Hi all,
i have a php form that i use on websites for their contact forms.
it uses basic php mail send.
i have just received a couple of emails that were sent using the form, but i feel didnt get sent via the website. i.e. i think that they created a form which referenced to my form and used it remotely.
below is the code in the php form. is there any way to only allow access to the form from the server it is held on?
please note that i have removed our information i.e. our domain name etc.
also, the form works fine, we just need to lock it down.
<?php
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
exit('No direct Access is allowed');
}
$to = 'info@domain.com';
$from = $_POST['email'];
$subject = 'WEBSITE CONTACT FORM RE: - '.$_POST['subject'];
$subject2 = $_POST['subject'];
$message = $_POST['message'];
$content = "
This Email was generated from the domain.com website in regards to:</br>
$subject2</br></br>
Please contact me about the following: </br>
$message";
$header = "MIME-Version: 1.0" . "\r\n";
$header .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$header .= "From: $from" . "\r\n";
$header .= "Reply-To: $from" . "\r\n";
/*$header .="X-Mailer: PHP/" . phpversion();*/
/* ----------------- BELOW IS THE AUTO RPLY EMAIL SENT TO THE CONTACT ----------- */
$ccto = $_POST['email'];
$ccfrom = "NOREPLY@domain.com";
$ccsubject = "Autoreply from the domain.com website";
$ccsubject2 = $_POST['subject'];
$ccmessage = $_POST['message'];
$cccontent = "
Please DO NOT respond to this email. the address it goes to does NOT get checked </BR></BR>
Please note that your email has been received and </br>
we will contact you as soon as possible about your enquiry.</br></br>
The following has been sent to us from the webform:</br></br>
------------------------------------------------------------- </br>
This Email was generated from the domain.com website in regards to:</br>
$ccsubject2</br></br>
Please contact me about the following: </br>
$ccmessage </br></br>
------------------------------------------------------------- </br> </br>
Regards</br>
me";
$ccheader = "MIME-Version: 1.0" . "\r\n";
$ccheader .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$ccheader .= "From: $ccfrom" . "\r\n";
$ccheader .= "Reply-To: $ccto" . "\r\n";
if(mail($to,$subject,$content,$header)){
if(mail($ccto,$ccsubject,$cccontent,$ccheader)){
echo ("<font color=#000099 size=6px valign=center>".'Email Sent' . "<font color=#000000 size=4px valign=center>".'</br>Please Click below to return to the c4i' . "<font color=#000099 size=4px valign=center> <a href=http://www.domain.com/contactus.html>".'</br> Return');
} else {
echo ("Error, mail not sent, Please the click the back button and try again.");}}
else {
echo ("Error, mail not sent, Please the click the back button and try again.");}
?>
thanks in advance
Jason