Can I know what this does?

PHP
1

I bought a template, I was looking through it and have never seen this thing before & like its effect…
So I have a form
http://www.ronisvonhelms.com/index.php

<form action="?email=attempt" method="post">

whose actrion is wierd, once the $_GET variable is set, here is the PHP script

<?php

if ($_GET["email"] == "attempt"){
  $to='lurtnowski@gmail.com';
  $messageSubject='RonisVonHelms Contact Form';
  $confirmationSubject='Confirmation message subject';
  $confirmationBody="Confirmation message body";
  $email='';
  $body='';
  $displayForm=true;
  $phone = $_POST['phone'];

  if ($_POST){
    $email=stripslashes($_POST['email']);
    $body=stripslashes($_POST['body']);
    // validate e-mail address
    $valid=eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$email);
    $crack=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$body);

	
	    if ($email && $body && $valid && !$crack){
      if (mail($to,$messageSubject,$body,'From: '.$email."\r\n")
      && mail($email,$confirmationSubject,$confirmationBody.$body,'From: '.$to."\r\n")){
   
?>

<?php header( 'Location: ?v=success' ) ; ?>
<?php
        echo '<p>'.htmlspecialchars($body).'</p>';
      }else{ // the messages could not be sent
?>
<?php header( 'Location: ?v=servererror' ) ; ?>
<?php
      }
      }else if ($crack){ // cracking attempt
?>
<?php header( 'Location: ?v=hacker' ) ; ?>
<?php
    }else{ // form not complete
?>
<?php header( 'Location: ?v=fail' ) ; ?>
<?php
   }
  }
}
?>

Thanks
I tried to test it, but am, not getting the email, is there something wrong with the script?

2

eregi is antiquated and unlikely to be supported much longer

just running stripslashes on the email and body are not really confirming that either is valid

the validation for email is very poor - 99% of possible email addresses will be rejected as invalid - using the validation filter would be a lot better

also are you sure your hosting still supports using mail() as many now want you to use something more secure

3

k, I get rid of the ereg stuff, what is more secure than mail()?

http://phpmailer.worxware.com/

4

Use PHPMailer to send emails via SMTP server

5

thx

I’m using mail(), but is PHP Mailer more secure?

6

I guess so.
mail() is just a wrapper around console command, so you have to check lots of factors to make it secure (otherwise someone can execute something bad on your system)
PHPMailer makes all that checks for you and also it allows you to use SMTP server (eg. smtp.gmail.com, what is more secure by default)

7

It is if you use SMTP - some web gosts disable mail() from sending outside of the server and insist on you using SMTP for email to be sent to others as this makes their overall hosting environment more secure and their mail servers are less likely to be blacklisted as the origin of the emails is clearly identified in the wrapper around the email.

8

just trying to get mail() to work then will switch over to PHPMailer

changed the email field to use there validatioon, ok?

<input class="text" name="email" id="email" type="email" required="required" value="lurtnowski@gmail.com" />

Instead of the outdated method, but the emails dont appear to be sending, even though it says they are

1920×1080 603 KB

I’m trying to figure out where that message even comes from

9

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.