php mailto with security measures

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • Andy128
    Major General

    • Dec 2005
    • 2317

    php mailto with security measures

    Greetings and good morning!,

    After much work - I have finished a tutorial on adding creating a php mailto system that incorporates security measures to prevent form hijacking, field validation with specific error reporting that uses one page.
    hit can be found here;


    My goal was to break it down as simple as one can get this topic. Time will tell. If anyone has suggestions on improvements- please let me know.

    I have kept the other tutorials inplace with appropriate warnings on improving form security.

    Thanks to Amanda and David for you valued input, and thanks to Watdaflip for the technical help.

    Cheers,

    Andy
    PHP- is a blast!
  • navaldesign
    General & Forum Moderator

    • Oct 2005
    • 12080

    #2
    Re: php mailto with security measures

    Excellent work!. I beleive that in time you can take it a little further: for example, do not limit the text area: just make sure that the script replaces the @ with f.e. "AT" . Even if the webmaster writes the info in a database, it will not be of any harm, while at the same time absolutely preventing injecting the text area. For the other fields, you can combine @ replacement and lenght control.

    I personally dislike the "echo" of the error in a white page, for aesthetic reasons. I prefer single error pages, or i would like ONE error page, and creating an error array which would display all the errors together, then implementing a BACK button which would take the visitor back to the form.
    Last, a session control or a referer piece of code, (to check if the info was submitted from your form or from other site) would be great for security.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

    Comment

    • Andy128
      Major General

      • Dec 2005
      • 2317

      #3
      Re: php mailto with security measures

      Thanks Navaldesign! Watdaflip and I worked on getting the ereg_replace or str_replace to work but it would not work unless you declared the variables inthe mailbody. Trying to keep with script simplicity- I went with limiting. But I agree- replacing would be better.

      I also agree with the seperate error pages- Matrixxxxxx1 modified this tutorial to have seperate error pages and I am going to add instruction on how to do this to the tutorial (replace echo with header(Location:........).

      I will have another look at incorporating the referer script.

      Thanks again my friend!

      Andy
      PHP- is a blast!

      Comment

      • Andy128
        Major General

        • Dec 2005
        • 2317

        #4
        Re: php mailto with security measures

        All-

        Number one complaint was generic Error reporting page. That is fixed.
        Now you can create an error page with BV and custom make it to match your site.

        Happy web building!!!

        Andy
        PHP- is a blast!

        Comment

        • Girlonthehill
          General

          • Oct 2005
          • 4193

          #5
          Re: php mailto with security measures

          Excellent work, Andy! Thank you so much - it will be an absolute boon to many, many members. You're a star.

          VodaHost

          Your Website People!
          1-302-283-3777 North America / International
          02036089024 / United Kingdom
          291916438 / Australia

          ------------------------

          Top 3 Best Sellers

          Web Hosting - Unlimited disk space & bandwidth.

          Reseller Hosting - Start your own web hosting business.

          Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


          Comment

          • Girlonthehill
            General

            • Oct 2005
            • 4193

            #6
            Re: php mailto with security measures

            Hey Andy!

            I've just used your tutorial to help me build a simple contact form - it worked like a dream! Thank you!

            VodaHost

            Your Website People!
            1-302-283-3777 North America / International
            02036089024 / United Kingdom
            291916438 / Australia

            ------------------------

            Top 3 Best Sellers

            Web Hosting - Unlimited disk space & bandwidth.

            Reseller Hosting - Start your own web hosting business.

            Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


            Comment

            • matrixxxxxx1
              Captain

              • Apr 2006
              • 221

              #7
              Re: php mailto with security measures

              Andy

              Your tutorial is awsome. Very simple to follow. Thnx again for sharing.

              I have a question for you.

              If I wanna incoporate a Character Counter at the bottom of my comments. Is that a hard task?

              For example at the top of the comment box I would mention the (max characters 300) for example

              At the bottom It would be nice to have a box set at 300 characters and as the customer types it minuses off that number and lets them know how many characters are remaining.

              Am i asking for too much....heh
              Just an idea.


              Mike
              http://www.atexflooring.ca
              http://www.newfloor.ca

              Comment

              • Andy128
                Major General

                • Dec 2005
                • 2317

                #8
                Re: php mailto with security measures

                Matrixxxxxx1-
                I will look into that- it is a great idea! I'll let ya know what I find out.

                Thanks again Amanda!

                Andy
                PHP- is a blast!

                Comment

                Working...
                X