SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Oct 2006
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    flash/php comment form

    Hi there.

    I have a comment form on my site which has fields with var names of "from", "email" & "comments". The submit button has the following actionscript applied:

    Code:
    on (release) {
    	if (!_parent.email.length || _parent.email.indexOf("@") == -1 || _parent.email.indexOf(".") == -1) {
    		gotoAndPlay(20);
    	} else if (!_parent.comments.length) {
    		gotoAndPlay(20);
    	} else if (!_parent.from.length) {
    		gotoAndPlay(20);
    	} else {
    		form.loadVariables("http://www.********.co.uk/temp/send.php","POST");
    		gotoAndPlay(46);
    	}
    }
    The php is:
    PHP Code:
    <?php 
    $name 
    $_POST['from']; 
    $email $_POST['email']; 
    $message $_POST['comments']; 
    $emailaddress $_POST['michellehughes@********.co.uk']; 
    $emailmessage "Name: $name \n\n E-Mail Address: $email \n\n Message: $message"mail($emailaddress"Message"$emailmessage); 
    ?>
    Now, the gotoAndPlay actionscripts seem to work fine, but no email is sent, leading me to conclude that its either the form.loadVariables bit of the AS, or the php. Can anyone shed any light on this please?

    (Apologies for being such a noob but I have literally spent my whole day on this so far to no avail...)

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Code php:
    $emailaddress = 'michellehughes@********.co.uk';

    And do some research on email header injections, won't hurt.
    Saul

  3. #3
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Take Flash out of the flow for the moment and use a form to post the variables to the PHP. That will allow you to check the PHP part.

    One thing to note about PHP and mail that is a very common problem.

    Sending mail with PHP, isn't as simple as sending post values to the mail() function anymore.

    The mail function, simply formats the input you feed it into a MIME format message, does minimal filtering and checking, and then transfers the message to an MTA (mail transfer agent) like Sendmail, Exim or Postfix.

    After that transfer is complete, PHP can give no further indication of anything that may go wrong.

    After the message leaves the server, it can go through numerous routers, servers and spam filters before reaching it's destination. An outage at any stage, or rejection by a filter can make a message disappear.

    In order to get through the filters, you would need to add additional headers. What headers to include, is almost a black art. I would recommend using PHPMailer or similar class for mailing.

    If you must do it yourself, one of the most important headers is the return path. Return-Path is an email address, where bounced mail goes. Obviously, if you're a spammer, you don't want bounced mails, so you wouldn't use that header, or put a bogus email address in it. Filters check for that.

    All this won't matter if you get your IP or domain on a blacklist. This could easily happen via PHP mail injection (search for it on Google). It doesn't matter if Flash is the intended submission method, a spammer will likely just use a bot and POST.

    Protect against injection but do it by rejecting the submission outright if injection is detected. There is no point in filtering bad input out and sending the mail anyway. The spammer thinks, at least for a while, that their hacking attempt worked and you or whoever receives the mail will get junk.

  4. #4
    SitePoint Member
    Join Date
    Oct 2006
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks, have changed the php but still no email.

  5. #5
    SitePoint Member
    Join Date
    Oct 2006
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cross posted with hammer.. will check this lot out, cheers!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •