONE_NO)
$phone_no = trim($PHONE_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no)) {
print_error("your <b>phone number</b> is invalid");
}
}
// check phone for validity
if (($FAX_NO) || ($fax_no)) {
$fax_no = trim($fax_no);
if ($FAX_NO)
$fax_no = trim($FAX_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no)) {
print_error("your <b>fax number</b> is invalid");
}
}
// prepare the content
$content = parse_form($HTTP_POST_VARS);
// check for a file if there is a file upload it
if ($file_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
if (file_exists($path_to_file.$file_name))
$location .= ".new";
copy($file,$location);
unlink($file);
$content .= "Uploaded File: ".$location."\n";
}
}
// second file.
if ($file2_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file2_name;
if (file_exists($path_to_file.$file2_name))
$location .= ".new";
copy($file2,$location);
unlink($file2);
$content .= "Uploaded File: ".$location."\n";
}
}
// if the env_report option is on: get eviromental variables
if ($env_report) {
$env_report = ereg_replace( " +", "", $env_report);
$env_reports = split(",",$env_report);
$content .= "\n------ eviromental variables ------\n";
for ($i=0;$i<count($env_reports);$i++) {
$string = trim($env_reports[$i]);
if ($env_reports[$i] == "REMOTE_HOST")
$content .= "REMOTE HOST: ".$REMOTE_HOST."\n";
else if ($env_reports[$i] == "REMOTE_USER")
$content .= "REMOTE USER: ". $REMOTE_USER."\n";
else if ($env_reports[$i] == "REMOTE_ADDR")
$content .= "REMOTE ADDR: ". $REMOTE_ADDR."\n";
else if ($env_reports[$i] == "HTTP_USER_AGENT")
$content .= "BROWSER: ". $HTTP_USER_AGENT."\n";
}
}
// if the subject option is not set: set the default
if (!$subject)
$subject = "Form submission";
// send it off
mail_it(stripslashes($content), stripslashes($subject), $email, $recipient, $allowed_email_recipients_array);
// if the redirect option is set: redirect them
if ($redirect) {
header ("Location: $redirect");
exit;
} else {
print "Thank you for your submission\n";
echo "<br><br>\n";
echo "<small>This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!</a></small>\n\n";
exit;
}
// <---------- THE END ----------> //
?>
I created additional comments in bold... some of which are redundant and obvious... but I want this to work for anyone who tries it.
I'll go over the steps again in more detail:
- Copy and paste the script above into a text editor (NotePad strongly recommended. Avoid WordPad and other editors like Word that break long lines of code into several lines.)
- Read the comments in the first 1/3 of the script and replace all instances of 'yoursite.com' with your actual url
- I highly recommend that you create a 'Thank you' page that your visitor sees after they submit the form successfully
- Let's say you name the thank you page "thanks.htm" FTP this page to your public html dir
- Somewhere near line 50 is a line that reads: $redirect = "http://www.yoursite.com/thanks.php"; Change this to point to the location of your Thankyou page.
- Save your text file and name it whatever you want but make sure it ends with .php file extension (Example sendit.php)
- Create a folder on your website (I put the folder in the public html dir... but not necessary)
- I usually name this folder phpbin... but name it whatever you like
- FTP this script (sendit.php or whatever.php) to the folder you just created
- Open up any existing form on your site in a text editor or whatever you use to code html
- Direct the form to post to this script that you created (Should look something like: <form name="your_form" method="post" action="/phpbin/sendit.php">
- You do NOT need hidden inputs in your form as you did with FormMail.cgi (recipient, referer, etc... not needed)
- You can add a hidden input for "required" if you want certain fields required (Ex: <input name="required" type="hidden" id="required" value="email, first_name, phone"> )
I made these directions as detailed as possible, but you'll find that it's a lot quicker to do this than it may appear. It's really quite easy and should work right off the bat after you change just six or seven lines of code. In fact, I could rewrite it for the group so that you only have to change one line of code to have it work for your site.
Either way, it's pretty easy to use, so I'm more than happy to help anyone with this... although it appears that there are plenty of people that can help out on this forum.
If you're not a coder and PHP is foreign to you, then this script might seem confusing. Just follow the instructions and read the comments in the script (indicated by //) and everything should work for you.
One last thing, you can change the $banlist array to contain any emails or urls that you don't want. So if you decide you don't want any hotmail or yahoo emails, you can ban them right in the script. Be aware that this will turn some people off... but sometimes it's worth it... use your best judgement and tell your visitor what email addresses will not work with your form.
Hope this helps.
- Copy and paste the script above into a text editor (NotePad strongly recommended. Avoid WordPad and other editors like Word that break long lines of code into several lines.)
-
Hello everyone... I have an option that has been working for me for several months. I was previously with another hosting company that forbid the use of FormMail many months ago.
