Form mail php script problem

  • @life
  • Born
  • Born
  • @life
  • Posts: 1

Post 3+ Months Ago

I am using a pre-installed script on my website but some of my users are having trouble trying to submit the form and receiving the following message "security violation, unauthorized referrer". Can anybody tell me how to fix this problem as I need to sort it out asap.

Thanks
Code: [ Select ]
$url = strtolower($HTTP_HOST);
$url = ereg_replace("www.", "", $url);
if (!ereg($url,$HTTP_REFERER)) DIE ("<html><script language='JavaScript'>alert('Security Violation: Unauthorized referer!'),history.go(-1)</script></html>");
if (($recipient=="") || (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $recipient)) || (strlen($recipient)>100)) DIE ("<html><script language='JavaScript'>alert('Sorry, this form cannot be submitted!\\\n\\\nReason: Invalid recipient field!\\\n\\\nPlease contact the webmaster for details.'),history.go(-1)</script></html>");
if (($email!="") && (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $email))) DIE ("<html><script language='JavaScript'>alert('Please enter your e-mail address! A valid e-mail address must be in you@yourname.com format.'),history.go(-1)</script></html>");

if ($required) {
  $ra=explode(",", $required);
  $num=count($ra); }
$results="";
reset ($HTTP_POST_VARS);
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
  if (($key!="recipient") && ($key!="recipient_name") && ($key!="reply_subject") && ($key!="reply_text") && ($key!="subject") && ($key!="required") && ($key!="redirect")) {
    for($i=0;$i<$num;$i++) {
      if (($key==$ra[$i]) && ($val=="")) DIE ("<html><script language='JavaScript'>alert('Please fill in the $ra[$i] field!'),history.go(-1)</script></html>"); }
    $results.="$key: $val\n"; }}

# Send Auto Reply

if (($email!="") && ($reply_text!="")) {
  if ($reply_subject=="") $reply_subject="Re: ".$subject;
  if ($recipient_name=="") $recipient_name=$recipient;
  mail("$email","$reply_subject","$reply_text","From: $recipient_name <$recipient>\n"); }

# Send Form Results

if ($subject=="") $subject="Form";
mail("$recipient","$subject Submission",
    "$subject Submission:

$results
Sender's IP: $REMOTE_ADDR", "From: $subject <$recipient>\n");

if ($redirect) header("Location: $redirect");
else {
?>
<html>
<head>
<title>Thank You!</title>
<style>
a:hover {color:#FF0000;}
BODY{font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif}
TD{font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif}
.ltxt{font-size:14pt;font-family:Verdana,Arial,Helvetica,sans-serif}
</style>
</head>
<body bgcolor="#FFFFFF" link="#0000ff" vlink="#0000ff">
<div align="center"><center>
<table border="0">
 <tr>
  <td height="30"></td>
 </tr>
 <tr>
  <td align="center"><strong><font color="#000080" class="ltxt">Thank You!</font></strong></td>
 </tr>
 <tr>
  <td height="10"></td>
 </tr>
 <tr>
  <td align="center"><b><em><font color="#FF0000">The information you submitted has been sent successfully!</font></em></b></td>
 </tr>
 <tr>
  <td height="15"></td>
 </tr>
 <tr>
  <td align="center">Thank you for contacting us!</td>
 </tr>
 <tr>
  <td height="15"></td>
 </tr>
</table>
</center></div>
<p align="center"><br><font face="Arial" size="1">© Auto Reply Form by <a href="http://www.webmasters.com" target="_blank">WEBMASTERS.COM</a>. All Rights Reserved.</font></p>
</body>
</html>
<?php

