Overview
Binary Systems Design is your complete internet solution for website design, development and consulting. If your looking to establish your presence on the internet or, for a face lift of your current website your needs are only one phone call or email away. As a freelance developer the buck stops with me. Your website will be designed from the ground up with an emphasis on expandability and solid coding practices so your website can grow with your needs.
I’ll help you determine the best solution for your project whether its a basic brochure type website or a database driven CMS (content management system). Quality project completion on schedule within specifications is the foundation of BSD.
I operate out of St. Louis, MO and serve clients in other locations across the country. Geographic co-location is not a prerequisite to successfully complete and maintain your website. All of your needs can be met through email or over the phone. If your business is in the St. Louis area I also can work with you on-site when needed.
Protect your forms from hijackers May 1st, 2008
The topic of protecting your forms from spammers looking to hijack your form mail is old and has been kicked around extensively . As a relatively new developer (2 years at the time of writing) I remember looking for a quick easy solution to protect form mails, so here it is.
A large portion of the spam found on the internet runs through ISPs in China. So not only are they doing a wonderful job at adding large amounts of lead to consumer products they are also responsible for hosting those wonderful messages that greet you in your inbox. One of the most notorious of these ISP’s is chinanet.
Because reputable hosting companies do not allow spam to go through their mail servers the spammers use your own php mail forms to send their wonderful greetings across the globe. Some of them are sophisticated enough to only send a small portion of mail through your form each day to keep the hosting company from flagging it. Once they find your unsecured form they will not let up.
They achieve this by injecting their own headers into your text fields to include a list of recipients and the message. The easiest way to prevent them from doing this is to check the fields for strings used to add these headers with a regular expression. What we are looking for are newline characters, hard returns, their coded equivalents, content-type, to:, cc: and bcc:.
We simply create a function that checks for these inputs and stops the script.
function fieldCheck($data) { if (eregi("(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)", $data)) { die ('Sorry, no spammers allowed.'); } }
Now for each field text field you have in your mail form you simply run the variable through this function. For example you will probably have at least two text fields for the user to enter their name and email address.
<form> <p>Name:<input type="text" name="name" size="30" /></p> <p>Email: <input type="text" name="email" size="30" /></p> <textarea name="msg"></textarea> </form>
Prior to running your mail() function simply insert the name attributes into the fieldCheck() function we created.
fieldCheck(name); fieldCheck(email);
This is of course not the only method you should apply to validating email forms but its one of the tools you can use. You should also restrict the length of the strings to a reasonable value. There is no reason to allow more than say 40 chars for each of these values. There are also plenty of more robust solutions available as open source.
