Hi folks,
now i have my form up and running, i would like to get it protected against spammers. I did a google on it but it seems hard for me as a newbie to get it right so i ask for your advice.
Would the following code, inserted after the mail() function work?
$dodgy_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);
function is_valid_email($email) {
return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);
}
function contains_bad_str($str_to_test) {
$bad_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"Content-Transfer-Encoding:"
,"bcc:"
,"cc:"
,"to:"
);
foreach($bad_strings as $bad_string) {
if(eregi($bad_string, strtolower($str_to_test))) {
echo "$bad_string found. Suspected injection attempt - mail not being sent.";
exit;
}
}
}
function contains_newlines($str_to_test) {
if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
exit;
}
}
if($_SERVER['REQUEST_METHOD'] != "POST"){
echo("Unauthorized attempt to access page.");
exit;
}
if (!is_valid_email($email)) {
echo 'Invalid email submitted - mail not being sent.';
exit;
}
contains_bad_str($email);
contains_bad_str($subjectline);
contains_bad_str(body);
contains_newlines($email);
contains_newlines($subjectline);TIA
