secure tell a friend...

[Mouse77e]

Hi all,

My php skills are ok, and I thought I’d got things sorted but… my site will be heavily dependant on word of mouth for its proliferation so I used a “tell-a-friend” script. Put it on line and 12 hours later my first spammer hit and I took the script offline!

So, does anyone have any suggestions, scripts, ideas on how a script can be made more secure?

To be honest I am now getting bogged down with work on other areas of the site and could use a ready-made script…

Many thanks

Mouse

[pcthug]

Well rather then start from scratch, could you post your current “tell-a-friend” script and we will see what we can do.

[LiLcRaZyFuZzY]

yes, post the script
and tell us what kind of spam it was

[Mouse77e]

Code:

<b>Tell a friend about our site!</b>
<p>
<?php
If ($to_email && $message && $subject) {$to = "\"$to_name\" <$to_email>";
$from = "\"$from_name\" <$from_email>";
$to = str_replace("\\'", "'", $to);
$from = str_replace("\\'", "'", $from);$subject = str_replace("\\'", "'", $subject);
$message = str_replace("\\'", "'", $message);
mail($to, $subject, $message, "From: $from\nX-Mailer: My Website");
echo "Mail message sent : \nTo : $to\nFrom : $from\nSubject : $subject\nMessage : $message";
exit; } ?>

<form action=<?php echo $PHP_SELF; ?> METHOD=POST>
To (Friend's name): <input type=text name=to_name>
<br>
To (Friend's email): <input type=text name=to_email>
<br>
From (Your name): <input type=text name=from_name>
<br>
From (Your email): <input type=text name=from_email>
<br>
Subject : <input type=text name=subject>
<p>
Message: <textarea name=message cols=60 rows=10>
Hi!

I found this page and thought you'd be interested.

Link:
<? if (empty($HTTP_REFERER)) { $referrer = 'No referrer reported'; } else { $referrer = $HTTP_REFERER; } echo $referrer; ?>
</textarea>
<p>
<input type=submit value=Mail></form>

as you can see (as di i NOW) this is a very basic script... i added a few tweaks and CSS but this is the basic starting block... again any help greatfully recieved.

Mouse