Formmail.php

[BluegrassGardener]

It's been ages since I set up this script for our contact page (http://www.bluegrassgardens.com/contact.html). I have been noticing a lot of "form submission" emails being forward to our main email address lately and am trying to figure out what is going on. I just tested it and NO contact mail is being forwarded on to us. Just the blank "form submission" emails. I have updated the page a few times with FrontPage, so therein could be the cause. Or I was wondering if I have done something in the control panel that could affect the script and what it could be. I haven't touched any of that code manually since I made that page and frankly, I have forgotten how the whole thing works. All I remember was that it was a pain in the butt to get it all working correctly. I believe there are several differeant scripts working together here. You might be able to tell better than I if you look in the source. The sendit.php (http://www.bluegrassgardens.com/sendit.php) looks like it maybe shouldn't be doing what it's doing, but I don't know if it's supposed to do that or not when you access it directly. Just looking for a little help here to see if I can get these scripts working correctly again. Appreciate any help......

[TCH-Rick]

If it has been a while since the script was added I would strongly suggest either deleting it and adding a new one or at the very least check with whoever wrote the script and update it to the latest version. Problems may be due to incompatibility with newer versions of PHP. There are folks out there that love to look for old versions of contact us type scripts and use security holes in them to try and spam.

[BluegrassGardener]

I've updated the scripts, but still not working. Any suggestions?

[BluegrassGardener]

so basically what I'm seeing is that the form is sending the email, just not sending any information along with it.

[TCH-Don]

Where did you get the script from?

[BluegrassGardener]

www.dtheatre.com/scripts/formmail.php

[abinidi]

If I were you, I'd look into a different form script. Another forum I follow has people constantly complaining about the security issues present in formmail.php. Apparently it is easy to inject header information into the form, which can compromise your account, bog down your server, and get your account suspended. I'm not saying this is GOING to happen to you, I'm just warning you that it MIGHT.

 

Anyway, good luck.

[BluegrassGardener]

Thanks all. I'm working on using another one supplied by a fellow member of the forum. I appreciate all of your help.

[click]

If I were you, I'd look into a different form script. Another forum I follow has people constantly complaining about the security issues present in formmail.php. Apparently it is easy to inject header information into the form, which can compromise your account, bog down your server, and get your account suspended. I'm not saying this is GOING to happen to you, I'm just warning you that it MIGHT.

You can't really go by the name of the script; There are dozens of different scripts named formmail.php. From a quick look at the source to the script they were using, it looks like it should be secure against header injections.

[TCH-JimE]

As the script is based on Matt's Formmail.php (apparentley the arguments are the same) which has alot of security problems, this script is banned.

 

Can I please suggest you find something else and remove the script as soon as possible.

 

Many thanks

 

JimE

[click]

Matt's Formmail is a Perl script. I don't think this script is based on it at all.