I came across a PHP script that is written to take the same form inputs (hidden inputs) that FormMail uses.
After months of studying and using PHP, I've learned several ways to make this script even more secure...
Here's the final product of my work:
<?php/*
##############################################################################
# PLEASE DO NOT REMOVE THIS HEADER!!!
#
# COPYRIGHT NOTICE
#
# FormMail.php v4.2
# (Originally v4.1b -- Fixed to illiminate spam gateway exploit)
# Fixed by Tom Parkison ( trparky@toms-world.org )
#
# Copyright 2000,2001 Ai Graphics and Joe Lumbroso © All rights reserved.
# Created 07/06/00 Last Modified 08/06/2001
# Joseph Lumbroso, http://www.aigraphics.com, http://www.dtheatre.com
# http://www.lumbroso.com/scripts/
##############################################################################
#
# This cannot and will not be inforced but I would appreciate a link back
# to any of these sites:
# http://www.lumbroso.com/scripts/
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
##############################################################################
*/
// formmail version (for debugging mostly)
$version = "4.2";
$allowed_email_recipients_array = array('yoursite.com','www.yoursite.com');
# THIS IS REQUIRED FOR THE SCRIPT TO RUN. YOU MUST FILL IT IN WITH YOUR
# DOMAIN NAME. THIS IS TO CORRECT THE SPAM GATEWAY EXPLOIT IN v4.1b.
#
# THE VALUES CAN BE FULL EMAIL ADDRESSES OR JUST DOMAIN NAMES.
// referers.. domains/ips that you will allow forms to
// reside on.
$referers = array('yoursite.com','www.yoursite.com');
//Jack at Surefire Webdesign added this for anti-spam purposes
$recipient = "contact@yoursite.com";
$redirect = "http://www.yoursite.com/thanks.php";
// banned emails, these will be email addresses of people
// who are blocked from using the script (requested)
$banlist = array ('*@somedomain.com', 'user@domain.com', 'etc@domains.com');
// our mighty error function..
function print_error($reason,$type = 0) {
global $version;
build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet);
// for missing required data
if ($type == "missing") {
?>
<p> </p>
<h2>The form was not submitted for the following reasons:</h2>
<ul><?php
print("$reason.\n");
?></ul>
<p>Please use your browser's back button to return to the form and try again.</p>
<?php
} else
{
// every other error
?>
<h2>The form was not submitted because of the following reasons:</h2>
<?php
}
print("<br><br>\n");
//echo "<small>This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's'>http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!/a></small>\n\n";
}
// function to check the banlist
// suggested by a whole lot of people.. Thanks
function check_banlist($banlist, $email) {
if (count($banlist)) {
$allow = true;
foreach($banlist as $banned) {
$temp = explode("@", $banned);
if ($temp[0] == "*") {
$temp2 = explode("@", $email);
if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1])))
$allow = false;
} else {
if (trim(strtolower($email)) == trim(strtolower($banned)))
$allow = false;
}
}
}
if (!$allow) {
print_error("You are using from a <b>banned email address.</b>");
}
}
// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
print_error("You are coming from an <b>unauthorized domain.</b>");
error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; // not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);
if ($banlist)
check_banlist($banlist, $email);
// parse the form and create the content string which we will send
function parse_form($array) {
// build reserved keyword array
$reserved_keys[] = "MAX_FILE_SIZE";
$reserved_keys[] = "required";
$reserved_keys[] = "redirect";
$reserved_keys[] = "email";
$reserved_keys[] = "require";
$reserved_keys[] = "path_to_file";
$reserved_keys[] = "recipient";
$reserved_keys[] = "subject";
$reserved_keys[] = "bgcolor";
$reserved_keys[] = "text_color";
$reserved_keys[] = "link_color";
$reserved_keys[] = "vlink_color";
$reserved_keys[] = "alink_color";
$reserved_keys[] = "title";
$reserved_keys[] = "missing_fields_redirect";
$reserved_keys[] = "env_report";
if (count($array)) {
while (list($key, $val) = each($array)) {
// exclude reserved keywords
$reserved_violation = 0;
for ($ri=0; $ri<count($reserved_keys); $ri++) {
if ($key == $reserved_keys[$ri]) {
$reserved_violation = 1;
}
}
// prepare content
if ($reserved_violation != 1) {
if (is_array($val)) {
for ($z=0;$zcount($val);$z++) {
$content .= "$key: $val[$z]\n";
}
} else {
