secure email form in PHP

cwesty

macrumors member
Original poster
Oct 22, 2005
50
0
Evening all!

After a recent issue with spam i had to remove my old contact.php page

Can anyone provide info for a secure script? Not necesarilly the code, but a useful link that I can use.

Cheers in advance.
 

Stampyhead

macrumors 68020
Sep 3, 2004
2,294
30
London, UK
cwesty said:
Evening all!

After a recent issue with spam i had to remove my old contact.php page

Can anyone provide info for a secure script? Not necesarilly the code, but a useful link that I can use.

Cheers in advance.
Your best bet would be using regular expressions in PHP to check that the data entered into your email field is a valid email address. In my experience spammers usually hijack this particular field by adding HTML email headers to it so they can gain control of your script. Using regular expressions can make sure that nothing except "something@something.something" is entered in your email field. A good place to look for help on this is the PHP forums on www.sitepoint.com Let me know if you need any more help with this.
 

4np

macrumors 6502a
Feb 23, 2005
963
0
The Netherlands
That could be a solution; however besides the regular expressions you would have to make sure the email address is indeed valid. In my email validation I check for example for mx records of the domain part and a smtp server. There are tricks to ask the receiving smtp server if an email address is valid; however you cannot trust this because most smtp servers return false positives.

I think the best solution would be to check for validity and create a banned word list for example. If then some words from the banlist are found you could either decide to trash the post or (if you send this contact info by email) add some spam headers to your email. You could then use procmail to filter this email to some other mailbox.

...or something... ;)

ps. you can use this regular expression for email validation; it's RFC 2822 compliant: ^([a-zA-Z0-9\.\_\~\+\=\*\'\-]+)@((([a-zA-Z0-9_\-]+)([\.]{1}))+)([a-zA-Z]{2,4})$

ps 2. here is a short article on the matter: http://www.anders.com/projects/sysadmin/formPostHijacking/
 

ChicoWeb

macrumors 65816
Aug 16, 2004
1,120
0
California
I'm not sure what you mean by "Secure"...Do you mean a script that doesn't display your email address??? Theres tons of them. If you want, PM me and I'll show you the way to mine.