Help with simple email script please

Dynamo

Hi

I have used the following script within a simple form email to prevent the form
being used from an external url.
<?php
$referer = $_SERVER['HTTP_REFERER'];
// Get the URL of this page
$myurl= "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_UR I"];
// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
if ($referer != $myurl) {
echo "You do not have permission to use this script from another URL.</br>";
echo "Referer = $referer </br>";
echo "This url = $myurl</br>";
exit;
}
?>
I added the last 2 echo statements to see why there was always a mismatch and
the email was never sent and found that:
$referer = http://mydomain/myemailscript.php
while
$myurl = http://mydomain

I can easily get round the problem by amending as follows:

$myurl=$myurl . "/myemailscript.p hp" but is this correct? Is
$_SERVER['HTTP_REFERER'] returning correctly?

Regards
Dynamo

Jul 17 '05 #1

Subscribe Reply

1726

iMedia

I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is
not reliable.

$myurl could be more reliable if you use:

if (!isset($_SERVE R['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] =
$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
}

$myurl =
"http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];

A great resource:
http://us2.php.net/reserved.variables

This is one I use:
$page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if (!eregi($page, $_SERVER['HTTP_REFERER'])){
echo "You are not authorized...";
}

function eregi() helps to find the important "needle" in the string
http://us2.php.net/manual/en/function.eregi.php

Jul 17 '05 #2

iMedia

Jul 17 '05 #3

Tim Van Wassenhove

In article <11************ **********@z14g 2000cwz.googleg roups.com>, iMedia wrote:

I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is
not reliable.

$myurl could be more reliable if you use:

if (!isset($_SERVE R['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] =
$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
}

following this group, i once saw this one:

function geturl()
{
$ports = array('https' => 443, 'http' => 80);
$prefix = empty($_SERVER['HTTPS']) ? 'http' : 'https';
$url = $prefix;
$url .= $_SERVER['SERVER_PORT'] != $ports[$prefix] ? ':' . $_SERVER['SERVER_PORT'] : '';
$url .= '://';
$url .= $_SERVER['HTTP_HOST'];
$url .= $_SERVER['REQUEST_URI'];
return $url;
)
--
Met vriendelijke groeten,
Tim Van Wassenhove <http://www.timvw.info>

Jul 17 '05 #4

Similar topics

2278

Help: Object Expected error

by: TAM | last post by:

Hi, I have a simple JavaScript code that ensures that all the form fields are filled and there is also a function that checks if the email is a valid address. For some reason IE is giving "Object Expected" error on the alert statement. The same code doesn't give an error in NN or Opera or Mozilla or FireFox. Can someone give me a clue as what could be wrong here?

Javascript

2142

help me! I give up with the javascript I wrote to validate a simple form :-(

by: francisco lopez | last post by:

ok , first of all sorry if my english is not so good, I do my best. here is my problem: I don´t know much javascript so I wrote a very simple one to validate a form I have on my webpage. could you please have a look at the following script: ------------------------------------------------------------

Javascript

5463

Cannot use mail() in IE, only works in a debugger--help

by: baustin75 | last post by:

Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie only when debugging in php designer 2005 -------------------------------------------------------------------------------- Hello, I have a very simple problem but cannot seem to figure it out. I have a very simple php script that sends a test email to myself. When I debug it in PHP designer, it works with no problems, I get the test email. If

PHP

1798

HELP - Not recognizing VB Sub's

by: Marc Violette | last post by:

<Reply-To: veejunk@sympatico.ca> Hello, I'm hoping someone can help me out here... I'm a beginner ASP.NET developper, and am trying to follow a series of exercises in the book entitled "Microsoft ASP.NET Step By Step" by Microsoft Press. When I try to display *any* ASP.NET page with a Sub() somewhere, I get the following error:

ASP.NET

4877

Help with form validation with gen_validatorv2.js (desperate)

by: this one | last post by:

I have the following code <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" src="..\include\gen_validatorv2.js" type="text/javascript"></script> </head>

Javascript

4858

Need help preventing spammers in guestbooks

by: capb | last post by:

Hello, This is my first post, and any help would be greatly appreciated. I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able to modify the php script to eliminate posts containing www and http which solved the problem for a while, but the spammers are back in full force. I need to add a security measure to eliminate the spam, but I don't want it to bee too obtrusive. I...

PHP

1919

Bad Code (that works) help me re-write!

by: Matthew Warren | last post by:

I have the following piece of code, taken from a bigger module, that even as I was writing I _knew_ there were better ways of doing it, using a parser or somesuch at least, but learning how wasn't as fun as coding it... And yes alarm bells went off when I found myself typing eval(), and I'm sure this is an 'unusual' use of for: else: . And I know it's not very robust. As an ex cuse/planation, this is what happens when you get an idea in...

Python

2015

Need help with $_POST

by: lovinlazio9 | last post by:

I've just started messing around with PHP and believe it or not its extremely frustrating haha. Anyway, I wanted to make a simple input form that would display the info after submitting it... The script is a simple html script, which calls a php script passing it the variables which it got by the forms: **************HTML doc. named "insert.htm"************************ <html> <head> <title>HTML Form</title>

PHP

5558

VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help

by: gunimpi | last post by:

http://www.vbforums.com/showthread.php?p=2745431#post2745431 ******************************************************** VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help wanted ******************************************************** For this teeny job, please refer to: http://feeds.reddit.com/feed/8fu/?o=25

Microsoft Access / VBA

2296

Help with simple form parse & email

by: simononestop | last post by:

Hi im totally new to perl this is my first go at using it (I normally use asp). I have set up a form with a cgi script from demon hosting. I have edited the script and the form works it sends me an email. however all the information is missing form the email I only get the first form text field?? #!/bin/perl # ------------------------------------------------------------

Perl

8428

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8629

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7360

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6181

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5650

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4338

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2757

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

1982

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

1739

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General