$content .= "$key: $val\n";
}
}
}
}
return $content;
}
// mail the content we figure out in the following steps
function mail_it($content, $subject, $email, $recipient, $allowed_email_recipients_array) {
// INCLUDED TO FIX SPAM GATEWAY EXPLOIT
$recipient_array = explode(",", $recipient);
$size_of_recipients_array = count($recipient_array);
$size_of_allowed_recipients_array = count($allowed_email_recipients_array);
for ($recipients_array_count = 0; $recipients_array_count != $size_of_recipients_array; $recipients_array_count++) {
for ($allowed_recipients_array_count = 0; $allowed_recipients_array_count != $size_of_allowed_recipients_array; $allowed_recipients_array_count++) {
if ( stristr($recipient_array[$recipients_array_count],$allowed_email_recipients_array[$allowed_recipients_array_count]) ) {
if ($new_recipient == "") {
$new_recipient = $recipient_array[$recipients_array_count];
}
else {
$new_recipient .= ",";
$new_recipient .= "$recipient_array[$recipients_array_count]";
}
}
}
}
$recipient = $new_recipient;
// INCLUDED TO FIX SPAM GATEWAY EXPLOIT
mail($recipient, $subject, $content, "From: $email\r\nReply-To: $email\r\nX-Mailer: DT_formmail");
}
// take in the body building arguments and build the body tag for page display
function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet) {
if ($style_sheet)
echo "<LINK rel=STYLESHEET href=\"$style_sheet\" Type=\"text/css\">\n";
if ($title)
echo "<title>$title</title>\n";
if (!$bgcolor)
$bgcolor = "#FFFFFF";
if (!$text_color)
$text_color = "#000000";
if (!$link_color)
$link_color = "#0000FF";
if (!$vlink_color)
$vlink_color = "#FF0000";
if (!$alink_color)
$alink_color = "#000088";
if ($background)
$background = "background=\"$background\"";
echo "<body bgcolor=\"$bgcolor\" text=\"$text_color\" link=\"$link_color\" vlink=\"$vlink_color\" alink=\"$alink_color\" $background>\n\n";
}
// check for a recipient email address and check the validity of it
// Thanks to Bradley miller (bradmiller@accesszone.com) for pointing
// out the need for multiple recipient checking and providing the code.
$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
$recipient_to_test = trim($recipient_in[$i]);
if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $recipient_to_test)) {
print_error("b>I NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE</b>");
}
}
// This is because I originally had it require but too many people
// were used to Matt's Formmail.pl which used required instead.
if ($required)
$require = $required;
// handle the required fields
if ($require) {
// seperate at the commas
$require = ereg_replace( " +", "", $require);
$required = split(",",$require);
for ($i=0;$i<count($required);$i++) {
$string = trim($required[$i]);
// check if they exsist
if((!(${$string})) || (!(${$string}))) {
// if the missing_fields_redirect option is on: redirect them
if ($missing_fields_redirect) {
header ("Location: $missing_fields_redirect");
exit;
}
$require;
$missing_field_list .= "<b>Missing: $required[$i]</b><br>\n";
}
}
// send error to our mighty error function
if ($missing_field_list)
print_error($missing_field_list,"missing");
}
// check the email fields for validity
if (($email) || ($EMAIL)) {
$email = trim($email);
if ($EMAIL)
$email = trim($EMAIL);
if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $email)) {
print_error("your b>email address</b> is invalid");
}
$EMAIL = $email;
}
// check zipcodes for validity
if (($ZIP_CODE) || ($zip_code)) {
$zip_code = trim($zip_code);
if ($ZIP_CODE)
$zip_code = trim($ZIP_CODE);
if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code)))) {
print_error("your <b>zip/postal code</b> is invalid");
}
}
// check phone for validity
if (($PHONE_NO) || ($phone_no)) {
$phone_no = trim($phone_no);
if ($PHONE_NO)
$phone_no = trim($PHONE_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no)) {
print_error("your <b>phone number</b> is invalid");
}
}
// check phone for validity
if (($FAX_NO) || ($fax_no)) {
$fax_no = trim($fax_no);
if ($FAX_NO)
$fax_no = trim($FAX_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no)) {
print_error("your <b>fax number</b> is invalid");
}
}
// prepare the content
$content = parse_form($HTTP_POST_VARS);
// check for a file if there is a file upload it
if ($file_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
if (file_exists($path_to_file.$file_name))
$location .= ".new";
copy($file,$location);
unlink($file);
$content .= "Uploaded File: ".$location."\n";
}
}
// second file.