}
    
?>
  1. $url = strtolower($HTTP_HOST);
  2. $url = ereg_replace("www.", "", $url);
  3. if (!ereg($url,$HTTP_REFERER)) DIE ("<html><script language='JavaScript'>alert('Security Violation: Unauthorized referer!'),history.go(-1)</script></html>");
  4. if (($recipient=="") || (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $recipient)) || (strlen($recipient)>100)) DIE ("<html><script language='JavaScript'>alert('Sorry, this form cannot be submitted!\\\n\\\nReason: Invalid recipient field!\\\n\\\nPlease contact the webmaster for details.'),history.go(-1)</script></html>");
  5. if (($email!="") && (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $email))) DIE ("<html><script language='JavaScript'>alert('Please enter your e-mail address! A valid e-mail address must be in you@yourname.com format.'),history.go(-1)</script></html>");
  6. if ($required) {
  7.   $ra=explode(",", $required);
  8.   $num=count($ra); }
  9. $results="";
  10. reset ($HTTP_POST_VARS);
  11. while (list ($key, $val) = each ($HTTP_POST_VARS)) {
  12.   if (($key!="recipient") && ($key!="recipient_name") && ($key!="reply_subject") && ($key!="reply_text") && ($key!="subject") && ($key!="required") && ($key!="redirect")) {
  13.     for($i=0;$i<$num;$i++) {
  14.       if (($key==$ra[$i]) && ($val=="")) DIE ("<html><script language='JavaScript'>alert('Please fill in the $ra[$i] field!'),history.go(-1)</script></html>"); }
  15.     $results.="$key: $val\n"; }}
  16. # Send Auto Reply
  17. if (($email!="") && ($reply_text!="")) {
  18.   if ($reply_subject=="") $reply_subject="Re: ".$subject;
  19.   if ($recipient_name=="") $recipient_name=$recipient;
  20.   mail("$email","$reply_subject","$reply_text","From: $recipient_name <$recipient>\n"); }
  21. # Send Form Results
  22. if ($subject=="") $subject="Form";
  23. mail("$recipient","$subject Submission",
  24.     "$subject Submission:
  25. $results
  26. Sender's IP: $REMOTE_ADDR", "From: $subject <$recipient>\n");
  27. if ($redirect) header("Location: $redirect");
  28. else {
  29. ?>
  30. <html>
  31. <head>
  32. <title>Thank You!</title>
  33. <style>
  34. a:hover {color:#FF0000;}
  35. BODY{font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif}
  36. TD{font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif}
  37. .ltxt{font-size:14pt;font-family:Verdana,Arial,Helvetica,sans-serif}
  38. </style>
  39. </head>
  40. <body bgcolor="#FFFFFF" link="#0000ff" vlink="#0000ff">
  41. <div align="center"><center>
  42. <table border="0">
  43.  <tr>
  44.   <td height="30"></td>
  45.  </tr>
  46.  <tr>
  47.   <td align="center"><strong><font color="#000080" class="ltxt">Thank You!</font></strong></td>
  48.  </tr>
  49.  <tr>
  50.   <td height="10"></td>
  51.  </tr>
  52.  <tr>
  53.   <td align="center"><b><em><font color="#FF0000">The information you submitted has been sent successfully!</font></em></b></td>
  54.  </tr>
  55.  <tr>
  56.   <td height="15"></td>
  57.  </tr>
  58.  <tr>
  59.   <td align="center">Thank you for contacting us!</td>
  60.  </tr>
  61.  <tr>
  62.   <td height="15"></td>
  63.  </tr>
  64. </table>
  65. </center></div>
  66. <p align="center"><br><font face="Arial" size="1">© Auto Reply Form by <a href="http://www.webmasters.com" target="_blank">WEBMASTERS.COM</a>. All Rights Reserved.</font></p>
  67. </body>
  68. </html>
  69. <?php
  70. }
  71.     
  72. ?>
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I could be off-base, but my first guess would be this is where your problem lies:

Code: [ Select ]
$url = strtolower($HTTP_HOST);
$url = ereg_replace("www.", "", $url);
if (!ereg($url,$HTTP_REFERER)) DIE ("<html><script language='JavaScript'>alert('Security Violation: Unauthorized referer!'),history.go(-1)</script></html>");
if (($recipient=="") || (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $recipient)) || (strlen($recipient)>100)) DIE ("<html><script language='JavaScript'>alert('Sorry, this form cannot be submitted!\\\n\\\nReason: Invalid recipient field!\\\n\\\nPlease contact the webmaster for details.'),history.go(-1)</script></html>");
if (($email!="") && (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $email))) DIE ("<html><script language='JavaScript'>alert('Please enter your e-mail address! A valid e-mail address must be in you@yourname.com format.'),history.go(-1)</script></html>");
  1. $url = strtolower($HTTP_HOST);
  2. $url = ereg_replace("www.", "", $url);
  3. if (!ereg($url,$HTTP_REFERER)) DIE ("<html><script language='JavaScript'>alert('Security Violation: Unauthorized referer!'),history.go(-1)</script></html>");
  4. if (($recipient=="") || (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $recipient)) || (strlen($recipient)>100)) DIE ("<html><script language='JavaScript'>alert('Sorry, this form cannot be submitted!\\\n\\\nReason: Invalid recipient field!\\\n\\\nPlease contact the webmaster for details.'),history.go(-1)</script></html>");
  5. if (($email!="") && (!ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+", $email))) DIE ("<html><script language='JavaScript'>alert('Please enter your e-mail address! A valid e-mail address must be in you@yourname.com format.'),history.go(-1)</script></html>");


Not sure what the prob is...truthfully, but My best guess is it's in there. In the mean-time I fixed your post so the code displays properly. Please use the bbCode for "code" going forward when you post.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 103 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.