I have a simple contact form for a restaurant that's then emailed when submitted. What are some things I can do to ensure the form isn't abused? Such as a user sending multiple emails over and over, or it being hijacked to send spam elsewhere.
Here's the php script:
<?
$name = $_POST['name'];
$organization = $_POST['org'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$date = $_POST['datepicker'];
$guests = $_POST['guests'];
$comments = $_POST['comments'];
$events = $_POST['events'];
// A copy of this event email will go to the user who made the request
$recipient = "$email";
// Email address of who this email will appear to be from
// This email address must exist on the server or it may not be sent through
$from = "no-reply@website.com";
// Email subject line
$subject = "Private Event";
// The name that will show for the 'from' address above
$headers = "From: Restaurant <$from>\r\n";
// Address of the event planner. Who this form should be sent to.
$headers .= "Bcc: mgmt@website.com \r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$msg = '<style type="text/css">body{background:#cccccc;}table{width:400px;font-family: verdana;font-size:11px;color:#333333;border-width:1px;border-color:#666666;border-collapse: collapse;}'.
'table td{width:50%;border-width: 1px;padding: 8px;border-style: solid;border-color: #666666;background-color: #eeeeee;}'.
'h1{color:#7f2e19;}h3{color:#c0b79d;}</style>'.
'<center><div style="width:440px;background:black;"><br/><h1>3 Fires Lounge<h1><h3> - Private Event - </h3>'.
'<table><tr><td><b>Name</b></td><td>'.$name.'</td></tr>'.
'<tr><td><b>Organization</b></td><td>'.$organization.'</td></tr>'.
'<tr><td><b>Phone</b></td><td>'.$phone.'</td></tr>'.
'<tr><td><b>Email</b></td><td>'.$email.'</td></tr>'.
'<tr><td><b>Date of Event</b></td><td>'.$date.'</td></tr>'.
'<tr><td><b>Guest Count</b></td><td>'.$guests.'</td></tr>'.
'<tr><td><b>Event Type</b></td><td>'.$events.'</td></tr>'.
'<tr><td colspan="2"><b>Additional Comments:</b><br/><br/>'.$comments.'</td></tr></table><br/><br/></div></center>';
//Address in last parameter should match the $from address above
$success = mail($recipient, $subject, $msg, $headers, '-f no-reply@website.com');
// Redirect to home page after 5 seconds
header( "refresh:5;url=../" );
?>