if ($file2_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file2_name;
if (file_exists($path_to_file.$file2_name))
$location .= ".new";
copy($file2,$location);
unlink($file2);
$content .= "Uploaded File: ".$location."\n";
}
}
// if the env_report option is on: get eviromental variables
if ($env_report) {
$env_report = ereg_replace( " +", "", $env_report);
$env_reports = split(",",$env_report);
$content .= "\n------ eviromental variables ------\n";
for ($i=0;$i<count($env_reports);$i++) {
$string = trim($env_reports[$i]);
if ($env_reports[$i] == "REMOTE_HOST")
$content .= "REMOTE HOST: ".$REMOTE_HOST."\n";
else if ($env_reports[$i] == "REMOTE_USER")
$content .= "REMOTE USER: ". $REMOTE_USER."\n";
else if ($env_reports[$i] == "REMOTE_ADDR")
$content .= "REMOTE ADDR: ". $REMOTE_ADDR."\n";
else if ($env_reports[$i] == "HTTP_USER_AGENT")
$content .= "BROWSER: ". $HTTP_USER_AGENT."\n";
}
}
// if the subject option is not set: set the default
if (!$subject)
$subject = "Form submission";
// send it off
mail_it(stripslashes($content), stripslashes($subject), $email, $recipient, $allowed_email_recipients_array);
// if the redirect option is set: redirect them
if ($redirect) {
header ("Location: $redirect");
exit;
} else {
print "Thank you for your submission\n";
echo "<br><br>\n";
echo "<small>This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!</a></small>\n\n";
exit;
}
// <---------- THE END ----------> //
Ok... the first thing you'll notice is that the original work is not mine... I revamped a script that you can find here:
The original script is really good, but I had two main complaints
1- Security still too lax
2- I wanted the recipient email address embedded in the code so I wouldn't have to expose it in my html on the form.
The security hole was fixed with a patch from www.toms-world.org but apparently the links to this patch don't work anymore... but the patch is included in the above script.
The recipient email address was brought inside the form so that now you change the script for your particular site by replacing "yoursite.com" with your actual site url.
To use this script, do the following:
- Copy the script to a text editor
- Change all instances of "yoursite.com" to your actual url
- Save it as something.php (example: sendit.php)
- Create a folder in your website for this script (example: phpbin)
- FTP the script to the folder
- Create your form and POST the form to the script you just created
- Create a thank you page for the visitor to see after they post the form... name it whatever you want, but you have to change the part in the script that redirects the visitor to a thanks.php page
That's it. You can also create a hidden input field in your form to 'require' certain inputs... just like FormMail.cgi
I sincerely hope this helps... I've used this script for months and it works perfectly. In addition, most hackers are looking for FormMail.cgi so just changing the name of the script to somethingelse.php is a step towards security.
- Copy the script to a text editor
-
I'm considering moving several of my sites to a semi-dedicated server. I have two questions:
1-Will the sites be on the same IP address or will they be different?
2-If different, to what degree? Class C block or better?
In other words
255.255.xxx.255 where x is the Class c Block
Thanks
-
Hot Scripts
Comment: Why reinvent the wheel when there are so many free scripts out there?
PHP/ ASP/ JSP/ ColdFusion/ XML/ etc.
Zone Alarm
Comment: Especially if you have DSL or cable modem, you don't want people accessing your own computer.
Software for your computer
Power Archiver
Comment: Great for compressing and also unzipping all sorts of files, not just .zip... but dozens of formats.
Software for your computer
FTP Surfer
Comment: Very easy to use, free. I like the drag and drop features similar to Windows Explorer. (But plenty of good ftp clients out there)
Software for your computer
-
This may not really answer your exact question but as a PHP coder, I thought I could add my two cents.
I also use Dreamweaver MX for design... but not for writing php. I've attempted to use Dreamweaver to write php code but it doesn't accomplish the task very well. The more involved you get with PHP, (or any server side code) the more likely you'll need to learn to code by hand.
The good news is that you can very quickly cut and paste your past code into new pages and you're off and running. I use a php 'class' that I cut and paste into pages that will connect to a database.
The second thing I would suggest (and you may have done this already) would be to upload a copy of phpMyAdmin. It's a fantastic way to manage your mysql database, add tables, perform queries, etc. I'd protect the directory (folder) where you install it with a password (.htaccess).
Once you have phpMyAdmin installed, you can access your database and run queries from any internet connection (thus the secrurity steps I mentioned previously).
You can download phpmyadmin here:
It's hard to talk about this stuff without throwing tons of jargon around.
Hope this helps a little.
-
I just today signed up with TCH but looking at the php info page, it clearly says "-with pear-" in the compile details at the top of the page.
See for yourself at
I'll tell you something else that I noticed...
As a webdesigner that uses a ton of php and mysql, I was pleasantly surprised to see that TCH has compiled PHP with all the fun goodies that I was missing at my old hosting provider:
- XSLT
- Pear (at least it appears to be included)
- Zend Optimizer
- GD
And you can run cron jobs (automatic execution of certain scripts)
To me, this is HUGE!
In about 24-48 hours, I could give you a definitive answer.
Hope this helps a little.
- XSLT
Formmail Security Holes!
in Security Discussions
Posted
Guys... I only just now realized that I can edit my posts.
So my apologies for putting the script up twice... but maybe the extra instructions will help someone.
And I edited the previous script posting, thanks to all for the input. I didn't proofread my code as thoroughly as I first thought.
Wanted to get it on the boards to help others... but haste makes waste I guess.