spam proof a mail script

the mail() function

Moderators: macek, egami, gesf

pfdusa
New php-forum User
New php-forum User
Posts: 1
Joined: Fri Jun 10, 2011 10:42 am

spam proof a mail script

Postby pfdusa » Fri Jun 10, 2011 11:13 am

Can anyone help me spam proof this mail script.

I wanted to add some checks to it.

Please let me know what you think.

Thanks!

// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$comment")) {echo "$SpamErrorMessage"; exit();}

// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string

$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$message = preg_replace($pattern, "", $comment);

// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);

// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}

// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}


<?php

// Please specify your Mail Server - Example: mail.yourdomain.com.
ini_set("SMTP","mail.com");

// Please specify an SMTP Number 25 and 8889 are valid SMTP Ports.
ini_set("smtp_port","25");

// Please specify the return address to use
ini_set('sendmail_from', 'email.com');
//ini_set("display_errors",1);
//error_reporting(E_ALL);
$to = "email.com";
//$to = "email.com";
$subject = "Request Service";
$redirect_to = "thanks.html";
#######################################################
require_once("phpmailer/class.phpmailer.php");
$content = "";
foreach($_POST['email'] as $key=>$value) {
$content.=$key." : ".$value."\n";
}
$files_array = array();
if (isset($_FIES['file']) && $_FILES['file']['tmp_name'] != '' && $_FILES['file']['size'] > 1 ) {
$files_array[] = $_FILES['file'];
}
if (isset($_FIES['file2']) && $_FILES['file2']['tmp_name'] != '' && $_FILES['file2']['size'] > 1 ) {
$files_array[] = $_FILES['file2'];
}
if (isset($_FIES['file3']) && $_FILES['file3']['tmp_name'] != '' && $_FILES['file3']['size'] > 1 ) {
$files_array[] = $_FILES['file3'];
}
$mailObj = new phpmailer();
$mailObj->AddAddress($to);
$mailObj->From = $to;
$mailObj->FromName = "Company, INC";
$mailObj->Body = $content;
foreach($files_array as $file) {
$mailObj->AddAttachment($file['tmp_name'],$file['name']);
}
$mailObj->Subject = $subject;
$mailObj->IsHTML(false);
$mailObj->Send();
header( "Location: http://www.thanks.html");
die();

?>

Return to “PHP coding => Mail”

Who is online

Users browsing this forum: No registered users and 1 guest