www.webdeveloper.com
Results 1 to 3 of 3

Thread: Blank Contact Form Submission - Suspected SPAM

  1. #1
    Join Date
    Sep 2010
    Posts
    36

    Blank Contact Form Submission - Suspected SPAM

    Hello all,

    I have a contact form on my website and I keep getting blank submissions from it which I suspect are SPAM.

    Here is the php code I use to stop SPAM, can anyone see where it is going wrong or suggest what can be added to stop these blank submissions.

    <?php
    $to = "info@mydomain.co.uk";
    $subject = "Customer Contact Phone";
    $body = $_POST["realname"];
    $body .= "\n";
    $body .= $_POST["number"];
    $email = "info@mydomain.co.uk";

    function is_valid_email($to) {
    return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $to);
    }

    function contains_bad_str($str_to_test) {
    $bad_strings = array(
    "content-type:"
    ,"mime-version:"
    ,"multipart/mixed"
    ,"Content-Transfer-Encoding:"
    ,"bcc:"
    ,"cc:"
    ,"to:"
    );

    foreach($bad_strings as $bad_string) {
    if(eregi($bad_string, strtolower($str_to_test))) {
    echo "$bad_string found. Suspected injection attempt - mail not being sent.";
    exit;
    }
    }
    }

    function contains_newlines($str_to_test) {
    if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
    echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
    exit;
    }
    }

    if (!is_valid_email($to)) {
    echo 'Invalid email submitted - mail not being sent.';
    exit;
    }

    contains_bad_str($email);
    contains_bad_str($subject);
    contains_bad_str($body);
    contains_bad_str($to);

    contains_newlines($email);
    contains_newlines($subject);
    contains_newlines($to);

    $headers = "From: $email";
    mail($to, $subject, $body, $headers);
    echo "";
    die();
    ?>

    Thanks in advance for any help with this!

    Kind regards, Mike

  2. #2
    Join Date
    Mar 2010
    Posts
    672
    If they're blank just test that the string length (using strlen() ) is greater than 0, else trigger an error.

  3. #3
    Join Date
    Sep 2010
    Posts
    36
    Hi Jarrod, thanks very much for the reply.

    I'll do some research on strlen() and give it a go! I'm new to all this so may have to post back if I can't get it to work!

    Thanks again,

    Mike

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles