Quellcode Analyse (SpamBots)

  • Themenstarter Themenstarter billygeets
  • Beginndatum Beginndatum
B

billygeets

Hallo an alle Fortegschrittene!
Könnte jemnad von Euch mir bei der Analyse eines Email Form Sciripts helfen?
Mich interessiert vorallem in wiefern ist dieser von "SpamBots" angreifbar oder sicher.
Danke im Vorraus

PHP: 
<?php
if(is_array($_POST) && isset($_POST)){
	# Is the OS Windows or Mac or Linux
	if (strtoupper(substr(PHP_OS,0,3)=='WIN')) {
  	 $eol="\r\n";
	} elseif (strtoupper(substr(PHP_OS,0,3)=='MAC')) {
  	 $eol="\r";
	} else {
  	 $eol="\n";
	}
 	$count=0;
	foreach($_POST as $key=>$value){
	 if($key=="recipient"){$recipient=$value;}
	 elseif($key=="subject"){$subject=$value;}
	 elseif($key=="redirect"){$redirect=$value;}
	 else{
	  $count++;
	  if($count % 2 == 0){$color="#e4eff9";}
	  else{$color="#FFFFFF";}
	  $html_text.="<tr bgcolor=\"$color\"><td>$key:</td><td>$value</td></tr>";
	  $text.="$key: $value".$eol.$eol;
	 }
	}
	# Only local Email recipeint allow
	if($recipient!="emaildress@domain.com"){
	 die("Sorry, but this recipient Email: <b>$recipient</b> is not allowed");
	}
	$html_text="<html>
				<head>
				<title>Email Form</title>
				<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
				</head>

				<body bgcolor=\"#e4eff9\">".$subject.date(" (Y/m/d H:i:s)")."
				 <br><table width=\"50%\"cellspacing=\"0\" cellpadding=\"0\">".$html_text."</table>
				</body>
			   </html>";
	$text=$subject.date(" (Y/m/d H:i:s)").$eol.$text;
	# To Email Address
	$emailaddress=$recipient;
	# Message Subject
	$emailsubject=$subject.date(" (Y/m/d H:i:s)");
	# Common Headers
	$headers = "From: domain <emaildress@domain.com>".$eol;
	# Boundry for marking the split & Multitype Headers
	$mime_boundary=md5(time());
	$headers .= "MIME-Version: 1.0".$eol;
	$headers .= "Content-Type: multipart/related; boundary=\"".$mime_boundary."\"".$eol;
	$msg = "";
	# Text Version
	$msg .= "--".$mime_boundary.$eol;
	$msg .= "Content-Type: text/plain; charset=iso-8859-1".$eol;
	$msg .= "Content-Transfer-Encoding: base64".$eol;
	$msg .= "$add_txt".chunk_split(base64_encode($text)).$eol.$eol;
	# HTML Version
	$msg .= "--".$mime_boundary.$eol;
	$msg .= "Content-Type: text/html; charset=iso-8859-1".$eol;
	$msg .= "Content-Transfer-Encoding: base64".$eol;
	$msg .= chunk_split(base64_encode($html_text)).$eol.$eol;
	# Finished
	$msg .= "--".$mime_boundary."--".$eol.$eol;  // finish with two eol's for better security. see Injection.
	# SEND THE EMAIL
	ini_set(sendmail_from,'domain <emaildress@domain.com>');  // the INI lines are to force the From Address to be used !
  	 mail($emailaddress, $emailsubject, $msg, $headers);
	ini_restore(sendmail_from);
	header("Location: $redirect");
}
?>
 
Um antworten zu können musst du eingeloggt sein.

Neue Beiträge

Zurück