Haluk Karamete <halukkaramete@xxxxxxxxx> hat am 17. Januar 2012 um 04:51 geschrieben: > Let' say we have a form mailer script, which takes any form ( whose > action is directed to it ) and goes thru the submitting form's fields > list ( programmatically) , to build a nice email on the fly and email > the build up string to the email address that's coming in the hidden > field. Let's say that's the case... > > And you do not want everyone to use this form mailier functionality. > What's the best way to protect it? Summed up there is no 100% secured way of building such a workflow. As you said, everyone can modify the referer. Captchas can hold back robots, but no real person who misuses your form. You should not write the recipients email address in a hidden form, but instead read it from a config file. This way you can make sure, that no one alters it. Although this won't stop anyone from using the mailform. You can implement session/cookie/ua/ipbased lockings to prevent mass mailing. You can use a hidden token generated by your system, passed as hidden value to the form, which is checked upon submit. That way you can make sure, that no double submitting is allowed. But as I stated earlier, there is no 100% protection. Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: marco@xxxxxxxxxx Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
