Is this safe?

Craig321 · 1 Mar 2006 at 20:33

Hi,

Just wondered if this is safe?:

index.php:
normal form, nothing special - just some nice css, submits to sendmail.php

sendmail.php:

Code:

<?
  $name = $_POST['name'];
  $domain = $_POST['domain'];
  $email = $_POST['email'];
  $space = $_POST['space'];
  $bandwidth = $_POST['bandwidth'];
  $dailyUnique = $_POST['dailyUnique'];
  $pageRank = $_POST['pageRank'];
  $description = $_POST['description'];
  
  //CONFIG
  include "config.php"
  
  if(empty($name)){
	echo 'Please make sure you entered your name';
  }
  
  elseif(empty($domain)){
	echo 'Please make sure you entered your domain name';
  }
  
  elseif(empty($email)){
	echo 'Please make sure you entered your email address';
  }
  
  elseif(empty($space)){
	echo 'Please make sure you entered the ammount of space your website requires';
  }
  
  elseif(empty($bandwidth)){
	echo 'Please make sure you entered the ammount of bandwidth your website users';
  }
  
  elseif(empty($dailyUnique)){
	echo 'Please make sure you entered the ammount of unique visitors you get daily';
  }
  
  elseif(empty($description)){
	echo 'Please go back and enter a website description';
  }
  
  else {
  $headers  = 'MIME-Version: 1.0' . "\r\n";
  $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

  $headers .= "From: $name <$email>";
  
  foreach ($_REQUEST as $key => $val) {
	if ($key != "from_email" && $key != "from_name") {
		$body .= $key . " : " . $val . "\r\n";
	}
  }  
  
  if(mail($to, "Sponsor request", $message, $headers)){
	header("Location: ".$thxEmail);
  }
  }
?>

config.php:

Code:

<?

  $to = "[email protected]";
  $thxEmail = "thxEmail.php";
  $message = "<style>body{font-family:Verdana; font-size:10px;}</style>
		 <table border=\"1\" cellspacing=\"2\" cellpadding=\"2\">
			 <tr><td>Name:</td><td>$name</td></tr>
			 <tr><td>Domain name:</td><td> $domain</td></tr>
			 <tr><td>Email address:</td><td> $email</td></tr>
			 <tr><td>Space used:</td><td> $space</td></tr>
			 <tr><td>Bandwidth used:</td><td> $bandwidth</td></tr>
			 <tr><td>Daily uniques:</td><td> $dailyUnique</td></tr> 
			 <tr><td>Page rank:</td><td> $pageRank</td></tr>
			 <tr><td>Description:</td><td> $description</td></tr>
		 </table>";
	
?>

Thanks,
Craig.

Craig321 · 1 Mar 2006 at 22:32

What can I do to make it safe please?

Thx
Craig.

Craig321 · 1 Mar 2006 at 22:58

Even if I renamed it to diufheuifhweiufh.php people could still find it just by looking at source of the page with the form on

Is this safe?: http://www.safalra.com/programming/php/contactform/

If so then I'll take examples from that to make mine safe.

Thanks
Craig.

Craig321 · 1 Mar 2006 at 23:11

Ok,cool, so will the above script in the link I gave avoid all this?

Thanks
Craig.

Craig321 · 1 Mar 2006 at 23:37

OK, I'll look into making an image validation

Thanks
Craig.