Jump to content

Using mail() securely


galtech
 Share

Recommended Posts

Hi, I have a HTML form that includes a captcha code which is generated using a PHP script. I have tested sending the form using the correct code and the incorrect code and I can confirm that the form only sends when I type the correct code. I still suspect there is a security hole somewhere in my script that I have not seen. I would be very grateful If anyone has any advice on how I can write more secure PHP scripts. The code is below and a test page is available here: http://demo.peterheylin.com/footfall/castle/contact.html

<?phpsession_start();if ($_REQUEST["tt_pass"]){if ($_REQUEST["tt_pass"] == $_SESSION["tt_pass"]){$name = $_POST['name'];$email = $_POST['email'];$phone = $_POST['phone'];$msg = $_POST['msg'];$security = $_POST['tt_pass'];$castle_email = "";$test_email = "";$headers = "From: $name <$castle_email>";$subject = "Enquiry";$message = "Sender: " .$name. "\nEmail: " .$email. "\nPhone: " .$phone. "\nMessage: " .$msg;   mail($test_email,$subject,$message,$headers);     echo "message sent.";  }else{			  echo "<b>passphrase incorrect</b>. Your message has not been sent. <br />";	    }    }?>

Thanks, galtech

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...