Re: query string passing woes........ help... please....

On 28 Feb, 21:25, "r...@xxxxxxxxxxxxxxxxxx" <r...@xxxxxxxxxxxxxxxxxx>
wrote:
I assume you rename the contact.html to contactform.php

When you assume you really make an ass out of me!! haha!!! Thank you
sooooooooo much, everything works now!!!! Now I just have to work on
the security aspect of it!!

I can't believe I fiddled with this for two days and all I had to do
was change .html to .php jeeezzzz!!!! I take back everything I said
before about feeling stupid.. NOW I reaalllyyy feeelll retarded!!!
dee-de-deeeee

Ok, now on to security measures.... Could someone explain to me what
this code does, how it secures the emails and where in my code I
should implement it?

$emailInput = array($to, $from, $cc, $bcc, $subject, $message);
$injections = array('to', 'from', 'cc', 'bcc');
foreach ($emailInput as $input)
{
foreach ($injections as $injection)
{
$input = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
$input);
}

}

this code should be used just before the mail function, all it does,
is to enforce the format of each "header" - a header here just means
To: email@xxxxxxxxx
From: me@xxxxxxxx
rather like the headers of an HTTP request
etc... the part before the : cprresponds to $to $from etc.. the part
afterwards to the value
of $to $from etc...
so that it won't allow the value of one header to actually be two
headers together - which would smuggle in more BCC address rather than
the single value you wanted to allw.
Its a neat method.
Phpmailer has this all built in so that the code you write is all
about the stuff you need rather than a whole lot of extra checking
etc...

see this example:
require_once('class.phpmailer.php');
$mail = new PHPMailer();
// set mailer to use SMTP
$mail->IsSMTP();
// specify main and backup server
$mail->Host = 'auth.smtp.server.com';
// turn on SMTP authentication
$mail->SMTPAuth = true;
// SMTP username
$mail->Username = $username;
// SMTP password
$mail->Password = $password;
//$mail->SetLanguage("br", "/optional/path/to/language/directory");
$mail->From = $from;
$mail->FromName = $fromname;
$mail->AddAddress($to, $toname);
$mail->AddReplyTo($reply, $replyname);
$mail->WordWrap = 50;
$mail->IsHTML(true);
$mail->Subject = $subject;
$mail->Body = $body;

easy huh

.

Relevant Pages

  • Re: GroupWise 7.0.1-Client: Disposition-Notification-To?
    ... Teilen auch Server, vor allem beim Senden, denn da legt der *Client* ... selber ganz alleine die Header fest, und versendet selber per SMTP. ...
    (de.comp.sys.novell)
  • Re: Spam question
    ... On Mon, 2003-09-01 at 04:12, Tomas Wolf wrote: ... Is it possible to malform e-mail's header? ... > SMTP server at home, I was capable of sending any kind of e-mail to ...
    (Security-Basics)
  • Re: Some POP3 mail undeliverable
    ... Sorry but I'm a bit of a novice here, Does switching to SMTP depend on what ... client's mailbox but turns up in the mailbox designated for undeliverable ... When this happens the header information is missing. ... The ISP has an email domain of the form ...
    (microsoft.public.windows.server.sbs)
  • Re: Problems with BCC in SBS-Exchange 2003
    ... Looks like a weekend at work switching our Pop to SMTP ... The final answer is that when the POP3 protocol is used for multiple ... this type of header. ... I gave up on the Exchange POP3 connector within ...
    (microsoft.public.windows.server.sbs)
  • Re: my computer name sent in email?
    ... computer name is appended to a header called "message-ID". ... when MS Outlook Express initiates an SMTP session ... Exhibit A: ... Exhibit B was sent through a message submission server, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)