Here is my quick little PHP 5 mail processor.
PHP Source Code:
Hint: If you want to download the script, simply click on the title tab.
<?php /* ################################################################# The GNarly Mailman v0.1 By Robbie Ferguson, www.Category5.tv Licensed in the same way as our show, Creative Commons Attribution. Use it, share it, mash it up, but always include the above attribution. Description: A PHP mail processor that takes care of all the gnarly stuff. 1) it ensures the recipient email address (yours) is hidden from spammers 2) it validates the fact that the GNarly Mailman code is being executed from YOUR script (since you're specifying the recipient via the function call and not by POST or GET) 3) it ensures malicious users therefore cannot modify the recipient and send spam through your server 4) it strips away injection attempts and warns you when it suspects an email may be a hack attempt 5) it provides you a unique code which can be used to create a mail filter in your email application to automatically remove any injection attempt emails Requirements: PHP 5+ If you're not sure if you have PHP 5+, try running the code. If it reports back any "invalid function" errors, you know you don't have a new enough versin of PHP. If that's the case, you can TRY adding this to your .htaccess file*: <FilesMatch "\.(inc|php|php3|php4|php5|php6|phtml|phps)$"> AddHandler x-httpd-php4 .php4 AddHandler x-httpd-php5 .inc .php .php3 .php5 .phtml </FilesMatch> * Could break other parts of your site if it relies on old code, but lets you rename old PHP 4 code as filename.php4 to still execute with PHP 4. Installation: Save the code to gnarlymailman.php and add the following to your PHP code: <?php // GNarly Mailman include('gnarlymailman.php'); gnarlymailman('[email protected]'); ?> Notes: I don't know why you'd want to, but if you'd like, you can set defaults ABOVE the include Eg. $comments = 'This is a default comment'; Options are $name, $email, $phone and $comments I used a table to make the output LEAST likely to break someone's layout Eg., if I used div's I'd want to put a clear: both, which would break some floats Feel free to edit the output to your heart's desire, but if you break it... :) ################################################################# */ function gnarlymailman($gnarlyaddress) { if(filter_var($gnarlyaddress, FILTER_VALIDATE_EMAIL)) { if (isset($_POST['gnarlymailman'])) { // generate strings from posted form foreach ($_POST as $key => $value) { if (strlen($value) > 0) { if ($key == 'email') { if (!filter_var($value, FILTER_VALIDATE_EMAIL)) $invalid[$key] = '<font color="red">*</font>'; } if ($value != strip_tags($value)) $hackattempt++; $$key = stripslashes(htmlentities(strip_tags($value))); $submitted = 1; } if (!isset($$key)) $invalid[$key] = '<font color="red">*</font>'; } } if ( !isset($invalid) and $submitted == 1 ) { // looks like everything's good, so let's send this bad boy out // message $message = ' <html> <head> <title>Email from ' . $name . '</title> </head> <body> <p>'; if ($hackattempt > 0) $message .= '<div style="background: #ffa4a4; border: solid 3px red; padding: 5px;"><b>Please Be Aware:</b> It seems this user was attempting to inject code into your site using your email form. Therefore, this email may be a scam, spam or other such junk. If you get some of these and this proves to be true, feel free to setup a mail filter to delete these emails automatically. Here is a specific search key you may use in order to block these malicious emails: ' . md5('rudabega') . '</div><br /><br />'; $message .= nl2br($comments) . '<br /><br /> ' . $name . '<br />' . PHP_EOL . $email . '<br />' . PHP_EOL . $phone . ' </p> </body> </html> '; // To send HTML mail, the Content-type header must be set $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Additional headers $headers .= 'From: ' . $name . ' <' . $email . '>' . "\r\n"; // Mail it if (@mail($gnarlyaddress, 'Email from ' . $name . '.', $message, $headers)) { $gnarlymailman = 'Your email has been sent, thank you.'; } else { $gnarlymailman = 'There was a problem sending your email. Please <a href="#" onClick="history.go(-1)">go back</a> and make sure everything was filled in correctly.'; } } else { // output the form $gnarlymailman = ' <form method="post"> <table border="0"> <tr><td>Name:</td><td><input type="text" name="name" value="' . $name .'">' . $invalid['name'] . '</td></tr> <tr><td>Email:</td><td><input type="email" name="email" value="' . $email . '">' . $invalid['email'] . '</td></tr> <tr><td>Phone:</td><td><input type="tel" name="phone" value="' . $phone . '">' . $invalid['phone'] . '</td></tr> <tr><td valign="top">Message:</td><td valign="top"><textarea name="comments">' . $comments . '</textarea>' . $invalid['comments'] . '</td></tr> <tr><td align="right" colspan="2"><input type="submit" name="gnarlymailman" value="Send" style="width: 75px;"></td></tr> </table> </form> '; } echo $gnarlymailman; return true; } else { echo 'GNarly Mailman is misconfigured in your function call.<br /><br />Usage: <pre><?php gnarlymailman(\'[email protected]\'); ?></pre>'; } } ?>
Discussion
I changed the input type for phone to “tel” from “text” and for email to “email” from “text”. This allows for certain devices using software keyboards to show different (optimized) keyboards for faster input.