Jump to content

Php Security


dazmond
 Share

Recommended Posts

Hello

 

Just a quick question, i was reading the latest email form TCH about the spam abuse through php email scripts, i did have a php script on my account and i am unsure if it was safe.

 

The script was accessed through a flash movie and was just up there for testing purposes, the script i used is as follows:

 

<?php

 

$to = 'david@example.com';

$subject = 'Feedback from Flash site';

 

 

$message = 'From: '.$_POST['from']."\n\n";

$message .= 'Email: '.$_POST['email']."\n\n";

$message .= 'Address: '.$_POST['snail']."\n\n";

$message .= 'Phone: '.$_POST['phone']."\n\n";

$message .= 'Comments: '.$_POST['comments'];

 

$additionalHeaders = "From: Flash feedback<feedback@example.com>\n";

$additionalHeaders .= "Reply-To: $_POST";

 

 

$OK = mail($to, $subject, $message, $additionalHeaders);

 

if ($OK) {

echo 'sent=OK';

}

else {

echo 'sent=failed&reason='. urlencode('There seems to be a problem with the server. Please try later.');

}

?>

 

As i said preveouely, the post arrays are sent via a flash movie is this script left open to abuse if left on my account (i'v taken it down just incase).

 

if so

SORRY

 

any help would be fantastic.

thanks

Daz:)

Link to comment
Share on other sites

Right, if i amended the script as follows:

 

$additionalHeaders = "From: Flash feedback<feedback@example.com>\n";

if (eregi("\r",$additionalHeaders) || eregi("\n",$additionalHeaders)){

die("Why ?? ;)");

}

 

and then saved it within the private folder of my hosting space would that resolve the problem (i'm just learning php as you may have guest ha).

 

thanks you darren

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...