Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Dec 2002
    Location
    earth, usa, az
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts

    php mail() flood control

    Guys/gals - I have an issue.

    I have a php mail() form, where its basically just name/email/phone/msg and I keep getting flooded with like 300 - 1000 something emails when somebody sends something.

    I need to know what code to throw in there to eliminate this from happening... some sort of flood control persay.

    thanks in advance.

    rYno

  • #2
    Regular Coder
    Join Date
    Mar 2004
    Posts
    115
    Thanks
    0
    Thanked 0 Times in 0 Posts
    post the mail form script

  • #3
    New Coder
    Join Date
    Dec 2002
    Location
    earth, usa, az
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?
    $form_block 
    "
    <form method=\"POST\" action=\"$_SERVER[PHP_SELF]\">
    <p><strong>Your name:</strong><br />
    <input type=\"text\" name=\"sender_name\" value=\"$_POST[sender_name]\" size=30></p>
    <p><strong>Your E-Mail Address:</strong><br />
    <input type=\"text\" name=\"sender_email\" value=\"$_POST[sender_email]\" size=30></p>
    <p><strong>Message:</strong><br />
    <textarea name=\"message\" cols=30 rows=5 wrap=virtual>$_POST[message]</textarea></p>
    <input type=\"hidden\" name=\"op\" value=\"ds\">
    <p><input type=\"submit\" name=\"submit\" value=\"Send This Form\"></p>
    </form>"
    ;

    if (
    $_POST[op] != "ds") {
       
    // show form
       
    echo "$form_block";
    } else if (
    $_POST[op] == "ds") {
       
    // check value of $_POST[sender_name]
       
    if ($_POST[sender_name] == "") {
       
    $name_err "<div class=\"error\" align=\"center\">The Name field was left Blank</div><br />";
       
    $send "no";
       }
       
    // check value of $_POST[sender_email]
       
    if ($_POST[sender_email] == "") {
       
    $email_err "<div class=\"error\" align=\"center\">The Email field was left Blank</div><br />";
       
    $send "no";
       }
       
    // check value of $_POST[message]
       
    if ($_POST[message]== "") {
       
    $message_err "<div class=\"error\" align=\"center\">You did not enter a Message</div><br />";
       
    $send "no";
       }
       if (
    $send != "no") {
       
    // it's ok to send, so construct the mail
       
    $msg "E-MAIL SENT FROM WWW SITE\n";  //  body text build
       
    $msg .= "Sender's name:    $_POST[sender_name]\n";
       
    $msg .= "Sender's E-Mail:  $_POST[sender_email]\n";
       
    $msg .= "Message:          $_POST[message]\n\n";

       
    $to "sales@mydomain.com";
       
    $subject "Contact Form";
       
    $mailheaders "From: $_POST[sender_email]\n";
       
    $mailheaders .= "Reply-To: $_POST[sender_email]\n\n";
       
    // send the mail
       
    mail($to$subject$msg$mailheaders);
       
    // display confirmation to user
       
    echo "<p>Thank you $_POST[sender_name], your content has been sent!><br />
       A member of our staff will be in contact with you as soon as possible.</p>"
    ;
       } else if (
    $send == "no") {
       
    // print error messages
       
    echo "$name_err";
       echo 
    "$email_err";
       echo 
    "$message_err";
       echo 
    "$form_block";
       }
    }
    ?>

  • #4
    Regular Coder
    Join Date
    Mar 2004
    Posts
    115
    Thanks
    0
    Thanked 0 Times in 0 Posts
    dosent look like theres anything wrong there

    so eitheir server is doing weird ****
    or
    your being spammed
    one way to sort problem would be to log ip address of user ($_SERVER['REMOTE_ADDR']) and limit number of times an ip can send email using your mailer and delette the loggd ips after a amount of time

  • #5
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I don't see anything in your code that would cause that.

    So it's probably a malicious user. Or an inpatient user that keeps hitting reload or so.

    To prevent : there have been numerous threads here about preventing people to submit a form more then x-times:
    - require a login;
    - use cookies.

    I would recommend the cookie appraoch, and only set the persistent cookie when they create/activate their account.
    When they request the form --> check if the cookie was set and register the datetime in the db. When they post the form --> register this in the db. Before processing the form, check when the previous mail was posted.

    Also, set a sessionvariable when the mail was sent. Store the time inthere. At the top of your pocessing code, check if that sessionvar is set and whet the time whas. If it is within the limit you choose (5 minutes or so?) then you don't proces the form.

    Also, include a dynamically generated image with a code that the user needs to copy. Like this one http://www.phpclasses.org/search.htm...arch=1&x=6&y=6

    There are ways around all these, but it will drastically cut down the number of posts.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #6
    New Coder
    Join Date
    Dec 2002
    Location
    earth, usa, az
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok... might have to check in cpanel or whm forums or something...

    I cant use a login form prior to this because this is a contact form on the site - so that would be pretty weird.

    thanks again
    Last edited by ryno267; 03-23-2004 at 12:15 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •